rootsongjc / kubernetes-handbook Goto Github PK
View Code? Open in Web Editor NEWKubernetes中文指南/云原生应用架构实战手册 - https://jimmysong.io/kubernetes-handbook
License: Creative Commons Attribution 4.0 International
Kubernetes中文指南/云原生应用架构实战手册 - https://jimmysong.io/kubernetes-handbook
License: Creative Commons Attribution 4.0 International
修改 endpoints.json ,配置 glusters 集群节点ip
每一个 addresses 为一个 ip 组
{
"addresses": [
{
"ip": "172.22.0.113"
}
],
"ports": [
{
"port": 1990
}
]
},
导入 glusterfs-endpoints.json
$ kubectl apply -f glusterfs-endpoints.json
查看 endpoints 信息
$ kubectl get ep
我想问的是这里的1990端口是随机的吗? 为什么我在配置1990或默认1端口,都会报错,报错内容:
MountVolume:NewMounter initialization failed for volume "glusterfsvol": endpoints "glusterfs-cluster" not found;
我的配置如下:
[root@CNSZ22PL1265 glusterfs]# cat gluster-ep.yaml
apiVersion: v1
kind: Endpoints
metadata:
name: gluster-cluster
namespace: kube-system
subsets:
- addresses:
- ip: 10.202.77.200
ports:
- port: 1
protocol: TCP
- addresses:
- ip: 10.202.77.201
ports:
- port: 1
protocol: TCP
- addresses:
- ip: 10.202.77.202
ports:
- port: 1
protocol: TCP
[root@CNSZ22PL1265 glusterfs]# cat gluster-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: gluster-cluster
namespace: kube-system
spec:
ports:
- port: 1
[root@CNSZ22PL1265 glusterfs]# gluster volume info
Volume Name: es-volume
Type: Distribute
Volume ID: 364f5bc8-672c-4002-b454-89ef729064cc
Status: Started
Snapshot Count: 0
Number of Bricks: 3
Transport-type: tcp
Bricks:
Brick1: 10.202.77.200:/DATA/glusterfs/esdata
Brick2: 10.202.77.201:/DATA/glusterfs/esdata
Brick3: 10.202.77.202:/DATA/glusterfs/esdata
Options Reconfigured:
performance.write-behind: on
performance.io-thread-count: 64
performance.flush-behind: on
performance.cache-size: 16GB
features.quota-deem-statfs: on
features.inode-quota: on
features.quota: on
transport.address-family: inet
nfs.disable: on
pod配置如下:
[root@CNSZ22PL1265 glusterfs]# cat busybox-pod.yaml
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "glusterfs",
"namespace": "kube-system"
},
"spec": {
"containers": [
{
"name": "glusterfs",
"image": "busybox",
"volumeMounts": [
{
"mountPath": "/mnt/glusterfs",
"name": "glusterfsvol"
}
]
}
],
"volumes": [
{
"name": "glusterfsvol",
"glusterfs": {
"endpoints": "glusterfs-cluster",
"path": "es-volume",
"readOnly": false
}
}
]
}
}
根据你的教程, 我成功的部署了k8s, 另外我加了nginx代理两台master, 一切都挺正常, 但在执行kubectl exec 命令的时候, 出现错误"Error from server (BadRequest): Upgrade request required", 查了资料, 说是要nginx支持http2, 后来这个我也配置了, 但还是报同样的错误, 请教一下, 这种错误怎么解决了?
Aug 15 14:52:29 docker-master systemd: Started Kubernetes Kubelet Server.
Aug 15 14:52:29 docker-master systemd: Starting Kubernetes Kubelet Server...
Aug 15 14:52:29 docker-master systemd: Failed at step CHDIR spawning /usr/local/bin/kubelet: No such file or directory
Aug 15 14:52:29 docker-master systemd: kubelet.service: main process exited, code=exited, status=200/CHDIR
Aug 15 14:52:29 docker-master systemd: Unit kubelet.service entered failed state.
Aug 15 14:52:29 docker-master systemd: kubelet.service failed.
Aug 15 14:52:29 docker-master systemd: kubelet.service holdoff time over, scheduling restart.
Aug 15 14:52:29 docker-master systemd: Started Kubernetes Kubelet Server.
让Pod中的容器怼基础设施可见 ==> 让Pod中的容器对基础设施可见
你好,麻烦咨询个问题,创建StatefulSet之前创建个headless service时必须的吗?即如下配置中serviceName的作用是关联service还是可以随便指定?该选项是必须的吗?
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 3
...
如题,原创文档受 Apache License 2.0 版权保护,任何在此基础上的加工都需要注明出处,附带License文件和说明。
kube-controller-manager:
[root@ip-192-168-4-174 ~]# tail -500f /data/logs/kubernetes/kube-controller-manager.ERROR
Log file created at: 2017/05/23 11:23:02
Running on machine: ip-192-168-4-174
Binary: Built with gc go1.7.5 for linux/amd64
Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg
E0523 11:23:02.534206 22765 util.go:45] Metric for serviceaccount_controller already registered
E0523 16:33:05.002043 22765 actual_state_of_world.go:461] Failed to set statusUpdateNeeded to needed true because nodeName="ip-192-168-4-146.cn-north-1.compute.internal" does not exist
E0523 16:33:05.002059 22765 actual_state_of_world.go:475] Failed to update statusUpdateNeeded field in actual state of world: Failed to set statusUpdateNeeded to needed true because nodeName="ip-192-168-4-146.cn-north-1.compute.internal" does not exist
E0523 16:43:16.151941 22765 actual_state_of_world.go:461] Failed to set statusUpdateNeeded to needed true because nodeName="ip-192-168-4-146.cn-north-1.compute.internal" does not exist
E0523 16:43:16.151972 22765 actual_state_of_world.go:475] Failed to update statusUpdateNeeded field in actual state of world: Failed to set statusUpdateNeeded to needed true because nodeName="ip-192-168-4-146.cn-north-1.compute.internal" does not exist
E0523 17:16:08.310210 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/batch/v2alpha1/cronjobs?resourceVersion=1914&timeoutSeconds=377&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311012 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/replicasets?resourceVersion=25214&timeoutSeconds=320&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311051 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/batch/v2alpha1/scheduledjobs?resourceVersion=1914&timeoutSeconds=368&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311088 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/resourcequotas?resourceVersion=1914&timeoutSeconds=463&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311119 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/storage.k8s.io/v1/storageclasses?resourceVersion=25076&timeoutSeconds=578&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311146 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/apps/v1beta1/statefulsets?resourceVersion=1914&timeoutSeconds=418&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311187 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/pods?resourceVersion=25210&timeoutSeconds=595&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311222 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/policy/v1beta1/poddisruptionbudgets?resourceVersion=1914&timeoutSeconds=481&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311248 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/persistentvolumeclaims?resourceVersion=25122&timeoutSeconds=515&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311277 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/replicationcontrollers?resourceVersion=1914&timeoutSeconds=472&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311304 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings?resourceVersion=21028&timeoutSeconds=571&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311333 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=1914&timeoutSeconds=386&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311366 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.PersistentVolumeClaim: Get http://192.168.4.174:8080/api/v1/persistentvolumeclaims?resourceVersion=25122&timeoutSeconds=504&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311400 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/settings.k8s.io/v1alpha1/podpresets?resourceVersion=1914&timeoutSeconds=465&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311427 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/configmaps?resourceVersion=1915&timeoutSeconds=551&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311472 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.Deployment: Get http://192.168.4.174:8080/apis/extensions/v1beta1/deployments?resourceVersion=25213&timeoutSeconds=404&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311501 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/nodes?resourceVersion=25264&timeoutSeconds=385&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311529 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.ReplicaSet: Get http://192.168.4.174:8080/apis/extensions/v1beta1/replicasets?resourceVersion=25214&timeoutSeconds=319&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311578 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/namespaces?resourceVersion=1914&timeoutSeconds=517&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311607 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.DaemonSet: Get