使用kubeadm搭建K8S
准备工作:3个 centos7 虚拟机
1.网络互通 关闭防火墙 更改主机名等等准备工作
更改hostname vi /etc/hostname master node1 node2 修改主机hosts vi /etc/hosts 192.168.78.134 master 192.168.78.136 node1 192.168.78.137 node2 关闭防火墙等 systemctl stop firewalld && systemctl disable firewalld 重置iptables iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT 关闭交换 swapoff -a 永久关闭 vi /etc/fstab 注释关于swap的那一行 关闭selinux setenforce 0 vi /etc/sysconfig/selinux 将里面的SELINUX配置为disabled SELINUX=disabled 同步时间 安装ntpdate yum install ntpdate -y 添加定时任务 crontab -e 插入内容: 0-59/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP 先手动同步一次 ntpdate us.pool.ntp.org
2.安装docker(我用的是20.10.12版本)
安装docker 卸载现有版本 yum remove -y docker* container-selinux 删除容器镜像: sudo rm -rf /var/lib/docker 安装依赖包 sudo yum install -y yum-utils device-mapper-persistent-data lvm2 设置阿里云镜像源 sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 安装 Docker-CE sudo yum install docker-ce 开机自启 sudo systemctl enable docker 启动docker服务 sudo systemctl start docker
3.免密登录
免密登录 [root@master ~]# ssh-keygen -t rsa //生成密钥, 连续回车 复制密钥到其他主机 ssh-copy-id node1 ssh-copy-id node2 scp /etc/hosts node1:/etc scp /etc/hosts node2:/etc
4.编辑kubernetes.conf文件
$ cat <<EOF > /etc/sysctl.d/kubernetes.conf vm.swappiness=0 vm.overcommit_memory = 1 vm.panic_on_oom=0 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 fs.inotify.max_user_watches=89100 EOF #生效配置文件 $ sysctl -p /etc/sysctl.d/kubernetes.conf
把路由转发和iptables桥接复制到其他主机
[root@master ~]# scp /etc/sysctl.d/kubernetes.conf node1:/etc/sysctl.d/
[root@master ~]# scp /etc/sysctl.d/kubernetes.conf node2:/etc/sysctl.d/
[root@master ~]# scp /etc/sysctl.conf node2:/etc/
[root@master ~]# scp /etc/sysctl.conf node1:/etc/
记得node01和node02也要执行以下命令
[root@master ~]# sysctl -p /etc/sysctl.d/kubernetes.conf
[root@master ~]# sysctl -p
5.指定yum安装kubernetes的yum源
指定yum安装kubernetes的yum源(三台都要执行) cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF [root@master ~]# yum repolist [root@master ~]# yum makecache fast 各节点安装所需安装包 master执行 [root@master ~]# yum -y install kubeadm-1.15.0-0 kubelet-1.15.0-0 kubectl-1.15.0-0 node执行 [root@node01 ~]# yum -y install kubeadm-1.15.0-0 kubelet-1.15.0-0 三台主机自启 systemctl enable kubelet
所有机器
mkdir -p /home/glory/working
cd /home/glory/working/
6.生成kubeadm.conf 配置文件(.重要的环节)
kubeadm config print init-defaults ClusterConfiguration > kubeadm.conf 修改配置文件 imageRepository kubernetesVersion vi kubeadm.conf 修改 imageRepository: k8s.gcr.io 改为 registry.cn-hangzhou.aliyuncs.com/google_containers imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers 修改kubernetes版本kubernetesVersion: v1.13.0 改为kubernetesVersion: v1.15.0 kubernetesVersion: v1.15.0 修改 kubeadm.conf 中的API服务器地址,后面会频繁使用这个 地址。 就是后面serverapi的地址 localAPIEndpoint: localAPIEndpoint: advertiseAddress: 192.168.0.100 bindPort: 6443 注意: 192.168.0.100 是master主机的ip地址 配置子网网络 networking: dnsDomain: cluster.local podSubnet: 10.244.0.0/16 serviceSubnet: 10.96.0.0/12 scheduler: {} 这里的 10.244.0.0/16 和 10.96.0.0/12 分别是k8s内部pods和services的子网网络,最好使用这个地址,后续flannel网络需要用到。 可能没有pod,就添加一行yaml文件格式要求很严格,空格别少了或者多了。 查看一下都需要哪些镜像文件需要拉取 kubeadm config images list --config kubeadm.conf $ kubeadm config images list --config kubeadm.conf registry.cn-beijing.aliyuncs.com/imcto/kube- apiserver:v1.15.0 registry.cn-beijing.aliyuncs.com/imcto/kube- controller-manager:v1.13.1 registry.cn-beijing.aliyuncs.com/imcto/kube- scheduler:v1.13.1 registry.cn-beijing.aliyuncs.com/imcto/kube- proxy:v1.13.1 registry.cn-beijing.aliyuncs.com/imcto/pause:3.1 registry.cn-beijing.aliyuncs.com/imcto/etcd:3.2.24 registry.cn-beijing.aliyuncs.com/imcto/coredns:1.2.6
7.拉取镜像初始化并且启动
拉取镜像 kubeadm config images pull --config ./kubeadm.conf
初始化并且启动(从这往下都是在主节点master 上执行的 ,先配置好主节点 ,子节点之后 再加入)
若报错根据报错信息对应修改 [error]比如什么cpu个数,swap未关闭,bridge-nf-call-iptables 这个参数,需要设置为 1: 改好重新执行 #iptable设置为一的方法 echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables modprobe br_netfilter
