|
edis和docker这两个词语会自动被修改为首字母大写并链接到知识库,所以在这里先写一遍,后面就不会被改写了。 0、具体操作见 (vmware中搭建k8s),virtulbox也是相同的流程。
3 Z- f; _1 I' B% Y" `% ?1 I. Q 1、学习k8s,读的是这本书《KUBERNETES权威指南 从DOCKET到KURBERNETES实践全接触.pdf》 2、这边书刚开始讲的是在单机上搭建一个k8s的hello world,用的是centos7. 于是我也在virtulbox中安装了centos7,并成功运行hello world。 3、然后,开始尝试集群了。在网上找了个教程,比较简单,很快就成功了,kubectl get nodes能看到各node了。 但是,应用跑的不正常,有的节点可以访问,有的节点不可以。而且从不同节点访问,查到的数据不相同,似乎是多个独立的系统。怀疑是iptables中cluster ip的规则有问题。 4 I o9 G& x+ H! K
接着,集群坏了,k8s的基础服务都启动不了。怀疑是不是因为我创建这些虚机时,用的是链接式拷贝,是不是原始的虚机安装了其它软件,导致k8s集群启动不了。 4、删掉重来,用完全拷贝的方式建立虚机。 一切正常,但是在启动redis-master-controller.yaml时,docker中无法建立容器, 用kubectl describe pod redis-master命令排查,发现下拉不了镜像。其实这些镜像已经存在于docker中了(搭建单机k8s时,自动pull的)。只是镜像名字前面多加了docker.io/ 我修改了redis-master-controller.yaml中镜像的名字,仍然pull失败。奇怪。 5、今天定位了网络问题(见virtualbox虚拟机无法上网),网络搞通后,hello world终于正常运行了。 之前的一些疑问,有答案了 1、随便访问哪个node的ip(比如http://192.168.56.251:30001/,http://192.168.56.252:30001/)(http://192.168.56.250:30001/是不行的),都可以访问到服务的(proxy自动转的) 2、在内部时,访问真实端口也是可以的。 [root@centm ~]# kubectl get svc
. @. _! F: Q, Q& zNAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
' ^5 f4 y6 O: v& u% S$ G9 Qfrontend 10.254.218.57 <nodes> 80/TCP 5m4 Z$ M6 s% f# p H
kubernetes 10.254.0.1 <none> 443/TCP 15d
( i( L2 f; j$ }0 Yredis-master 10.254.142.174 <none> 6379/TCP 8m3 P$ E7 d* k/ Y3 v) O5 m' R! F8 |
redis-slave 10.254.201.123 <none> 6379/TCP 6m7 ?$ R" u: P6 J% i/ K5 e
curl 10.254.218.57:80 可以通。 ping 10.254.218.57 不通 3、node中多了一个127.0.0.1 ,不知道为什么' U! h% {' e) C0 M
[root@centm ~]# kubectl get nodes9 E* ^1 Z# \* N" r' `1 u3 U4 T
NAME STATUS AGE
5 |- P- G9 `6 y5 W& y1 B127.0.0.1 NotReady 15d, j8 {$ a5 ]& ^
cents1 Ready 1d. I2 ^8 t. N5 z5 H# H: J
cents2 Ready 1d
! j5 E$ Z5 y" _( Y: D( \2 o4 B[root@centm ~]# ps -ef|grep kube% C6 u; S9 V; g/ x+ N
kube 578 1 0 Jan20 ? 00:15:55 /usr/bin/kube-controller-manager --logtostderr=true --v=0 --master=http://127.0.0.1:8080
8 y; I8 f# v& ]% Dkube 588 1 0 Jan20 ? 00:01:09 /usr/bin/kube-scheduler --logtostderr=true --v=0 --master=http://127.0.0.1:8080
0 j* V/ `; t9 \; R1 skube 2079 1 0 Jan20 ? 00:08:11 /usr/bin/kube-apiserver --logtostderr=true --v=0 --etcd-servers=http://127.0.0.1:2379 --insecure-bind-address=0.0.0.0 --allow-privileged=false --service-cluster-ip-range=10.254.0.0/16 --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota
' C" C7 a4 V e5 [! h4 {4、clusterip是一个虚ip,实际是iptables中的几个转发规则。 [root@cents2 ~]# ip a
6 `/ I8 s0 [) z/ @) p( v1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
