A-8-路上的坎坷注
部署k8s的时候kube-flannel.yml下载不下来解决
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml- 1
wget kube-flannel.yml的时候显示连接失败
是因为网站被墙了,建议在/etc/hosts文件添加一条
199.232.68.133 raw.githubusercontent.com
就可以正常下载了。
下载完成后创建并查看
kubectl create -f kube-flannel.yml
kubectl get pod -n kube-system
- 1
- 2
启动失败
检查之前命令没有问题后,查看连接的kube-flannel.yml
vim kube-flannel.yml
- 1
发现里面有
quay.io/coreos/flannel:v0.11.0-arm64
这种镜像,访问不到quay.io,被墙了。
拷贝kube-flannel.yml内容到本地文件。
然后替换了所有quay.io为quay-mirror.qiniu.com
再
kubectl apply -f kube-flannel.yml
- 1
然后我发现quay-mirror.qiniu.com也进不去,只好手动下载
flanneld-v0.12.0-amd64.docker
下载成功后
docker load < flanneld-v0.12.0-amd64.docker
- 1
即可
然后再次
kubectl apply -f kube-flannel.yml
- 1
启动成功
部署Rancher命令启动报错
docker run -d --restart=unless-stopped -p 8882:80 -p 8443:443 --name rancher rancher/rancher
- 1
查看状态
docker ps #发现rancher容器状态一直都是restarting 无法使用
- 1
查看Rancher容器日志发现问题
docker logs -f rancher
- 1
rancher must be ran with the --privileged flag when running outside of kubernetes 大概意思就是要在k8s外运行rancher 需要特权(英语不好就这么翻译吧)。重点就是 --privileged 其实已经很明显告我了,刚接触docker 的确部署,查了半天,网上还没有相关报错。
其实就是启动命令改下
解决问题
sudo docker run --privileged -d --restart=unless-stopped -p 8882:80 -p 8444:443 rancher/rancher
- 1
- 2
privileged 的作用其实就是启动的 container内的root拥有真正的root权限!!!
安装rancher以及使用rancher倒入kubernetes集群和添加及管理集群
1.docker安装rancher
[root@rancher ~]# docker run -d --name rancher --restart=unless-stopped -p 80:80 -p 443:443 -v /opt/rancher:/var/lib/rancher rancher/rancher:v2.2.4 Unable to find image 'rancher/rancher:v2.2.4' locally Trying to pull repository docker.io/rancher/rancher ... v2.0.0: Pulling from docker.io/rancher/rancher 68393378db12: Pull complete 9e3366501e0e: Pull complete 156ec05da9a5: Pull complete 281cba1133d9: Pull complete 0acdc2cc8ed1: Pull complete a8cef3d8a877: Pull complete 3e968117f1c2: Pull complete cf62fef10dfd: Pull complete 098edd097869: Pull complete 77a837c0bf2d: Pull complete Digest: sha256:38839bb19bdcac084a413a4edce7efb97ab99b6d896bda2f433dfacfd27f8770 Status: Downloaded newer image for docker.io/rancher/rancher:v2.0.0 215f26faeda5d32f18a25c23cfac4c2ea4d99643f0499163bdc0e06e3ca96336 [root@rancher ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 215f26faeda5 rancher/rancher:v2.2.4 "rancher --http-li..." 9 seconds ago Up 8 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp rancher
2.倒入集群
浏览器访问本机的ip,然后设置密码登陆上去,点击add cluster,选择import倒入现有集群
复制上面的其中一个到现有集群的master节点去执行
这里我们单独下载来执行
[root@master rancher]# wget --no-check-certificate https://10.0.1.186/v3/import/8xhq4r95ptgghqbwx2sgf8t8vlvt5sg6wcqmvspwmn72dh4r7mp9lg.yaml
--2019-06-19 23:35:56-- https://10.0.1.186/v3/import/8xhq4r95ptgghqbwx2sgf8t8vlvt5sg6wcqmvspwmn72dh4r7mp9lg.yaml
Connecting to 10.0.1.186:443... connected.