成功后记下最后的token,这个很重要,很重要,很重要。要复制出来。
k8s启动成功输出内容较多,但是记住末尾的内容
末尾token命令复制出来,这种样子的
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.78.134:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:cc4d47976f8ed28a7669399ca8d11b015bd6e26ff200c69dd6acdc11bab7c3cd
按照官方提示:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
启动kubelet 设置为开机⾃自启动
$ sudo systemctl enable kubelet
启动k8s服务程序
$ sudo systemctl start kubelet
查看节点信息
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady master 12m v1.13.1
$ kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
8.安装kube-flanne网络通讯插件,并加入子节点
cd /home/glory/working wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml 下载不了 直接自己创建 vi kube-flannel.txt mv kube-flannel.txt kube-flannel.yml
配一份我下载好的文件
--- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default spec: privileged: false volumes: - configMap - secret - emptyDir - hostPath allowedHostPaths: - pathPrefix: "/etc/cni/net.d" - pathPrefix: "/etc/kube-flannel" - pathPrefix: "/run/flannel" readOnlyRootFilesystem: false # Users and groups runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny # Privilege Escalation allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false # Capabilities allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] defaultAddCapabilities: [] requiredDropCapabilities: [] # Host namespaces hostPID: false hostIPC: false hostNetwork: true hostPorts: - min: 0 max: 65535 # SELinux seLinux: # SELinux is unused in CaaSP rule: 'RunAsAny' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged'] - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni-plugin image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0 command: - cp args: - -f - /flannel - /opt/cni/bin/flannel volumeMounts: - name: cni-plugin mountPath: /opt/cni/bin - name: install-cni image: rancher/mirrored-flannelcni-flannel:v0.16.1 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: rancher/mirrored-flannelcni-flannel:v0.16.1 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni-plugin hostPath: path: /opt/cni/bin - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg
docker pull registry.cn-hangzhou.aliyuncs.com/mygcrio/flannel:v0.11.0-amd64 docker tag registry.cn-hangzhou.aliyuncs.com/mygcrio/flannel:v0.11.0-amd64 quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
kubectl apply -f kube-flannel.yml 过程比较久需要下镜像 等等就好
notready变为ready就好了
root@master01:/home/itcast/working# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master1 Ready master 6m58s v1.13.1
此时主节点配置完成 开始加入子节点
sudo systemctl enable kubelet
sudo systemctl start kubelet
#将admin.conf传递给node1
sudo scp /etc/kubernetes/admin.conf root@192.168.78.136:/home/glory/
#将admin.conf传递给node2
sudo scp /etc/kubernetes/admin.conf root@192.168.78.137:/home/glory/
mkdir -p $HOME/.kube
sudo cp -i admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
之前主节点初始化成功后的拷贝信息,两个节点都要执行
kubeadm join 192.168.78.134:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:cc4d47976f8ed28a7669399ca8d11b015bd6e26ff200c69dd6acdc11bab7c3cd
sudo scp kube-flannel.yml root@192.168.78.136:/home/glory/
将kube-flannel.yml传递给node2
sudo scp kube-flannel.yml root@192.168.78.137:/home/glory/
分别启动 flannel ⽹网络
root@node1:~$ kubectl apply -f kube-flannel.yml
root@node2:~$ kubectl apply -f kube-flannel.yml
这里需要等一段时间去下载资源
直到三个节点都是Ready 至此 集群搭建结束
kubectl get pods --all-namespaces -o wide (查看当前下载状况)
kubectl get pods -n kube-system (查看当前节点pod状态)
kubectl get nodes (获取所有节点信息)
删除一个指定的pod 之后会自动重新创建一个
kubectl delete pods kube-flannel-ds-sqcl8 -n kube-system
9.演示使用
创建一个deployment 控制器使用nginx web服务 kubectl create deployment nginx --image=nginx 创建一个service 暴漏应用 让web访问 kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pods,svc 查看端口详细信息
kubectl get pods,svc -o wide 查看详细信息
