rootsongjc / kubernetes-handbook Goto Github PK

View Code? Open in Web Editor NEW

10.9K 426.0 2.9K 454.11 MB

Kubernetes中文指南/云原生应用架构实战手册 - https://jimmysong.io/kubernetes-handbook

License: Creative Commons Attribution 4.0 International

Makefile 4.25% Go 0.83% Shell 42.21% Dockerfile 7.84% Mustache 13.11% JavaScript 31.75%

kubernetes cloud-native service-mesh handbook cncf gitbook k8s istio

kubernetes-handbook's Introduction

kubernetes-handbook's People

Contributors

Stargazers

Watchers

Forkers

yiqinguo yuejack onecool2 ayaup biggerwing it2911 geneliu iclouding eagleyinfz realpdai 321dao jerryxjm jakexu jason-xxl teachmine sxauyhz zhangf911 emperorente bgbiao brucelkx wuming5569 gyliu513 qqfeng getong jamesdaijun czero000 fanfanbj jljlpch zhaixuepan fnet123 xingjianwei vincentchen leebon yangchuansheng bjmingyang kirbyzhu duke-lv crocodileone xiongshihu oeohomos opswm dockeone rongfengliang ysicing davaddi kensunp yan234280533 michael2008s demon888 shiyan123 kiragoo simlan txg1550759 limited1010 edana-dev limx59 kaiyulee godleon jalju sanjiang-opensource quesalltime changxiyu magic-chenyang xuxueyun antime yutangshi 496080199 wilhelmguo nuaays gongxiucheng ovwane xrogzu shirdrn raymondlwb allen12921 blackstorm zlzhang1 weiliangxiao reymont young8 tangxzh317 luckypoem 2014qirong mahaijie cumirror tomlinux liguohua-bigdata chenweihua jcops smchin wujifu kainhong centos-ren wchch anchoret2678 jmgao1983 shuangxi588 oouyang mayou33 gingobang

kubernetes-handbook's Issues

在Kubernetes中使用Glusterfs做持久化存储访问不了glusterfs

修改 endpoints.json ，配置 glusters 集群节点ip
每一个 addresses 为一个 ip 组

    {
      "addresses": [
        {
          "ip": "172.22.0.113"
        }
      ],
      "ports": [
        {
          "port": 1990
        }
      ]
    },

导入 glusterfs-endpoints.json

$ kubectl apply -f glusterfs-endpoints.json

查看 endpoints 信息

$ kubectl get ep

我想问的是这里的1990端口是随机的吗？为什么我在配置1990或默认1端口，都会报错,报错内容：

MountVolume:NewMounter initialization failed for volume "glusterfsvol": endpoints "glusterfs-cluster" not found;

我的配置如下：

[root@CNSZ22PL1265 glusterfs]# cat gluster-ep.yaml 
apiVersion: v1
kind: Endpoints
metadata:
  name: gluster-cluster
  namespace: kube-system
subsets:
- addresses:              
  - ip: 10.202.77.200
  ports:                  
  - port: 1
    protocol: TCP
- addresses:
  - ip: 10.202.77.201
  ports:
  - port: 1
    protocol: TCP
- addresses:
  - ip: 10.202.77.202
  ports:
  - port: 1
    protocol: TCP

[root@CNSZ22PL1265 glusterfs]# cat gluster-svc.yaml 
apiVersion: v1
kind: Service
metadata:
  name: gluster-cluster
  namespace: kube-system
spec:
  ports:
  - port: 1

[root@CNSZ22PL1265 glusterfs]# gluster volume info
 
Volume Name: es-volume
Type: Distribute
Volume ID: 364f5bc8-672c-4002-b454-89ef729064cc
Status: Started
Snapshot Count: 0
Number of Bricks: 3
Transport-type: tcp
Bricks:
Brick1: 10.202.77.200:/DATA/glusterfs/esdata
Brick2: 10.202.77.201:/DATA/glusterfs/esdata
Brick3: 10.202.77.202:/DATA/glusterfs/esdata
Options Reconfigured:
performance.write-behind: on
performance.io-thread-count: 64
performance.flush-behind: on
performance.cache-size: 16GB
features.quota-deem-statfs: on
features.inode-quota: on
features.quota: on
transport.address-family: inet
nfs.disable: on

pod配置如下：

[root@CNSZ22PL1265 glusterfs]# cat busybox-pod.yaml
{
    "apiVersion": "v1",
    "kind": "Pod",
    "metadata": {
        "name": "glusterfs",
        "namespace": "kube-system"
    },
    "spec": {
        "containers": [
            {
                "name": "glusterfs",
                "image": "busybox",
                "volumeMounts": [
                    {
                        "mountPath": "/mnt/glusterfs",
                        "name": "glusterfsvol"
                    }
                ]
            }
        ],
        "volumes": [
            {
                "name": "glusterfsvol",
                "glusterfs": {
                    "endpoints": "glusterfs-cluster",
                    "path": "es-volume",
                    "readOnly": false
                }
            }
        ]
    }
}

Error from server (BadRequest): Upgrade request required

根据你的教程, 我成功的部署了k8s, 另外我加了nginx代理两台master, 一切都挺正常, 但在执行kubectl exec 命令的时候, 出现错误"Error from server (BadRequest): Upgrade request required", 查了资料, 说是要nginx支持http2, 后来这个我也配置了, 但还是报同样的错误, 请教一下, 这种错误怎么解决了?

Kubelet Server启动失败

Aug 15 14:52:29 docker-master systemd: Started Kubernetes Kubelet Server.
Aug 15 14:52:29 docker-master systemd: Starting Kubernetes Kubelet Server...
Aug 15 14:52:29 docker-master systemd: Failed at step CHDIR spawning /usr/local/bin/kubelet: No such file or directory
Aug 15 14:52:29 docker-master systemd: kubelet.service: main process exited, code=exited, status=200/CHDIR
Aug 15 14:52:29 docker-master systemd: Unit kubelet.service entered failed state.
Aug 15 14:52:29 docker-master systemd: kubelet.service failed.
Aug 15 14:52:29 docker-master systemd: kubelet.service holdoff time over, scheduling restart.
Aug 15 14:52:29 docker-master systemd: Started Kubernetes Kubelet Server.

StatefulSet中serviceName的疑问

你好，麻烦咨询个问题，创建StatefulSet之前创建个headless service时必须的吗？即如下配置中serviceName的作用是关联service还是可以随便指定？该选项是必须的吗？

apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: web
spec:
  serviceName: "nginx"
  replicas: 3
...