http://192.168.4.174:8080/apis/extensions/v1beta1/daemonsets?resourceVersion=1914&timeoutSeconds=327&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311634 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Node: Get http://192.168.4.174:8080/api/v1/nodes?resourceVersion=25264&timeoutSeconds=558&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311661 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Service: Get http://192.168.4.174:8080/api/v1/services?resourceVersion=24591&timeoutSeconds=444&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311687 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/ingresses?resourceVersion=1914&timeoutSeconds=403&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311718 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.HorizontalPodAutoscaler: Get http://192.168.4.174:8080/apis/autoscaling/v1/horizontalpodautoscalers?resourceVersion=1914&timeoutSeconds=371&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311747 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.ServiceAccount: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=1914&timeoutSeconds=522&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.311805 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/roles?resourceVersion=1914&timeoutSeconds=307&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.320894 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/endpoints?resourceVersion=25263&timeoutSeconds=596&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.320948 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/networkpolicies?resourceVersion=1914&timeoutSeconds=554&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321005 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/serviceaccount/tokens_controller.go:172: Failed to watch *v1.ServiceAccount: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=1914&timeoutSeconds=445&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321049 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/rolebindings?resourceVersion=1914&timeoutSeconds=354&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321080 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/certificates.k8s.io/v1beta1/certificatesigningrequests?resourceVersion=22003&timeoutSeconds=312&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321111 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.PodDisruptionBudget: Get http://192.168.4.174:8080/apis/policy/v1beta1/poddisruptionbudgets?resourceVersion=1914&timeoutSeconds=424&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321137 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/podsecuritypolicies?resourceVersion=1914&timeoutSeconds=377&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321163 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Pod: Get http://192.168.4.174:8080/api/v1/pods?resourceVersion=25210&timeoutSeconds=412&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321188 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/apps/v1beta1/deployments?resourceVersion=25213&timeoutSeconds=509&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321226 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.ReplicationController: Get http://192.168.4.174:8080/api/v1/replicationcontrollers?resourceVersion=1914&timeoutSeconds=383&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321253 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Secret: Get http://192.168.4.174:8080/api/v1/secrets?resourceVersion=1914&timeoutSeconds=571&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321286 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/thirdpartyresources?resourceVersion=25200&timeoutSeconds=487&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321322 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.StorageClass: Get http://192.168.4.174:8080/apis/storage.k8s.io/v1beta1/storageclasses?resourceVersion=25076&timeoutSeconds=386&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321350 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.ConfigMap: Get http://192.168.4.174:8080/api/v1/configmaps?resourceVersion=1915&timeoutSeconds=476&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321375 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/daemonsets?resourceVersion=1914&timeoutSeconds=435&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321401 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.ResourceQuota: Get http://192.168.4.174:8080/api/v1/resourcequotas?resourceVersion=1914&timeoutSeconds=501&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321426 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/clusterroles?resourceVersion=1914&timeoutSeconds=514&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321451 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/persistentvolumes?resourceVersion=25120&timeoutSeconds=470&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321477 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.PersistentVolume: Get http://192.168.4.174:8080/api/v1/persistentvolumes?resourceVersion=25120&timeoutSeconds=504&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321503 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/serviceaccount/tokens_controller.go:173: Failed to watch *v1.Secret: Get http://192.168.4.174:8080/api/v1/secrets?fieldSelector=type%3Dkubernetes.io%2Fservice-account-token&resourceVersion=1914&timeoutSeconds=549&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321528 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/autoscaling/v1/horizontalpodautoscalers?resourceVersion=1914&timeoutSeconds=436&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321555 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Namespace: Get http://192.168.4.174:8080/api/v1/namespaces?resourceVersion=1914&timeoutSeconds=405&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321586 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.StatefulSet: Get http://192.168.4.174:8080/apis/apps/v1beta1/statefulsets?resourceVersion=1914&timeoutSeconds=395&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321614 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1beta1.CertificateSigningRequest: Get http://192.168.4.174:8080/apis/certificates.k8s.io/v1beta1/certificatesigningrequests?resourceVersion=22003&timeoutSeconds=517&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321649 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/batch/v1/jobs?resourceVersion=1914&timeoutSeconds=312&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321675 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/services?resourceVersion=24591&timeoutSeconds=326&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321703 22765 reflector.go:304] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to watch *v1.Job: Get http://192.168.4.174:8080/apis/batch/v1/jobs?resourceVersion=1914&timeoutSeconds=313&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321729 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/limitranges?resourceVersion=1914&timeoutSeconds=582&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321752 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/deployments?resourceVersion=25213&timeoutSeconds=475&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321777 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/podtemplates?resourceVersion=1914&timeoutSeconds=371&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.321815 22765 reflector.go:304] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to watch <nil>: Get http://192.168.4.174:8080/api/v1/secrets?resourceVersion=1914&timeoutSeconds=559&watch=true: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:08.939070 22765 leaderelection.go:229] error retrieving resource lock kube-system/kube-controller-manager: Get http://192.168.4.174:8080/api/v1/namespaces/kube-system/endpoints/kube-controller-manager: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.315425 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/batch/v2alpha1/cronjobs?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.326460 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/extensions/v1beta1/replicasets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.332401 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/serviceaccount/tokens_controller.go:172: Failed to list *v1.ServiceAccount: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.332437 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/resourcequotas?