kubeadm init --apiserver-advertise-address=192.168.20.229 --pod-network-cidr=10.244.0.0/16

kubelet: error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"

docker相比1.10增加了KernelMemory变量和CgroupDriver变量,KernelMemory变量表示是否设置linux内核内存限制,CgroupDriver变量表示使用哪个Cgroup驱动,有两种驱动,分别是cgroupfs和systemd,默认使用cgroupfs

由 systemd 变更成 cgroupfs

############################################

或者  --cgroup-driver=systemd \
kubelet的服务配置文件加上这么一行

使用kubeadm 安装 kubernetes1.6.1

环境准备

master 192.168.20.229

node    192.168.20.223

软件版本:

docker使用 1.12.6

查看版本

yum list kubeadm  --showduplicates |sort -r

kubeadm.x86_64                        1.6.-                        kubernetes

kubeadm.x86_64                        1.6.-                        kubernetes

yum list kubelet  --showduplicates |sort -r

kubelet.x86_64                        1.6.-                        kubernetes

kubelet.x86_64                        1.6.-                         kubernetes

kubelet.x86_64                        1.5.-                         kubernetes

yum list kubectl  --showduplicates |sort -r

kubectl.x86_64                        1.6.-                        kubernetes

kubectl.x86_64                        1.6.-                         kubernetes

kubectl.x86_64                        1.5.-                         kubernetes

yum list kubernets-cni  --showduplicates |sort -r

kubernetes-cni              x86_64              0.5.-                    kubernetes

系统配置

根据官方文档Installing Kubernetes on Linux with kubeadm中的Limitations小节中的内容,对各节点系统做如下设置:

创建/etc/sysctl.d/k8s.conf文件,添加如下内容:

net.bridge.bridge-nf-call-ip6tables =

net.bridge.bridge-nf-call-iptables =

初始化集群

kubeadm init --kubernetes-version=v1.6.1 --pod-network-cidr=10.244.0.0/ --apiserver-advertise-address=192.168.20.229

kubeadm init执行成功后输出下面的信息:

kubeadm init --kubernetes-version=v1.6.1 --pod-network-cidr=10.244.0.0/ --apiserver-advertise-address=192.168.61.41

[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.

[init] Using Kubernetes version: v1.6.1

[init] Using Authorization mode: RBAC

[preflight] Running pre-flight checks

[preflight] Starting the kubelet service

[certificates] Generated CA certificate and key.

[certificates] Generated API server certificate and key.

[certificates] API Server serving cert is signed for DNS names [node0 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.61.41]

[certificates] Generated API server kubelet client certificate and key.

[certificates] Generated service account token signing key and public key.

[certificates] Generated front-proxy CA certificate and key.

[certificates] Generated front-proxy client certificate and key.

[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"

[apiclient] Created API client, waiting for the control plane to become ready

[apiclient] All control plane components are healthy after 14.583864 seconds

[apiclient] Waiting for at least one node to register

[apiclient] First node has registered after 6.008990 seconds

[token] Using token: e7986d.e440de5882342711

[apiconfig] Created RBAC rules

[addons] Created essential addon: kube-proxy

[addons] Created essential addon: kube-dns

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run (as a regular user):

  sudo cp /etc/kubernetes/admin.conf $HOME/

  sudo chown $(id -u):$(id -g) $HOME/admin.conf

  export KUBECONFIG=$HOME/admin.conf

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

  http://kubernetes.io/docs/admin/addons/

You can now join any number of machines by running the following on each node

as root:

kubeadm join --token 881f96.aaf02f1f8dc53889 192.168.20.229:

Master Node初始化完成,使用kubeadm初始化的Kubernetes集群在Master节点上的核心组件:kube-apiserver,kube-scheduler, kube-controller-manager是以静态Pod的形式运行的。

ls /etc/kubernetes/manifests/

etcd.yaml  kube-apiserver.yaml  kube-controller-manager.yaml  kube-scheduler.yaml

在/etc/kubernetes/manifests/目录里可以看到kube-apiserver,kube-scheduler, kube-controller-manager的定义文件。另外集群持久化存储etcd也是以单点静态Pod的形式运行的,对于etcd后边我们会把它切换成etcd集群。

查看一下kube-apiserver.yaml的内容:

apiVersion: v1

kind: Pod

metadata:

  creationTimestamp: null

  labels:

    component: kube-apiserver

    tier: control-plane

  name: kube-apiserver

  namespace: kube-system

spec:

  containers:

  - command:

    - kube-apiserver

    .......