请注意文档版权

如题，原创文档受 Apache License 2.0 版权保护，任何在此基础上的加工都需要注明出处，附带License文件和说明。

刷了一些ERROR是否正常？

kube-controller-manager:

[root@ip-192-168-4-174 ~]# tail -500f /data/logs/kubernetes/kube-controller-manager.ERROR
Log file created at: 2017/05/23 11:23:02
Running on machine: ip-192-168-4-174
Binary: Built with gc go1.7.5 for linux/amd64
Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg
E0523 11:23:02.534206   22765 util.go:45] Metric for serviceaccount_controller already registered
E0523 16:33:05.002043   22765 actual_state_of_world.go:461] Failed to set statusUpdateNeeded to needed true because nodeName="ip-192-168-4-146.cn-north-1.compute.internal"  does not exist
E0523 16:33:05.002059   22765 actual_state_of_world.go:475] Failed to update statusUpdateNeeded field in actual state of world: Failed to set statusUpdateNeeded to needed true because nodeName="ip-192-168-4-146.cn-north-1.compute.internal"  does not exist
E0523 16:43:16.151941   22765 actual_state_of_world.go:461] Failed to set statusUpdateNeeded to needed true because nodeName="ip-192-168-4-146.cn-north-1.compute.internal"  does not exist
E0523 16:43:16.151972   22765 actual_state_of_world.go:475] Failed to update statusUpdateNeeded field in actual state of world: Failed to set statusUpdateNeeded to needed true because nodeName="ip-192-168-4-146.cn-north-1.compute.internal"  does not exist
E0523 17:16:08.310210   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/batch/v2alpha1/cronjobs?resourceVersion=1914&timeoutSeconds=377&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311012   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/replicasets?resourceVersion=25214&timeoutSeconds=320&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311051   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/batch/v2alpha1/scheduledjobs?resourceVersion=1914&timeoutSeconds=368&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311088   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/resourcequotas?resourceVersion=1914&timeoutSeconds=463&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311119   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/storage.k8s.io/v1/storageclasses?resourceVersion=25076&timeoutSeconds=578&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311146   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/apps/v1beta1/statefulsets?resourceVersion=1914&timeoutSeconds=418&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311187   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/pods?resourceVersion=25210&timeoutSeconds=595&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311222   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/policy/v1beta1/poddisruptionbudgets?resourceVersion=1914&timeoutSeconds=481&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311248   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/persistentvolumeclaims?resourceVersion=25122&timeoutSeconds=515&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311277   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/replicationcontrollers?resourceVersion=1914&timeoutSeconds=472&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311304   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings?resourceVersion=21028&timeoutSeconds=571&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311333   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=1914&timeoutSeconds=386&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311366   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.PersistentVolumeClaim: Get http://192.168.4.174:8080/api/v1/persistentvolumeclaims?resourceVersion=25122&timeoutSeconds=504&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311400   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/settings.k8s.io/v1alpha1/podpresets?resourceVersion=1914&timeoutSeconds=465&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311427   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/configmaps?resourceVersion=1915&timeoutSeconds=551&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311472   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.Deployment: Get http://192.168.4.174:8080/apis/extensions/v1beta1/deployments?resourceVersion=25213&timeoutSeconds=404&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311501   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/nodes?resourceVersion=25264&timeoutSeconds=385&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311529   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.ReplicaSet: Get http://192.168.4.174:8080/apis/extensions/v1beta1/replicasets?resourceVersion=25214&timeoutSeconds=319&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311578   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/namespaces?resourceVersion=1914&timeoutSeconds=517&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311607   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.DaemonSet: Get http://192.168.4.174:8080/apis/extensions/v1beta1/daemonsets?resourceVersion=1914&timeoutSeconds=327&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311634   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Node: Get http://192.168.4.174:8080/api/v1/nodes?resourceVersion=25264&timeoutSeconds=558&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311661   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Service: Get http://192.168.4.174:8080/api/v1/services?resourceVersion=24591&timeoutSeconds=444&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311687   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/ingresses?resourceVersion=1914&timeoutSeconds=403&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311718   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.HorizontalPodAutoscaler: Get http://192.168.4.174:8080/apis/autoscaling/v1/horizontalpodautoscalers?resourceVersion=1914&timeoutSeconds=371&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311747   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.ServiceAccount: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=1914&timeoutSeconds=522&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311805   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/roles?resourceVersion=1914&timeoutSeconds=307&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.320894   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/endpoints?resourceVersion=25263&timeoutSeconds=596&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.320948   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/networkpolicies?resourceVersion=1914&timeoutSeconds=554&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321005   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/serviceaccount/tokens_controller.go:172: Failed to watch *v1.ServiceAccount: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=1914&timeoutSeconds=445&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321049   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/rolebindings?resourceVersion=1914&timeoutSeconds=354&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321080   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/certificates.k8s.io/v1beta1/certificatesigningrequests?resourceVersion=22003&timeoutSeconds=312&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321111   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.PodDisruptionBudget: Get http://192.168.4.174:8080/apis/policy/v1beta1/poddisruptionbudgets?resourceVersion=1914&timeoutSeconds=424&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321137   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/podsecuritypolicies?resourceVersion=1914&timeoutSeconds=377&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321163   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Pod: Get http://192.168.4.174:8080/api/v1/pods?resourceVersion=25210&timeoutSeconds=412&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321188   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/apps/v1beta1/deployments?resourceVersion=25213&timeoutSeconds=509&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321226   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.ReplicationController: Get http://192.168.4.174:8080/api/v1/replicationcontrollers?resourceVersion=1914&timeoutSeconds=383&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321253   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Secret: Get http://192.168.4.174:8080/api/v1/secrets?resourceVersion=1914&timeoutSeconds=571&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321286   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/thirdpartyresources?resourceVersion=25200&timeoutSeconds=487&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321322   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.StorageClass: Get http://192.168.4.174:8080/apis/storage.k8s.io/v1beta1/storageclasses?resourceVersion=25076&timeoutSeconds=386&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321350   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.ConfigMap: Get http://192.168.4.174:8080/api/v1/configmaps?resourceVersion=1915&timeoutSeconds=476&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321375   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/daemonsets?resourceVersion=1914&timeoutSeconds=435&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321401   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.ResourceQuota: Get http://192.168.4.174:8080/api/v1/resourcequotas?resourceVersion=1914&timeoutSeconds=501&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321426   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/clusterroles?resourceVersion=1914&timeoutSeconds=514&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321451   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/persistentvolumes?resourceVersion=25120&timeoutSeconds=470&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321477   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.PersistentVolume: Get http://192.168.4.174:8080/api/v1/persistentvolumes?resourceVersion=25120&timeoutSeconds=504&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321503   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/serviceaccount/tokens_controller.go:173: Failed to watch *v1.Secret: Get http://192.168.4.174:8080/api/v1/secrets?fieldSelector=type%3Dkubernetes.io%2Fservice-account-token&resourceVersion=1914&timeoutSeconds=549&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321528   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/autoscaling/v1/horizontalpodautoscalers?resourceVersion=1914&timeoutSeconds=436&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321555   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Namespace: Get http://192.168.4.174:8080/api/v1/namespaces?resourceVersion=1914&timeoutSeconds=405&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321586   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.StatefulSet: Get http://192.168.4.174:8080/apis/apps/v1beta1/statefulsets?resourceVersion=1914&timeoutSeconds=395&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321614   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.CertificateSigningRequest: Get http://192.168.4.174:8080/apis/certificates.k8s.io/v1beta1/certificatesigningrequests?resourceVersion=22003&timeoutSeconds=517&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321649   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/batch/v1/jobs?resourceVersion=1914&timeoutSeconds=312&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321675   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/services?resourceVersion=24591&timeoutSeconds=326&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321703   22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Job: Get http://192.168.4.174:8080/apis/batch/v1/jobs?resourceVersion=1914&timeoutSeconds=313&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321729   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/limitranges?resourceVersion=1914&timeoutSeconds=582&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321752   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/deployments?resourceVersion=25213&timeoutSeconds=475&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321777   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/podtemplates?resourceVersion=1914&timeoutSeconds=371&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321815   22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/secrets?resourceVersion=1914&timeoutSeconds=559&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.939070   22765 leaderelection.go:229] error retrieving resource lock kube-system/kube-controller-manager: Get http://192.168.4.174:8080/api/v1/namespaces/kube-system/endpoints/kube-controller-manager: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.315425   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/batch/v2alpha1/cronjobs?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.326460   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/replicasets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.332401   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/serviceaccount/tokens_controller.go:172: Failed to list *v1.ServiceAccount: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.332437   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/resourcequotas?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.335059   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/storage.k8s.io/v1/storageclasses?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.341118   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/pods?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.341153   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/apps/v1beta1/statefulsets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.345029   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/policy/v1beta1/poddisruptionbudgets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.351030   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/persistentvolumeclaims?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.356010   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/replicationcontrollers?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.362145   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.367015   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.378033   22765 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to list *v1.PersistentVolumeClaim: Get http://192.168.4.174:8080/api/v1/persistentvolumeclaims?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.389150   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/settings.k8s.io/v1alpha1/podpresets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.389187   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/configmaps?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.390138   22765 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to list *v1beta1.Deployment: Get http://192.168.4.174:8080/apis/extensions/v1beta1/deployments?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.390661   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/nodes?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.397134   22765 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to list *v1beta1.ReplicaSet: Get http://192.168.4.174:8080/apis/extensions/v1beta1/replicasets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.397167   22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/namespaces?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.407031   22765 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to list *v1beta1.DaemonSet: Get http://192.168.4.174:8080/apis/extensions/v1beta1/daemonsets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused

apiserver:

 [root@ip-192-168-4-174 ~]# tail -500f /data/logs/kubernetes/kube-apiserver.ERROR
Log file created at: 2017/05/23 17:16:09
Running on machine: ip-192-168-4-174
Binary: Built with gc go1.7.5 for linux/amd64
Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg
E0523 17:16:09.287332   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *storage.StorageClass: Get https://192.168.4.174:6443/apis/storage.k8s.io/v1beta1/storageclasses?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.297977   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.ServiceAccount: Get https://192.168.4.174:6443/api/v1/serviceaccounts?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298042   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.LimitRange: Get https://192.168.4.174:6443/api/v1/limitranges?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298099   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *rbac.ClusterRoleBinding: Get https://192.168.4.174:6443/apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298422   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *rbac.Role: Get https://192.168.4.174:6443/apis/rbac.authorization.k8s.io/v1beta1/roles?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298463   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.Secret: Get https://192.168.4.174:6443/api/v1/secrets?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298495   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.ResourceQuota: Get https://192.168.4.174:6443/api/v1/resourcequotas?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298522   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.Namespace: Get https://192.168.4.174:6443/api/v1/namespaces?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298553   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *rbac.ClusterRole: Get https://192.168.4.174:6443/apis/rbac.authorization.k8s.io/v1beta1/clusterroles?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298587   24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *rbac.RoleBinding: Get https://192.168.4.174:6443/apis/rbac.authorization.k8s.io/v1beta1/rolebindings?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:21:50.619264   24174 status.go:62] apiserver received an error that is not an metav1.Status: error dialing backend: dial tcp: lookup node-01 on 192.168.0.2:53: no such host
E0523 17:31:36.464401   24174 watcher.go:188] watch chan error: etcdserver: mvcc: required revision has been compacted
    E0523 17:40:54.513715   24174 watcher.go:188] watch chan error: etcdserver: mvcc: required revision has been compacted

下面这个apiserver error在其中一个master节点不间断的刷个不停，重启之后过段时间依然开始刷

   E0523 17:31:36.464401   24174 watcher.go:188] watch chan error: etcdserver: mvcc: required revision has been compacted
   E0523 17:40:54.513715   24174 watcher.go:188] watch chan error: etcdserver: mvcc: required revision has been compacted

etcd Version

$ /usr/local/bin/etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem --version
etcdctl version: 3.1.8
API version: 2

etcd health

   $ /usr/local/bin/etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem cluster-health
2017-05-23 17:42:48.738058 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
2017-05-23 17:42:48.738670 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
member 1261ad1b46e27ed5 is healthy: got healthy result from https://192.168.2.7:2379
member 6795fffdfc180a59 is healthy: got healthy result from https://192.168.4.174:2379
member f0b07cfcbaf17ad0 is healthy: got healthy result from https://192.168.4.232:2379
cluster is healthy

Kubernetes version:

   $ kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.2", GitCommit:"477efc3cbe6a7effca06bd1452fa356e2201e1ee", GitTreeState:"clean", BuildDate:"2017-04-19T20:33:11Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.2", GitCommit:"477efc3cbe6a7effca06bd1452fa356e2201e1ee", GitTreeState:"clean", BuildDate:"2017-04-19T20:22:08Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}

Unable to connect to the server: x509: certificate signed by unknown authority

though there is a same question #35 ,but I tried add ca to ca-bundle.crt or check kubectl kubeconfig ,but error is still exist. folllowed info details:

kubectl get componentstatuses
Unable to connect to the server: x509: certificate signed by unknown authority

log messages

 kube-apiserver: I0825 16:47:49.330816    7117 logs.go:41] http: TLS handshake error from 10.6.128.100:34401: read tcp 10.6.128.100:6443->10.6.128.100:34401:

from mesages seems there is a radom port 34401 to connect to 6443........

so it ca error or some other faults.......
thanks any help!!!

kube-apiserver.service running error ：code=exited, status=203/EXEC

kube-apiserver.service running error ：code=exited, status=203/EXEC

when I start apiserver, it failed directly with status=203, since configure of apiserver isnot so complicated ,where maybe faults reasons.........