$ t2 R/ b M5 p4 k9 @9 s: K: { link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
: m& P; \3 U. x8 A A inet 127.0.0.1/8 scope host lo( u% o! Q* V- `: V4 L A/ e- g
valid_lft forever preferred_lft forever
9 S% h- q+ u7 W% k8 e' @& z inet6 ::1/128 scope host
7 X7 e. g$ B1 c5 g/ S- J valid_lft forever preferred_lft forever# f* k; [$ V5 H7 V
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 10005 T6 y, w( d) x7 ]) T/ h" p
link/ether 08:00:27:58:5d:6e brd ff:ff:ff:ff:ff:ff
; u; L. u1 ?) Z o4 S, N inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
- @9 [/ x3 h+ T* Q) B: F valid_lft 82058sec preferred_lft 82058sec6 D- _7 H4 u3 ]% T' n7 K: p! L
inet6 fe80::b171:84d0:5173:de63/64 scope link7 ~8 _- s) D4 n
valid_lft forever preferred_lft forever
' F: k+ S* w; j5 n3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 10008 q3 f9 m4 z' d9 I
link/ether 08:00:27:7a:24:14 brd ff:ff:ff:ff:ff:ff N3 [2 u/ n4 }* l* o0 W4 D
inet 192.168.56.252/24 brd 192.168.56.255 scope global enp0s8
$ x: k: i& T9 J% {6 m" x/ ^ valid_lft forever preferred_lft forever
. M. y6 m8 k* F# @9 ~ inet6 fe80::a00:27ff:fe7a:2414/64 scope link
5 W/ m$ x" R/ ?$ e, W3 `5 L4 A valid_lft forever preferred_lft forever. F: t6 j: D* k4 o/ M
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN
+ \7 P+ N0 i L2 I% N O link/ether fa:5a:c7:c5:aa:e5 brd ff:ff:ff:ff:ff:ff
. M1 s8 B% v2 V* i# z1 E inet 172.16.80.0/16 scope global flannel.18 z5 [' k; R) t2 K p1 _6 U
valid_lft forever preferred_lft forever( K* W1 k4 C# a8 i F4 b
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP
: _$ i1 U3 [( E$ R1 ]8 P6 ? link/ether 02:42:72:2f:1f:ae brd ff:ff:ff:ff:ff:ff
& `, }% o/ J& T3 ~2 V3 y! L inet 172.16.80.1/24 scope global docker0
! U: x2 \/ H2 i& l valid_lft forever preferred_lft forever
! ^, z' S4 w5 _# h9 c8 z inet6 fe80::42:72ff:fe2f:1fae/64 scope link- z% S( d4 z' S7 [( y2 F% Q
valid_lft forever preferred_lft forever7 w) J3 d/ _4 ^2 w7 U& Y5 ?2 \
7: vethc56c1d4@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP
1 B8 c& C4 B6 B# \: C link/ether 92:c8:3d:3f:b9:49 brd ff:ff:ff:ff:ff:ff link-netnsid 0
1 d0 j7 U3 B! O) v% |6 C8 c inet6 fe80::90c8:3dff:fe3f:b949/64 scope link$ C$ [5 `; _, J2 Q9 Q: H
valid_lft forever preferred_lft forever
! v2 q" N5 Y, n! y( s9: vethf961994@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP! _% t3 A; S2 Q8 M# I% }. H
link/ether d6:be:4b:6e:26:81 brd ff:ff:ff:ff:ff:ff link-netnsid 1 c% Z& b- H1 G; T. ?
