kubeadm方式安装k8s续:

错误解决方案

[root@k8s-master calico]# kubectl get po -n kube-system
等一会,如果还是没连上,查看节点错误日志vim /var/log/message,shift+g跳转到最后一行(如果都没有pending就是网络问题)

错误1:Centos 7 系列操作系统在安装k8s时可能会遇到hostPath type check failed:/sys/fs/bpf is not a direcctory错误,该问题为内核版本过低导致的。/sys/fs/bpf 在4.4版本中的内核中才有,对于版本比较高得k8s集群建议升级内核到4.4以上。这里直接更新就行,如果不能用再更新到4.4以上。

解决方法:更新内核并重启(三台主机都要)
[root@k8s-master ~]# yum -y update kernel
[root@k8s-master ~]# reboot
[root@k8s-master ~]# uname -r                 //查看版本
3.10.0-1160.119.1.el7.x86_64


错误2:缺少网络cni

解决方法:(三台都做)
方法1.因为重装集群的时候,将/etc/cni目录彻底删除,所以需要重装组件kubernetes-cni。但在重装组件的时候发生了新的警告,用--nogpgcheck参数即可解决,随后对所有集群的节点进行重装kubernetes-cni,实现问题修复。
yum reinstall -y kubernetes-cni
yum reinstall -y kubernetes-cni --nogpgcheck

方法2.直接把这两个文件复制进去
[root@k8s-node2 ~]# ls /etc/cni/net.d/
10-calico.conflist  calico-kubeconfig
[root@k8s-node2 ~]# cat /etc/cni/net.d/10-calico.conflist 
{
  "name": "k8s-pod-network",
  "cniVersion": "0.3.1",
  "plugins": [
    {
      "type": "calico",
      "log_level": "info",
      "log_file_path": "/var/log/calico/cni/cni.log",
      "datastore_type": "kubernetes",
      "nodename": "k8s-node2",
      "mtu": 0,
      "ipam": {
          "type": "calico-ipam"
      },
      "policy": {
          "type": "k8s"
      },
      "kubernetes": {
          "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
      }
    },
    {
      "type": "portmap",
      "snat": true,
      "capabilities": {"portMappings": true}
    },
    {
      "type": "bandwidth",
      "capabilities": {"bandwidth": true}
    }
  ]
}[root@k8s-node2 ~]# cat /etc/cni/net.d/calico-kubeconfig 
# Kubeconfig file for Calico CNI plugin. Installed by calico/node.
apiVersion: v1
kind: Config
clusters:
- name: local
  cluster:
    server: https://10.96.0.1:443
    certificate-authority-data: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJUW5yNTh0RUF2QkF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBNU1URXdPVEk0TWpCYUZ3MHpOREE1TURrd09UTXpNakJhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURST2QyM1lpZTJ4MUlRZkdEZi8zMHc5RnhCNGdWTmNSU0dKNE1QOGp2eUxHeWhSUVZRbTlldnE4cEQKaVEwOHhidmI1aFZMZFNkOURIWGVqUHhMQWVyMEU0MTBTc3ZFV0hDQkxVMHNUdkZlVUovb3FZSk5wV0lxeVd0dwpnaTlhZCttajV6RXRwemtwR2RrWHliVFRxK0tKbnNFWHZRdkRIbURFcEZlQWJ4Q3NGNVdxZkdoNnBGWFhmeEt3CjByWmU5cWdWdWU5ZXU4RzUvSit1WkFQNGZPTStPMitHUU44TmM4RVQ0eDhoZWNQamJsWmVXYVlNYUlUMHVVYWsKSi93b0hBU1ZFeFBraVhnUHpTWnc5NkN6dHUyNzdubzUvRG1QanJYTkFGOUZoL0krZTZOeGJoSnBabEM2VnhiSApnTWEzamlKTjdyVHNHLzU4OGppdnZrVmVSLzVWQWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJUajNUUTZVVEt6U29PcDNwVUJlL3dsbGVsWkRUQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVpOZDZRMlVuLwp1cnZIY1BENytJTVExNzNSdmdaVkFYcWZibGhTcml2ZXJMcHhjK3U1QkNqaVRYc0hlVkZoQ21jdEJaeC96dWdsCm9HYXRWTHlTdzh0MDd4ZWpEVE56aTRMb2g1QmMvSGxNSm1IS2Zqb2hHSDduTlpUVUtTditDZ3JNRDN5ZGI0SVcKNEdTTVRiNDR1Q0VsN0E0cnU5eW03cE9RczB6N2xNS3M5cHZnNnNVOU40MkRtUHZ4alRaOEZJK3h5TmcvMDlULwo5bTkvUG5FY0x0S0ovVnVVNERHNE9GYWtQU2NYckpSOEI2QTVFSVV6YU1ETklpWlhzcW5lODFvNHM3N1Z3WldjCmw0RTNOdWZBdzcwZVRYbFloRGlKWjlieHVnTCtqRTRhN1lkbHMySElobGFzMzNFckxLZU5SK2pTSXMxRFZHaUkKSEtDM2J6US9WMUw4Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
users:
- name: calico
  user:
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkhDS3ZqbHIyRHRyQUdZVm05R1lTT2NRR0pRMml4ZDNucHJlU1JscHFLc0EifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzI2MTkwOTczLCJpYXQiOjE3MjYxMDQ1NzMsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJjYWxpY28tY25pLXBsdWdpbiIsInVpZCI6ImQ5OWRlY2YyLWY1YzktNDI2ZS05NTYxLWI5MjgzNzQ4NzRjMiJ9fSwibmJmIjoxNzI2MTA0NTczLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06Y2FsaWNvLWNuaS1wbHVnaW4ifQ.bmaUCJuOtCgPrhQmt5oiPzwBlHU9dA53d5kVFL0TvmCcMcpxzAAdCYNo75g1JHWM9fwuyYmMgrfIUPLNV-xd6jbiy1Bu8qVT5XR8kZjMvlFgPDWiKxE7htUdY2jtY1jDUn0AHHQVDEPANq_2nHFA4TZC_x9j44uVYiYjw-Sp20HHcFPgQtzTqqkh4a_pRkc0Hbo1dC-vb00mXcxJ2nwKe8h3iWUzGqLH8LNzOeyts2PxPlaCGXh3gpEP2WHGzobKwzleoJE9W2JVZ_ASOh0OIr2Yw24x5vmAJxhA8DoRyZ5FU_5VGiLw_Gxnd7cTumU1yj3beGfMhsXmXVlw256SfA
contexts:
- name: calico-context
  context:
    cluster: local
    user: calico
current-context: calico-context