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/nginx-554b9c67f9-98n27 1/1 Running 0 9m57s 10.244.1.2 node1 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 16h <none>
service/nginx NodePort 10.111.66.112 <none> 80:30848/TCP 47s app=nginx
NodePort 类型 直接nodeip 加端口就可以访问
都可以访问成功
10.部署dashboard
部署dashboard wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml 修改配置文件 一个是 Deployment 镜像地址 一个是Service 节点类型
# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ------------------- Dashboard Secret ------------------- # apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- # ------------------- Dashboard Service Account ------------------- # apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Role & Role Binding ------------------- # kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: lizhenliang/kubernetes-dashboard-amd64:v1.10.1 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- # ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
拉取镜像
docker pull lizhenliang/kubernetes-dashboard-amd64:v1.10.1
kubectl apply -f kubernetes-dashboard.yaml
执行结果如下:
kubectl get pods -n kube-system
默认放在kube-system 空间下
[root@master working]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6967fb4995-qw8tl 1/1 Running 0 18h
coredns-6967fb4995-sk2b9 1/1 Running 0 18h
etcd-master 1/1 Running 0 18h
kube-apiserver-master 1/1 Running 0 18h
kube-controller-manager-master 1/1 Running 0 18h
kube-flannel-ds-8vvbz 1/1 Running 0 170m
kube-flannel-ds-sqcl8 1/1 Running 0 152m
kube-flannel-ds-stl89 1/1 Running 0 152m
kube-proxy-ddctw 1/1 Running 0 18h
kube-proxy-mp76x 1/1 Running 0 152m
kube-proxy-w9ljh 1/1 Running 0 152m
kube-scheduler-master 1/1 Running 0 18h
kubernetes-dashboard-79ddd5-27jzh 0/1 ImagePullBackOff 0 50s
[root@master working]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/coredns-6967fb4995-qw8tl 1/1 Running 0 18h
pod/coredns-6967fb4995-sk2b9 1/1 Running 0 18h
pod/etcd-master 1/1 Running 0 18h
pod/kube-apiserver-master 1/1 Running 0 18h
pod/kube-controller-manager-master 1/1 Running 0 18h
pod/kube-flannel-ds-8vvbz 1/1 Running 0 172m
pod/kube-flannel-ds-sqcl8 1/1 Running 0 155m
pod/kube-flannel-ds-stl89 1/1 Running 0 155m
pod/kube-proxy-ddctw 1/1 Running 0 18h
pod/kube-proxy-mp76x 1/1 Running 0 155m
pod/kube-proxy-w9ljh 1/1 Running 0 155m
pod/kube-scheduler-master 1/1 Running 0 18h
pod/kubernetes-dashboard-79ddd5-27jzh 1/1 Running 0 3m29s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 18h
service/kubernetes-dashboard NodePort 10.109.12.48 <none> 443:32124/TCP 3m29s
节点ip+32124端口访问即可 需要添加网站信任
打开后选则令牌认证
11.创建dashboard的用户
创建用户 (默认角色cluster-admin 可访问k8s 所有权限) kubectl create serviceaccount dashboard-admin -n kube-system kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl get secret -n kube-system NAME TYPE DATA AGE
attachdetach-controller-token-6lzls kubernetes.io/service-account-token 3 19h
bootstrap-signer-token-bhgmn kubernetes.io/service-account-token 3 19h
bootstrap-token-abcdef bootstrap.kubernetes.io/token 6 19h
certificate-controller-token-92z4t kubernetes.io/service-account-token 3 19h
clusterrole-aggregation-controller-token-psghh kubernetes.io/service-account-token 3 19h
coredns-token-cflwj kubernetes.io/service-account-token 3 19h
cronjob-controller-token-24vk8 kubernetes.io/service-account-token 3 19h
daemon-set-controller-token-xjpl6 kubernetes.io/service-account-token 3 19h
dashboard-admin-token-smp5m kubernetes.io/service-account-token 3 2m53s
default-token-9fzh8 kubernetes.io/service-account-token 3 19h
deployment-controller-token-2l5ns kubernetes.io/service-account-token 3 19h
disruption-controller-token-pf75p kubernetes.io/service-account-token 3 19h
endpoint-controller-token-g65g6 kubernetes.io/service-account-token 3 19h
expand-controller-token-qd94d kubernetes.io/service-account-token 3 19h