inet6 fe80::d4be:4bff:fe6e:2681/64 scope link8 S3 F2 t3 I9 m" y7 [0 s; |
valid_lft forever preferred_lft forever
! C. s, b" F: t8 l3 a; A1 V11: vethe4cd28e@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master docker0 state UP
$ l1 ?, ^ G0 h# K$ p2 h link/ether ee:55:55:df:4e:50 brd ff:ff:ff:ff:ff:ff link-netnsid 2
, v: x- O, T8 L. ` s/ B3 N# A! m inet6 fe80::ec55:55ff:fedf:4e50/64 scope link) d4 }& S1 S- ~/ H9 X
valid_lft forever preferred_lft forever
& I k8 d* M' D$ X% v" q5 p! l9 l0 X# I# ~( d6 M
[root@cents2 ~]# iptables-save$ Y3 Y, k& G7 l3 T; H
# Generated by iptables-save v1.4.21 on Sun Jan 22 00:41:01 2017* q2 D9 Y" E$ M2 c
*filter5 b1 _2 z( _; ^% _/ s: s1 O% ]% u
:INPUT ACCEPT [27:4324]6 o4 g4 x# Z9 G* C
:FORWARD ACCEPT [0:0]
$ K0 n( }9 j: T9 A2 Y a) a3 }& X:OUTPUT ACCEPT [25:2821]; U J4 e# s9 F$ u1 P- K/ C5 }
:DOCKER - [0:0]4 m& y3 g! a7 L7 a F
:DOCKER-ISOLATION - [0:0]2 h$ Q$ ^" b3 ?3 \( ~) w
:KUBE-SERVICES - [0:0]/ o4 E8 o3 K) w; B
-A FORWARD -j DOCKER-ISOLATION
3 ]4 _1 g/ B& i-A FORWARD -o docker0 -j DOCKER$ L+ W q; p) k
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
6 S8 [; {7 Y: H" d2 c1 D n V z" V-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
9 Y1 ? o+ v _( E. j+ c-A FORWARD -i docker0 -o docker0 -j ACCEPT) F( C# {! t0 ?" Z) C5 b1 {
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES! n- z7 t# A9 E
-A DOCKER-ISOLATION -j RETURN. i6 W0 [- {' j8 M6 _
COMMIT3 B" Q+ k# p4 i% E
# Completed on Sun Jan 22 00:41:01 2017
% v! K" S2 J5 ?# Generated by iptables-save v1.4.21 on Sun Jan 22 00:41:01 2017! Q; d( C/ j* E# v
*nat% E4 Y$ n3 d8 G2 `* n. X
:PREROUTING ACCEPT [0:0]
1 w5 ]/ Y& c: ]8 S# g+ Z:INPUT ACCEPT [0:0]
1 P* s2 u; O3 V1 o: Y) F1 r, w:OUTPUT ACCEPT [2:119]
# y* y: W! m/ d7 F) [" W. d; `:POSTROUTING ACCEPT [2:119]/ Z. c8 l; P. ?- c- D# @" \' Q
:DOCKER - [0:0]" H& \# D N; ~
:KUBE-MARK-MASQ - [0:0]
, U3 h. M- a$ `+ B8 w2 G:KUBE-NODEPORTS - [0:0]& C# M2 _" g7 E; t, H
:KUBE-POSTROUTING - [0:0]
& W# G2 K( C$ v$ t:KUBE-SEP-63GTHXGNEQIFF6GY - [0:0]7 f- L2 h' v/ m& B
:KUBE-SEP-77PLGVXVTAKNHL2K - [0:0]
{4 F0 ]2 m$ M e) e:KUBE-SEP-7R2ESD4YYXMXFEFZ - [0:0]* u, M p O! |$ Q6 V/ u0 y6 ?
:KUBE-SEP-GIMIRAR4ZAKGMA2Q - [0:0]0 {& t! z% A) K" e$ v4 s
:KUBE-SEP-LYGBYJFMWSAWPLXU - [0:0]
, W/ A* e8 Y M( } F:KUBE-SEP-Y7WMR7EBCL4N3QJX - [0:0]
! w: o X) n$ x; o$ C/ |2 A! u) I:KUBE-SEP-ZDWRYP3AMCRYOGNR - [0:0]
& P8 }$ J8 E' @$ T D3 L# t:KUBE-SERVICES - [0:0]
9 r* }5 F( Y+ w8 c:KUBE-SVC-7GF4BJM3Z6CMNVML - [0:0]
- J& M/ e. j$ z) P:KUBE-SVC-AGR3D4D4FQNH4O33 - [0:0]% ~+ f# o8 z; e j
:KUBE-SVC-GYQQTB6TY565JPRW - [0:0]
- M* a' Y% ^" `7 c6 O6 k7 m:KUBE-SVC-NPX46M4PTMTKRN6Y - [0:0]
5 G2 M" b& ?, S. m# W7 J-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES" G9 {. L) L; S4 j! V* N9 h
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER( Z. T' R; W7 a% c
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
@- g1 L; ?0 k+ ~+ y. J5 M-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