in message files， details follows：

Aug 22 11:11:04 k8server systemd: Starting Kubernetes API Service...
Aug 22 11:11:04 k8server systemd: Failed at step EXEC spawning /usr/bin/kube-apiserver: Exec format error
Aug 22 11:11:04 k8server systemd: kube-apiserver.service: main process exited, code=exited, status=203/EXEC
Aug 22 11:11:04 k8server systemd: Failed to start Kubernetes API Service.
Aug 22 11:11:04 k8server systemd: Unit kube-apiserver.service entered failed state.
Aug 22 11:11:04 k8server systemd: kube-apiserver.service failed.
Aug 22 11:11:04 k8server systemd: kube-apiserver.service holdoff time over, scheduling restart.
```

User "system:serviceaccount:kube-system:default" cannot list replicationcontrollers in the namespace "default". (get replicationcontrollers)

这个问题是因为没有给default服务帐号授权，但是文档中的dashboard-rbac.yaml也没有对default服务帐号授权，所以需要在subjects下增加一个，如：

kind: ServiceAccount
name: dashboard
namespace: kube-system
- kind: ServiceAccount
name: default
namespace: kube-system

4.1.6-通过 kublet 的 TLS 证书请求问题

请教一下，通过 CSR 请求后没有看到nodes 和自动生成的 kubelet kubeconfig 文件和公私钥，这是有可能我哪里出错了呢

[root@harbor ssl]# kubectl get nodes
No resources found.
[root@harbor ssl]# ls -l /etc/kubernetes/kubelet.kubeconfig
ls: cannot access /etc/kubernetes/kubelet.kubeconfig: No such file or directory
[root@harbor ssl]# ls -l /etc/kubernetes/ssl/kubelet*
-rw------- 1 root root 227 Sep  7 23:04 /etc/kubernetes/ssl/kubelet-client.key

scheduler Unhealthy dial tcp 127.0.0.1:10251: getsockopt: connection refused

问题描述

Kube scheduler 健康状态不良

[root@k8s-master ssl]# kubectl get componentstatuses
NAME                 STATUS      MESSAGE                                                                                        ERROR
scheduler            Unhealthy   Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: getsockopt: connection refused   
controller-manager   Healthy     ok                                                                                             
etcd-0               Healthy     {"health": "true"}                                                                             
etcd-1               Healthy     {"health": "true"}                                                                             
etcd-2               Healthy     {"health": "true"}

配置信息

controller-manager配置

[root@k8s-master ssl]# cat /etc/kubernetes/controller-manager

KUBE_CONTROLLER_MANAGER_ARGS="--address=127.0.0.1 --service-cluster-ip-range=10.250.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem  --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --root-ca-file=/etc/kubernetes/ssl/ca.pem --leader-elect=true"

scheduler 配置

[root@k8s-master ssl]# cat /etc/kubernetes/scheduler

KUBE_SCHEDULER_ARGS="--leader-elect=true --address=127.0.0.1"

“--cluster-domain 指定 pod 启动时 /etc/resolve.conf 文件中的 search domain ，起初我们将其配置成了 cluster.local，这样在解析 service 的 DNS 名称时是正常的，可是在解析 headless service 中的 FQDN pod name 的时候却错误，因此我们讲其修改为 cluster.local，可以解决该问题，关于 kubernetes 中的域名/服务名称解析请参见我的另一篇文章。”

cluster.local修改成cluster.local好没变化，看着有点晕

kubernetes master节点的高可用

我们在安装 kubernetes 集群之初并没有为 master 节点上的三个进程 kube-apiserver、kube-controller-manager 和 kube-scheduler 做高可用，都部署到了同一台机器上了，考虑使用 haproxy 为 master 节点上的这三个组件做高可用。

redhat系统下，dashboard插件需要额外下载image

redhat7.2 系统；
需要下载pod-infrastructure：

docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest

sercret文件没有挂载到容器

k8s版本:1.7.2
docker: 1.11.2
内核：3.10
docker驱动：devicemapper

容器里边没有文件显示

但是容器inspect显示已经挂载上了

但是宿主机上显示有这个文件

在1.7.1版本的dashboard中为创建token不需要更改token.csv文件

在1.7.1版本的dashboard中为创建token不需要更改token.csv文件，可以使用serviceaccount中生成的token即可，修改master节点上的token.csv还重启api server是大动干戈。

kube-dns启动失败

kubernetes版本是1.7.2，按照 http://rootsongjc.github.io/blogs/kubernetes-kubedns-installation/ 这个文档配置的。
RBAC和sa都有

但是在启动dns容器的时候容器日志报错

使用ceph做持久化存储时rbd命令组装失败

环境

kubernetes 1.6.1 裸机安装
ceph 位于kubernetes集群外部

问题

kube-controller日志中报错：

Sep  4 15:25:36 bj-xg-oam-kubernetes-001 kube-controller-manager: W0904 15:25:36.032128   13211 rbd_util.go:364] failed to create rbd image, output
Sep  4 15:25:36 bj-xg-oam-kubernetes-001 kube-controller-manager: W0904 15:25:36.032201   13211 rbd_util.go:364] failed to create rbd image, output
Sep  4 15:25:36 bj-xg-oam-kubernetes-001 kube-controller-manager: W0904 15:25:36.032252   13211 rbd_util.go:364] failed to create rbd image, output
Sep  4 15:25:36 bj-xg-oam-kubernetes-001 kube-controller-manager: E0904 15:25:36.032276   13211 rbd.go:317] rbd: create volume failed, err: failed to create rbd image: fork/exec /usr/bin/rbd: invalid argument, command output:

该问题尚未解决，参考 Error creating rbd image: executable file not found in $PATH#38923

从日志记录来看追查到 pkg/volume/rbd/rbd.go 的 func (r *rbdVolumeProvisioner) Provision() (*v1.PersistentVolume, error) { 方法对 ceph-class.yaml 中的参数进行了验证和处理后调用了 pkg/volume/rbd/rdb_utils.go 文件第 344 行 CreateImage 方法（kubernetes v1.6.1版本）：

func (util *RBDUtil) CreateImage(p *rbdVolumeProvisioner) (r *v1.RBDVolumeSource, size int, err error) {
    var output []byte
    capacity := p.options.PVC.Spec.Resources.Requests[v1.ResourceName(v1.ResourceStorage)]
    volSizeBytes := capacity.Value()
    // convert to MB that rbd defaults on
    sz := int(volume.RoundUpSize(volSizeBytes, 1024*1024))
    volSz := fmt.Sprintf("%d", sz)
    // rbd create
    l := len(p.rbdMounter.Mon)
    // pick a mon randomly
    start := rand.Int() % l
    // iterate all monitors until create succeeds.
    for i := start; i < start+l; i++ {
        mon := p.Mon[i%l]
        glog.V(4).Infof("rbd: create %s size %s using mon %s, pool %s id %s key %s", p.rbdMounter.Image, volSz, mon, p.rbdMounter.Pool, p.rbdMounter.adminId, p.rbdMounter.adminSecret)
        output, err = p.rbdMounter.plugin.execCommand("rbd",
            []string{"create", p.rbdMounter.Image, "--size", volSz, "--pool", p.rbdMounter.Pool, "--id", p.rbdMounter.adminId, "-m", mon, "--key=" + p.rbdMounter.adminSecret, "--image-format", "1"})
        if err == nil {
            break
        } else {
            glog.Warningf("failed to create rbd image, output %v", string(output))
        }
    }

    if err != nil {
        return nil, 0, fmt.Errorf("failed to create rbd image: %v, command output: %s", err, string(output))
    }

    return &v1.RBDVolumeSource{
        CephMonitors: p.rbdMounter.Mon,
        RBDImage:     p.rbdMounter.Image,
        RBDPool:      p.rbdMounter.Pool,
