centos7.7下docker与k8s安装(DevOps三)
1.系统配置
centos7.7
docker 1.13.1 centos7下安装docker:https://www.cnblogs.com/pu20065226/p/10536744.html
2.关闭防火墙,selinux,swapoff
systemctl disable firewalld #停止firewall
systemctl stop firewalld #禁止firewall开机启动
firewall-cmd --state #查看防火墙状态
swapoff -a
# 临时关闭 $ setenforce 0 # 永久关闭 $ vim /etc/selinux/config SELINUX=disabled
3.yum安装k8s
[root@localhost yum.repos.d]# pwd
/etc/yum.repos.d
[root@localhost yum.repos.d]# cat kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@localhost yum.repos.d]#
安装, 安装指定版本的Kubernetes:https://blog.csdn.net/jinguangliu/article/details/82805837
[root@localhost yum.repos.d]#yum remove etcd kubernetes [root@localhost yum.repos.d]# yum install -y etcd kubernetes Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirrors.cqu.edu.cn * extras: mirrors.nwsuaf.edu.cn * updates: mirrors.cqu.edu.cn Resolving Dependencies --> Running transaction check ---> Package etcd.x86_64 0:3.3.11-2.el7.centos will be installed ---> Package kubernetes.x86_64 0:1.5.2-0.7.git269f928.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================================ Installing: etcd x86_64 3.3.11-2.el7.centos extras 10 M kubernetes x86_64 1.5.2-0.7.git269f928.el7 extras 36 k Transaction Summary ============================================================================================================================================================================ Install 2 Packages Total download size: 10 M Installed size: 45 M Downloading packages: (1/2): kubernetes-1.5.2-0.7.git269f928.el7.x86_64.rpm | 36 kB 00:00:00 (2/2): etcd-3.3.11-2.el7.centos.x86_64.rpm | 10 MB 00:00:06 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 1.6 MB/s | 10 MB 00:00:06 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : kubernetes-1.5.2-0.7.git269f928.el7.x86_64 1/2 Installing : etcd-3.3.11-2.el7.centos.x86_64 2/2 Verifying : etcd-3.3.11-2.el7.centos.x86_64 1/2 Verifying : kubernetes-1.5.2-0.7.git269f928.el7.x86_64 2/2 Installed: etcd.x86_64 0:3.3.11-2.el7.centos kubernetes.x86_64 0:1.5.2-0.7.git269f928.el7 Complete!
修改配置
/etc/sysconfig/docker 修改OPTIONS='--selinux-enabled=false --insecure-registry gcr.io'并重启docker
/etc/kubernetes/apiserver KUBE_ADMISSION_CONTROL项删除ServiceAccount
[root@localhost yum.repos.d]# vi /etc/sysconfig/docker
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
##OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
OPTIONS='--selinux-enabled=false --insecure-registry gcr.io'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# instead. For more information reference the registries.conf(5) man page.
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false
# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
Entering Ex mode. Type "visual" to go to Normal mode.
:wq
"/etc/sysconfig/docker" 27L, 1157C written
[root@localhost yum.repos.d]# service docker restart
Redirecting to /bin/systemctl restart docker.service
[root@localhost yum.repos.d]# vi /etc/kubernetes/apiserver
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#
# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
# The port on the local server to listen on.
# KUBE_API_PORT="--port=8080"
# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
Entering Ex mode. Type "visual" to go to Normal mode.