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.335059 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/storage.k8s.io/v1/storageclasses?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.341118 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/pods?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.341153 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/apps/v1beta1/statefulsets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.345029 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/policy/v1beta1/poddisruptionbudgets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.351030 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/persistentvolumeclaims?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.356010 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/replicationcontrollers?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.362145 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.367015 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/serviceaccounts?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.378033 22765 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to list *v1.PersistentVolumeClaim: Get http://192.168.4.174:8080/api/v1/persistentvolumeclaims?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.389150 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/apis/settings.k8s.io/v1alpha1/podpresets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.389187 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/configmaps?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.390138 22765 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to list *v1beta1.Deployment: Get http://192.168.4.174:8080/apis/extensions/v1beta1/deployments?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.390661 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/nodes?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.397134 22765 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to list *v1beta1.ReplicaSet: Get http://192.168.4.174:8080/apis/extensions/v1beta1/replicasets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.397167 22765 reflector.go:201] k8s.io/kubernetes/pkg/controller/garbagecollector/graph_builder.go:192: Failed to list <nil>: Get http://192.168.4.174:8080/api/v1/namespaces?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
E0523 17:16:09.407031 22765 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions/factory.go:70: Failed to list *v1beta1.DaemonSet: Get http://192.168.4.174:8080/apis/extensions/v1beta1/daemonsets?resourceVersion=0: dial tcp 192.168.4.174:8080: getsockopt: connection refused
apiserver:
[root@ip-192-168-4-174 ~]# tail -500f /data/logs/kubernetes/kube-apiserver.ERROR
Log file created at: 2017/05/23 17:16:09
Running on machine: ip-192-168-4-174
Binary: Built with gc go1.7.5 for linux/amd64
Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg
E0523 17:16:09.287332 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *storage.StorageClass: Get https://192.168.4.174:6443/apis/storage.k8s.io/v1beta1/storageclasses?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.297977 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.ServiceAccount: Get https://192.168.4.174:6443/api/v1/serviceaccounts?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298042 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.LimitRange: Get https://192.168.4.174:6443/api/v1/limitranges?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298099 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *rbac.ClusterRoleBinding: Get https://192.168.4.174:6443/apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298422 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *rbac.Role: Get https://192.168.4.174:6443/apis/rbac.authorization.k8s.io/v1beta1/roles?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298463 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.Secret: Get https://192.168.4.174:6443/api/v1/secrets?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298495 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.ResourceQuota: Get https://192.168.4.174:6443/api/v1/resourcequotas?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298522 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *api.Namespace: Get https://192.168.4.174:6443/api/v1/namespaces?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298553 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *rbac.ClusterRole: Get https://192.168.4.174:6443/apis/rbac.authorization.k8s.io/v1beta1/clusterroles?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:16:09.298587 24174 reflector.go:201] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/factory.go:70: Failed to list *rbac.RoleBinding: Get https://192.168.4.174:6443/apis/rbac.authorization.k8s.io/v1beta1/rolebindings?resourceVersion=0: dial tcp 192.168.4.174:6443: getsockopt: connection refused
E0523 17:21:50.619264 24174 status.go:62] apiserver received an error that is not an metav1.Status: error dialing backend: dial tcp: lookup node-01 on 192.168.0.2:53: no such host
E0523 17:31:36.464401 24174 watcher.go:188] watch chan error: etcdserver: mvcc: required revision has been compacted
E0523 17:40:54.513715 24174 watcher.go:188] watch chan error: etcdserver: mvcc: required revision has been compacted
下面这个apiserver error在其中一个master节点不间断的刷个不停,重启之后过段时间依然开始刷
E0523 17:31:36.464401 24174 watcher.go:188] watch chan error: etcdserver: mvcc: required revision has been compacted
E0523 17:40:54.513715 24174 watcher.go:188] watch chan error: etcdserver: mvcc: required revision has been compacted
etcd Version
$ /usr/local/bin/etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem --version
etcdctl version: 3.1.8
API version: 2
etcd health
$ /usr/local/bin/etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem cluster-health
2017-05-23 17:42:48.738058 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
2017-05-23 17:42:48.738670 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
member 1261ad1b46e27ed5 is healthy: got healthy result from https://192.168.2.7:2379
member 6795fffdfc180a59 is healthy: got healthy result from https://192.168.4.174:2379
member f0b07cfcbaf17ad0 is healthy: got healthy result from https://192.168.4.232:2379
cluster is healthy
Kubernetes version:
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.2", GitCommit:"477efc3cbe6a7effca06bd1452fa356e2201e1ee", GitTreeState:"clean", BuildDate:"2017-04-19T20:33:11Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.2", GitCommit:"477efc3cbe6a7effca06bd1452fa356e2201e1ee", GitTreeState:"clean", BuildDate:"2017-04-19T20:22:08Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
though there is a same question #35 ,but I tried add ca to ca-bundle.crt or check kubectl kubeconfig ,but error is still exist. folllowed info details:
kubectl get componentstatuses
Unable to connect to the server: x509: certificate signed by unknown authority
log messages
kube-apiserver: I0825 16:47:49.330816 7117 logs.go:41] http: TLS handshake error from 10.6.128.100:34401: read tcp 10.6.128.100:6443->10.6.128.100:34401:
from mesages seems there is a radom port 34401 to connect to 6443........
so it ca error or some other faults.......
thanks any help!!!
kube-apiserver.service running error :code=exited, status=203/EXEC
when I start apiserver, it failed directly with status=203, since configure of apiserver isnot so complicated ,where maybe faults reasons.........
in message files, details follows:
Aug 22 11:11:04 k8server systemd: Starting Kubernetes API Service...
Aug 22 11:11:04 k8server systemd: Failed at step EXEC spawning /usr/bin/kube-apiserver: Exec format error
Aug 22 11:11:04 k8server systemd: kube-apiserver.service: main process exited, code=exited, status=203/EXEC
Aug 22 11:11:04 k8server systemd: Failed to start Kubernetes API Service.
Aug 22 11:11:04 k8server systemd: Unit kube-apiserver.service entered failed state.
Aug 22 11:11:04 k8server systemd: kube-apiserver.service failed.
Aug 22 11:11:04 k8server systemd: kube-apiserver.service holdoff time over, scheduling restart.