    }, sz, nil
}

该方法调用失败。
详细操作步骤见：https://jimmysong.io/kubernetes-handbook/practice/using-ceph-for-persistent-storage.html

kube-apiserver.service启动失败

看如下日志发现是验证配置有问题，但是不知道是哪个配置文件

-- Unit kube-apiserver.service has begun starting up.
Aug 11 09:26:22 docker-master.youyadai.org kube-apiserver[30938]: invalid authentication config: line 1, column 82: extraneous " in field
Aug 11 09:26:22 docker-master.youyadai.org systemd[1]: kube-apiserver.service: main process exited, code=exited, status=1/FAILURE
Aug 11 09:26:22 docker-master.youyadai.org systemd[1]: Failed to start Kubernetes API Service.
-- Subject: Unit kube-apiserver.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit kube-apiserver.service has failed.

代码与镜像分离-使用外部挂载应用代码启动应用

需求

搞个镜像,可以运行java -jar xxx.jar包,xxx.jar包名称要用参数传

思路1: 打对应运行jar包的jdk的镜像
思路2: 打通用jdk镜像

1. 运行指定jar的指定版的jdk

k8s运行该image遇到的问题

kubectl create -f sms.yaml时报：

  rpc error: code = 2 desc = failed to start container "cffbbc3d295f7b5a8d497c8147f7222636b51647387cda491a89d292437c7e47": Error response from daemon: {"message":"invalid header field value \"oci runtime error: container_linux.go:247: starting container process caused \\\"exec: \\\\\\\"/tmp/sms-xx.jar\\\\\\\": permission denied\\\"\\n\""}

等了一会pod崩溃了，报错：

  failed to open log file "/var/log/pods/6533426e-aeec-11e7-b1c6-025622f1d9fa/sms-test_3.log": open /var/log/pods/6533426e-aeec-11e7-b1c6-025622f1d9fa/sms-test_3.log: no such file or directory

Google了好一阵，没发现方法解决。

这是我的yaml

sms.yaml

apiVersion: v1
kind: Pod
metadata:
  name: sms-test
  labels:
    app: sms-test
spec:
  containers:    
  - name: sms-test
    image: sms
    imagePullPolicy: IfNotPresent
    command: ["/tmp/sms-xxx.jar"]
    volumeMounts:
    - mountPath: /tmp
      name: test-volume
  volumes:
  - name: test-volume
    hostPath:
      path: /tmp

报错问题见上!

但是我这样启镜像是正常的

#vm的tmp下放xxx.jar,挂到容器里
docker run -v /tmp:/tmp -itd sms '/tmp/sms-xxx.jar'

我一般处理容器化业务思路:

物理vm先打通该服务
打docker镜像
docker run先跑起来
写yaml改造成k8s

我按照思路1定义运行jar包的jdk:的dockerfile

FROM airdock/base:jessie

RUN mkdir -p /srv/java/
# Add java dynamic memory script
COPY java-dynamic-memory-opts /srv/java/

# Install Oracle JDK 8u25
RUN cd /tmp && \
    curl -L -O "http://xxx/jdk-8u25-linux-x64.gz" && \
    tar xf jdk-8u25-linux-x64.gz -C /srv/java && \
    rm -f jdk-8u25-linux-x64.gz && \
    ln -s /srv/java/jdk* /srv/java/jdk && \
    ln -s /srv/java/jdk /srv/java/jvm && \
    chown -R java:java /srv/java && \
    /root/post-install

# Define commonly used JAVA_HOME variable
# Add /srv/java and jdk on PATH variable
ENV JAVA_HOME=/srv/java/jdk \
    PATH=${PATH}:/srv/java/jdk/bin:/srv/java

COPY docker-entrypoint.sh /bin/

docker-entrypoint.sh

#!/bin/bash
java -jar $1

嗯哼? 没毛病。

解决k8s运行定制jdk环境的问题:

方法: yaml里command换args指令即可.

sms.yaml

...
spec:
  containers:    
  - name: sms-test
    image: sms
    imagePullPolicy: IfNotPresent
    args: ["/tmp/sms-xxx.jar"]
...

剖析

docker run -v /tmp:/tmp -itd sms '/tmp/sms-xxx.jar'                                                        这里args,而非commands

2. 使jdk环境通用化

想想为了运行一个jar包，定义个运行jar的jdk环境,有点得不偿失。思路：为了通用性,搞个指定版本jdk image,管他运行什么呢。

Dockerfile如下：

FROM airdock/base:jessie

RUN mkdir -p /srv/java/
# Add java dynamic memory script
COPY java-dynamic-memory-opts /srv/java/

# timezone 这里把时区改掉
COPY localtime /etc/localtime
# Install Oracle JDK 8u25
RUN cd /tmp && \
    curl -L -O "http://xxx/jdk-8u25-linux-x64.gz" && \
    tar xf jdk-8u25-linux-x64.gz -C /srv/java && \
    rm -f jdk-8u25-linux-x64.gz && \
    ln -s /srv/java/jdk* /srv/java/jdk && \
    ln -s /srv/java/jdk /srv/java/jvm && \
    chown -R java:java /srv/java && \
    /root/post-install

# Define commonly used JAVA_HOME variable
# Add /srv/java and jdk on PATH variable
ENV JAVA_HOME=/srv/java/jdk \
    PATH=${PATH}:/srv/java/jdk/bin:/srv/java

yaml配置如下：

apiVersion: v1
kind: Pod
metadata:
  name: sms-test
  labels:
    app: sms-test
spec:
  containers:    
  - name: sms-test
    image: jdk8u25-ori
    imagePullPolicy: IfNotPresent
    command: ["java","-jar","/tmp/sms-xxx.jar"]
    volumeMounts:
    - mountPath: /tmp
      name: test-volume
  volumes:
  - name: test-volume
    hostPath:
      path: /data

经过观察jar包运行良好。
可见理解k8s yaml指令还是有点必要的。不然天天闲的蛋疼，没事干。人生最大的敌人是无聊。

RHEL6.5的配置咨询

我在RHEL6.5下配置，发现系统没有systemctl命令，只能采用service貌似，如果这样是否有可以参考的etcd.service等其他类似service的配置文件可以参考？
谢谢！！

node上的kubelet启动参数里需增加“--cgroup-driver=systemd”

否则启动报错
系统centos7.3

建议补充到文档里，避免其他人踩坑

2.2.5 Volume和Persistent Volume中yaml格式是否错误?

在 hostPath 小段中的yaml:

原有的yaml

- hostPath:
  path: /tmp/data
  name: data

是否需要修改为:

- hostPath:
    path: /tmp/data
    name: data

帅哥，按照你的文档生成admin.pem，配置完kubectl配置文件，使用kubectl命令报错

[root@sz-pg-oam-docker-test-001 ~]# kubectl get pods
error: You must be logged in to the server (the server has asked for the client to provide credentials)

May 26 14:26:32 localhost kube-apiserver: E0526 14:26:32.855345 7045 authentication.go:58] Unable to authenticate the request due to an error: x509: certificate specifies an incompatible key usage

09-安装heapster插件.md的小错误

配置 influxdb-deployment 段落中
image: grc.io/google_containers/heapster-influxdb-amd64:v1.1.1

应改为: image: gcr.io/google_containers/heapster-influxdb-amd64:v1.1.1

kubernetes-dashboard access failed

环境：

OS: CentOS7
#uname -a
Kernel:Linux k8node1 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# docker --version
Docker version 17.10.0-ce, build f4ffd25
#kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.0", GitCommit:"fff5156092b56e6bd60fff75aad4dc9de6b6ef37", GitTreeState:"clean", BuildDate:"2017-03-28T16:36:33Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}

Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.0", GitCommit:"fff5156092b56e6bd60fff75aad4dc9de6b6ef37", GitTreeState:"clean", BuildDate:"2017-03-28T16:24:30Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}

IP 信息

10.0.15.111（node&&master）
10.0.15.110（node）
10.0.15.115（node）

防火墙设置(三个节点都一致)

#iptables -L FORWARD
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere

flanneld 服务(三个节点都一致)

systemctl  is-active flanneld  
active

服务状态

#kubectl get pods --namespace=kube-system
NAME                                    READY     STATUS    RESTARTS   AGE
kubernetes-dashboard-1454826952-hsk8b   1/1       Running   0          1h

#kubectl describe pods kubernetes-dashboard-1454826952-hsk8b  --namespace=kube-system
