我是kubernetes tech的新人,我尝试建立一个健康的本地集群(在ESXI上)。
我遇到许多我无法解决的错误:
运行DashBoard但无法通过kubectl代理API访问
我无法访问NodePort类型中暴露的任何svc(tcp连接重置)
我无法从广告连播中撤回日志
我无法使用kubeadm升级计划
我认为他们中的大多数都是由于错误的配置/错误而导致但是我能够找到这个破碎的金砖四国的什么/哪里。
如果我忘记了一些信息告诉我,我会将它们添加到帖子中。
我在vm上运行集群。 所有vm都在运行centos7 我已经对所有这些做了这个:
swapoff -a
systemctl disable firewalld
systemctl stop firewalld
setenforce 0
systemctl daemon-reload
systemctl restart docker
systemctl restart kubelet
对于法兰绒
sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.bridge.bridge-nf-call-ip6tables=1
kubectl version
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:22:21Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
kubectl get ep
NAME ENDPOINTS AGE
dark-room-dep 172.17.0.10:8085,172.17.0.9:8085 19h
kubernetes 10.66.222.223:6443 8d
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dark-room-dep NodePort 10.99.12.214 <none> 8085:30991/TCP 19h
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 8d
kubectl cluster-info
Kubernetes master is running at https://10.66.222.223:6443
Heapster is running at https://10.66.222.223:6443/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://10.66.222.223:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
monitoring-grafana is running at https://10.66.222.223:6443/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
monitoring-influxdb is running at https://10.66.222.223:6443/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy
kubectl获得部署
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
dark-room-dep 2 2 2 2 20h
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default dark-room-dep-577bf64bb8-9n5p7 1/1 Running 0 20h
default dark-room-dep-577bf64bb8-jmppg 1/1 Running 0 20h
kube-system etcd-localhost.localdomain 1/1 Running 6 8d
kube-system heapster-69b5d4974d-qvtrj 1/1 Running 0 1d
kube-system kube-apiserver-localhost.localdomain 1/1 Running 5 8d
kube-system kube-controller-manager-localhost.localdomain 1/1 Running 4 8d
kube-system kube-dns-86f4d74b45-njzj9 3/3 Running 0 1d
kube-system kube-flannel-ds-h9c2m 1/1 Running 3 6d
kube-system kube-flannel-ds-tcbd7 1/1 Running 5 8d
kube-system kube-proxy-7v6mf 1/1 Running 3 6d
kube-system kube-proxy-hwbwl 1/1 Running 4 8d
kube-system kube-scheduler-localhost.localdomain 1/1 Running 6 8d
kube-system kubernetes-dashboard-7d5dcdb6d9-q42q5 1/1 Running 0 1d
kube-system monitoring-grafana-69df66f668-zf2kc 1/1 Running 0 1d
kube-system monitoring-influxdb-78d4c6f5b6-nhdbx 1/1 Running 0 1d
路线-n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 10.66.222.1 0.0.0.0 UG 100 0 0 ens192
10.66.222.0 0.0.0.0 255.255.254.0 U 100 0 0 ens192
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.25.1.0 172.25.1.0 255.255.255.0 UG 0 0 0 flannel.1
kubectl get nodes --all-namespaces
NAME STATUS ROLES AGE VERSION
k8s-01 Ready <none> 6d v1.10.2
localhost.localdomain Ready master 8d v1.10.2
感谢您的帮助。祝你有愉快的一天。
佐科
答案 0 :(得分:0)
我已经解决的错误:
我无法从pod中撤消日志:node disable firewall
我无法使用kubeadm升级计划:代理配置错误
我无法解决的错误:
DashBoard正在运行,但无法通过kubectl代理API访问:我有 对此进行研究并发现它需要heapster和heapster 其他组件......我可以让它发挥作用。
我无法访问NodePort类型中暴露的任何svc(tcp 连接重置):我已经在端口80上成功部署了svc但是它 doesen不在任何其他港口工作。
答案 1 :(得分:0)
要访问 DASHBOARD UI ,这就是我所做的,它可以在具有以下规范的kuebernetes集群上工作:
OS : CentOS 7
Kubernetes组件版本(但v1.10.x也对我有用):
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:17:28Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:08:19Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
步骤
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
在本地计算机上安装kubectl:这里的方法取决于您使用的是Windows,Linux还是OS X,但是非常简单
将目录.kube
从主节点复制到本地计算机
创建一个名称为<name>
的服务帐户(您可以输入任意名称,但是根据我的经验,如果使用与登录计算机时所用的帐户名称相同的名称,则更好导入.kube
目录)在命名空间kube-system中
$ vim my_user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: <your account user_name>
namespace: kube-system
kubectl create -f my_user.yaml
$ vim cluster-admin-role-association.yml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: <your account user_name>
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: <your account user_name>
namespace: kube-system
kubectl create -f cluster-admin-role-association.yml
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep <your account user_name> | awk '{print $1}')
`Name: <your account user_name>-token-xxxxx
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=<your account user_name>
kubernetes.io/service-account.uid=xxxxxxxxxxxxxxxxxxxxxx
Type: kubernetes.io/service-account-token
Data
====
namespace: 11 bytes
token:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (your token)`
kubectl proxy
中执行,在以下URL上访问de DashboardUI并使用令牌登录:http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
例如,您可以更改名称空间以将不同的用户影响到不同的项目,并且可以更精确地获得权限
要至少在我的部署中通常要访问 SERVICE ,您需要知道服务在哪个节点上运行(您可以通过将-o wide
添加到{ {1}}查询),您应该可以使用kubectl get resource
也许有更好的方法来访问服务(DNS名称),但我仍在学习,所以目前这就是我的做法
希望有帮助
欢呼