环境说明
系统版本CentOS-7.4
主机:VMware Workstation 64位虚拟机
网络:桥接
环境准备
1、关闭CentOS自带防火墙:
systemctl disable firewalld
systemctl stop firewalld
2、安装 etcd 和 kubernetes 软件(会自动安装docker软件):
yum -y install etcd kubernetes
3、安装好软件后,修改两个配置文件:
vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled=false --insecure-registry gcr.io'
vim /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
4、启动所有服务
[root@localhost ~]# systemctl start etcd
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl start kube-apiserver
[root@localhost ~]# systemctl start kube-controller-manager
[root@localhost ~]# systemctl start kube-scheduler
[root@localhost ~]# systemctl start kubelet
[root@localhost ~]# systemctl start kube-proxy
systemctl start etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy
至此一个单机版kubernetes集群就安装启动完成了。
启动 MySQL 服务:
首先我们为MySQL服务创建一个RC定义文件: mysql-rc.yaml :
apiVersion: v1
kind: ReplicationController #副本控制器RC
metadata:
name: mysql #RC的名称,全局唯一
spec:
replicas: 1 #Pod副本的期待数量
selector:
app: mysql #符合目标的Pod拥有此标签
template: #根据此模板创建Pod的副本(实例)
metadata:
labels:
app: mysql #Pod副本拥有的标签,对应RC的Selector
spec:
containers: #Pod内容器的定义部分
- name: mysql #容器的名称
image: mysql #容器对应的Docker image
ports:
- containerPort: 3306 #容器应用监听的端口号
env: #注入容器内的环境变量
- name: MYSQL_ROOT_PASSWORD
value: "123456"
创建好定义文件后,我们将其发布到 kubernetes 中:
] kubectl create -f mysql-rc.yaml
replicationcontroller "mysql" created
接下来我们用 kubectl 查看 rc 以及 pod:
] kubectl get rc
NAME DESIRED CURRENT READY AGE
mysql 1 1 1 7m
] kubectl get pod
NAME READY STATUS RESTARTS AGE
mysql-gdmfr 0/1 ContainerCreating 0 7m
kubernetes 根据 RC 定义文件会自行调度和创建 pod ,之后 pod 状态会由 ContainerCreating 最终更新为 Running 。
卡在 ContainerCreating 的解决办法:
如果 pod 状态一直卡在 ContainerCreating ,我们需要考虑创建过程中可能出现了问题:
] kubectl describe pod mysql-gdmfr
Name: mysql-gdmfr
Namespace: default
Node: 127.0.0.1/127.0.0.1
Start Time: Mon, 14 Jan 2019 22:03:11 +0800
Labels: app=mysql
Status: Pending
IP:
Controllers: ReplicationController/mysql
Containers:
mysql:
Container ID:
Image: mysql
Image ID:
Port: 3306/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Volume Mounts: <none>
Environment Variables:
MYSQL_ROOT_PASSWORD: qweqwe
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
16s 16s 1 {default-scheduler } Normal Scheduled Successfully assigned mysql-39561 to 127.0.0.1
16s 1s 2 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
在上面的排查过程中发现 pod 创建过程中拉取镜像出错:
open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
查看一下这个文件,是一个软连接,文件实际位置为 /etc/rhsm/ca/redhat-uep.pem ,但是并没有这个文件。
解决方法:
yum -y install *rhsm*
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
重建 RC :
] kubectl delete -f mysql-rc.yaml
] kubectl create -f mysql-rc.yaml
再次查看 pod 状态:
] kubectl get pod
NAME READY STATUS RESTARTS AGE
mysql-gdmfr 1/1 Running 0 13m
恢复正常。
最后,创建一个与之关联的 service 定义文件,mysql-svc.yaml :
apiVersion: v1
kind: Service #表明是K8s Service
metadata:
name: mysql #Service的全局唯一名称
spec:
ports:
- port: 3306 #Service提供服务的端口号
selector: #Service对应的Pod拥有这里定义的标签
app: mysql
然后以相同的方式启动 service 服务:
] kubectl create -f mysql-svc.yaml
] kubectl get svc
为了方便外网访问,接下来我们采用同样的步骤完成 tomcat 的启动过程:
启动tomcat服务
创建RC定义文件 myweb-rc.yaml:
apiVersion: v1
kind: ReplicationController
metadata:
name: myweb
spec:
replicas: 3 #Pod副本期待数量为5
selector:
app: myweb
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: kubeguide/tomcat-app:v1
ports:
- containerPort: 8080
env:
- name: MYSQL_SERVICE_HOST
value: "mysql"
- name: MYSQL_SERVICE_PORT
value: "3306"
启动 RC:
] kubectl create -f myweb-rc.yaml
] kubectl get rc myweb
创建 service 定义文件 myweb-svc.yaml:
apiVersion: v1
kind: Service
metadata:
name: myweb
spec:
type: NodePort
ports:
- port: 8080
nodePort: 31111
selector:
app: myweb
启动 service:
] kubectl create -f myweb-svc.yaml
] kubectl get svc myweb
使用浏览器访问宿主机 ip:31111/demo/
外网无法访问问题:
首先在主机上使用curl测试
curl localhost:31111
curl 127.0.0.1:31111
如何不能访问,则说明服务不正常;如果localhost无法访问,但127.0.0.1能够访问,可能是由于ipv6地址的问题,修改/etc/hosts文件将ipv6的转发关闭掉。
如果本机能够访问但是外网访问不到,使用以下命令:
iptables -P FORWARD ACCEPT
问题解决。