[root@k8s-master ~]# kubectl get nodes                               //全部ready就成功了
NAME         STATUS   ROLES           AGE   VERSION
k8s-master   Ready    control-plane   16h   v1.28.2
k8s-node1    Ready    <none>          16h   v1.28.2
k8s-node2    Ready    <none>          16h   v1.28.2
[root@k8s-master ~]# kubectl run nginx0 --image=nginx:latest              //添加一个新的nginxpod
pod/nginx0 created
[root@k8s-master ~]# kubectl get po -Aowide | grep nginx                       //挺慢的,多等会
default       nginx0                                     1/1     Running   0             14s   172.16.169.131   k8s-node2    <none>           <none>
[root@k8s-master ~]# curl 172.16.169.131                          //访问一下
[root@k8s-master ~]# kubectl delete pod nginx0               //删除该pod

6.Metrics 部署

在新版的 Kubernetes 中系统资源的采集均使⽤ Metrics-server,可以通过 Metrics 采集节点和 Pod 的内存、磁盘、CPU和⽹络的使⽤率。

(1)复制证书到所有 node 节点

[root@k8s-master ~]# scp /etc/kubernetes/pki/front-proxy-ca.crt k8s-node2:/etc/kubernetes/pki/
[root@k8s-master ~]# scp /etc/kubernetes/pki/front-proxy-ca.crt k8s-node1:/etc/kubernetes/pki/