```
这个问题是因为没有给default服务帐号授权,但是文档中的dashboard-rbac.yaml也没有对default服务帐号授权,所以需要在subjects下增加一个,如:
请教一下,通过 CSR 请求后没有看到nodes 和自动生成的 kubelet kubeconfig 文件和公私钥,这是有可能我哪里出错了呢
[root@harbor ssl]# kubectl get nodes
No resources found.
[root@harbor ssl]# ls -l /etc/kubernetes/kubelet.kubeconfig
ls: cannot access /etc/kubernetes/kubelet.kubeconfig: No such file or directory
[root@harbor ssl]# ls -l /etc/kubernetes/ssl/kubelet*
-rw------- 1 root root 227 Sep 7 23:04 /etc/kubernetes/ssl/kubelet-client.key
Kube scheduler 健康状态不良
[root@k8s-master ssl]# kubectl get componentstatuses
NAME STATUS MESSAGE ERROR
scheduler Unhealthy Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: getsockopt: connection refused
controller-manager Healthy ok
etcd-0 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}
etcd-2 Healthy {"health": "true"}
controller-manager配置
[root@k8s-master ssl]# cat /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--address=127.0.0.1 --service-cluster-ip-range=10.250.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --root-ca-file=/etc/kubernetes/ssl/ca.pem --leader-elect=true"
scheduler 配置
[root@k8s-master ssl]# cat /etc/kubernetes/scheduler
KUBE_SCHEDULER_ARGS="--leader-elect=true --address=127.0.0.1"
“--cluster-domain 指定 pod 启动时 /etc/resolve.conf 文件中的 search domain ,起初我们将其配置成了 cluster.local,这样在解析 service 的 DNS 名称时是正常的,可是在解析 headless service 中的 FQDN pod name 的时候却错误,因此我们讲其修改为 cluster.local,可以解决该问题,关于 kubernetes 中的域名/服务名称解析请参见我的另一篇文章。”
cluster.local修改成cluster.local好没变化,看着有点晕
我们在安装 kubernetes 集群之初并没有为 master 节点上的三个进程 kube-apiserver、kube-controller-manager 和 kube-scheduler 做高可用,都部署到了同一台机器上了,考虑使用 haproxy 为 master 节点上的这三个组件做高可用。
redhat7.2 系统;
需要下载pod-infrastructure:
在1.7.1版本的dashboard中为创建token不需要更改token.csv文件,可以使用serviceaccount中生成的token即可,修改master节点上的token.csv还重启api server是大动干戈。
kubernetes版本是1.7.2,按照 http://rootsongjc.github.io/blogs/kubernetes-kubedns-installation/ 这个文档配置的。
RBAC和sa都有
环境
问题
kube-controller日志中报错:
Sep 4 15:25:36 bj-xg-oam-kubernetes-001 kube-controller-manager: W0904 15:25:36.032128 13211 rbd_util.go:364] failed to create rbd image, output
Sep 4 15:25:36 bj-xg-oam-kubernetes-001 kube-controller-manager: W0904 15:25:36.032201 13211 rbd_util.go:364] failed to create rbd image, output
Sep 4 15:25:36 bj-xg-oam-kubernetes-001 kube-controller-manager: W0904 15:25:36.032252 13211 rbd_util.go:364] failed to create rbd image, output
Sep 4 15:25:36 bj-xg-oam-kubernetes-001 kube-controller-manager: E0904 15:25:36.032276 13211 rbd.go:317] rbd: create volume failed, err: failed to create rbd image: fork/exec /usr/bin/rbd: invalid argument, command output:
该问题尚未解决,参考 Error creating rbd image: executable file not found in $PATH#38923
从日志记录来看追查到 pkg/volume/rbd/rbd.go 的 func (r *rbdVolumeProvisioner) Provision() (*v1.PersistentVolume, error) { 方法对 ceph-class.yaml 中的参数进行了验证和处理后调用了 pkg/volume/rbd/rdb_utils.go 文件第 344 行 CreateImage 方法(kubernetes v1.6.1版本):
func (util *RBDUtil) CreateImage(p *rbdVolumeProvisioner) (r *v1.RBDVolumeSource, size int, err error) {
var output []byte
capacity := p.options.PVC.Spec.Resources.Requests[v1.ResourceName(v1.ResourceStorage)]
volSizeBytes := capacity.Value()
// convert to MB that rbd defaults on
sz := int(volume.RoundUpSize(volSizeBytes, 1024*1024))
volSz := fmt.Sprintf("%d", sz)
// rbd create
l := len(p.rbdMounter.Mon)
// pick a mon randomly
start := rand.Int() % l
// iterate all monitors until create succeeds.
for i := start; i < start+l; i++ {
mon := p.Mon[i%l]
glog.V(4).Infof("rbd: create %s size %s using mon %s, pool %s id %s key %s", p.rbdMounter.Image, volSz, mon, p.rbdMounter.Pool, p.rbdMounter.adminId, p.rbdMounter.adminSecret)
output, err = p.rbdMounter.plugin.execCommand("rbd",
[]string{"create", p.rbdMounter.Image, "--size", volSz, "--pool", p.rbdMounter.Pool, "--id", p.rbdMounter.adminId, "-m", mon, "--key=" + p.rbdMounter.adminSecret, "--image-format", "1"})
if err == nil {
break
} else {
glog.Warningf("failed to create rbd image, output %v", string(output))
}
}
if err != nil {
return nil, 0, fmt.Errorf("failed to create rbd image: %v, command output: %s", err, string(output))
}
return &v1.RBDVolumeSource{
CephMonitors: p.rbdMounter.Mon,
RBDImage: p.rbdMounter.Image,
RBDPool: p.rbdMounter.Pool,
}, sz, nil
}
该方法调用失败。
详细操作步骤见:https://jimmysong.io/kubernetes-handbook/practice/using-ceph-for-persistent-storage.html
看如下日志发现是验证配置有问题,但是不知道是哪个配置文件
-- Unit kube-apiserver.service has begun starting up.
Aug 11 09:26:22 docker-master.youyadai.org kube-apiserver[30938]: invalid authentication config: line 1, column 82: extraneous " in field
Aug 11 09:26:22 docker-master.youyadai.org systemd[1]: kube-apiserver.service: main process exited, code=exited, status=1/FAILURE
Aug 11 09:26:22 docker-master.youyadai.org systemd[1]: Failed to start Kubernetes API Service.
-- Subject: Unit kube-apiserver.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kube-apiserver.service has failed.