" _' {' a. F5 u-A POSTROUTING -s 172.16.80.0/24 ! -o docker0 -j MASQUERADE
8 d. o n9 a4 y: M" w-A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING; g% t& n0 w* i3 F$ [8 c
-A DOCKER -i docker0 -j RETURN
: ^* q3 Q+ J) v-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000+ ]+ H0 y$ g& R. H( l& w
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/frontend:" -m tcp --dport 30001 -j KUBE-MARK-MASQ- d2 u8 O$ |2 A* c: x
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/frontend:" -m tcp --dport 30001 -j KUBE-SVC-GYQQTB6TY565JPRW% y i4 u; i4 S) S' f4 k& t0 E3 Y
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE
: j( H y4 [% s' ^7 H; b! R-A KUBE-SEP-63GTHXGNEQIFF6GY -s 172.16.62.4/32 -m comment --comment "default/frontend:" -j KUBE-MARK-MASQ6 @5 C% _6 I4 P& [$ K
-A KUBE-SEP-63GTHXGNEQIFF6GY -p tcp -m comment --comment "default/frontend:" -m tcp -j DNAT --to-destination 172.16.62.4:807 r# ^5 d6 g: A' W
-A KUBE-SEP-77PLGVXVTAKNHL2K -s 172.16.80.3/32 -m comment --comment "default/frontend:" -j KUBE-MARK-MASQ
7 y/ a# D+ g: y& g8 h- V; a-A KUBE-SEP-77PLGVXVTAKNHL2K -p tcp -m comment --comment "default/frontend:" -m tcp -j DNAT --to-destination 172.16.80.3:80$ M3 {4 l# D7 U( I
-A KUBE-SEP-7R2ESD4YYXMXFEFZ -s 172.16.80.2/32 -m comment --comment "default/redis-slave:" -j KUBE-MARK-MASQ
) O2 j4 o9 R1 K3 G* i9 u1 o-A KUBE-SEP-7R2ESD4YYXMXFEFZ -p tcp -m comment --comment "default/redis-slave:" -m tcp -j DNAT --to-destination 172.16.80.2:63791 Y+ Y1 |2 D: S& `1 C; Y
-A KUBE-SEP-GIMIRAR4ZAKGMA2Q -s 192.168.56.250/32 -m comment --comment "default/kubernetes:https" -j KUBE-MARK-MASQ9 J2 q) q- Q) J- t9 d/ L* M
-A KUBE-SEP-GIMIRAR4ZAKGMA2Q -p tcp -m comment --comment "default/kubernetes:https" -m recent --set --name KUBE-SEP-GIMIRAR4ZAKGMA2Q --mask 255.255.255.255 --rsource -m tcp -j DNAT --to-destination 192.168.56.250:6443
$ o. {8 p1 ?- L! p7 _5 F-A KUBE-SEP-LYGBYJFMWSAWPLXU -s 172.16.62.3/32 -m comment --comment "default/redis-slave:" -j KUBE-MARK-MASQ
/ p/ u& r4 [! j4 l-A KUBE-SEP-LYGBYJFMWSAWPLXU -p tcp -m comment --comment "default/redis-slave:" -m tcp -j DNAT --to-destination 172.16.62.3:6379& X8 _( i" Y5 M) K6 q
-A KUBE-SEP-Y7WMR7EBCL4N3QJX -s 172.16.62.2/32 -m comment --comment "default/redis-master:" -j KUBE-MARK-MASQ0 ?, B! d, H1 K; T
-A KUBE-SEP-Y7WMR7EBCL4N3QJX -p tcp -m comment --comment "default/redis-master:" -m tcp -j DNAT --to-destination 172.16.62.2:6379
& f+ S/ s: y* R+ w7 d6 |; j* A-A KUBE-SEP-ZDWRYP3AMCRYOGNR -s 172.16.80.4/32 -m comment --comment "default/frontend:" -j KUBE-MARK-MASQ
0 g& Z% o3 W0 P* M: s-A KUBE-SEP-ZDWRYP3AMCRYOGNR -p tcp -m comment --comment "default/frontend:" -m tcp -j DNAT --to-destination 172.16.80.4:80
) j0 z6 [$ g% H8 Q- Y- j/ _-A KUBE-SERVICES -d 10.254.218.57/32 -p tcp -m comment --comment "default/frontend: cluster IP" -m tcp --dport 80 -j KUBE-SVC-GYQQTB6TY565JPRW
