k8s的LInux单节点部署(含containerCreating、ImagePullBackOff、CrashLoopBackOff问题的处置方案)

1、装置etcd和kubernetes

该步骤会默认装置docker。所以建议在原机器上没有装置Docker，否则可能会有抵触导致装置失败。

1. yum install -y etcd kubernetes

复制代码

2、配置

（1）、修改配置文件：/etc/sysconfig/docker（可不用操作，因为后面使用的仓库是daocloude镜像地址：https://dashboard.daocloud.io/packages）
添加下面一行，使用内网仓库：

1. ADD_REGISTRY='--add-registry reg.docker.lc'

复制代码

（2）修改配置文件：/etc/kubernetes/apiserver

1. KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"#这里把127.0.0.1改成0.0.0.0
2. KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,Security ContextDeny,ResourceQuota"#这里把ServiceAccount去掉

复制代码

3、查看docker版本

上面命令并没有参与docker，但它却自动装置了

1. docker version

复制代码

4、启动效劳

把效劳添加到启动项，并启动效劳：

1. for SERVICE in docker etcd kube-apiserver kube-controller-manager kube-scheduler kube-proxy kubelet;do  
3.     systemctl start $SERVICE
4.     systemctl enable$SERVICE# systemctl stop $SERVICE #关闭效劳done

复制代码

5、查看相关情况

1. ps -ef |grep kube

复制代码

呈现以上结果，则说明装置胜利
6、装置kubernetes-dashboard

（1）kubernetes-dashboard.yaml文件配置

源文件地址：https://github.com/kubernetes/dashboard/releases?after=v1.7.0

1. cat>kubernetes-dashboard.yaml<<-EOF
2. kind: Deployment
3. apiVersion: extensions/v1beta1
4. metadata:
5.   labels:
6.     app: kubernetes-dashboard
7.   name: kubernetes-dashboard
8.   namespace: kube-system
9. spec:
10.   replicas: 1
11.   selector:
12.     matchLabels:
13.       app: kubernetes-dashboard
14.   template:
15.     metadata:
16.       labels:
17.         app: kubernetes-dashboard
18.       # Comment the following annotation if Dashboard must not be deployed on master
19.       annotations:
20.         scheduler.alpha.kubernetes.io/tolerations: |[{"key":"dedicated",
21.               "operator":"Equal",
22.               "value":"master",
23.               "effect":"NoSchedule"}]
24.     spec:
25.       containers:
26.       - name: kubernetes-dashboard
27.         image: reg.docker.lc/分享/kubernetes-dashboard-amd64:v1.5.1      #默认的镜像是使用google的，这里改成内网
28.         imagePullPolicy: Always
29.         ports:
30.         - containerPort: 9090
31.           protocol: TCP
32.         args:
33.           # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work.
34.           - --apiserver-host=http://10.0.10.10:8080    #注意这里是api的地址
35.         livenessProbe:
36.           httpGet:
37.             path: /
38.             port: 9090
39.           initialDelaySeconds: 30
40.           timeoutSeconds: 30
41. ---
42. kind: Service
43. apiVersion: v1
44. metadata:
45.   labels:
46.     app: kubernetes-dashboard
47.   name: kubernetes-dashboard
48.   namespace: kube-system
49. spec:
50.   type: NodePort
51.   ports:
52.   - port: 80
53.     targetPort: 9090
54.   selector:
55.     app: kubernetes-dashboard
57. EOF

复制代码

（2）装置

1. kubectl create -f kubernetes-dashboard.yaml

复制代码

（3）查看

1. kubectl get pods --all-namespaces

复制代码

7、使用

（1)查看网络端口使用情况

1. netstat -nultup

复制代码

(2)阅读器访问

①api访问
http://ip:8080

②界面访问
http://ip:8080/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/#/workload?namespace=default

8、问题处置

（1）containerCreating

1. FailedSynError syncing pod, skipping: failed to "StartContainer"for"POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)" 13m 11s 56 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer"for"POD" with ImagePullBackOff: "Back-off pulling image "registry.access.redhat.com/rhel7/pod-infrastructure:latest""
3. Error syncing pod, skipping: failed to "StartContainer"for"POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

复制代码

①查看pod

1. kubectl describe pod kubernetes-dashboard-3603079361-b2x00 --namespace=kube-system

复制代码

②删除pod

1. kubectl get pod -n nameSpaceName
2. kubectl delete pod podName -n nameSpaceName
3. kubectl get deployment -n nameSpaceName
4. kubectl delete deployment deploymentName -n nameSpaceName

复制代码

③添加证书

1. wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
2. rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem |tee /etc/rhsm/ca/redhat-uep.pem