Name:		kubernetes-dashboard-1454826952-hsk8b
Namespace:	kube-system
Node:		10.0.15.115/10.0.15.115
Start Time:	Thu, 16 Nov 2017 16:15:34 +0800
Labels:		k8s-app=kubernetes-dashboard
		pod-template-hash=1454826952
Annotations:	kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"kube-system","name":"kubernetes-dashboard-1454826952","uid":"51ff9593-caa6-11e7-b...
		scheduler.alpha.kubernetes.io/critical-pod=
Status:		Running
IP:		172.17.0.3
Controllers:	ReplicaSet/kubernetes-dashboard-1454826952
Containers:
  kubernetes-dashboard:
    Container ID:	docker://fd08a23551ae24279ea68adcf59e3568c0cb2e73c293aee19fc58ae1cf15ef46
    Image:		10.0.15.166:5555/kubernetes-dashboard-amd64:v1.6.3
    Image ID:		docker-pullable://10.0.15.166:5555/kubernetes-dashboard-amd64@sha256:d820c9a0a0a7cd7d0c9d3630a2db0fc33d190db31f3e0797d4df9dc4a6a41c6b
    Port:		9090/TCP
    State:		Running
      Started:		Thu, 16 Nov 2017 16:15:35 +0800
    Ready:		True
    Restart Count:	0
    Limits:
      cpu:	100m
      memory:	50Mi
    Requests:
      cpu:		100m
      memory:		50Mi
    Liveness:		http-get http://:9090/ delay=30s timeout=30s period=10s #success=1 #failure=3
    Environment:	<none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-f4z0c (ro)
Conditions:
  Type		Status
  Initialized 	True 
  Ready 	True 
  PodScheduled 	True 
Volumes:
  default-token-f4z0c:
    Type:	Secret (a volume populated by a Secret)
    SecretName:	default-token-f4z0c
    Optional:	false
QoS Class:	Guaranteed
Node-Selectors:	<none>
Tolerations:	CriticalAddonsOnly=:Exists
Events:		<none>

#kubectl logs kubernetes-dashboard-1454826952-hsk8b  -n kube-system
Using HTTP port: 8443
Using in-cluster config to connect to apiserver
Using service account token for csrf signing
No request provided. Skipping authorization header
Successful initial request to the apiserver, version: v1.6.0
No request provided. Skipping authorization header
Creating in-cluster Heapster client
Could not enable metric client: Health check failed: User "system:serviceaccount:kube-system:default" cannot proxy services in the namespace "kube-system". (get services heapster). Continuing.

问题

通过设定

#kubectl proxy --address='10.0.15.115' --port=8086 --accept-hosts='^*$'
Starting to serve on 10.0.15.115:8086

访问 http://10.0.15.115:8086/ui 时, 自动跳转到 http://10.0.15.115:8086/api/v1/namespaces/kube-system/services/-dashboard/proxy/ 。
页面返回：

Error: 'dial tcp 172.17.0.3:9090: getsockopt: no route to host'
Trying to reach: 'http://172.17.0.3:9090/'

在 10.0.15.115（node）上

#ping 172.17.0.3
#curl 172.17.0.3:9090
 <!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title ng-controller="kdTitle as $ctrl" ng-bind="$ctrl.title()"></title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.9aa0b786.css"> <link rel="stylesheet" href="static/app.8ebf2901.css"> </head> <body> <!--[if lt IE 10]>
      <p class="browsehappy">You are using an <strong>outdated</strong> browser.
      Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your
      experience.</p>
    <![endif]--> <kd-chrome layout="column" layout-fill> </kd-chrome> <script src="static/vendor.840e639c.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.68d2caa2.js"></script> </body> </html>

都能够得到结果

在 10.0.15.115（node）和 10.0.15.111（node&&master）上都 ping 不通。

尝试进入 dashboard 容器失败

#kubectl exec -it kubernetes-dashboard-1454826952-hsk8b  bash  -n kube-system
oci runtime error: exec failed: container_linux.go:295: starting container process caused "exec: \"bash\": executable file not found in $PATH"

相关 issue 并没有能解决问题：
通过kube-apiserver访问dashboard报错
 restart docker daemon is not work

NodePort无法访问

首先感谢文档，在06-部署node节点.md中都部署OK了，就是最后一步浏览器直接访问node:nodePort打不开。测试端口不通。
我排查如下：1，我的nodePort是30001端口，浏览器直接访问（telnet）不通，但是我把该服务关闭，启动一个httpd监听到该端口测试是可以访问。
2，其中在node节点本地直接访问是OK的，即curl 本地物理网卡地址:30001 ；node节点本地curl service_ip:80也是OK的
请指点一下问题出在哪里？

dns遇到的问题

您好：
我按照您这个教程搭建dns的时候碰到一个dns报的错误,dnsmasq-nanny报的请问这个是什么情况
flag provided but not defined: -domain
Usage of /dnsmasq-nanny:

Manages the dnsmasq daemon, handles configuration given by the ConfigMap.
Any arguments given after "--" will be passed directly to dnsmasq itself.

-alsologtostderr
log to standard error as well as files
-configDir string
location of the configuration (default "/etc/k8s/dns/dnsmasq-nanny")
-dnsmasqExec string
location of the dnsmasq executable (default "/usr/sbin/dnsmasq")
-log_backtrace_at value
when logging hits line file:N, emit a stack trace
-log_dir string
If non-empty, write log files in this directory
-logtostderr
log to standard error instead of files
-restartDnsmasq
if true, restart dnsmasq when the configuration changes
-stderrthreshold value
logs at or above this threshold go to stderr
-syncInterval duration
interval to check for configuration updates (default 10s)
-v value
log level for V logs
-vmodule value
comma-separated list of pattern=N settings for file-filtered logging

README.md 中关于pdf生成,需要稍微修改下

windows下gitbook转pdf

需要用到的工具:calibre,phantomjs

将上述2个安装,calibre默认安装的路径C:\Program Files\Calibre2,phantomjs为你解压路径;
并将其目录均加入到系统变量path中,参考:目录添加到系统变量path中;
在cmd打开你需要转pdf的文件夹,输入gitbook pdf即可;

device or resource busy

参照文档部署到heapster模块：

[root@node0 heapster]# kubectl  create -f .
deployment "monitoring-grafana" created
service "monitoring-grafana" created
deployment "heapster" created
serviceaccount "heapster" created
clusterrolebinding "heapster" created
service "heapster" created
deployment "monitoring-influxdb" created
service "monitoring-influxdb" created
Error from server (AlreadyExists): error when creating "influxdb-cm.yaml": configmaps "influxdb-config" already exists

1、其中在“配置 influxdb-deployment”处已经配置了influxdb-cm（namespace为kube-system）
2、dashboard无法显示图表；log如下：

排版可能有问题

4.1.4 安装kubectl命令行工具，但实际上 4.1.2 创建kubeconfig文件中创建 kubelet bootstrapping kubeconfig 文件时需要使用命令 kubectl config set 是否要讲第四小节提前？

部署出来的flannel网络和docker0的网络MTU不一致，可能导致网络性能变差

容器、docker0、flannel这三者MTU一致，如果使用VXLAN的话为1450，然后再加上vxlan的封装，MTU1500，这个时候node节点的网卡1500就刚好，直接转发了。
请检查flannel和node节点配置

kube-proxy start error .

docker version 1.12
os: centos7.3.1611

897 conntrack.go:42] conntrack returned error: error looking for path of conntrack: exec: "conntrack": executable file not found in $PATH
Hint: Some lines were ellipsized, use -l to show in full.

heapster可能无法同步新增加的namespace中的metric

环境信息

Heapster版本