flannel-token-8z26h kubernetes.io/service-account-token 3 3h9m
generic-garbage-collector-token-c2j6t kubernetes.io/service-account-token 3 19h
horizontal-pod-autoscaler-token-784rw kubernetes.io/service-account-token 3 19h
job-controller-token-ghzhm kubernetes.io/service-account-token 3 19h
kube-proxy-token-zrktf kubernetes.io/service-account-token 3 19h
kubernetes-dashboard-certs Opaque 0 20m
kubernetes-dashboard-key-holder Opaque 2 18m
kubernetes-dashboard-token-nxbpv kubernetes.io/service-account-token 3 20m
namespace-controller-token-rs6mj kubernetes.io/service-account-token 3 19h
node-controller-token-c5hvr kubernetes.io/service-account-token 3 19h
persistent-volume-binder-token-vccz6 kubernetes.io/service-account-token 3 19h
pod-garbage-collector-token-lfsgv kubernetes.io/service-account-token 3 19h
pv-protection-controller-token-hxlpt kubernetes.io/service-account-token 3 19h
pvc-protection-controller-token-kbtbd kubernetes.io/service-account-token 3 19h
replicaset-controller-token-xz9f2 kubernetes.io/service-account-token 3 19h
replication-controller-token-nn5ql kubernetes.io/service-account-token 3 19h
resourcequota-controller-token-qqzd9 kubernetes.io/service-account-token 3 19h
service-account-controller-token-jzd2l kubernetes.io/service-account-token 3 19h
service-controller-token-6d5x7 kubernetes.io/service-account-token 3 19h
statefulset-controller-token-t5wlw kubernetes.io/service-account-token 3 19h
token-cleaner-token-pmk5h kubernetes.io/service-account-token 3 19h
ttl-controller-token-4tdh2 kubernetes.io/service-account-token 3 19h
找dashboard-admin-token 开头的
使用 kubectl describe secret dashboard-admin-token-smp5m -n kube-system (命名空间必须加)
获得到token信息
[root@master working]# kubectl describe secret dashboard-admin-token-smp5m -n kube-system
Name: dashboard-admin-token-smp5m
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 5d364c5a-3053-4c68-97d7-ea41910fc7c3
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tc21wNW0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNWQzNjRjNWEtMzA1My00YzY4LTk3ZDctZWE0MTkxMGZjN2MzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ZwH9bvSJXATQXoteoPqp40C39l24-Qvjq7YPGVmRMCBNU9S34ycBnlv5rjjAfEqnop8vXk8QqYrcF1zRqOf2BcrYaPG-LJoifiqixRIWuqXpIlFvWxw7ZlQeRE3uOlV5UJh5nHPWtQL-oAizDH9w1AGd93E7NyVix0cbMC_SIHnxcTeollrG1YZ9apYUks0V8ElBpjT7LfGqrBkjFGYgcGQ0zGh866oR6WrUAEcHusrRGIjhAyYpz6WZfk-rMzUrmyLaMaA_pNaaOW1VvIGIIccuNjDwEe8tcKIHRyKV4CmBx2QQ2eqbPL3ZsbR_2mO-gXzYzyfOJPPExTFAqfdrKA
ca.crt: 1025 bytes
namespace: 11 bytes
复制token 输入到页面 点击登录即可成功
12.其他
重置配置,查看日志 rm -rf /etc/kubernetes/* rm -rf ~/.kube/* rm -rf /var/lib/etcd/* lsof -i :6443|grep -v "PID"|awk '{print "kill -9",$2}'|sh lsof -i :10251|grep -v "PID"|awk '{print "kill -9",$2}'|sh lsof -i :10252|grep -v "PID"|awk '{print "kill -9",$2}'|sh lsof -i :10250|grep -v "PID"|awk '{print "kill -9",$2}'|sh lsof -i :2379|grep -v "PID"|awk '{print "kill -9",$2}'|sh lsof -i :2380|grep -v "PID"|awk '{print "kill -9",$2}'|sh kubeadm reset 启动报错 查看日志 journalctl -u kubelet journalctl -u kubelet |tail 看系统日志 cat /var/log/messages 用kubectl 查看日志 # 注意:使用Kubelet describe 查看日志,一定要带上 命名空间,否则会报如下错误[root@node2 ~]# kubectl describe pod coredns-6c65fc5cbb-8ntpvError from server (NotFound): pods "coredns-6c65fc5cbb-8ntpv" not found kubectl describe pod kubernetes-dashboard-849cd79b75-s2snt --namespace kube-system kubectl logs -f pods/monitoring-influxdb-fc8f8d5cd-dbs7d -n kube-system kubectl logs --tail 200 -f kube-apiserver -n kube-system |more kubectl logs --tail 200 -f podname -n jenkins 用journalctl查看日志非常管用 journalctl -u kube-scheduler journalctl -xefu kubelet journalctl -u kube-apiserver journalctl -u kubelet |tail journalctl -xe 用docker查看日志 docker logs c36c56e4cfa3 (容器id)
ImagePullBackOff 错误处理
kubectl describe pod nginx-554b9c67f9-98n27(pod名)
docker 镜像源配置