Kubernetes使用中发现的问题和错误
本文不再更新,移动到 https://qq253498229.github.io/docs-k8s/
安装minikube/kubectl
k8s本地和服务器使用时大多数的问题都是由于访问不了google导致的,所以在出现这类错误的时候首先就是考虑国内有没有镜像,其次再考虑自己搭建一个可以访问的镜像
其次官方给出了一些常见的错误及解决办法: troubleshooting-kubeadm
由于是我使用的是macOS,接近于linux,所以只介绍linux下的安装方法
- 安装minikube
在github的release页面下载对应版本的minikube
我下载的是 macOS适用的 minikube-darwin-amd64,将它改名为minikube移动到PATH目录中,并加入执行权限:
curl -LO minikube https://github.com/kubernetes/minikube/releases/download/v0.28.1/minikube-darwin-amd64
mv ./minikube /usr/local/bin/
chmod +x /usr/local/bin/minikube
执行 minikube version 命令查看是否成功
安装kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl mv ./kubectl /usr/local/bin/ chmod +x /usr/local/bin/kubectl
执行 kubectl version 命令查看是否成功
Kubectl自动补全
source <(kubectl completion bash) # 针对bash环境
source <(kubectl completion zsh) # 针对zsh环境
运行dashboard时报错:
Error validating service: Error getting service kubernetes-dashboard: services "kubernetes-dashboard" not found
排查 kubectl get po --all-namespaces之后发现如下pod:
kube-system kube-addon-manager-minikube 1/1 Running 0 1m
kube-system kube-dns-6fc954457d-rpnsn 0/3 ContainerCreating 0 43s
kube-system kubernetes-dashboard-5zbh5 0/1 ContainerCreating 0 43s
其中时有kubernetes-dashboard的,之后发现时自己的dns指向了 192.168.31.1 (小米路由的锅),将其改为 8.8.8.8 之后成功打开dashboard WebUI。
运行minikube时报错
zsh: exec format error: minikube
开始以为是zsh命令行工具的错误,google/stackoverflow了一阵子发现不对,是我下载的minikube是用迅雷下载的,重新用curl下载之后就正常使用了
自动安装docker(阿里云镜像)
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
手动安装docker
sudo apt-get remove docker docker-engine docker.io
sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install docker-ce
安装生产环境k8s(阿里云镜像)
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat << EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
crictl包丢失
VERSION="v1.11.1"
wget https://github.com/kubernetes-incubator/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz
init时候无法拉取google镜像
执行如下shell脚本:
#!/bin/bash
images=(kube-proxy-amd64:v1.11.1 kube-controller-manager-amd64:v1.11.1 kube-scheduler-amd64:v1.11.1 kube-apiserver-amd64:v1.11.1 coredns:1.1.3 etcd-amd64:3.2.18 pause:3.1)
for image in ${images[@]}; do
docker pull codeforfun/$image
docker tag codeforfun/$image k8s.gcr.io/$image
docker rmi codeforfun/$image
done
之后使用
kubeadm init --kubernetes-version=v1.11.1 --pod-network-cidr 10.244.0.0/16
启动k8s集群
kubectl命令报错
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
这个错误的原因是执行 kubeadm init 之后没有关注到控制台的输出,其中有一段话:
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
意思是需要首先执行上面三行脚本之后才可以继续使用集群
Unable to update cni config: No networks found in /etc/cni/net
错误如下:
Unable to update cni config: No networks found in /etc/cni/net
Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message
解决方法是安装flannel:
sysctl net.bridge.bridge-nf-call-iptables=1
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml
1 node(s) had taints that the pod didn't tolerate.
有时候一个pod创建之后一直是pending,没有日志,也没有pull镜像,describe的时候发现里面有一句话: 1 node(s) had taints that the pod didn't tolerate.
直译意思是节点有了污点无法容忍,执行 kubectl get no -o yaml | grep taint -A 5
之后发现该节点是不可调度的。这是因为kubernetes出于安全考虑默认情况下无法在master节点上部署pod,于是用下面方法解决:
kubectl taint nodes --all node-role.kubernetes.io/master-
查看服务错误日志
journalctl -u -f
nodePort无法开放80端口,提示不在30000-32767范围内
修改/etc/kubernetes/manifests/kube-apiserver.yaml(有些版本也可能是json)文件,修改其中的 - --service-node-port-range=80-32767 将range从30000-32767修改为80-32767。如果没有这句话,则按照格式添加一句。
别名及缩写
资源类型
缩写别名
clusters
componentstatuses
cs
configmaps
cm
daemonsets
ds
deployments
deploy
endpoints
ep
event
ev
horizontalpodautoscalers
hpa
ingresses
ing
jobs
limitranges
limits
namespaces
ns
networkpolicies
nodes
no
statefulsets
persistentvolumeclaims
pvc
persistentvolumes
pv
pods
po
podsecuritypolicies
psp
podtemplates
replicasets
rs
replicationcontrollers
rc
resourcequotas
quota
cronjob
secrets
serviceaccount
sa
services
svc
storageclasses
thirdpartyresources