zoukankan      html  css  js  c++  java
  • k8s集群安装-pod创建

    后续所有安装都基于上一篇文章的1个master和3个node的基础。

    yaml文件:区分大小写、使用空格而不是tab、键值之间有空格

    • apiVersion: #api版本
    • kind: #资源类型,pod、service、deployment等
    • matedata: #属性
    • spec: #详细信息

    创建一个nginx的yaml文件

    [root@master ~ ]# mkdir -p k8s/pod
    [root@master ~ ]# cd k8s/pod
    [root@master pod ]# vi nginx_pod.yaml
    apiVersion: v1
    kind: Pod
    metadata:
      name: nginx
      labels:
        app: web
    spec:
      containers:
        - name: nginx
          image: nginx:1.13
          ports:
            - containerPort: 80

    基于yaml文件创建pod,命令为kubectl create -f yaml文件

    [root@master pod]# kubectl create -f nginx_pod.yaml 
    Error from server (ServerTimeout): error when creating "nginx_pod.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account

    但是会报错,根据报错需要修改master的apiserver配置文件,删除ServiceAccount,修改后重新创建pod

    [root@master pod ]# vi /etc/kubernetes/apiserver  #删除ServiceAccount 
    # default admission control policies
    KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
    [root@master pod ]# systemctl restart kube-apiserver
    [root@master pod]# kubectl create -f nginx_pod.yaml 
    pod "nginx" created

    但是查看这个pod的状态一直是ContainerCreating,此时需要查看日志

    [root@master pod]# kubectl get pods
    NAME      READY     STATUS              RESTARTS   AGE
    nginx     0/1       ContainerCreating   0          2m

    通过kubectl describe pod nginx查看日志,显示该pod调度到node2上,并且在pull镜像pod-infrastructure:latest的时候报错,在node2上手动pull也显示没有该镜像

    [root@master pod]# kubectl describe pod nginx
    Name:           nginx
    Namespace:      default
    Node:           node2/192.168.85.32
    Start Time:     Sun, 30 Aug 2020 10:50:45 +0800
    Labels:         app=web
    Status:         Pending
    IP:
    Controllers:    <none>
    Containers:
      nginx:
        Container ID:
        Image:                      nginx:1.13
        Image ID:
        Port:                       80/TCP
        State:                      Waiting
          Reason:                   ContainerCreating
        Ready:                      False
        Restart Count:              0
        Volume Mounts:              <none>
        Environment Variables:      <none>
    Conditions:
      Type          Status
      Initialized   True 
      Ready         False 
      PodScheduled  True 
    No volumes.
    QoS Class:      BestEffort
    Tolerations:    <none>
    Events:
      FirstSeen     LastSeen        Count   From                    SubObjectPath   Type            Reason      Message
      ---------     --------        -----   ----                    -------------   --------        ------      -------
      3m            3m              1       {default-scheduler }                    Normal          Scheduled   Successfully assigned nginx to node2
      3m            1m              4       {kubelet node2}                         Warning         FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
    
      2m    7s      10      {kubelet node2}         Warning FailedSync      Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image "registry.access.redhat.com/rhel7/pod-infrastructure:latest""
    [root@node2 ~]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
    Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ... 
    open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
    View Code

    查看node2上的kubelet配置文件,/etc/kubernetes/kubelet

    # pod infrastructure container
    KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
    #修改为通过docker search pod-infrastructure查找到的镜像路径
    KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=docker.io/tianyebj/pod-infrastructure:latest"

    再重启node2的kubelet服务,在master上再次通过describe查看日志,pod-infrastructure:latest镜像的下载地址已经变为kubelet配置文件修改后的路径,但是还是timeout,因为镜像是在国外,下载会比较耗时。

    配置镜像加速,修改docker配置文件/etc/sysconfig/docker,将原OPTIONS修改为如下,ip为master地址

    OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=192.168.85.30:5000'

    重启docker,可在/var/lib/docker/tmp镜像包临时存放目录查看下载进度,但是镜像包下载特别慢,建议将已经下载好的镜像包上传并通过load导入。

    通过这种情况创建的pod,如果kubectl delete pod nginx,再kubectl apply -f nginx_pod.yaml创建pod时,就可能调度到node1,此时node1会再需要经过一遍node2修改kubelet配置文件、加速镜像并且镜像下载异常慢的过程。因此通常建议配置私有镜像仓库harbor,将基础镜像上传到harbor上,后续都通过内网到harbor上下载所需镜像。

    为了节省资源,此处使用官方的registry仓库。

    [root@master pod]# docker search registry
    INDEX       NAME                                           DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
    docker.io   docker.io/registry                             The Docker Registry 2.0 implementation for...   3064      [OK]       
    docker.io   docker.io/distribution/registry                WARNING: NOT the registry official image!!...   57                   [OK]
    docker.io   docker.io/stefanscherer/registry-windows       Containerized docker registry for Windows ...   32                   
    docker.io   docker.io/budry/registry-arm                   Docker registry build for Raspberry PI 2 a...   18                   
    docker.io   docker.io/deis/registry                        Docker image registry for the Deis open so...   12                   
    docker.io   docker.io/jc21/registry-ui                     A nice web interface for managing your Doc...   12                   
    ……
    [root@master pod]# docker pull docker.io/registry    #下载官方registry
    [root@master pod]# docker images
    REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
    docker.io/busybox    latest              018c9d7b792b        4 weeks ago         1.22 MB
    docker.io/registry   latest              2d4f4b5309b1        2 months ago        26.2 MB
    [root@master pod]# docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry   #创建私有仓库
    daf346fb2c98d11f8ac261d8568339723a6f5f7df40df907cbc07b5fe2166759
    [root@master pod]# docker ps   #
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
    daf346fb2c98        registry            "/entrypoint.sh /e..."   8 seconds ago       Up 6 seconds        0.0.0.0:5000->5000/tcp   registry

    修改docker配置文件/etc/sysconfig/docker

    OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=192.168.85.30:5000'   #ip为master

    修改kubelet配置文件/etc/kubernetes/kubelet

    # pod infrastructure container
    KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=192.168.85.30:5000/pod-infrastructure:latest"

    重启docker和kubelet服务,然后将已经下载好的镜像push到私有仓库192.168.85.30:5000/上。

    pod常用操作

    创建pod:kubectl create -f yaml

    更新pod:kubectl apply -f yaml

    查看pod:kubectl get pods [-n namespace]

    删除pod:kubectl delete pod podname [--force [--grace-period=0]]

    查看pod创建:kubectl describe pod podname

    容器常用操作

    查看运行的容器:docker ps

    查看指定的容器:docker inspect dockername

  • 相关阅读:
    touch命令
    cd命令
    通配符
    速查命令
    一些技巧
    从零开始用 Flask 搭建一个网站(四)
    【老板来了你立刻知道!】人脸识别+手机推送
    React Native 一些事
    React-Native 工程添加推送功能 (iOS 篇)
    集成 jpush
  • 原文地址:https://www.cnblogs.com/Forever77/p/13584505.html
Copyright © 2011-2022 走看看