heapster-amd64:v1.3.0-beta.1

Kubernetes版本

kubernetes 1.6.0

问题描述

dashboard上无法显示某些namespace中的总体监控情况

访问http://172.20.0.113:8080/api/v1/proxy/namespaces/kube-system/services/heapster/api/v1/model/namespaces无法查看到某些namespace。

不能访问Service 页面

感谢您的文档，目前服务都启动成功了，但是不能通过页面去访问：

Master/Node IPs:

...
master: 10.192.29.207
node: 10.192.29.208
...

Services status:

[root@localhost heapster]# /root/local/bin/kubectl get services --all-namespaces -s 10.192.29.207:8080
NAMESPACE     NAME                   CLUSTER-IP       EXTERNAL-IP   PORT(S)                       AGE
default       kubernetes             10.254.0.1       <none>        443/TCP                       5h
kube-system   heapster               10.254.56.15     <none>        80/TCP                        21m
kube-system   kube-dns               10.254.0.2       <none>        53/UDP,53/TCP                 3h
kube-system   kubernetes-dashboard   10.254.172.131   <nodes>       80:8791/TCP                   1h
kube-system   monitoring-grafana     10.254.80.55     <none>        80/TCP                        21m
kube-system   monitoring-influxdb    10.254.223.124   <nodes>       8086:8686/TCP,8083:8614/TCP   21m

Pods Status

[root@localhost heapster]# /root/local/bin/kubectl get pods --all-namespaces -s 10.192.29.207:8080
NAMESPACE     NAME                                    READY     STATUS    RESTARTS   AGE
kube-system   heapster-334572188-63gqs                1/1       Running   1          27m
kube-system   kube-dns-2298276164-frjpg               3/3       Running   6          3h
kube-system   kubernetes-dashboard-3377982832-r5906   1/1       Running   1          1h
kube-system   monitoring-grafana-854043867-6zddh      1/1       Running   1          27m
kube-system   monitoring-influxdb-340252977-n944m     1/1       Running   1          27m

Cluster info

[root@localhost heapster]# /root/local/bin/kubectl cluster-info -s 10.192.29.207:8080
Kubernetes master is running at 10.192.29.207:8080
Heapster is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/heapster
KubeDNS is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/kube-dns
kubernetes-dashboard is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
monitoring-grafana is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/monitoring-grafana
monitoring-influxdb is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/monitoring-influxdb

Browser - http://10.192.29.207:8080

{
  "paths": [
    "/api",
    "/api/v1",
    "/apis",
    "/apis/apps",
    "/apis/apps/v1beta1",
    "/apis/authentication.k8s.io",
    "/apis/authentication.k8s.io/v1",
    "/apis/authentication.k8s.io/v1beta1",
    "/apis/authorization.k8s.io",
    "/apis/authorization.k8s.io/v1",
    "/apis/authorization.k8s.io/v1beta1",
    "/apis/autoscaling",
    "/apis/autoscaling/v1",
    "/apis/autoscaling/v2alpha1",
    "/apis/batch",
    "/apis/batch/v1",
    "/apis/batch/v2alpha1",
    "/apis/certificates.k8s.io",
    "/apis/certificates.k8s.io/v1beta1",
    "/apis/extensions",
    "/apis/extensions/v1beta1",
    "/apis/policy",
    "/apis/policy/v1beta1",
    "/apis/rbac.authorization.k8s.io",
    "/apis/rbac.authorization.k8s.io/v1alpha1",
    "/apis/rbac.authorization.k8s.io/v1beta1",
    "/apis/settings.k8s.io",
    "/apis/settings.k8s.io/v1alpha1",
    "/apis/storage.k8s.io",
    "/apis/storage.k8s.io/v1",
    "/apis/storage.k8s.io/v1beta1",
    "/healthz",
    "/healthz/ping",
    "/healthz/poststarthook/bootstrap-controller",
    "/healthz/poststarthook/ca-registration",
    "/healthz/poststarthook/extensions/third-party-resources",
    "/healthz/poststarthook/rbac/bootstrap-roles",
    "/logs",
    "/metrics",
    "/swagger-ui/",
    "/swaggerapi/",
    "/ui/",
    "/version"
  ]
}

flannel的配置,PS 在master和node上都配置了flannel

[root@localhost ~]# /root/local/bin/etcdctl   --endpoints=${ETCD_ENDPOINTS}   --ca-file=/etc/kubernetes/ssl/ca.pem   --cert-file=/etc/kubernetes/ssl/kubernetes.pem   --key-file=/etc/kubernetes/ssl/kubernetes-key.pem   ls ${FLANNEL_ETCD_PREFIX}/subnets
2017-04-24 17:28:20.417878 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
/kubernetes/network/subnets/172.30.66.0-24
/kubernetes/network/subnets/172.30.38.0-24
[root@localhost ~]# /root/local/bin/etcdctl   --endpoints=${ETCD_ENDPOINTS}   --ca-file=/etc/kubernetes/ssl/ca.pem   --cert-file=/etc/kubernetes/ssl/kubernetes.pem   --key-file=/etc/kubernetes/ssl/kubernetes-key.pem   get ${FLANNEL_ETCD_PREFIX}/subnets/172.30.38.0-24
2017-04-24 17:28:28.398278 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
{"PublicIP":"10.192.29.208","BackendType":"vxlan","BackendData":{"VtepMAC":"6a:06:02:bb:c2:21"}}

但是通过浏览器都不能访问UI，比如dashboard UI: http://10.192.29.207:8080/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/

Error: 'dial tcp 172.30.38.2:9090: getsockopt: connection timed out'
Trying to reach: 'http://172.30.38.2:9090/'

由于dashboard 还暴露了NodePort

kube-system   kubernetes-dashboard   10.254.172.131   <nodes>       80:8791/TCP                   1h

所以我通过浏览器访问http://10.192.29.208:8791，也是报同样的错误

ERROR

The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: http://10.192.29.208:8791/

Connection to 10.192.29.208 failed.

The system returned: (110) Connection timed out

The remote host or network may be down. Please try the request again.

Your cache administrator is webmaster.

然后我在Node中curl http://10.192.29.208:8791, 是有返回正常页面内容的（虽然是浏览器不兼容的信息）

[root@localhost ~]# curl 10.192.29.208:8791
 <!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title ng-controller="kdTitle as $ctrl" ng-bind="$ctrl.title()"></title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.4f4b705f.css"> <link rel="stylesheet" href="static/app.93b90a74.css"> </head> <body> <!--[if lt IE 10]>
      <p class="browsehappy">You are using an <strong>outdated</strong> browser.
      Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your
      experience.</p>
    <![endif]--> <kd-chrome layout="column" layout-fill> </kd-chrome> <script src="static/vendor.6952e31e.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.8a6b8127.js"></script> </body> </html> [root@localhost ~]#

想请教下，怎么通过master访问页面？ thx.

另外firewalld是关闭的，selinux也是disabled

另外我node上ip address如下：

[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:b8:f2:de brd ff:ff:ff:ff:ff:ff
    inet 10.192.29.208/24 brd 10.192.29.255 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::2a26:38cb:ad83:7903/64 scope link
