安裝minikube/kubectl
k8s本地和服務器使用時大多數的問題都是由於訪問不了google導致的,所以在出現這類錯誤的時候首先就是考慮國內有沒有鏡像,其次再考慮自己搭建一個可以訪問的鏡像
其次官方給出了一些常見的錯誤及解決辦法: troubleshooting-kubeadm
由於是我使用的是macOS,接近於linux,所以只介紹linux下的安裝方法
- 安裝minikube
在github的release頁面下載對應版本的minikube
我下載的是 macOS適用的 minikube-darwin-amd64,將它改名爲minikube移動到PATH目錄中,並加入執行權限:
curl -LO minikube https://github.com/kubernetes/minikube/releases/download/v0.28.1/minikube-darwin-amd64
mv ./minikube /usr/local/bin/
chmod +x /usr/local/bin/minikube
執行 minikube version 命令查看是否成功
- 安裝kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl
mv ./kubectl /usr/local/bin/
chmod +x /usr/local/bin/kubectl
執行 kubectl version 命令查看是否成功
Kubectl自動補全
source <(kubectl completion bash) # 針對bash環境
source <(kubectl completion zsh) # 針對zsh環境
運行dashboard時報錯:
Error validating service: Error getting service kubernetes-dashboard: services "kubernetes-dashboard" not found
排查 kubectl get po --all-namespaces之後發現如下pod:
kube-system kube-addon-manager-minikube 1/1 Running 0 1m
kube-system kube-dns-6fc954457d-rpnsn 0/3 ContainerCreating 0 43s
kube-system kubernetes-dashboard-5zbh5 0/1 ContainerCreating 0 43s
其中時有kubernetes-dashboard的,之後發現時自己的dns指向了 192.168.31.1 (小米路由的鍋),將其改爲 8.8.8.8 之後成功打開dashboard WebUI。
運行minikube時報錯
zsh: exec format error: minikube
開始以爲是zsh命令行工具的錯誤,google/stackoverflow了一陣子發現不對,是我下載的minikube是用迅雷下載的,重新用curl下載之後就正常使用了
自動安裝docker(阿里雲鏡像)
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
手動安裝docker
sudo apt-get remove docker docker-engine docker.io
sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install docker-ce
安裝生產環境k8s(阿里雲鏡像)
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat << EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
crictl包丟失
VERSION="v1.11.1"
wget https://github.com/kubernetes-incubator/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz
init時候無法拉取google鏡像
執行如下shell腳本:
#!/bin/bash
images=(kube-proxy-amd64:v1.11.1 kube-controller-manager-amd64:v1.11.1 kube-scheduler-amd64:v1.11.1 kube-apiserver-amd64:v1.11.1 coredns:1.1.3 etcd-amd64:3.2.18 pause:3.1)
for image in ${images[@]}; do
docker pull codeforfun/$image
docker tag codeforfun/$image k8s.gcr.io/$image
docker rmi codeforfun/$image done
之後使用
kubeadm init --kubernetes-version=v1.11.1 --pod-network-cidr 10.244.0.0/16
啓動k8s集羣
kubectl命令報錯
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
這個錯誤的原因是執行 kubeadm init 之後沒有關注到控制檯的輸出,其中有一段話:
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
意思是需要首先執行上面三行腳本之後纔可以繼續使用集羣
Unable to update cni config: No networks found in /etc/cni/net
錯誤如下:
Unable to update cni config: No networks found in /etc/cni/net
Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message
解決方法是安裝flannel:
sysctl net.bridge.bridge-nf-call-iptables=1
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml
1 node(s) had taints that the pod didn't tolerate.
有時候一個pod創建之後一直是pending,沒有日誌,也沒有pull鏡像,describe的時候發現裏面有一句話: 1 node(s) had taints that the pod didn't tolerate.
直譯意思是節點有了污點無法容忍,執行 kubectl get no -o yaml | grep taint -A 5
之後發現該節點是不可調度的。這是因爲kubernetes出於安全考慮默認情況下無法在master節點上部署pod,於是用下面方法解決:
kubectl taint nodes --all node-role.kubernetes.io/master-
查看服務錯誤日誌
journalctl -u -f
nodePort無法開放80端口,提示不在30000-32767範圍內
修改/etc/kubernetes/manifests/kube-apiserver.yaml(有些版本也可能是json)文件,修改其中的 - --service-node-port-range=80-32767 將range從30000-32767修改爲80-32767。如果沒有這句話,則按照格式添加一句。
別名及縮寫
資源類型 | 縮寫別名 |
---|---|
clusters | |
componentstatuses | cs |
configmaps | cm |
daemonsets | ds |
deployments | deploy |
endpoints | ep |
event | ev |
horizontalpodautoscalers | hpa |
ingresses | ing |
jobs | |
limitranges | limits |
namespaces | ns |
networkpolicies | |
nodes | no |
statefulsets | |
persistentvolumeclaims | pvc |
persistentvolumes | pv |
pods | po |
podsecuritypolicies | psp |
podtemplates | |
replicasets | rs |
replicationcontrollers | rc |
resourcequotas | quota |
cronjob | |
secrets | |
serviceaccount | sa |
services | svc |
storageclasses | |
thirdpartyresources |