kubeadm init --apiserver-advertise-address=192.168.20.229 --pod-network-cidr=10.244.0.0/16

kubelet: error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"

docker相比1.10增加了KernelMemory变量和CgroupDriver变量,KernelMemory变量表示是否设置linux内核内存限制,CgroupDriver变量表示使用哪个Cgroup驱动,有两种驱动,分别是cgroupfs和systemd,默认使用cgroupfs

由 systemd 变更成 cgroupfs

############################################

或者  --cgroup-driver=systemd \
kubelet的服务配置文件加上这么一行

使用kubeadm 安装 kubernetes1.6.1

环境准备

master 192.168.20.229

node    192.168.20.223

软件版本:

docker使用 1.12.6

查看版本

yum list kubeadm  --showduplicates |sort -r

kubeadm.x86_64                        1.6.-                        kubernetes

kubeadm.x86_64                        1.6.-                        kubernetes

yum list kubelet  --showduplicates |sort -r

kubelet.x86_64                        1.6.-                        kubernetes

kubelet.x86_64                        1.6.-                         kubernetes

kubelet.x86_64                        1.5.-                         kubernetes

yum list kubectl  --showduplicates |sort -r

kubectl.x86_64                        1.6.-                        kubernetes

kubectl.x86_64                        1.6.-                         kubernetes

kubectl.x86_64                        1.5.-                         kubernetes

yum list kubernets-cni  --showduplicates |sort -r

kubernetes-cni              x86_64              0.5.-                    kubernetes

系统配置

根据官方文档Installing Kubernetes on Linux with kubeadm中的Limitations小节中的内容,对各节点系统做如下设置:

创建/etc/sysctl.d/k8s.conf文件,添加如下内容:

net.bridge.bridge-nf-call-ip6tables =

net.bridge.bridge-nf-call-iptables =

初始化集群

kubeadm init --kubernetes-version=v1.6.1 --pod-network-cidr=10.244.0.0/ --apiserver-advertise-address=192.168.20.229

kubeadm init执行成功后输出下面的信息:

kubeadm init --kubernetes-version=v1.6.1 --pod-network-cidr=10.244.0.0/ --apiserver-advertise-address=192.168.61.41

[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.

[init] Using Kubernetes version: v1.6.1

[init] Using Authorization mode: RBAC

[preflight] Running pre-flight checks

[preflight] Starting the kubelet service

[certificates] Generated CA certificate and key.

[certificates] Generated API server certificate and key.

[certificates] API Server serving cert is signed for DNS names [node0 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.61.41]

[certificates] Generated API server kubelet client certificate and key.

[certificates] Generated service account token signing key and public key.

[certificates] Generated front-proxy CA certificate and key.

[certificates] Generated front-proxy client certificate and key.

[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"

[apiclient] Created API client, waiting for the control plane to become ready

[apiclient] All control plane components are healthy after 14.583864 seconds

[apiclient] Waiting for at least one node to register

[apiclient] First node has registered after 6.008990 seconds

[token] Using token: e7986d.e440de5882342711

[apiconfig] Created RBAC rules

[addons] Created essential addon: kube-proxy

[addons] Created essential addon: kube-dns

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run (as a regular user):

  sudo cp /etc/kubernetes/admin.conf $HOME/

  sudo chown $(id -u):$(id -g) $HOME/admin.conf

  export KUBECONFIG=$HOME/admin.conf

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

  http://kubernetes.io/docs/admin/addons/

You can now join any number of machines by running the following on each node

as root:

kubeadm join --token 881f96.aaf02f1f8dc53889 192.168.20.229:

Master Node初始化完成,使用kubeadm初始化的Kubernetes集群在Master节点上的核心组件:kube-apiserver,kube-scheduler, kube-controller-manager是以静态Pod的形式运行的。

ls /etc/kubernetes/manifests/

etcd.yaml  kube-apiserver.yaml  kube-controller-manager.yaml  kube-scheduler.yaml

在/etc/kubernetes/manifests/目录里可以看到kube-apiserver,kube-scheduler, kube-controller-manager的定义文件。另外集群持久化存储etcd也是以单点静态Pod的形式运行的,对于etcd后边我们会把它切换成etcd集群。

查看一下kube-apiserver.yaml的内容:

apiVersion: v1

kind: Pod

metadata:

  creationTimestamp: null

  labels:

    component: kube-apiserver

    tier: control-plane

  name: kube-apiserver

  namespace: kube-system

spec:

  containers:

  - command:

    - kube-apiserver

    .......