复制代码

（2）ImagePullBackOff

①问题论述：

②添加可被胜利拉取的镜像
daocloude镜像地址：https://dashboard.daocloud.io/packages

1. # Copyright 2015 Google Inc. All Rights Reserved.## Licensed under the Apache License, Version 2.0 (the "License");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at##     http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.# Configuration to deploy release version of the Dashboard UI.## Example usage: kubectl create -f <this_file>
3. kind: Deployment
4. apiVersion: extensions/v1beta1
5. metadata:
6.   labels:
7.     app: kubernetes-dashboard
8.   name: kubernetes-dashboard
9.   namespace: kube-system
10. spec:
11.   replicas: 1
12.   selector:
13.     matchLabels:
14.       app: kubernetes-dashboard
15.   template:
16.     metadata:
17.       labels:
18.         app: kubernetes-dashboard
19.       # Comment the following annotation if Dashboard must not be deployed on master
20.       annotations:
21.         scheduler.alpha.kubernetes.io/tolerations: |[{"key":"dedicated",
22.               "operator":"Equal",
23.               "value":"master",
24.               "effect":"NoSchedule"}]
25.     spec:
26.       containers:
27.       - name: kubernetes-dashboard
28.         image: daocloud.io/gfkchinanetquest/kubernetes-dashboard-amd64:v1.5.1
29.         imagePullPolicy: Always
30.         ports:
31.         - containerPort: 9090
32.           protocol: TCP
33.         args:
34.           # Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:port
35.         livenessProbe:
36.           httpGet:
37.             path: /
38.             port: 9090
39.           initialDelaySeconds: 30
40.           timeoutSeconds: 30
41. ---
42. kind: Service
43. apiVersion: v1
44. metadata:
45.   labels:
46.     app: kubernetes-dashboard
47.   name: kubernetes-dashboard
48.   namespace: kube-system
49. spec:
50.   type: NodePort
51.   ports:
52.   - port: 80
53.     targetPort: 9090
54.   selector:
55.     app: kubernetes-dashboard

复制代码

（3）CrashLoopBackOff

效劳无法启动，处于不时重启的过程中，但是无法胜利开启

查看日志

1. kubectl logs kubernetes-dashboard-3933968709-9f7qn -n kube-system

复制代码

网络端口使用情况

原因分析：apiserver的端口使用错误，在配置中若将“# - --apiserver-host”部分注释，则系统默认使用了无证书的6443，导致无法征程链接apiserver效劳，因而要将注释去掉，修改成以下内容

1. - --apiserver-host=http://140.143.159.146:8080

复制代码

140.143.159.146为你的云效劳器IP地址，8080为含证书的dashboard的http访问端口，6443为https访问端口
附上最终的yaml文件

1. # Copyright 2015 Google Inc. All Rights Reserved.## Licensed under the Apache License, Version 2.0 (the "License");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at##     http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.# Configuration to deploy release version of the Dashboard UI.## Example usage: kubectl create -f <this_file>
3. kind: Deployment
4. apiVersion: extensions/v1beta1
5. metadata:
6.   labels:
7.     app: kubernetes-dashboard
8.   name: kubernetes-dashboard
9.   namespace: kube-system
10. spec:
11.   replicas: 1
12.   selector:
13.     matchLabels:
14.       app: kubernetes-dashboard
15.   template:
16.     metadata:
17.       labels:
18.         app: kubernetes-dashboard
19.       # Comment the following annotation if Dashboard must not be deployed on master
20.       annotations:
21.         scheduler.alpha.kubernetes.io/tolerations: |[{"key":"dedicated",
22.               "operator":"Equal",
23.               "value":"master",
24.               "effect":"NoSchedule"}]
25.     spec:
26.       containers:
27.       - name: kubernetes-dashboard
28.         image: daocloud.io/gfkchinanetquest/kubernetes-dashboard-amd64:v1.5.1
29.         imagePullPolicy: Always
30.         ports:
31.         - containerPort: 9090
32.           protocol: TCP
33.         args:
34.           # Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.
35.           - --apiserver-host=http://140.111.123.252:8080 #将140.111.123.252更改为你的ip地址
36.         livenessProbe:
37.           httpGet:
38.             path: /
39.             port: 9090
40.           initialDelaySeconds: 30
41.           timeoutSeconds: 30
42. ---
43. kind: Service
44. apiVersion: v1
45. metadata:
46.   labels:
47.     app: kubernetes-dashboard
48.   name: kubernetes-dashboard
49.   namespace: kube-system
50. spec:
51.   type: NodePort
52.   ports:
53.   - port: 80
54.     targetPort: 9090
55.   selector:
56.     app: kubernetes-dashboard

复制代码