k8s+ovs三节点部署,及kubenetes无法创建pod/创建RC时无法自动创建pod的问题
准备工作:
配置yum源及关闭防火墙
# systemctl stop firewalld # systemctl disable firewalld
安装mster
yum install etcd kubernetes-master
安装node
yum install kubernetes-node
以上参考链接:
https://blog.csdn.net/magerguo/article/details/72123259?locationNum=3&fps=1
网络配置:
本地docker0网络配置:
修改文件 /etc/docker/daemon.json 添加内容 {"bip": "172.17.1.1/24"}
docker源 /etc/docker/daemon.json配置:
{"registry-mirrors":["https://docker.mirrors.ustc.edu.cn"]}
1.flannel网络
note节点安装flannel,并在etcd中定义flannel网络
# etcdctl mk /atomic.io/network/config '{"Network":"172.17.0.0/16"}'
参考链接:
https://blog.csdn.net/magerguo/article/details/72123259?locationNum=3&fps=1
2.ovs网络(注意环路)
- yum install openvswitch
- 关闭selinux
- 创建网桥
ovs-vsctl add-br br0
4.创建gre
ovs-vsctl add-port br0 gre103 --set interface gre103 type=gre option:remote_ip=192.168.71.103
5.添加br0到本地docker0,使容器流量流经tunnel
brctl addif docker0 br0
6.开启端口发布路由
ip link set dev br0 up ip link set dev docker0 up ip route add 172.17.0.0/16 dev docker0 iptables -t nat -F;iptables -F
kubernetes启动后的两个问题
(1)kubenetes无法创建pod/创建RC时无法自动创建pod的问题:
主要命令:kubectl describe rs/redis-master-1258987832
参考链接:https://blog.csdn.net/jinzhencs/article/details/51435020
创建pod: # kubectl create -f nginx.yaml 此时有如下报错: Error from server: error when creating "nginx.yaml": Pod "nginx" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account 解决办法是编辑/etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount,并重启kube-apiserver.service服务:
(2)pod服务一直处于 ContainerCreating状态的原因查找与解决
vents: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 5m 5m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx-deployment-148880595-0jprz to 192.168.71.102 5m 2m 5 {kubelet 192.168.71.102} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)" 4m 6s 19 {kubelet 192.168.71.102} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""
主要命令:yum install *rhsm* -y
参考链接:https://blog.csdn.net/learner198461/article/details/78036854
https://blog.csdn.net/d7185540/article/details/80868816