WARNING: cannot verify 10.0.1.186's certificate, issued by ‘/O=the-ranch/CN=cattle-ca’:
Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/plain]
Saving to: ‘8xhq4r95ptgghqbwx2sgf8t8vlvt5sg6wcqmvspwmn72dh4r7mp9lg.yaml’
[ <=> ] 3,426 --.-K/s in 0s
2019-06-19 23:35:56 (56.1 MB/s) - ‘8xhq4r95ptgghqbwx2sgf8t8vlvt5sg6wcqmvspwmn72dh4r7mp9lg.yaml’ saved [3426]
[root@master rancher]# mv 8xhq4r95ptgghqbwx2sgf8t8vlvt5sg6wcqmvspwmn72dh4r7mp9lg.yaml rancher-import.yaml
[root@master rancher]# kubectl apply -f rancher-import.yaml
namespace/cattle-system created
serviceaccount/cattle created
clusterrolebinding.rbac.authorization.k8s.io/cattle created
secret/cattle-credentials-db8ed0c created
deployment.extensions/cattle-cluster-agent created
daemonset.extensions/cattle-node-agent created
[root@master rancher]# kubectl get pod -n cattle-system
NAME READY STATUS RESTARTS AGE
cattle-cluster-agent-5b98f69764-cmhwt 0/1 ContainerCreating 0 2m14s
cattle-node-agent-4gxlt 0/1 ContainerCreating 0 2m14s
cattle-node-agent-l2zmg 0/1 ContainerCreating 0 2m14s
等待一段时间,镜像下载完毕
[root@master rancher]# kubectl get pod -n cattle-system -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES cattle-cluster-agent-5b98f69764-cmhwt 1/1 Running 0 18m 10.244.2.41 node01 <none> <none> cattle-node-agent-4gxlt 1/1 Running 0 18m 10.0.1.229 node01 <none> <none> cattle-node-agent-l2zmg 1/1 Running 0 18m 10.0.1.7 node02 <none> <none>
回到浏览器发现集群已经倒入,集群能正常使用,但是还有报以下错误,有待研究
Exit status 1, W0619 16:36:49.951709 16814 factory_object_mapping.go:423] Failed to download OpenAPI (the server could not find the requested resource), falling back to swagger error: error validating "management-state/tmp/yaml-787242553": error validating data: the server could not find the requested resource; if you choose to ignore these errors, turn validation off with --validate=false
http: server gave HTTP response to HTTPS client & Get https://192.168.2.119/v2/: dial tcp 192.168.2.119:443: getsockopt: connection refused
http: server gave HTTP response to HTTPS client
出现这问题的原因是:Docker自从1.3.X之后docker registry交互默认使用的是HTTPS,但是搭建私有镜像默认使用的是HTTP服务,所以与私有镜像交时出现以上错误。
这个报错是在本地上传私有镜像的时候遇到的报错:
解决办法是:在docker server启动的时候,增加启动参数,默认使用HTTP访问:
vim /usr/lib/systemd/system/docker.service
在12行后面增加 --insecure-registry ip:5000
修改好后重启docker 服务
systemctl daemon-reload
systemctl restart docker
重启docker服务后,将容器重启
docker start $(docker ps -aq)
如果上述方法还是不能解决,还可以通过以下办法解决:
1.vim /etc/docker/daemon.json 增加一个daemon.json文件
{ "insecure-registries":["192.168.1.100:5000"] }
保存退出
2.重启docker服务
systemctl daemon-reload
systemctl restart docker
3.重启容器
4.上传镜像
docker push 。。。。
第二个问题是:Get https://192.168.2.119/v2/: dial tcp 192.168.2.119:443: getsockopt: connection refused
原因:没有指定镜像要上传的地址,站点。默认的是docker.io
解决方法:docker tag <imagesname> <ip:port/image>
docker push ip:port/image
pod报错"Back-off restarting failed container"解决办法
现象:
command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