搞个镜像,可以运行java -jar xxx.jar
包,xxx.jar包名称要用参数传
k8s运行该image遇到的问题
kubectl create -f sms.yaml
时报:
rpc error: code = 2 desc = failed to start container "cffbbc3d295f7b5a8d497c8147f7222636b51647387cda491a89d292437c7e47": Error response from daemon: {"message":"invalid header field value \"oci runtime error: container_linux.go:247: starting container process caused \\\"exec: \\\\\\\"/tmp/sms-xx.jar\\\\\\\": permission denied\\\"\\n\""}
等了一会pod崩溃了,报错:
failed to open log file "/var/log/pods/6533426e-aeec-11e7-b1c6-025622f1d9fa/sms-test_3.log": open /var/log/pods/6533426e-aeec-11e7-b1c6-025622f1d9fa/sms-test_3.log: no such file or directory
Google了好一阵,没发现方法解决。
这是我的yaml
sms.yaml
apiVersion: v1
kind: Pod
metadata:
name: sms-test
labels:
app: sms-test
spec:
containers:
- name: sms-test
image: sms
imagePullPolicy: IfNotPresent
command: ["/tmp/sms-xxx.jar"]
volumeMounts:
- mountPath: /tmp
name: test-volume
volumes:
- name: test-volume
hostPath:
path: /tmp
报错问题见上!
#vm的tmp下放xxx.jar,挂到容器里
docker run -v /tmp:/tmp -itd sms '/tmp/sms-xxx.jar'
我一般处理容器化业务思路:
我按照思路1定义运行jar包的jdk:的dockerfile
FROM airdock/base:jessie
RUN mkdir -p /srv/java/
# Add java dynamic memory script
COPY java-dynamic-memory-opts /srv/java/
# Install Oracle JDK 8u25
RUN cd /tmp && \
curl -L -O "http://xxx/jdk-8u25-linux-x64.gz" && \
tar xf jdk-8u25-linux-x64.gz -C /srv/java && \
rm -f jdk-8u25-linux-x64.gz && \
ln -s /srv/java/jdk* /srv/java/jdk && \
ln -s /srv/java/jdk /srv/java/jvm && \
chown -R java:java /srv/java && \
/root/post-install
# Define commonly used JAVA_HOME variable
# Add /srv/java and jdk on PATH variable
ENV JAVA_HOME=/srv/java/jdk \
PATH=${PATH}:/srv/java/jdk/bin:/srv/java
COPY docker-entrypoint.sh /bin/
docker-entrypoint.sh
#!/bin/bash
java -jar $1
嗯哼? 没毛病。
方法: yaml里command换args指令即可.
sms.yaml
...
spec:
containers:
- name: sms-test
image: sms
imagePullPolicy: IfNotPresent
args: ["/tmp/sms-xxx.jar"]
...
剖析
docker run -v /tmp:/tmp -itd sms '/tmp/sms-xxx.jar' 这里args,而非commands
想想为了运行一个jar包,定义个运行jar的jdk环境,有点得不偿失。思路:为了通用性,搞个指定版本jdk image,管他运行什么呢。
Dockerfile如下:
FROM airdock/base:jessie
RUN mkdir -p /srv/java/
# Add java dynamic memory script
COPY java-dynamic-memory-opts /srv/java/
# timezone 这里把时区改掉
COPY localtime /etc/localtime
# Install Oracle JDK 8u25
RUN cd /tmp && \
curl -L -O "http://xxx/jdk-8u25-linux-x64.gz" && \
tar xf jdk-8u25-linux-x64.gz -C /srv/java && \
rm -f jdk-8u25-linux-x64.gz && \
ln -s /srv/java/jdk* /srv/java/jdk && \
ln -s /srv/java/jdk /srv/java/jvm && \
chown -R java:java /srv/java && \
/root/post-install
# Define commonly used JAVA_HOME variable
# Add /srv/java and jdk on PATH variable
ENV JAVA_HOME=/srv/java/jdk \
PATH=${PATH}:/srv/java/jdk/bin:/srv/java
yaml配置如下:
apiVersion: v1
kind: Pod
metadata:
name: sms-test
labels:
app: sms-test
spec:
containers:
- name: sms-test
image: jdk8u25-ori
imagePullPolicy: IfNotPresent
command: ["java","-jar","/tmp/sms-xxx.jar"]
volumeMounts:
- mountPath: /tmp
name: test-volume
volumes:
- name: test-volume
hostPath:
path: /data
经过观察jar包运行良好。
可见理解k8s yaml指令还是有点必要的。不然天天闲的蛋疼,没事干。人生最大的敌人是无聊。
我在RHEL6.5下配置,发现系统没有systemctl命令,只能采用service貌似,如果这样是否有可以参考的etcd.service
等其他类似service的配置文件可以参考?
谢谢!!
否则启动报错
系统centos7.3
建议补充到文档里,避免其他人踩坑
在 hostPath 小段中的yaml:
- hostPath:
path: /tmp/data
name: data
- hostPath:
path: /tmp/data
name: data
[root@sz-pg-oam-docker-test-001 ~]# kubectl get pods
error: You must be logged in to the server (the server has asked for the client to provide credentials)
May 26 14:26:32 localhost kube-apiserver: E0526 14:26:32.855345 7045 authentication.go:58] Unable to authenticate the request due to an error: x509: certificate specifies an incompatible key usage
配置 influxdb-deployment 段落中
image: grc.io/google_containers/heapster-influxdb-amd64:v1.1.1
应改为: image: gcr.io/google_containers/heapster-influxdb-amd64:v1.1.1
OS: CentOS7
#uname -a
Kernel:Linux k8node1 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# docker --version
Docker version 17.10.0-ce, build f4ffd25
#kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.0", GitCommit:"fff5156092b56e6bd60fff75aad4dc9de6b6ef37", GitTreeState:"clean", BuildDate:"2017-03-28T16:36:33Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.0", GitCommit:"fff5156092b56e6bd60fff75aad4dc9de6b6ef37", GitTreeState:"clean", BuildDate:"2017-03-28T16:24:30Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
10.0.15.111(node&&master)
10.0.15.110(node)
10.0.15.115(node)
#iptables -L FORWARD
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
systemctl is-active flanneld
active
#kubectl get pods --namespace=kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-1454826952-hsk8b 1/1 Running 0 1h
#kubectl describe pods kubernetes-dashboard-1454826952-hsk8b --namespace=kube-system
Name: kubernetes-dashboard-1454826952-hsk8b
Namespace: kube-system
Node: 10.0.15.115/10.0.15.115
Start Time: Thu, 16 Nov 2017 16:15:34 +0800
Labels: k8s-app=kubernetes-dashboard
pod-template-hash=1454826952
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"kube-system","name":"kubernetes-dashboard-1454826952","uid":"51ff9593-caa6-11e7-b...