    - --insecure-port=

注意到kube-apiserver的选项--insecure-port=0,也就是说kubeadm 1.6.0初始化的集群,kube-apiserver没有监听默认的http 8080端口。

所以我们使用kubectl get nodes会报The connection to the server localhost:8080 was refused - did you specify the right host or port?

查看kube-apiserver的监听端口可以看到只监听了https的6443端口

netstat -nltp | grep apiserver

tcp6              :::                 :::*                    LISTEN      /kube-apiserver

为了使用kubectl访问apiserver,在~/.bash_profile中追加下面的环境变量:

export KUBECONFIG=/etc/kubernetes/admin.conf

source ~/.bash_profile

此时kubectl命令在master node上就好用了,查看一下当前机器中的Node:

kubectl get nodes

NAME      STATUS     AGE       VERSION

k8s1       NotReady   3m        v1.6.1

安装Pod Network

接下来安装flannel network add-on:

kubectl create -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel-rbac.yml

kubectl apply -f  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

serviceaccount "flannel" created

configmap "kube-flannel-cfg" created

daemonset "kube-flannel-ds" created

如果Node有多个网卡的话,参考flannel issues 39701,目前需要在kube-flannel.yml中使用--iface参数指定集群主机内网网卡的名称,否则可能会出现dns无法解析。需要将kube-flannel.yml下载到本地,flanneld启动参数加上--iface=<iface-name>

......

apiVersion: extensions/v1beta1

kind: DaemonSet

metadata:

  name: kube-flannel-ds

......

containers:

      - name: kube-flannel

        image: quay.io/coreos/flannel:v0.7.0-amd64

        command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr", "--iface=eth1" ]

......

使用kubectl get pod --all-namespaces -o wide确保所有的Pod都处于Running状态

kubectl get pod --all-namespaces -o wide

或者

kubectl --kubeconfig=/etc/kubernetes/admin.conf get pod  --all-namespaces -o wide

NAMESPACE     NAME                           READY     STATUS    RESTARTS   AGE       IP               NODE

kube-system   etcd-k8s1                      /       Running             10m       192.168.20.229   k8s1

kube-system   kube-apiserver-k8s1            /       Running             10m       192.168.20.229   k8s1

kube-system   kube-controller-manager-k8s1   /       Running             10m       192.168.20.229   k8s1

kube-system   kube-dns--g97bm      /       Running             10m       10.244.1.2       k8s5

kube-system   kube-flannel-ds-k87tt          /       Running             2m        192.168.20.233   k8s5

kube-system   kube-flannel-ds-lq62q          /       Running             2m        192.168.20.229   k8s1

kube-system   kube-proxy-0nrp0               /       Running             10m       192.168.20.229   k8s1

kube-system   kube-proxy-qcds5               /       Running             10m       192.168.20.233   k8s5

kube-system   kube-scheduler-k8s1            /       Running             10m       192.168.20.229   k8s1

使master node参与工作负载

使用kubeadm初始化的集群,出于安全考虑Pod不会被调度到Master Node上,也就是说Master Node不参与工作负载。

这里搭建的是测试环境可以使用下面的命令使Master Node参与工作负载:

kubectl taint nodes --all  node-role.kubernetes.io/master-

测试DNS

[root@k8s1 ~]# kubectl --kubeconfig=/etc/kubernetes/admin.conf run curl --image=radial/busyboxplus:curl -i --tty

If you don't see a command prompt, try pressing enter.

[ root@curl--s2l5v:/ ]$ nslookup

BusyBox v1.22.1 (-- :: PDT) multi-call binary.