:wq
"/etc/kubernetes/apiserver" 27L, 894C written
4.启动服务
启动服务:systemctl start serviceName 或者 service serviceName start
查看状态:systemctl status serviceName 或者 service serviceName status
systemctl start etcd systemctl start docker systemctl start kube-apiserver systemctl start kube-controller-manager systemctl start kube-scheduler systemctl start kubelet systemctl start kube-proxy
验证
[root@localhost .kube]# kubectl version
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:17:39Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"269f928217957e7126dc87e6adfa82242bfe5b1e", GitTreeState:"clean", BuildDate:"2017-07-03T15:31:10Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"}
[root@localhost .kube]# kubectl get componentstatus
NAME STATUS MESSAGE ERROR
etcd-0 Healthy {"health":"true"}
scheduler Healthy ok
controller-manager Healthy ok
[root@localhost .kube]# ps -ef|grep kube
root 14558 16233 0 15:17 pts/0 00:00:00 kubectl proxy --port=8443
kube 22748 1 1 15:28 ? 00:00:10 /usr/bin/kube-apiserver --logtostderr=true --v=0 --etcd-servers=http://127.0.0.1:2379 --insecure-bind-address=127.0.0.1 --allow-privileged=false --service-cluster-ip-range=10.254.0.0/16 --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota
kube 22885 1 2 15:29 ? 00:00:20 /usr/bin/kube-controller-manager --logtostderr=true --v=0 --master=http://127.0.0.1:8080
kube 22983 1 0 15:29 ? 00:00:02 /usr/bin/kube-scheduler --logtostderr=true --v=0 --master=http://127.0.0.1:8080
root 23856 1 1 15:37 ? 00:00:05 /usr/bin/kube-proxy --logtostderr=true --v=0 --master=http://127.0.0.1:8080
root 38641 1 2 10:26 ? 00:01:10 /usr/bin/kubelet --logtostderr=true --v=0 --api-servers=http://127.0.0.1:8080 --address=127.0.0.1 --hostname-override=127.0.0.1 --allow-privileged=false --pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest
root 29656 16233 0 15:46 pts/0 00:00:00 grep --color=auto kube
[root@localhost shell]# kubectl cluster-info
Kubernetes master is running at http://localhost:8080
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
[root@localhost software]# kubectl get nodes
NAME STATUS AGE
127.0.0.1 Ready 1h
[root@localhost software]#
5.入门实验
先拉取纯净centos镜像 docker pull centos慢问题的解决方案
dockerfile制作自己的镜像 docker利用Dockerfile来制作镜像
部署自己的镜像
[root@localhost software]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
base_tomcat tomcat-centos 0bed71f53b94 52 minutes ago 612 MB
docker.io/centos latest 9f38484d220f 2 weeks ago 202 MB
[root@localhost software]# kubectl run myk8s-pod --image=base_tomcat --replicas=2 --port=80
deployment "myk8s-pod" created
[root@localhost software]# kubectl get pods
NAME READY STATUS RESTARTS AGE
myk8s-pod-1394982580-11h8h 0/1 ContainerCreating 0 30s
myk8s-pod-1394982580-37wlc 0/1 ContainerCreating 0 30s
[root@localhost software]# kubectl run myk8s-pod-2 --image=base_tomcat --replicas=5 --port=8070
deployment "myk8s-pod-2" created
[root@localhost software]# kubectl get pods
NAME READY STATUS RESTARTS AGE
myk8s-pod-1394982580-11h8h 0/1 ContainerCreating 0 2m
myk8s-pod-1394982580-37wlc 0/1 ContainerCreating 0 2m
myk8s-pod-2-2707079129-1305m 0/1 ContainerCreating 0 5s
myk8s-pod-2-2707079129-2nvff 0/1 ContainerCreating 0 5s