" e5 E- @7 Y3 m/ q: ?-A KUBE-SERVICES -d 10.254.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y: S% c! F, S* F, `0 Q$ k+ i
-A KUBE-SERVICES -d 10.254.142.174/32 -p tcp -m comment --comment "default/redis-master: cluster IP" -m tcp --dport 6379 -j KUBE-SVC-7GF4BJM3Z6CMNVML( g( c+ v5 c; J2 a& y
-A KUBE-SERVICES -d 10.254.201.123/32 -p tcp -m comment --comment "default/redis-slave: cluster IP" -m tcp --dport 6379 -j KUBE-SVC-AGR3D4D4FQNH4O33- {: ~$ M) ~$ c& d* f
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS# V6 }% s* D7 W; G! y
-A KUBE-SVC-7GF4BJM3Z6CMNVML -m comment --comment "default/redis-master:" -j KUBE-SEP-Y7WMR7EBCL4N3QJX
1 j7 L7 S. w. R-A KUBE-SVC-AGR3D4D4FQNH4O33 -m comment --comment "default/redis-slave:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-LYGBYJFMWSAWPLXU
. Z* ?6 Y- n$ c& Q5 J* T-A KUBE-SVC-AGR3D4D4FQNH4O33 -m comment --comment "default/redis-slave:" -j KUBE-SEP-7R2ESD4YYXMXFEFZ V; o) s! K% Y
-A KUBE-SVC-GYQQTB6TY565JPRW -m comment --comment "default/frontend:" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-63GTHXGNEQIFF6GY3 C: s2 t7 Q& n! _& ?8 b( X
-A KUBE-SVC-GYQQTB6TY565JPRW -m comment --comment "default/frontend:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-77PLGVXVTAKNHL2K& y x% |1 a; S# e8 q. K
-A KUBE-SVC-GYQQTB6TY565JPRW -m comment --comment "default/frontend:" -j KUBE-SEP-ZDWRYP3AMCRYOGNR$ }% i' [" [, ]& {( V
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -m recent --rcheck --seconds 180 --reap --name KUBE-SEP-GIMIRAR4ZAKGMA2Q --mask 255.255.255.255 --rsource -j KUBE-SEP-GIMIRAR4ZAKGMA2Q3 _) D" b, b0 |
-A KUBE-SVC-NPX46M4PTMTKRN6Y -m comment --comment "default/kubernetes:https" -j KUBE-SEP-GIMIRAR4ZAKGMA2Q
7 X/ t) a% i" r; a0 NCOMMIT
6 ?& \: N6 l4 z: M4 P; U# Completed on Sun Jan 22 00:41:01 2017
/ q! \, B& k ^0 V4 F, {" ] Y. [. c$ ?7 `5 I3 d- n
---------------------------------------------------- 尝试了本地卷 [root@centm ~]# cat redis-master-controller_with_volume.yaml. t4 n3 D, E1 J; l
apiVersion: v1
% ?9 e+ Z+ C' C; Y/ d+ y Mkind: ReplicationController
# x, y& ?4 S6 h8 L! [metadata:
) V1 N5 G) C" [9 \0 t1 C0 Y. t labels:edis-master 5 F8 ?. d, p' j9 g( f* N" ^
name: redis-master ; m3 K( u' N( x" f6 o
spec:% P* ^, s7 A$ j- w
replicas: 1( h2 D& L+ H# T( L K! m
selector: v7 P' l: J* ^+ v, Y
name: redis-master
2 N6 B$ I9 w" e' o template:
2 ~$ n+ Z2 J! E1 n3 s/ H6 ` metadata:8 F' }! a2 ?+ u: ^$ t) b+ y4 h
labels:
3 P9 o j( q- A5 T/ i name: redis-master
3 S( L3 H* F" L; Q spec:
) q k/ Z6 n, ]7 B3 U3 b volumes:
/ u" I( H2 t. j3 m7 N, @ O - name: "gf-dir1" R+ N( N& q' A" M2 G
hostPath:: A5 g J1 u; x v+ D2 u
path: "/tmp"! E/ A7 `& L" W1 j! X
' ^, ]' V$ U, ]# g d9 g containers: # c0 D4 m. Q9 w8 r! V3 N+ |
- name: master ' ]7 K1 @9 [7 G* J0 I
ports:: docker.io/kubeguide/redis-master:latest 0 X7 a3 i# v5 c. v
- containerPort : 6379 t0 ?3 C3 Z% ~$ O, w& h$ C5 }
volumeMounts:
; c; H6 o" o3 X- c! p( ]( Q - name: "gf-dir1"
( e e- V9 w( c" L# ]; I- o mountPath: "/gf1" |
发表于 2018-9-19 17:08:18