Usage: nslookup [HOST] [SERVER]

Query the nameserver for the IP address of the given HOST

optionally using a specified DNS server

[ root@curl--s2l5v:/ ]$ nslookup kube-dns.kube-system

Server:    10.96.0.10

Address : 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kube-dns.kube-system

Address : 10.96.0.10 kube-dns.kube-system.svc.cluster.local

[ root@curl--s2l5v:/ ]$ nslookup kubernetes.default

Server:    10.96.0.10

Address : 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes.default

Address : 10.96.0.1 kubernetes.default.svc.cluster.local

测试OK后,删除掉curl这个Pod。

kubectl delete deploy curl

向集群中添加节点

kubeadm join --token 881f96.aaf02f1f8dc53889 192.168.20.229:

查看集群中节点:

[root@k8s1 ~]# kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes

NAME      STATUS    AGE       VERSION

k8s1      Ready     54m       v1.6.1

k8s5      Ready     54m       v1.6.1

安装Dashboard插件

wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml

kubectl create -f kubernetes-dashboard.yaml

从http://NodeIp:NodePort访问dashboard,浏览器显示下面的错误

User "system:serviceaccount:kube-system:default" cannot list statefulsets.apps in the namespace "default". (get statefulsets.apps)

这是因为Kubernetes 1.6开始API Server启用了RBAC授权,当前的kubernetes-dashboard.yaml没有定义授权的ServiceAccount,所以访问API Server时被拒绝了。

根据https://github.com/kubernetes/dashboard/issues/1803中的内容临时授予system:serviceaccount:kube-system:default cluster_admin的角色,临时解决一下。

创建dashboard-rbac.yaml,定义system:serviceaccount:kube-system:default和ClusterRole cluster-admin绑定:

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

  name: dashboard-admin

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: default

  namespace: kube-system

kubectl  --kubeconfig=/etc/kubernetes/admin.conf create -f dashboard-rbac.yml

在集群中运行Heapster

下面安装Heapster为集群添加使用统计和监控功能,为Dashboard添加仪表盘。

下载最新的Heapster到集群中的某个Node上

wget https://github.com/kubernetes/heapster/archive/v1.3.0.tar.gz

使用InfluxDB做为Heapster的后端存储,开始部署,中间会pull相关镜像,包含gcr.io/google_containers/heapster_grafana:v2.6.0-2

tar -zxvf v1.3.0.tar.gz

cd heapster-1.3./deploy/kube-config/influxdb 

添加了RBAC授权

[root@k8s1 influxdb]# cat heapster-rbac.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  name: heapster

  namespace: kube-system

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1alpha1

metadata:

  name: heapster

subjects:

  - kind: ServiceAccount

    name: heapster

    namespace: kube-system

roleRef:

  kind: ClusterRole

  name: system:heapster

  apiGroup: rbac.authorization.k8s.io
[root@k8s1 influxdb]# vim heapster-deployment.yaml 

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: heapster

  namespace: kube-system

spec:

  replicas:

  template:

    metadata:

      labels:

        task: monitoring

        k8s-app: heapster

    spec:

      serviceAccountName: heapster

      containers:

      - name: heapster

        image: gcr.io/google_containers/heapster-amd64:v1.3.0-beta.

        imagePullPolicy: IfNotPresent

        command:

        - /heapster

        - --source=kubernetes:https://kubernetes.default

        - --sink=influxdb:http://monitoring-influxdb:8086

参考

http://blog.frognew.com/2017/04/kubeadm-install-kubernetes-1.6.html

https://github.com/opsnull/follow-me-install-kubernetes-cluster/blob/master/10-%E9%83%A8%E7%BD%B2Heapster%E6%8F%92%E4%BB%B6.md

kukubeadm 1.6.1 + docker1.2.6 安装问题的更多相关文章

  1. 基础环境之Docker入门

    随着Docker技术的不断成熟,越来越多的企业开始考虑使用Docker.Docker有很多的优势,本文主要讲述了Docker的五个最重要优势,即持续集成.版本控制.可移植性.隔离性和安全性. 有了Do ...