scheduler.alpha.kubernetes.io/critical-pod=
Status: Running
IP: 172.17.0.3
Controllers: ReplicaSet/kubernetes-dashboard-1454826952
Containers:
kubernetes-dashboard:
Container ID: docker://fd08a23551ae24279ea68adcf59e3568c0cb2e73c293aee19fc58ae1cf15ef46
Image: 10.0.15.166:5555/kubernetes-dashboard-amd64:v1.6.3
Image ID: docker-pullable://10.0.15.166:5555/kubernetes-dashboard-amd64@sha256:d820c9a0a0a7cd7d0c9d3630a2db0fc33d190db31f3e0797d4df9dc4a6a41c6b
Port: 9090/TCP
State: Running
Started: Thu, 16 Nov 2017 16:15:35 +0800
Ready: True
Restart Count: 0
Limits:
cpu: 100m
memory: 50Mi
Requests:
cpu: 100m
memory: 50Mi
Liveness: http-get http://:9090/ delay=30s timeout=30s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-f4z0c (ro)
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
Volumes:
default-token-f4z0c:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-f4z0c
Optional: false
QoS Class: Guaranteed
Node-Selectors: <none>
Tolerations: CriticalAddonsOnly=:Exists
Events: <none>
#kubectl logs kubernetes-dashboard-1454826952-hsk8b -n kube-system
Using HTTP port: 8443
Using in-cluster config to connect to apiserver
Using service account token for csrf signing
No request provided. Skipping authorization header
Successful initial request to the apiserver, version: v1.6.0
No request provided. Skipping authorization header
Creating in-cluster Heapster client
Could not enable metric client: Health check failed: User "system:serviceaccount:kube-system:default" cannot proxy services in the namespace "kube-system". (get services heapster). Continuing.
通过设定
#kubectl proxy --address='10.0.15.115' --port=8086 --accept-hosts='^*$'
Starting to serve on 10.0.15.115:8086
访问 http://10.0.15.115:8086/ui 时, 自动跳转到 http://10.0.15.115:8086/api/v1/namespaces/kube-system/services/-dashboard/proxy/ 。
页面返回:
Error: 'dial tcp 172.17.0.3:9090: getsockopt: no route to host'
Trying to reach: 'http://172.17.0.3:9090/'
在 10.0.15.115(node) 上
#ping 172.17.0.3
#curl 172.17.0.3:9090
<!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title ng-controller="kdTitle as $ctrl" ng-bind="$ctrl.title()"></title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.9aa0b786.css"> <link rel="stylesheet" href="static/app.8ebf2901.css"> </head> <body> <!--[if lt IE 10]>
<p class="browsehappy">You are using an <strong>outdated</strong> browser.
Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your
experience.</p>
<![endif]--> <kd-chrome layout="column" layout-fill> </kd-chrome> <script src="static/vendor.840e639c.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.68d2caa2.js"></script> </body> </html>
都能够得到结果
在 10.0.15.115(node) 和 10.0.15.111(node&&master) 上都 ping
不通。
尝试进入 dashboard 容器失败
#kubectl exec -it kubernetes-dashboard-1454826952-hsk8b bash -n kube-system
oci runtime error: exec failed: container_linux.go:295: starting container process caused "exec: \"bash\": executable file not found in $PATH"
相关 issue 并没有能解决问题:
通过kube-apiserver访问dashboard报错
restart docker daemon is not work
首先感谢文档,在06-部署node节点.md中都部署OK了,就是最后一步浏览器直接访问node:nodePort打不开。测试端口不通。
我排查如下:1,我的nodePort是30001端口,浏览器直接访问(telnet)不通,但是我把该服务关闭,启动一个httpd监听到该端口测试是可以访问。
2,其中在node节点本地直接访问是OK的,即curl 本地物理网卡地址:30001 ;node节点本地curl service_ip:80也是OK的
请指点一下问题出在哪里?
您好:
我按照您这个教程搭建dns的时候碰到一个dns报的错误,dnsmasq-nanny报的 请问这个是什么情况
flag provided but not defined: -domain
Usage of /dnsmasq-nanny:
Manages the dnsmasq daemon, handles configuration given by the ConfigMap.
Any arguments given after "--" will be passed directly to dnsmasq itself.
-alsologtostderr
log to standard error as well as files
-configDir string
location of the configuration (default "/etc/k8s/dns/dnsmasq-nanny")
-dnsmasqExec string
location of the dnsmasq executable (default "/usr/sbin/dnsmasq")
-log_backtrace_at value
when logging hits line file:N, emit a stack trace
-log_dir string
If non-empty, write log files in this directory
-logtostderr
log to standard error instead of files
-restartDnsmasq
if true, restart dnsmasq when the configuration changes
-stderrthreshold value
logs at or above this threshold go to stderr
-syncInterval duration
interval to check for configuration updates (default 10s)
-v value
log level for V logs
-vmodule value
comma-separated list of pattern=N settings for file-filtered logging
需要用到的工具:calibre
,phantomjs
参照文档部署到heapster模块:
[root@node0 heapster]# kubectl create -f .
deployment "monitoring-grafana" created
service "monitoring-grafana" created
deployment "heapster" created
serviceaccount "heapster" created
clusterrolebinding "heapster" created
service "heapster" created
deployment "monitoring-influxdb" created
service "monitoring-influxdb" created
Error from server (AlreadyExists): error when creating "influxdb-cm.yaml": configmaps "influxdb-config" already exists
1、其中在“配置 influxdb-deployment”处已经配置了influxdb-cm(namespace为kube-system)
2、dashboard无法显示图表;log如下:
4.1.4 安装kubectl命令行工具 ,但实际上 4.1.2 创建kubeconfig文件 中 创建 kubelet bootstrapping kubeconfig 文件时需要使用命令 kubectl config set 是否要讲第四小节提前?
容器、docker0、flannel这三者MTU一致,如果使用VXLAN的话为1450,然后再加上vxlan的封装,MTU1500,这个时候node节点的网卡1500就刚好,直接转发了。
请检查flannel和node节点配置
docker version 1.12
os: centos7.3.1611
897 conntrack.go:42] conntrack returned error: error looking for path of conntrack: exec: "conntrack": executable file not found in $PATH
Hint: Some lines were ellipsized, use -l to show in full.
