环境准备
# 关闭CentOS防火墙
systemctl disable firewalld
systemctl stop firewalld
# 安装etcd和kubernetes软件
yum install -y etcd kubernetes
# 启动服务
systemctl start etcd
systemctl start docker
如果docker启动失败,请参考(v1 /etc/sysconfig/selinux 把selinux后面的改为disabled,重启一波机器,再重启docker就可以了)
systemctl start kube-apiserver
systemctl start kube-controller-manager
systemctl start kube-scheduler
systemctl start kubelet
systemctl start kube-proxy
配置
Tomcat
mkdir /usr/local/k8s
cd /usr/local/k8s/
vi mytomcat-rc.ymal
mytomcat.rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: mytomcat
spec:
replicas: 2
selector:
app: mytomcat
template:
metadata:
labels:
app: mytomcat
spec:
containers:
- name: mytomcat
image: tomcat:7-jre7
ports:
- containerPort: 8088
kubecl create -f mytomcat.rc.yaml
mytomcat.svc.yaml
apiVersion: v1
kind: Service
metadata:
name: mytomcat
spec:
type: NodePort
ports:
-port: 8888
nodePort: 30001
selector:
app: mytomcat
kubectl create -f mytomcat.svc.yaml
问题解决
docker pull失败
解决方案1
- yum install rhsm -y
- docker pull registry.access.redhat.com/thel7/pod-infrastructure:latest
如果以上两步解决问题了,那么就不需要在执行下面操作 - docker search pod-infrastructure
- docker pull docker.io/tianyebj/pod-infrastructure
- docker tag tianyebj/pod-infrastructure 192.168.126.143:5000/pod-infrastructure
- docker push 192.168.126.143:5000/pod-infrastructure
- vi /etc/kubernetes/kubelet
修改KUBELET_ POD INFRA_CONTAINE="–pod-infra-container-image=192.168.126.143:5000/pod- infrastructure:latest" - 重启服务
systemctl restart kube-apiserver systemctl restart kube-controller-manager systemctl restart kube-scheduler systemctl restart kubelet systemctl restart kube-proxy
解决方案2
- docker pull kubernetes/pause
- docker tag docker.io/kubermetes/pause:latest 192.168.126. 143:5000/google_ containers/pause-amd64.3.0
- docker push 192.168.126.143:5000/google_ containers/pause-amd64.3.0
- vi /etc/kubernetes/kubelet配置为
KUBELET_ ARGS="–pod_ jinfra_ container_image=192.168.126.143:5000/google_containers/pause-amd64.3.0" - 重启kubelet服务systemctl restart kubelet
外部网不能访问
在搭建好的k8s集群内创建的容器,只能在其所在的节点上curI可访问,但是在其他任何主机上无法访问
容器占用的端口
解决方案: .
- vim /etc/sysctl.conf
- net.ipv4.ip. _forward=1
解决kubect get pods时No resources found问题
- vim /etc/kubernetes/apiserver
- 找到KUBE_ ADMISSION_ CONTROL="-admission_control=NamespaceLifecycle,Namespacexists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota",去掉ServiceAccount, 保存退出。
- systemct restart kube-apiserver重启此服务
Kubernetes集群
环境准备与规划
推荐配置2核2G
Docker version 1 7.05.0-ce
角色 | IP | 组件 |
---|---|---|
master | 192.168.126.140 | etcd、kube-apiserver、kube-controller-manager、 kube-scheduler、docker |
node01 | 192.168.126.141 | kube-proxy. kubelet. docker |
node02 | 192.168.126.142 | kube-proxy. kubelet. docker |
- 查看默认防火墙状态(关闭后显示not running ,开启后显示running)
firewall-cmd --state - 关闭防火墙
systemctl stop firewalld.service - 禁止firewal开机启动
systemctl disable firewalld.service - 获取Kubernetes二进制