myk8s-pod-2-2707079129-dk9m5 0/1 ContainerCreating 0 5s
myk8s-pod-2-2707079129-mwn3g 0/1 ContainerCreating 0 5s
myk8s-pod-2-2707079129-r282t 0/1 ContainerCreating 0 5s
[root@localhost software]# kubectl get deployments
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
myk8s-pod 2 2 2 0 13m
myk8s-pod-2 5 5 5 0 11m
发现pod状态无论多久都是处于pending。READY字段一直是0/1,服务部署失败的原因是”中国墙“的问题导致无法下载pod启动时需要的谷歌镜像,所以我们得间接的创建所需的镜像。
补充: Pending状态表示API Server已经创建Pod,但Pod内还有一个或者多个容器没有创建,或者正在下载镜像的过程。详细的参考Pod声明周期和重启策略
查看pod信息
[root@localhost software]# kubectl describe pod myk8s-pod-1394982580-11h8h
Name: myk8s-pod-1394982580-11h8h
Namespace: default
Node: 127.0.0.1/127.0.0.1
Start Time: Fri, 29 Mar 2019 11:21:03 +0800
Labels: pod-template-hash=1394982580
run=myk8s-pod
Status: Pending
IP:
Controllers: ReplicaSet/myk8s-pod-1394982580
Containers:
myk8s-pod:
Container ID:
Image: base_tomcat
Image ID:
Port: 80/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
15m 15m 1 {default-scheduler } Normal Scheduled Successfully assigned myk8s-pod-1394982580-11h8h to 127.0.0.1
15m 4m 7 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
14m 11s 63 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with
ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""
[root@localhost software]#
##百度 pod ContainerCreating
Kubernetes创建第一个pod一直提示ContainerCreating问题
解决方法:
1、在k8s集群的每台服务都运行
yum install *rhsm* -y
运行之后/etc/docker/目录下回多出certs.d 目录
然后我们进入/etc/docker/certs.d/registry.access.redhat.com/ 路径下查看
发现redhat-ca.crt 是一个软连接,这个文件关联至/etc/rhsm/ca/redhat-uep.pem这个文件,然后进入/etc/rhsm/ca 我们来看一下这个文件是否存在
#此处是为了还原问题故意加了.bak,一般情况是这个目录下是没有文件的。
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
执行这两条命令会生成这个文件。
[root@localhost shell]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ...
sha256:92d43c37297da3ab187fc2b9e9ebfb243c1110d446c783ae1b989088495db931: Pulling from registry.access.redhat.com/rhel7/pod-infrastructure
26e5ed6899db: Pull complete
66dbe984a319: Pull complete
9138e7863e08: Pull complete
Digest: sha256:92d43c37297da3ab187fc2b9e9ebfb243c1110d446c783ae1b989088495db931
Status: Image is up to date for registry.access.redhat.com/rhel7/pod-infrastructure:latest
##制作新镜像,因kubectl describe pod myk8s-pod-2-2707079129-1305m 提示找不到 docker.io/base-tomcat,那么我们就制作一个
[root@localhost registry.access.redhat.com]# docker tag base_tomcat:tomcat-centos docker.io/base-tomcat:v1
[root@localhost registry.access.redhat.com]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
base_tomcat tomcat-centos 0bed71f53b94 3 hours ago 612 MB
docker.io/base-tomcat v1 0bed71f53b94 3 hours ago 612 MB
docker.io/centos latest 9f38484d220f 2 weeks ago 202 MB
registry.access.redhat.com/rhel7/pod-infrastructure latest 99965fb98423 17 months ago 209 MB
[root@localhost registry.access.redhat.com]#
[root@localhost registry.access.redhat.com]# kubectl get pods
NAME READY STATUS RESTARTS AGE
myk8s-pod-2-2707079129-1305m 0/1 ImagePullBackOff 0 2h
myk8s-pod-2-2707079129-2nvff 0/1 ImagePullBackOff 0 2h
myk8s-pod-2-2707079129-dk9m5 0/1 ImagePullBackOff 0 2h
myk8s-pod-2-2707079129-mwn3g 0/1 ImagePullBackOff 0 2h
myk8s-pod-2-2707079129-r282t 0/1 ImagePullBackOff 0 2h