Heapster版本
heapster-amd64:v1.3.0-beta.1
Kubernetes版本
kubernetes 1.6.0
dashboard上无法显示某些namespace中的总体监控情况
访问http://172.20.0.113:8080/api/v1/proxy/namespaces/kube-system/services/heapster/api/v1/model/namespaces
无法查看到某些namespace。
感谢您 的文档,目前服务都启动成功了,但是不能通过页面去访问:
Master/Node IPs:
...
master: 10.192.29.207
node: 10.192.29.208
...
Services status:
[root@localhost heapster]# /root/local/bin/kubectl get services --all-namespaces -s 10.192.29.207:8080
NAMESPACE NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes 10.254.0.1 <none> 443/TCP 5h
kube-system heapster 10.254.56.15 <none> 80/TCP 21m
kube-system kube-dns 10.254.0.2 <none> 53/UDP,53/TCP 3h
kube-system kubernetes-dashboard 10.254.172.131 <nodes> 80:8791/TCP 1h
kube-system monitoring-grafana 10.254.80.55 <none> 80/TCP 21m
kube-system monitoring-influxdb 10.254.223.124 <nodes> 8086:8686/TCP,8083:8614/TCP 21m
Pods Status
[root@localhost heapster]# /root/local/bin/kubectl get pods --all-namespaces -s 10.192.29.207:8080
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system heapster-334572188-63gqs 1/1 Running 1 27m
kube-system kube-dns-2298276164-frjpg 3/3 Running 6 3h
kube-system kubernetes-dashboard-3377982832-r5906 1/1 Running 1 1h
kube-system monitoring-grafana-854043867-6zddh 1/1 Running 1 27m
kube-system monitoring-influxdb-340252977-n944m 1/1 Running 1 27m
Cluster info
[root@localhost heapster]# /root/local/bin/kubectl cluster-info -s 10.192.29.207:8080
Kubernetes master is running at 10.192.29.207:8080
Heapster is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/heapster
KubeDNS is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/kube-dns
kubernetes-dashboard is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
monitoring-grafana is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/monitoring-grafana
monitoring-influxdb is running at 10.192.29.207:8080/api/v1/proxy/namespaces/kube-system/services/monitoring-influxdb
Browser - http://10.192.29.207:8080
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/apps",
"/apis/apps/v1beta1",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1",
"/apis/authentication.k8s.io/v1beta1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1",
"/apis/authorization.k8s.io/v1beta1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/autoscaling/v2alpha1",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v2alpha1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1beta1",
"/apis/extensions",
"/apis/extensions/v1beta1",
"/apis/policy",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1alpha1",
"/apis/rbac.authorization.k8s.io/v1beta1",
"/apis/settings.k8s.io",
"/apis/settings.k8s.io/v1alpha1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/ping",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/ca-registration",
"/healthz/poststarthook/extensions/third-party-resources",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/logs",
"/metrics",
"/swagger-ui/",
"/swaggerapi/",
"/ui/",
"/version"
]
}
flannel的配置,PS 在master和node上都配置了flannel
[root@localhost ~]# /root/local/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem ls ${FLANNEL_ETCD_PREFIX}/subnets
2017-04-24 17:28:20.417878 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
/kubernetes/network/subnets/172.30.66.0-24
/kubernetes/network/subnets/172.30.38.0-24
[root@localhost ~]# /root/local/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem get ${FLANNEL_ETCD_PREFIX}/subnets/172.30.38.0-24
2017-04-24 17:28:28.398278 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
{"PublicIP":"10.192.29.208","BackendType":"vxlan","BackendData":{"VtepMAC":"6a:06:02:bb:c2:21"}}
但是通过 浏览器都不能访问UI, 比如dashboard UI: http://10.192.29.207:8080/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/
Error: 'dial tcp 172.30.38.2:9090: getsockopt: connection timed out'
Trying to reach: 'http://172.30.38.2:9090/'
由于dashboard 还暴露了NodePort
kube-system kubernetes-dashboard 10.254.172.131 <nodes> 80:8791/TCP 1h
所以我通过浏览器访问http://10.192.29.208:8791, 也是报同样的错误
ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: http://10.192.29.208:8791/
Connection to 10.192.29.208 failed.
The system returned: (110) Connection timed out
The remote host or network may be down. Please try the request again.
Your cache administrator is webmaster.
然后我在Node中curl http://10.192.29.208:8791, 是有返回正常页面内容的(虽然是浏览器不兼容的信息)
[root@localhost ~]# curl 10.192.29.208:8791
<!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title ng-controller="kdTitle as $ctrl" ng-bind="$ctrl.title()"></title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.4f4b705f.css"> <link rel="stylesheet" href="static/app.93b90a74.css"> </head> <body> <!--[if lt IE 10]>
<p class="browsehappy">You are using an <strong>outdated</strong> browser.
Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your
experience.</p>
<![endif]--> <kd-chrome layout="column" layout-fill> </kd-chrome> <script src="static/vendor.6952e31e.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.8a6b8127.js"></script> </body> </html> [root@localhost ~]#
想请教下,怎么通过master访问页面? thx.
