江苏龙网

  1. 主页 > 生活百科 > >

ansible部署k8s( 三 )

k8s

3.7、检查kubeletnetstat -lntup|grep kubelet# 显示如下tcp00 127.0.0.1:351730.0.0.0:*LISTEN123215/kubelettcp00 127.0.0.1:102480.0.0.0:*LISTEN123215/kubelettcp00 192.168.10.11:102500.0.0.0:*LISTEN123215/kubelet kubeadm token list --kubeconfig ~/.kube/config# 查看创建的tokenTOKENTTLEXPIRESUSAGESDESCRIPTIONEXTRA GROUPShf0fa4.ta6haf1wsz1fnobf22h2019-12-15T19:33:26+08:00authentication,signingkubelet-bootstrap-tokensystem:bootstrAppers:kube11oftjgn.01tob30h8v9l05lm22h2019-12-15T19:33:26+08:00authentication,signingkubelet-bootstrap-tokensystem:bootstrappers:kube12zuezc4.7kxhmayoue16pycb22h2019-12-15T19:33:26+08:00authentication,signingkubelet-bootstrap-tokensystem:bootstrappers:kube13kubectl get csr# 已经批准NAMEAGEREQUESTORCONDITIONnode-csr-Oarn7xdWDiq7-CLn7yrE3fkTtmJtoSenmlGj3XL85lM72msystem:bootstrap:zuezc4Approved,Issuednode-csr-hJrfQXlhIqJTROLD1ExmcXq74J78uu6rjHuh5ZyVlMg72msystem:bootstrap:zuezc4Approved,Issuednode-csr-s-BAbqc8hOKfDj8xqdJ6fWjwdustqG9LhwbpYxa9x6872msystem:bootstrap:zuezc4Approved,Issued kubectl get nodes# 显示如下NAMESTATUSROLESAGEVERSION192.168.10.11Ready<none>73mv1.14.8192.168.10.12Ready<none>73mv1.14.8192.168.10.13Ready<none>73mv1.14.8systemctl status kubelet#### 1.遇到报错: Failed to connect to apiserver: the server has asked for the client to provide credentials#### 检查api是不是有问题,如没有问题,需要重新生成kubelet-bootstrap.kubeconfig文件,然后重启kubelet#### 2.启动不起来,没有报错信息#检查kubelet.config.json 文件 "address": "192.168.10.12", 是不是本机IP#### 3.遇到问题:failed to ensure node lease exists, will retry in 7s, error: leases.coordination.k8s.io "192.168.10.12" is forbidden: User "system:node:192.168.10.11" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-node-lease": can only access node lease with the same name as the requesting nodeUnable to register node "192.168.10.12" with API server: nodes "192.168.10.12" is forbidden: node "192.168.10.11" is not allowed to modify node "192.168.10.12"#检查kubelet.config.json 文件 "address": "192.168.10.12", 是不是本机IP3.8、检查kube-proxynetstat -lnpt|grep kube-proxy# 显示如下tcp00 192.168.10.11:102490.0.0.0:*LISTEN125459/kube-proxytcp00 192.168.10.11:102560.0.0.0:*LISTEN125459/kube-proxytcp600 :::32698:::*LISTEN125459/kube-proxytcp600 :::32699:::*LISTEN125459/kube-proxytcp600 :::32700:::*LISTEN125459/kube-proxyipvsadm -ln4、检查附加组件4.1、检查corednskubectlget pods -n kube-system #查看pod是否都启动完成#使用容器验证kubectl run dig --rm -it --image=docker.io/azukiapp/dig /bin/sh#ping 百度ping www.baidu.comPING www.baidu.com (180.101.49.11): 56 data bytes64 bytes from 180.101.49.11: seq=0 ttl=127 time=10.772 ms64 bytes from 180.101.49.11: seq=1 ttl=127 time=9.347 ms64 bytes from 180.101.49.11: seq=2 ttl=127 time=10.937 ms64 bytes from 180.101.49.11: seq=3 ttl=127 time=11.149 ms64 bytes from 180.101.49.11: seq=4 ttl=127 time=10.677 mscat /etc/resolv.conf#查看nameserver 10.254.0.2search default.svc.cluster.local. svc.cluster.local. cluster.local.options ndots:5nslookup www.baidu.com#显示如下Server:10.254.0.2Address:10.254.0.2#53Non-authoritative answer:www.baidu.comcanonical name = www.a.shifen.com.Name:www.a.shifen.comAddress: 180.101.49.12Name:www.a.shifen.comAddress: 180.101.49.11nslookup kubernetes.default #执行Server:10.254.0.2Address:10.254.0.2#53Name:kubernetes.default.svc.cluster.localAddress: 10.254.0.1nslookup kubernetes#执行Server:10.254.0.2Address:10.254.0.2#53Name:kubernetes.default.svc.cluster.localAddress: 10.254.0.14.2、检查dashboard### 使用谷歌浏览器访问https://192.168.10.13:10250/metrics 报Unauthorized是需要使用证书,生成证书方式参考如下#1.windows机器,需要安装jdk然后使用keytool工具在bin目录下, 需要把ca.pem拷贝下来,我放在E盘了,执行导入证书命令.keytool -import -v -trustcacerts -alias appmanagement -file "E:ca.pem" -storepass password -keystore cacerts #导入证书.keytool -delete -v -trustcacerts -alias appmanagement -file "E:ca.pem" -storepass password -keystore cacerts #删除证书#2.执行过后,然后在linux上执行如下:openssl pkcs12 -export -out admin.pfx -inkey admin-key.pem -in admin.pem -certfile ca.pem#3.然后通过浏览器把admin.pfx证书导进去,就可以正常访问了 。# 然后访问dashboardhttps://192.168.10.13:32700#### 或者https://192.168.10.100:8443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy#### 需要使用kubeconfig:已经自动生成了在/etc/kubernetes/dashboard.kubeconfig#令牌保存在 {{k8s_home}}/dashboard_login_token.txt文件里,也可以用下面的命令获取tokenkubectl -n kube-system describe secret `kubectl -n kube-system get secret|grep dashboard | awk '{print $1}'`


推荐阅读


上一篇:适用于少量数据的深度学习结构

下一篇:清华扫地僧整理的全网最全多线程详解,看完怀疑自己的认知