    - --insecure-port=

注意到kube-apiserver的选项--insecure-port=0,也就是说kubeadm 1.6.0初始化的集群,kube-apiserver没有监听默认的http 8080端口。

所以我们使用kubectl get nodes会报The connection to the server localhost:8080 was refused - did you specify the right host or port?

查看kube-apiserver的监听端口可以看到只监听了https的6443端口

netstat -nltp | grep apiserver

tcp6              :::                 :::*                    LISTEN      /kube-apiserver

为了使用kubectl访问apiserver,在~/.bash_profile中追加下面的环境变量:

export KUBECONFIG=/etc/kubernetes/admin.conf

source ~/.bash_profile

此时kubectl命令在master node上就好用了,查看一下当前机器中的Node:

kubectl get nodes

NAME      STATUS     AGE       VERSION

k8s1       NotReady   3m        v1.6.1

安装Pod Network

接下来安装flannel network add-on:

kubectl create -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel-rbac.yml

kubectl apply -f  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

serviceaccount "flannel" created

configmap "kube-flannel-cfg" created

daemonset "kube-flannel-ds" created

如果Node有多个网卡的话,参考flannel issues 39701,目前需要在kube-flannel.yml中使用--iface参数指定集群主机内网网卡的名称,否则可能会出现dns无法解析。需要将kube-flannel.yml下载到本地,flanneld启动参数加上--iface=<iface-name>

......

apiVersion: extensions/v1beta1

kind: DaemonSet

metadata:

  name: kube-flannel-ds

......

containers:

      - name: kube-flannel

        image: quay.io/coreos/flannel:v0.7.0-amd64

        command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr", "--iface=eth1" ]

......

使用kubectl get pod --all-namespaces -o wide确保所有的Pod都处于Running状态

kubectl get pod --all-namespaces -o wide

或者

kubectl --kubeconfig=/etc/kubernetes/admin.conf get pod  --all-namespaces -o wide

NAMESPACE     NAME                           READY     STATUS    RESTARTS   AGE       IP               NODE

kube-system   etcd-k8s1                      /       Running             10m       192.168.20.229   k8s1

kube-system   kube-apiserver-k8s1            /       Running             10m       192.168.20.229   k8s1

kube-system   kube-controller-manager-k8s1   /       Running             10m       192.168.20.229   k8s1

kube-system   kube-dns--g97bm      /       Running             10m       10.244.1.2       k8s5

kube-system   kube-flannel-ds-k87tt          /       Running             2m        192.168.20.233   k8s5

kube-system   kube-flannel-ds-lq62q          /       Running             2m        192.168.20.229   k8s1

kube-system   kube-proxy-0nrp0               /       Running             10m       192.168.20.229   k8s1

kube-system   kube-proxy-qcds5               /       Running             10m       192.168.20.233   k8s5

kube-system   kube-scheduler-k8s1            /       Running             10m       192.168.20.229   k8s1

使master node参与工作负载

使用kubeadm初始化的集群,出于安全考虑Pod不会被调度到Master Node上,也就是说Master Node不参与工作负载。

这里搭建的是测试环境可以使用下面的命令使Master Node参与工作负载:

kubectl taint nodes --all  node-role.kubernetes.io/master-

测试DNS

[root@k8s1 ~]# kubectl --kubeconfig=/etc/kubernetes/admin.conf run curl --image=radial/busyboxplus:curl -i --tty

If you don't see a command prompt, try pressing enter.

[ root@curl--s2l5v:/ ]$ nslookup

BusyBox v1.22.1 (-- :: PDT) multi-call binary.