       valid_lft forever preferred_lft forever
3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN
    link/ether 6a:06:02:bb:c2:21 brd ff:ff:ff:ff:ff:ff
    inet 172.30.38.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP
    link/ether 02:42:f5:95:3e:dd brd ff:ff:ff:ff:ff:ff
    inet 172.30.38.1/24 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:f5ff:fe95:3edd/64 scope link
       valid_lft forever preferred_lft forever

这个问题已经困扰我好几天了，不知道怎么下手了，全部重新配置以后依然是这个问题。有没有debug的建议？ thx

关于 06-部署node节点的问题： node 上访问service ip失败

[root@node1 ~]# curl 10.254.242.36
curl: (7) Failed connect to 10.254.242.36:80; No route to host
找不出问题，故来请教

关于Gluster部署验证时报错

在【创建测试 Pod】和【创建 Nginx Deployment 挂载 Volume】这两步时，均出现以下错误
Warning FailedMount MountVolume.SetUp failed for volume "kubernetes.io/glusterfs/c3409248-3c69-11e7-8b68-9ca3ba317f12-glusterfsvol" (spec.Name: "glusterfsvol") pod "c3409248-3c69-11e7-8b68-9ca3ba317f12" (UID: "c3409248-3c69-11e7-8b68-9ca3ba317f12") with: glusterfs: mount failed: mount failed: exit status 1
Mounting command: mount
Mounting arguments: 59.106.222.36:k8s-volume /var/lib/kubelet/pods/c3409248-3c69-11e7-8b68-9ca3ba317f12/volumes/kubernetes.io~glusterfs/glusterfsvol glusterfs [ro log-level=ERROR log-file=/var/lib/kubelet/plugins/kubernetes.io/glusterfs/glusterfsvol/glusterfs-glusterfs.log]

[2017-05-19 08:05:25.382288] E [MSGID: 101066] [graph.c:325:glusterfs_graph_init] 0-k8s-volume-quick-read: initializing translator failed
[2017-05-19 08:05:25.382343] E [MSGID: 101176] [graph.c:681:glusterfs_graph_activate] 0-graph: init failed

关于06-部署node节点的疑问

在最开始的检测中ls /etc/kubernetes/发现缺少kubelet和proxy，查看了前面的步骤也未发现生成这两个文件的地方，然后继续向下，在“配置Docker”后面的步骤感觉是跳跃的，最后在etcdctl --endpoints=${ETCD_ENDPOINTS} \

--ca-file=/etc/kubernetes/ssl/ca.pem
--cert-file=/etc/kubernetes/ssl/kubernetes.pem
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem
ls /kube-centos/network/subnets
2017-05-12 17:03:32.679837 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
提示下面错误
Error: 100: Key not found (/kube-centos/network/subnets) [8]
找不到问题所在，故来请教，这第06步的具体顺序步骤，因为有些地方不懂，不是顺序步骤无法进行下去。

文档中的环境说明

嗨咯，尊敬的作者，您辛苦了！

这里有几个建议，就是文章中的IP地址或者说相关环境，能否说明确呢？我这里看着就有点搞不懂。比如在创建k8s 证书哪里，那些事master节点的IP、那些事node节点的IP，确实不知道。这样很多新手看的时候，环境都不是很清楚呢。

Unable to connect to the server: x509: certificate signed by unknown authority

参照https://github.com/rootsongjc/follow-me-install-kubernetes-cluster 安装。

操作系统

[root@k8s-master ~]# cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core) 
[root@k8s-master ~]# uname -a
Linux k8s-master 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

k8s集群环境

curl https://10.x.x.x:6443/version --cert /etc/kubernetes/ssl/kubernetes.pem --key /etc/kubernetes/ssl/kubernetes-key.pem --cacert /etc/kubernetes/ssl/ca.pem
{
  "major": "1",
  "minor": "6",
  "gitVersion": "v1.6.0",
  "gitCommit": "fff5156092b56e6bd60fff75aad4dc9de6b6ef37",
  "gitTreeState": "clean",
  "buildDate": "2017-03-28T16:24:30Z",
  "goVersion": "go1.7.5",
  "compiler": "gc",
  "platform": "linux/amd64"
}

etcd

etcdctl \
>   --ca-file=/etc/kubernetes/ssl/ca.pem \
>   --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
>   --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
>   cluster-health
member 33ceb5b56308b8c4 is healthy: got healthy result from https://10.x.x.207:2379
member afb729f70db7c609 is healthy: got healthy result from https://10.x.x.206:2379
member c21f03a4f502d11a is healthy: got healthy result from https://10.x.x.208:2379
cluster is healthy

问题

[root@k8s-master ~]# kubectl get componentstatuses
Unable to connect to the server: x509: certificate signed by unknown authority

master部署文档的问题，可能会造成无法使用hpa功能

建议把flanneld的部署单独放在一个章节里，并且说明master和node都要安装
原因如下：
由于把flanneld的部署放到了node部署里，所以我安装master的时没有部署flanneld
而且我的master是单独部署的，并没有在同一台机器上既是master又是node
最后导致controller-manager无法访问heapster，最终无法实现弹性伸缩（hpa）

问题是很简单，不过我定位这个问题花了差不多一天时间。因为网上的解决方案都和我遇到的情况不一样
后来我了解到controller-manager是负责hpa的，所以查看controller-manager的日志推断出这个原因

4.1.6-部署node节点问题

文章刚开头 ‘我们再检查一下三个节点上，经过前几步操作生成的配置文件’

$ ls /etc/kubernetes/
apiserver bootstrap.kubeconfig config controller-manager kubelet kube-proxy.kubeconfig proxy scheduler ssl token.csv

这个结果中不应该有 kubelet proxy ,应该是在后面的 创建 kubelet 的service配置文件 中生成的。

SUMMARY.md中 1.1 和2.2.1引用相同的文件,造成gitbook在阅读完2.2.1章节后,点击 > 时跳转到 1.2章节

- [1. Kubernetes简介](introduction/index.md)
  - [1.1 核心概念](introduction/concepts.md)

- [2. 核心原理](architecture/index.md)
  - [2.1 设计理念](architecture/concepts.md)
  - [2.2 主要概念](architecture/objects.md)
    - [2.2.1 Pod, Service, Namespace和Node](introduction/concepts.md)

SUMMARY.md中 1.1 和2.2.1引用相同的文件,造成gitbook在阅读完2.2.1章节后,点击 > 按钮时跳转到 1.2章节

PS

architecture/Service.md中
1.
另外，也可以讲已有的服务 ==> 另外，也可以将已有的服务
2.
－只支持4层负载均衡，没有7层功能
－对外访问的时候，NodePort类型需要在外部搭建额外的负载均衡，而LoadBalancer要求

上面两行中的－是中文符,应该使用英文符的 -

觉得文章写得很好,所以想把这些小瑕疵都除去,见谅

《06-部署node节点.md》语法错误

mk /kube-centos/network/config "{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}"

应该写成
mk /kube-centos/network/config '{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}'

或者
set /kube-centos/network/config '{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}'

还有一点，示例要提示下是私有仓库：
sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx:1.9

不然又得坑。。。。。

Kubelet service cannot start

When I execute "systemctl start kubelet " the command, the result show "error: failed to run kubelet: cannot create certificate signing request: the server has asked for the client to provide credentials (post certificatesigningrequests.certificates.k8s.io)"
I have update /etc/kubernetes/kubelet "KUBELET_ARGS", for example: add --tls-cert-file and --tls-private-key-file and other ,but still not get the correct result.
Can somebody help me about the question? thx

否则会弹出：
The connection to the server localhost:8080 was refused - did you specify the right host or port?

rootsongjc / kubernetes-handbook Goto Github PK

kubernetes-handbook's Introduction

kubernetes-handbook's People

Contributors

Stargazers

Watchers

Forkers

kubernetes-handbook's Issues

问题描述

配置信息

docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest

需求

1. 运行指定jar的指定版的jdk

解决k8s运行定制jdk环境的问题:

2. 使jdk环境通用化

环境：

IP 信息

防火墙设置(三个节点都一致)

flanneld 服务(三个节点都一致)

服务状态

问题

windows下gitbook转pdf

环境信息

问题描述

PS

Recommend Projects

Recommend Topics

Recommend Org