(2)安装 metrics server

[root@k8s-master ~]# mkdir pods                            //创建pod目录,方便管理
[root@k8s-master ~]# cd k8s-ha-install/kubeadm-metrics-server/
[root@k8s-master kubeadm-metrics-server]# ls
comp.yaml
[root@k8s-master kubeadm-metrics-server]# cp comp.yaml /root/pods/components.yaml
[root@k8s-master kubeadm-metrics-server]# cd
[root@k8s-master ~]# cd pods/
[root@k8s-master pods]# ls
components.yaml
[root@k8s-master pods]# cat components.yaml | wc -l                //有202行
202
[root@k8s-master pods]# kubectl create -f components.yaml                  //使用这个yaml文件添加metric server的pod资源
[root@k8s-master pods]# kubectl get po -Aowide | grep metrics            //查看
kube-system   metrics-server-79776b6d54-vxjlp            1/1     Running   0             98s   172.16.169.132   k8s-node2    <none>           <none>

(3)查看 metrics server 状态

[root@k8s-master pods]# kubectl get po -n kube-system -l k8s-app=metrics-server                 //在kube-system命名空间下查看metrics server的pod运⾏状态
NAME                              READY   STATUS    RESTARTS   AGE
metrics-server-79776b6d54-vxjlp   1/1     Running   0          25m

[root@k8s-master pods]# kubectl top nodes                     //查看node节点的系统资源使⽤情况
NAME         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
k8s-master   152m         7%     1126Mi          30%       
k8s-node1    62m          3%     453Mi           56%       
k8s-node2    53m          2%     447Mi           55%   
[root@k8s-master pods]# kubectl top pods -A                //查看各个pod的资源占用率
NAMESPACE     NAME                                       CPU(cores)   MEMORY(bytes)   
default       nginx0                                     0m           2Mi             
kube-system   calico-kube-controllers-6d48795585-ctctq   1m           21Mi            
kube-system   calico-node-4pxdg                          33m          91Mi            
kube-system   calico-node-8jdkf                          22m          120Mi           
kube-system   calico-node-b5jjz                          26m          101Mi           
kube-system   coredns-6554b8b87f-6q7kh                   2m           14Mi            
kube-system   coredns-6554b8b87f-b5c6f                   3m           15Mi            
kube-system   etcd-k8s-master                            23m          76Mi            
kube-system   kube-apiserver-k8s-master                  68m          266Mi           
kube-system   kube-controller-manager-k8s-master         20m          53Mi            
kube-system   kube-proxy-89nmv                           1m           20Mi            
kube-system   kube-proxy-fb7bb                           1m           30Mi            
kube-system   kube-proxy-mgz7v                           1m           39Mi            
kube-system   kube-scheduler-k8s-master                  3m           21Mi            
kube-system   metrics-server-79776b6d54-vxjlp            4m           16Mi 


7. Dashboard部署

Dashboard ⽤于展示集群中的各类资源,同时也可以通过Dashboard 实时查看 Pod 的⽇志和在容器中执⾏⼀些命令等。

(1)安装组件

[root@k8s-master ~]# cd k8s-ha-install/dashboard/
[root@k8s-master dashboard]# ls
dashboard-user.yaml  dashboard.yaml
[root@k8s-master dashboard]# kubectl create -f .                      //建⽴dashboard的pod资源

(2)查看节点(等他全部running)

[root@k8s-master dashboard]# kubectl get po -Aowide|grep dashboard
kubernetes-dashboard   dashboard-metrics-scraper-7b554c884f-xhwjc   1/1     Running   0              117s   172.16.36.68     k8s-node1    <none>           <none>
kubernetes-dashboard   kubernetes-dashboard-54b699784c-tcv7x        1/1     Running   0              117s   172.16.169.133   k8s-node2    <none>           <none>

(3)更改 svc 模式

[root@k8s-master dashboard]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard    //kubectl edit svc 服务名称 -n 命名空间


(4)查看访问端⼝号

[root@k8s-master dashboard]# kubectl get svc kubernetes-dashboard -n kubernetes-dashboard    //获取kubernetes-dashboard状态信息,包含端⼝,服务IP等
NAME                   TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.96.55.69   <none>        443:30422/TCP   8m54s
找到端⼝号后,通过 master 的 IP+端⼝即可访问 dashboard(端⼝)为终端查询到的端⼝,要⽤ https 协议访问)