  2. docker flannel网络部署和路由走向分析

    1.flannel介绍 flannel是coreos开发的容器网络解决方案.flannel为每个host分配一个subnet,容器从此subnet中分配ip.这些ip可以在host间路由,容器间无需n ...

  3. Centos7的安装、Docker1.12.3的安装,以及Docker Swarm集群的简单实例

    目录 [TOC] 1.环境准备 ​ 本文中的案例会有四台机器,他们的Host和IP地址如下 c1 -> 10.0.0.31 c2 -> 10.0.0.32 c3 -> 10.0.0. ...

  4. Centos6.7安装docker1.7.1

    Docker当前发布的最新版本已经到了1.11,其官网上针对Centos的的安装需求如下: Docker requires a -bit installation regardless of your ...

  5. docker1.12 安装pxc(Percona XtraDB Cluster )测试

    docker1.12 安装pxc(Percona XtraDB Cluster )测试

  6. docker1.12 安装redis第三方集群方案 codis

    docker1.12 安装redis第三方集群方案 codis

  7. docker1.13.1的安装与卸载及mysql5.5安装实例

    docker中国官方地址:https://www.docker-cn.com/ 您可以使用以下命令直接从该镜像加速地址进行拉取: $ docker pull registry.docker-cn.co ...

  8. 【k8s】centos上安装kubernetes,报错Error:docker-ce-cli conflicts with 2:docker-1.13.1-94.gitb2f74b2.el7.centos.x86_64

    使用命令: yum install kubernetes 报错: Error: docker-ce-cli conflicts with :docker--.git07f3374.el7.centos ...

  9. CentOS7.x安装Docker1.11.1

    原文发表于cu:2016-05-30 本文属于重发,当前Docker已经分为EE与CE版本,CE版本是17.06.0-ce,最新的CE版本安装方式已略有不同:但可以指定安装版本,如1.11.1,1.1 ...

随机推荐

  1. HashMap概述及其三种遍历方式

    一.HashMap概述: 1.HashMap是一个散列表,它存储的是键值对(key-value)映射: 2.HashMap继承AbstractMap,实现了Map,Cloneable,Serializ ...

  2. DOS窗口带jar包运行java程序

    由于工作环境的问题,有过一次这样的测试,需要在DOS窗口运行带有jar包的java程序 编译命令如下: javac -Djava.ext.dirs=./lib Test.java 或 javac -D ...

  3. java计算机二级笔记

    java.applet.AppletAppletHTMLAppletextends Appletextends AppletprintinitcalendarCalendarCalendar 日历类J ...

  4. mybatis循环生成前后缀:mapper.xml的<trim></trim>

    *在mapper.xml中<trim prefix="(" suffix=")" suffixOverrides="," prefix ...

  5. AJAX-XMLHttpRequest和本地文件

    网页中可以使用相对URL的能力通常意味着我们能使用本地文件系统来开发和测试HTML,并避免对Web服务器进行不必要的部署. 然而当使用XMLHttpRequest进行Ajax编程时,这通常是不行的. ...

  6. 计算mysql中某个字段某字符出现的次数,case when 和 截取字符的用法

    select LENGTH(type) - LENGTH(replace(type,'_','')) as counts from sa_log_olap where type like 'XX_XX ...

  7. opencv3.2.0形态学滤波之膨胀

    //名称:膨胀 //日期:12月21日 //平台:QT5.7.1+opencv3.2.0 /* 膨胀(dilate)的含义: 膨胀就是求局部最大值的操作,就是将图像(或图像的一部分,A)与核 B 进行 ...

  8. Linux 线程调度与优先级

    [转] http://blog.chinaunix.net/uid-20788636-id-1841334.html http://blog.chinaunix.net/uid-20788636-id ...

  9. js 和springboot内存图

  10. CSS深入理解之float(HTML/CSS)

    float的设计初衷仅仅是:为了文字环绕效果 float的包裹与破坏 包裹:收缩.坚挺.隔绝(BFC) 破坏:父元素高度塌陷 <!DOCTYPE html> <html> &l ...