Kubernetes使用中发现的问题和错误
本文不再更新,移动到
安装minikube/kubectl
k8s本地和服务器使用时大多数的问题都是由于访问不了google导致的,所以在出现这类错误的时候首先就是考虑国内有没有镜像,其次再考虑自己搭建一个可以访问的镜像
其次官方给出了一些常见的错误及解决办法:
由于是我使用的是macOS,接近于linux,所以只介绍linux下的安装方法
- 安装minikube
下载对应版本的minikube
我下载的是 macOS适用的 minikube-darwin-amd64,将它改名为minikube移动到PATH目录中,并加入执行权限:
curl -LO minikube https://github.com/kubernetes/minikube/releases/download/v0.28.1/minikube-darwin-amd64mv ./minikube /usr/local/bin/chmod +x /usr/local/bin/minikube
执行 minikube version 命令查看是否成功
- 安装kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectlmv ./kubectl /usr/local/bin/chmod +x /usr/local/bin/kubectl
执行 kubectl version 命令查看是否成功
Kubectl自动补全
source <(kubectl completion bash) # 针对bash环境source <(kubectl completion zsh) # 针对zsh环境
运行dashboard时报错:
Error validating service: Error getting service kubernetes-dashboard: services "kubernetes-dashboard" not found
排查 kubectl get po --all-namespaces之后发现如下pod:
kube-system kube-addon-manager-minikube 1/1 Running 0 1mkube-system kube-dns-6fc954457d-rpnsn 0/3 ContainerCreating 0 43skube-system kubernetes-dashboard-5zbh5 0/1 ContainerCreating 0 43s
其中时有kubernetes-dashboard的,之后发现时自己的dns指向了 192.168.31.1 (小米路由的锅),将其改为 8.8.8.8 之后成功打开dashboard WebUI。
运行minikube时报错
zsh: exec format error: minikube
开始以为是zsh命令行工具的错误,google/stackoverflow了一阵子发现不对,是我下载的minikube是用迅雷下载的,重新用curl下载之后就正常使用了
自动安装docker(阿里云镜像)
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
手动安装docker
sudo apt-get remove docker docker-engine docker.iosudo apt-get updatesudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ software-properties-common sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" sudo apt-get updatesudo apt-get install docker-ce
安装生产环境k8s(阿里云镜像)
apt-get update && apt-get install -y apt-transport-https curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat << EOF >/etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOFapt-get update apt-get install -y kubelet kubeadm kubectl systemctl enable kubelet && systemctl start kubelet
crictl包丢失
VERSION="v1.11.1"wget https://github.com/kubernetes-incubator/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gzsudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/binrm -f crictl-$VERSION-linux-amd64.tar.gz
init时候无法拉取google镜像
执行如下shell脚本:
#!/bin/bashimages=(kube-proxy-amd64:v1.11.1 kube-controller-manager-amd64:v1.11.1 kube-scheduler-amd64:v1.11.1 kube-apiserver-amd64:v1.11.1 coredns:1.1.3 etcd-amd64:3.2.18 pause:3.1)for image in ${images[@]}; do docker pull codeforfun/$image docker tag codeforfun/$image k8s.gcr.io/$image docker rmi codeforfun/$imagedone
之后使用
kubeadm init --kubernetes-version=v1.11.1 --pod-network-cidr 10.244.0.0/16
启动k8s集群
kubectl命令报错
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
这个错误的原因是执行 kubeadm init 之后没有关注到控制台的输出,其中有一段话:
To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
意思是需要首先执行上面三行脚本之后才可以继续使用集群
Unable to update cni config: No networks found in /etc/cni/net
错误如下:
Unable to update cni config: No networks found in /etc/cni/netContainer runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message
解决方法是安装flannel:
sysctl net.bridge.bridge-nf-call-iptables=1kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml
1 node(s) had taints that the pod didn't tolerate.
有时候一个pod创建之后一直是pending,没有日志,也没有pull镜像,describe的时候发现里面有一句话: 1 node(s) had taints that the pod didn't tolerate.
直译意思是节点有了污点无法容忍,执行 kubectl get no -o yaml | grep taint -A 5
之后发现该节点是不可调度的。这是因为kubernetes出于安全考虑默认情况下无法在master节点上部署pod,于是用下面方法解决:
kubectl taint nodes --all node-role.kubernetes.io/master-
查看服务错误日志
journalctl -u -f
nodePort无法开放80端口,提示不在30000-32767范围内
修改/etc/kubernetes/manifests/kube-apiserver.yaml(有些版本也可能是json)文件,修改其中的 - --service-node-port-range=80-32767 将range从30000-32767修改为80-32767。如果没有这句话,则按照格式添加一句。
别名及缩写
资源类型 | 缩写别名 |
---|---|
clusters | |
componentstatuses | cs |
configmaps | cm |
daemonsets | ds |
deployments | deploy |
endpoints | ep |
event | ev |
horizontalpodautoscalers | hpa |
ingresses | ing |
jobs | |
limitranges | limits |
namespaces | ns |
networkpolicies | |
nodes | no |
statefulsets | |
persistentvolumeclaims | pvc |
persistentvolumes | pv |
pods | po |
podsecuritypolicies | psp |
podtemplates | |
replicasets | rs |
replicationcontrollers | rc |
resourcequotas | quota |
cronjob | |
secrets | |
serviceaccount | sa |
services | svc |
storageclasses | |
thirdpartyresources |