[root@localhost registry.access.redhat.com]# kubectl run myk8s-pod-3 --image=docker.io/base-tomcat:v1 --replicas=3 --port=8060
deployment "myk8s-pod-3" created
[root@localhost registry.access.redhat.com]# kubectl get pods
NAME READY STATUS RESTARTS AGE
myk8s-pod-2-2707079129-1305m 0/1 ImagePullBackOff 0 2h
myk8s-pod-2-2707079129-2nvff 0/1 ImagePullBackOff 0 2h
myk8s-pod-2-2707079129-dk9m5 0/1 ImagePullBackOff 0 2h
myk8s-pod-2-2707079129-mwn3g 0/1 ImagePullBackOff 0 2h
myk8s-pod-2-2707079129-r282t 0/1 ErrImagePull 0 2h
myk8s-pod-3-4228761222-5gdvr 1/1 Running 0 22s
myk8s-pod-3-4228761222-dngwc 1/1 Running 0 22s
myk8s-pod-3-4228761222-hl85l 1/1 Running
删除pod,再次查看pods,结果replication重新生成了一个pod myk8s-pod-1394982580-n8sv6 ,这样deployment myk8s-pod始终保持两个
[root@localhost software]# kubectl get pods NAME READY STATUS RESTARTS AGE myk8s-pod-1394982580-11h8h 0/1 ContainerCreating 0 17m myk8s-pod-1394982580-37wlc 0/1 ContainerCreating 0 17m myk8s-pod-2-2707079129-1305m 0/1 ContainerCreating 0 15m myk8s-pod-2-2707079129-2nvff 0/1 ContainerCreating 0 15m myk8s-pod-2-2707079129-dk9m5 0/1 ContainerCreating 0 15m myk8s-pod-2-2707079129-mwn3g 0/1 ContainerCreating 0 15m myk8s-pod-2-2707079129-r282t 0/1 ContainerCreating 0 15m [root@localhost software]# kubectl delete myk8s-pod-1394982580-11h8h error: resource(s) were provided, but no name, label selector, or --all flag specified [root@localhost software]# kubectl delete pod myk8s-pod-1394982580-11h8h pod "myk8s-pod-1394982580-11h8h" deleted [root@localhost software]# kubectl get pods NAME READY STATUS RESTARTS AGE myk8s-pod-1394982580-37wlc 0/1 ContainerCreating 0 17m myk8s-pod-1394982580-n8sv6 0/1 ContainerCreating 0 4s myk8s-pod-2-2707079129-1305m 0/1 ContainerCreating 0 15m myk8s-pod-2-2707079129-2nvff 0/1 ContainerCreating 0 15m myk8s-pod-2-2707079129-dk9m5 0/1 ContainerCreating 0 15m myk8s-pod-2-2707079129-mwn3g 0/1 ContainerCreating 0 15m myk8s-pod-2-2707079129-r282t 0/1 ContainerCreating 0 15m [root@localhost software]#
删除部署myk8s-pod的服务,彻底删除pod
[root@localhost software]# kubectl get pods NAME READY STATUS RESTARTS AGE myk8s-pod-1394982580-37wlc 0/1 ContainerCreating 0 20m myk8s-pod-1394982580-n8sv6 0/1 ContainerCreating 0 3m myk8s-pod-2-2707079129-1305m 0/1 ContainerCreating 0 18m myk8s-pod-2-2707079129-2nvff 0/1 ContainerCreating 0 18m myk8s-pod-2-2707079129-dk9m5 0/1 ContainerCreating 0 18m myk8s-pod-2-2707079129-mwn3g 0/1 ContainerCreating 0 18m myk8s-pod-2-2707079129-r282t 0/1 ContainerCreating 0 18m [root@localhost software]# kubectl delete deployment myk8s-pod deployment "myk8s-pod" deleted [root@localhost software]# kubectl get pods NAME READY STATUS RESTARTS AGE myk8s-pod-2-2707079129-1305m 0/1 ContainerCreating 0 19m myk8s-pod-2-2707079129-2nvff 0/1 ContainerCreating 0 19m myk8s-pod-2-2707079129-dk9m5 0/1 ContainerCreating 0 19m myk8s-pod-2-2707079129-mwn3g 0/1 ContainerCreating 0 19m myk8s-pod-2-2707079129-r282t 0/1 ContainerCreating 0 19m [root@localhost software]# kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE myk8s-pod-2 5 5 5 0 19m
安装Kuboard
https://www.kuboard.cn/install/install-dashboard.html#%E5%9C%A8%E7%BA%BF%E4%BD%93%E9%AA%8C