Usage: nslookup [HOST] [SERVER]

Query the nameserver for the IP address of the given HOST

optionally using a specified DNS server

[ root@curl--s2l5v:/ ]$ nslookup kube-dns.kube-system

Server:    10.96.0.10

Address : 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kube-dns.kube-system

Address : 10.96.0.10 kube-dns.kube-system.svc.cluster.local

[ root@curl--s2l5v:/ ]$ nslookup kubernetes.default

Server:    10.96.0.10

Address : 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes.default

Address : 10.96.0.1 kubernetes.default.svc.cluster.local

测试OK后,删除掉curl这个Pod。

kubectl delete deploy curl

向集群中添加节点

kubeadm join --token 881f96.aaf02f1f8dc53889 192.168.20.229:

查看集群中节点:

[root@k8s1 ~]# kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes

NAME      STATUS    AGE       VERSION

k8s1      Ready     54m       v1.6.1

k8s5      Ready     54m       v1.6.1

安装Dashboard插件

wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml

kubectl create -f kubernetes-dashboard.yaml

从http://NodeIp:NodePort访问dashboard,浏览器显示下面的错误

User "system:serviceaccount:kube-system:default" cannot list statefulsets.apps in the namespace "default". (get statefulsets.apps)

这是因为Kubernetes 1.6开始API Server启用了RBAC授权,当前的kubernetes-dashboard.yaml没有定义授权的ServiceAccount,所以访问API Server时被拒绝了。

根据https://github.com/kubernetes/dashboard/issues/1803中的内容临时授予system:serviceaccount:kube-system:default cluster_admin的角色,临时解决一下。

创建dashboard-rbac.yaml,定义system:serviceaccount:kube-system:default和ClusterRole cluster-admin绑定:

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

  name: dashboard-admin

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: default

  namespace: kube-system

kubectl  --kubeconfig=/etc/kubernetes/admin.conf create -f dashboard-rbac.yml

在集群中运行Heapster

下面安装Heapster为集群添加使用统计和监控功能,为Dashboard添加仪表盘。

下载最新的Heapster到集群中的某个Node上

wget https://github.com/kubernetes/heapster/archive/v1.3.0.tar.gz

使用InfluxDB做为Heapster的后端存储,开始部署,中间会pull相关镜像,包含gcr.io/google_containers/heapster_grafana:v2.6.0-2

tar -zxvf v1.3.0.tar.gz

cd heapster-1.3./deploy/kube-config/influxdb 

添加了RBAC授权

[root@k8s1 influxdb]# cat heapster-rbac.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  name: heapster

  namespace: kube-system

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1alpha1

metadata:

  name: heapster

subjects:

  - kind: ServiceAccount

    name: heapster

    namespace: kube-system

roleRef:

  kind: ClusterRole

  name: system:heapster

  apiGroup: rbac.authorization.k8s.io
[root@k8s1 influxdb]# vim heapster-deployment.yaml 

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: heapster

  namespace: kube-system

spec:

  replicas:

  template:

    metadata:

      labels:

        task: monitoring

        k8s-app: heapster

    spec:

      serviceAccountName: heapster

      containers:

      - name: heapster

        image: gcr.io/google_containers/heapster-amd64:v1.3.0-beta.

        imagePullPolicy: IfNotPresent

        command:

        - /heapster

        - --source=kubernetes:https://kubernetes.default

        - --sink=influxdb:http://monitoring-influxdb:8086

参考

http://blog.frognew.com/2017/04/kubeadm-install-kubernetes-1.6.html

https://github.com/opsnull/follow-me-install-kubernetes-cluster/blob/master/10-%E9%83%A8%E7%BD%B2Heapster%E6%8F%92%E4%BB%B6.md

kukubeadm 1.6.1 + docker1.2.6 安装问题的更多相关文章

  1. 基础环境之Docker入门

    随着Docker技术的不断成熟,越来越多的企业开始考虑使用Docker.Docker有很多的优势,本文主要讲述了Docker的五个最重要优势,即持续集成.版本控制.可移植性.隔离性和安全性. 有了Do ...

  2. docker flannel网络部署和路由走向分析

    1.flannel介绍 flannel是coreos开发的容器网络解决方案.flannel为每个host分配一个subnet,容器从此subnet中分配ip.这些ip可以在host间路由,容器间无需n ...