(5)浏览器登录 dashboard


(6)创建登录 token

[root@k8s-master dashboard]# kubectl create token admin-user -n kube-system
eyJhbGciOiJSUzI1NiIsImtpZCI6IkhDS3ZqbHIyRHRyQUdZVm05R1lTT2NRR0pRMml4ZDNucHJlU1JscHFLc0EifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzI2MTE1NDQzLCJpYXQiOjE3MjYxMTE4NDMsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiMDQ2ZjgxMTctNDZjMy00OWNmLTkwNWMtMTQ2MTZiNGE1YzFiIn19LCJuYmYiOjE3MjYxMTE4NDMsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbi11c2VyIn0.2CznRFPgfiHsQd6CgfqR3qJcsE_3lgeZ1HvNC64JcEw5WMoRwTjO3OlF4an8__dE9kGbtq8bUxUuvvVV9mw0VQz2PTXw3shdjByRo-q2g00_9Qk_tZiRuMQJ_xSujICbHpLKK6ODxmis7PByvNRLtgFm1uqIY6WIhxBOkK5kzBezDRSDeOGYEU2bpoGJfk4nLHvlbYjqmoCi27_jcBLT3PQiLjLaThkvfxvxiT32jb7kWmx4FdWG_V3k28iKxgLwqBu2ZMZW6qRN-KaY2_u91guJY3YvsYNLr_Mp-rOnoS3_26eQJyJkwRcWCmBiMFuQeCDIUWqCVsQCzGEcIc2L2Q

在“输⼊ token *”内输⼊终端⽣成的 token


8. Kube-proxy

(1)改为 ipvs模式

[root@k8s-master ~]# kubectl edit cm kube-proxy -n kube-system

(2)更新 Kube-Proxy 的 Pod

[root@k8s-master ~]# kubectl patch daemonset kube-proxy -p "{\"spec\":{\"template\":{\"metadata\": {\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}" -n kube-system
daemonset.apps/kube-proxy patched

(3)访问测试:

[root@master ~]# curl 127.0.0.1:10249/proxyMode
ipvs

五、集群可⽤性验证

1. 验证节点

[root@k8s-master ~]# kubectl get node                         //全部ready表示正常

2. 验证 Pod

[root@k8s-master ~]# kubectl get po -A                       //全部running表示正常

3. 验证集群⽹段是否冲突

三⽅⽹段均不冲突(service、Pod、宿主机)

[root@k8s-master ~]# kubectl get svc                                    //查看服务的⽹段
[root@k8s-master ~]# kubectl get po -A -owide  //查看所有命名空间下的所有⽹段,再与服务的⽹段进⾏⽐较

4. 验证是否可正常创建参数

[root@k8s-master ~]# kubectl create deploy cluster-test --image=registry.cn-beijing.aliyuncs.com/dotbalo/debug-tools -- sleep 3600            //这个pod可以用来测试,里面装了许多工具
deployment.apps/cluster-test created
[root@k8s-master ~]# kubectl get po -A|grep cluster-test
default                cluster-test-66bb44bd88-khb8j                1/1     Running   0               2m51s

5. Pod 必须能够解析 Service

(1)nslookup kubernetes

[root@k8s-master ~]# kubectl exec -it cluster-test-66bb44bd88-khb8j -- bash       //进⼊pod下的这个容器
(06:54 cluster-test-66bb44bd88-khb8j:/) nslookup kubernetes
Server:        10.96.0.10
Address:    10.96.0.10#53

Name:    kubernetes.default.svc.cluster.local
Address: 10.96.0.1

(2)nslookup kube-dns.kube-system

(06:55 cluster-test-66bb44bd88-khb8j:/) nslookup kube-dns.kube-system
Server:        10.96.0.10
Address:    10.96.0.10#53

Name:    kube-dns.kube-system.svc.cluster.local
Address: 10.96.0.10

(06:58 cluster-test-66bb44bd88-khb8j:/) exit
exit

6. 确认是否可访问 Kubernetes 的 443端口 和 kube-dns 的53端口

每个节点都必须能访问 Kubernetes 的 kubernetes svc 443 和kube-dns 的 service 53

[root@k8s-master ~]# curl -k https://10.96.0.1:443
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {},
  "code": 403
}[root@k8s-master ~]# curl 10.96.0.10:53
curl: (52) Empty reply from server

7. 确认各 Pod 之间是否可正常通信

[root@k8s-master ~]# kubectl get po -Aowide                        //查看个pod IP地址
ping一下pod IP地址
 

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值