另外firewalld是关闭的,selinux也是disabled
另外我node上ip address如下:
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:b8:f2:de brd ff:ff:ff:ff:ff:ff
inet 10.192.29.208/24 brd 10.192.29.255 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::2a26:38cb:ad83:7903/64 scope link
valid_lft forever preferred_lft forever
3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN
link/ether 6a:06:02:bb:c2:21 brd ff:ff:ff:ff:ff:ff
inet 172.30.38.0/32 scope global flannel.1
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP
link/ether 02:42:f5:95:3e:dd brd ff:ff:ff:ff:ff:ff
inet 172.30.38.1/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:f5ff:fe95:3edd/64 scope link
valid_lft forever preferred_lft forever
这个问题已经困扰我好几天了,不知道怎么下手了,全部重新配置以后依然是这个问题。有没有debug的建议? thx
[root@node1 ~]# curl 10.254.242.36
curl: (7) Failed connect to 10.254.242.36:80; No route to host
找不出问题,故来请教
在【创建测试 Pod】和【创建 Nginx Deployment 挂载 Volume】这两步时,均出现以下错误
Warning FailedMount MountVolume.SetUp failed for volume "kubernetes.io/glusterfs/c3409248-3c69-11e7-8b68-9ca3ba317f12-glusterfsvol" (spec.Name: "glusterfsvol") pod "c3409248-3c69-11e7-8b68-9ca3ba317f12" (UID: "c3409248-3c69-11e7-8b68-9ca3ba317f12") with: glusterfs: mount failed: mount failed: exit status 1
Mounting command: mount
Mounting arguments: 59.106.222.36:k8s-volume /var/lib/kubelet/pods/c3409248-3c69-11e7-8b68-9ca3ba317f12/volumes/kubernetes.io~glusterfs/glusterfsvol glusterfs [ro log-level=ERROR log-file=/var/lib/kubelet/plugins/kubernetes.io/glusterfs/glusterfsvol/glusterfs-glusterfs.log]
[2017-05-19 08:05:25.382288] E [MSGID: 101066] [graph.c:325:glusterfs_graph_init] 0-k8s-volume-quick-read: initializing translator failed
[2017-05-19 08:05:25.382343] E [MSGID: 101176] [graph.c:681:glusterfs_graph_activate] 0-graph: init failed
在最开始的检测中ls /etc/kubernetes/发现缺少kubelet和proxy,查看了前面的步骤也未发现生成这两个文件的地方,然后继续向下,在“配置Docker”后面的步骤感觉是跳跃的,最后在etcdctl --endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/ssl/ca.pem
--cert-file=/etc/kubernetes/ssl/kubernetes.pem
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem
ls /kube-centos/network/subnets
2017-05-12 17:03:32.679837 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
提示下面错误
Error: 100: Key not found (/kube-centos/network/subnets) [8]
找不到问题所在,故来请教,这第06步的具体顺序步骤,因为有些地方不懂,不是顺序步骤无法进行下去。
嗨咯,尊敬的作者,您辛苦了!
这里有几个建议,就是文章中的IP地址或者说相关环境,能否说明确呢?我这里看着就有点搞不懂。比如在创建k8s 证书哪里,那些事master节点的IP、那些事node节点的IP,确实不知道。这样很多新手看的时候,环境都不是很清楚呢。
参照https://github.com/rootsongjc/follow-me-install-kubernetes-cluster 安装。
操作系统
[root@k8s-master ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@k8s-master ~]# uname -a
Linux k8s-master 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
k8s集群环境
curl https://10.x.x.x:6443/version --cert /etc/kubernetes/ssl/kubernetes.pem --key /etc/kubernetes/ssl/kubernetes-key.pem --cacert /etc/kubernetes/ssl/ca.pem
{
"major": "1",
"minor": "6",
"gitVersion": "v1.6.0",
"gitCommit": "fff5156092b56e6bd60fff75aad4dc9de6b6ef37",
"gitTreeState": "clean",
"buildDate": "2017-03-28T16:24:30Z",
"goVersion": "go1.7.5",
"compiler": "gc",
"platform": "linux/amd64"
}
etcd
etcdctl \
> --ca-file=/etc/kubernetes/ssl/ca.pem \
> --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
> --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
> cluster-health
member 33ceb5b56308b8c4 is healthy: got healthy result from https://10.x.x.207:2379
member afb729f70db7c609 is healthy: got healthy result from https://10.x.x.206:2379
member c21f03a4f502d11a is healthy: got healthy result from https://10.x.x.208:2379
cluster is healthy
问题
[root@k8s-master ~]# kubectl get componentstatuses
Unable to connect to the server: x509: certificate signed by unknown authority
建议把flanneld的部署单独放在一个章节里,并且说明master和node都要安装
原因如下:
由于把flanneld的部署放到了node部署里,所以我安装master的时没有部署flanneld
而且我的master是单独部署的,并没有在同一台机器上既是master又是node
最后导致controller-manager无法访问heapster,最终无法实现弹性伸缩(hpa)
问题是很简单,不过我定位这个问题花了差不多一天时间。因为网上的解决方案都和我遇到的情况不一样
后来我了解到controller-manager是负责hpa的,所以查看controller-manager的日志推断出这个原因
文章刚开头 ‘我们再检查一下三个节点上,经过前几步操作生成的配置文件’
$ ls /etc/kubernetes/
apiserver bootstrap.kubeconfig config controller-manager kubelet kube-proxy.kubeconfig proxy scheduler ssl token.csv
这个结果中不应该有 kubelet proxy ,应该是在后面的 创建 kubelet 的service配置文件
中生成的。
- [1. Kubernetes简介](introduction/index.md)
- [1.1 核心概念](introduction/concepts.md)
- [2. 核心原理](architecture/index.md)
- [2.1 设计理念](architecture/concepts.md)
- [2.2 主要概念](architecture/objects.md)
- [2.2.1 Pod, Service, Namespace和Node](introduction/concepts.md)
SUMMARY.md中 1.1 和2.2.1引用相同的文件,造成gitbook在阅读完2.2.1章节后,点击 >
按钮时跳转到 1.2章节
architecture/Service.md中
1.
另外,也可以讲已有的服务 ==> 另外,也可以将
已有的服务
2.
- 只支持4层负载均衡,没有7层功能
- 对外访问的时候,NodePort类型需要在外部搭建额外的负载均衡,而LoadBalancer要求
上面两行中的 -是中文符,应该使用英文符的 -
觉得文章写得很好,所以想把这些小瑕疵都除去,见谅
mk /kube-centos/network/config "{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}"
应该写成
mk /kube-centos/network/config '{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}'
或者
set /kube-centos/network/config '{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}'
还有一点,示例要提示下是私有仓库:
sz-pg-oam-docker-hub-001.tendcloud.com/library/nginx:1.9
不然又得坑。。。。。
When I execute "systemctl start kubelet " the command, the result show "error: failed to run kubelet: cannot create certificate signing request: the server has asked for the client to provide credentials (post certificatesigningrequests.certificates.k8s.io)"
I have update /etc/kubernetes/kubelet "KUBELET_ARGS", for example: add --tls-cert-file and --tls-private-key-file and other ,but still not get the correct result.
Can somebody help me about the question? thx
管理集群中的TLS 中提到了如何 create/approve/deny csr,但我还是不太明白该如何使用它,它的用途在哪里呢?
利用Ceph RBD 做持久化存储创建MySQL集群时,采用Dynamic Volume Provisioning方式(即storageclass方式),kube-controller-manager会报错“rbd not found”,经过试验与搜索后发现该问题的解决方案并将相关内容记录到对应markdown中,已pull request。
文章最后原文:
$ kubectl get componentstatuses
应该改成:
kubectl --server=10.20.1.241:8080 get componentstatuses
否则会弹出:
The connection to the server localhost:8080 was refused - did you specify the right host or port?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.