  3. Centos7的安装、Docker1.12.3的安装,以及Docker Swarm集群的简单实例

    目录 [TOC] 1.环境准备 ​ 本文中的案例会有四台机器,他们的Host和IP地址如下 c1 -> 10.0.0.31 c2 -> 10.0.0.32 c3 -> 10.0.0. ...

  4. Centos6.7安装docker1.7.1

    Docker当前发布的最新版本已经到了1.11,其官网上针对Centos的的安装需求如下: Docker requires a -bit installation regardless of your ...

  5. docker1.12 安装pxc(Percona XtraDB Cluster )测试

    docker1.12 安装pxc(Percona XtraDB Cluster )测试

  6. docker1.12 安装redis第三方集群方案 codis

    docker1.12 安装redis第三方集群方案 codis

  7. docker1.13.1的安装与卸载及mysql5.5安装实例

    docker中国官方地址:https://www.docker-cn.com/ 您可以使用以下命令直接从该镜像加速地址进行拉取: $ docker pull registry.docker-cn.co ...

  8. 【k8s】centos上安装kubernetes,报错Error:docker-ce-cli conflicts with 2:docker-1.13.1-94.gitb2f74b2.el7.centos.x86_64

    使用命令: yum install kubernetes 报错: Error: docker-ce-cli conflicts with :docker--.git07f3374.el7.centos ...

  9. CentOS7.x安装Docker1.11.1

    原文发表于cu:2016-05-30 本文属于重发,当前Docker已经分为EE与CE版本,CE版本是17.06.0-ce,最新的CE版本安装方式已略有不同:但可以指定安装版本,如1.11.1,1.1 ...

随机推荐

  1. 简单说说SpringMVC

    距离上一次开发SpringMVC项目已经过去了大半年,有些细节已经开始遗忘,今天复习一下 先从标签说起: 和struts有各种配置文件不同,spring用标签开发. 1.@Controller在Spr ...

  2. SVN提交小结

    在我们用VS进行项目合作开发的过程中,SVN的提交控制是至关重要的,由于版本冲突造成的各种麻烦咱们已经遇到的够多了.所以,总结他们的经验教训,给我们也给其他人做个提醒.下面的第一部分是需要在正式开发之 ...

  3. 开包即食的教程带你浅尝最新开源的C# Web引擎Blazor

    在今年年初,恰逢新春佳节临近的时候.微软给全球的C#开发者们,着实的送上了一分惊喜.微软正式开源Blazor,将.NET带回到浏览器.     这个小惊喜,迅速的在dotnet开发者中间传开了.201 ...

  4. WCF服务使用(IIS+Http)和(Winform宿主+Tcp)两种方式进行发布

    1.写在前面 刚接触WCF不久,有很多地方知其然不知其所以然.当我在[创建服务->发布服务->使用服务]这一过程出现过许多问题.如客户端找不到服务引用:客户端只在本机环境中才能访问服务,移 ...

  5. jedis、jedisPool、jedisCluster的使用方法

    jedis 连接redis(单机): 使用jedis如何操作redis,但是其实方法是跟redis的操作大部分是相对应的. 所有的redis命令都对应jedis的一个方法     1.在macen工程 ...

  6. CSS代码缩写

    盒模型代码简写 还记得在讲盒模型时外边距(margin).内边距(padding)和边框(border)设置上下左右四个方向的边距是按照顺时针方向设置的:上右下左.具体应用在margin和paddin ...

  7. sql 字段别名里包含特殊字符

    select ename employee.name from emp; 在数据库查询时,如果列名的别名里特殊符号,报错. select ename 'employee.name' from emp; ...

  8. ExtJs 4.1.1 文件结构解析

  9. centos7 安装mariadb最新版并配置

    打开http://mirrors.aliyun.com/,查找mariadb,然后拼装地址http://mirrors.aliyun.com/mariadb/yum打开,点开你想要的版本,选择你的操作 ...

  10. PSP软件开发过程

    1. 引言 这是为了编写psp系统的软件需求分析,主要按照提供的相关需求和功能. 1.1 项目风险 风险承担者包括: 任务提出者:承担任务不能完全按照想象的做出,投入等: 软件开发者:可能不能按时交付 ...