k8s集群安装-pod创建

后续所有安装都基于上一篇文章的1个master和3个node的基础。

yaml文件:区分大小写、使用空格而不是tab、键值之间有空格

  • apiVersion: #api版本
  • kind: #资源类型,pod、service、deployment等
  • matedata: #属性
  • spec: #详细信息

 

创建一个nginx的yaml文件

[root@master ~ ]# mkdir -p k8s/pod
[root@master ~ ]# cd k8s/pod
[root@master pod ]# vi nginx_pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: web
spec:
  containers:
    - name: nginx
      image: nginx:1.13
      ports:
        - containerPort: 80

 

基于yaml文件创建pod,命令为kubectl create -f yaml文件

[root@master pod]# kubectl create -f nginx_pod.yaml 
Error from server (ServerTimeout): error when creating "nginx_pod.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account

但是会报错,根据报错需要修改master的apiserver配置文件,删除ServiceAccount,修改后重新创建pod

[root@master pod ]# vi /etc/kubernetes/apiserver  #删除ServiceAccount 
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
[root@master pod ]# systemctl restart kube-apiserver
[root@master pod]# kubectl create -f nginx_pod.yaml 
pod "nginx" created

 

但是查看这个pod的状态一直是ContainerCreating,此时需要查看日志

[root@master pod]# kubectl get pods
NAME      READY     STATUS              RESTARTS   AGE
nginx     0/1       ContainerCreating   0          2m

 

通过kubectl describe pod nginx查看日志,显示该pod调度到node2上,并且在pull镜像pod-infrastructure:latest的时候报错,在node2上手动pull也显示没有该镜像

[root@master pod]# kubectl describe pod nginx
Name:           nginx
Namespace:      default
Node:           node2/192.168.85.32
Start Time:     Sun, 30 Aug 2020 10:50:45 +0800
Labels:         app=web
Status:         Pending
IP:
Controllers:    <none>
Containers:
  nginx:
    Container ID:
    Image:                      nginx:1.13
    Image ID:
    Port:                       80/TCP
    State:                      Waiting
      Reason:                   ContainerCreating
    Ready:                      False
    Restart Count:              0
    Volume Mounts:              <none>
    Environment Variables:      <none>
Conditions:
  Type          Status
  Initialized   True 
  Ready         False 
  PodScheduled  True 
No volumes.
QoS Class:      BestEffort
Tolerations:    <none>
Events:
  FirstSeen     LastSeen        Count   From                    SubObjectPath   Type            Reason      Message
  ---------     --------        -----   ----                    -------------   --------        ------      -------
  3m            3m              1       {default-scheduler }                    Normal          Scheduled   Successfully assigned nginx to node2
  3m            1m              4       {kubelet node2}                         Warning         FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

  2m    7s      10      {kubelet node2}         Warning FailedSync      Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""
[root@node2 ~]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ... 
open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
View Code

 

查看node2上的kubelet配置文件,/etc/kubernetes/kubelet

# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
#修改为通过docker search pod-infrastructure查找到的镜像路径
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/tianyebj/pod-infrastructure:latest"

再重启node2的kubelet服务,在master上再次通过describe查看日志,pod-infrastructure:latest镜像的下载地址已经变为kubelet配置文件修改后的路径,但是还是timeout,因为镜像是在国外,下载会比较耗时。

 

配置镜像加速,修改docker配置文件/etc/sysconfig/docker,将原OPTIONS修改为如下,ip为master地址

OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=192.168.85.30:5000'

重启docker,可在/var/lib/docker/tmp镜像包临时存放目录查看下载进度,但是镜像包下载特别慢,建议将已经下载好的镜像包上传并通过load导入。

通过这种情况创建的pod,如果kubectl delete pod nginx,再kubectl apply -f nginx_pod.yaml创建pod时,就可能调度到node1,此时node1会再需要经过一遍node2修改kubelet配置文件、加速镜像并且镜像下载异常慢的过程。因此通常建议配置私有镜像仓库harbor,将基础镜像上传到harbor上,后续都通过内网到harbor上下载所需镜像。

 

为了节省资源,此处使用官方的registry仓库。

[root@master pod]# docker search registry
INDEX       NAME                                           DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
docker.io   docker.io/registry                             The Docker Registry 2.0 implementation for...   3064      [OK]       
docker.io   docker.io/distribution/registry                WARNING: NOT the registry official image!!...   57                   [OK]
docker.io   docker.io/stefanscherer/registry-windows       Containerized docker registry for Windows ...   32                   
docker.io   docker.io/budry/registry-arm                   Docker registry build for Raspberry PI 2 a...   18                   
docker.io   docker.io/deis/registry                        Docker image registry for the Deis open so...   12                   
docker.io   docker.io/jc21/registry-ui                     A nice web interface for managing your Doc...   12                   
……
[root@master pod]# docker pull docker.io/registry    #下载官方registry
[root@master pod]# docker images
REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
docker.io/busybox    latest              018c9d7b792b        4 weeks ago         1.22 MB
docker.io/registry   latest              2d4f4b5309b1        2 months ago        26.2 MB
[root@master pod]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry   #创建私有仓库
daf346fb2c98d11f8ac261d8568339723a6f5f7df40df907cbc07b5fe2166759
[root@master pod]# docker ps   #
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
daf346fb2c98        registry            "/entrypoint.sh /e..."   8 seconds ago       Up 6 seconds        0.0.0.0:5000->5000/tcp   registry

 

修改docker配置文件/etc/sysconfig/docker

OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=192.168.85.30:5000'   #ip为master

修改kubelet配置文件/etc/kubernetes/kubelet

# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=192.168.85.30:5000/pod-infrastructure:latest"

重启docker和kubelet服务,然后将已经下载好的镜像push到私有仓库192.168.85.30:5000/上。

 

pod常用操作

创建pod:kubectl create -f yaml

更新pod:kubectl apply -f yaml

查看pod:kubectl get pods [-n namespace]

删除pod:kubectl delete pod podname [--force [--grace-period=0]]

查看pod创建:kubectl describe pod podname

 

 

容器常用操作

查看运行的容器:docker ps

查看指定的容器:docker inspect dockername

 

posted @ 2020-08-30 10:04  Forever77  阅读(517)  评论(0编辑  收藏  举报