引言
再使用kubeadm部署集群时会多少遇到一些问题,这里做下记录,方便后面查找问题时有方向,同时也为刚要入坑的你指明下方向,让你少走点弯路
问题汇总
- The connection to the server localhost:8080 was refused – did you specify the right host or port?
# root 用户 export KUBECONFIG=/etc/kubernetes/admin.conf
# 非root mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
- failed to run Kubelet: misconfiguration: kubelet cgroup driver: “systemd“ is different from docker
{ "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ] }
- Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kubernetes”)
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config kubectl get nodes export KUBECONFIG=/etc/kubernetes/kubelet.conf kubectl get node
- Kubeadm:如何解决kubectl get cs显示scheduler Unhealthy,controller-manager Unhealthy
root用户
配置文件路径为:
/etc/kubernetes/manifests/kube-scheduler.yaml
/etc/kubernetes/manifests/kube-controller-manager.yaml
user账号
$HOME/.kube/
将两个配置文件中 –port
注释掉
- 解决 Kubernetes 中 Kubelet 组件报 failed to get cgroup 错误
- 解决k8s”failed to set bridge addr: “cni0″ already has an IP address different from 10.244.1.1/24”
具体原因
ifconfig cni0 down ip link delete cni0
- 查看
kubelet
日志
journalctl -xeu kubelet
高可用 HA
- Haproxy
查看 haproxy.cfg 配置文件
global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 #chroot /usr/share/haproxy #user haproxy #group haproxy #daemon stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend kube-apiserver bind *:6444 mode tcp timeout client 1h log global option tcplog default_backend kube-apiserver backend kube-apiserver option httpchk GET /healthz http-check expect status 200 mode tcp option ssl-hello-chk balance roundrobin balance roundrobin server k8s-master01 192.168.4.41:6443 check #主要配置这里 server k8s-master02 192.168.4.42:6443 check server k8s-master03 172.17.0.66:6443 check
docker run -d --restart=always --name haproxy -p 6444:6444 / -v ~/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg / haproxy
- Keepalived
- ip address associated with VRID 160 not present in MASTER advert : xx.xx.xx.xx可能是keepalive master的virtual_router_id和局域网内的其它的keepalive master的virtual_router_id有冲突
修改/etc/keepalived/keepalived.conf
中的virtual_router_id
重启即可 - 配置文件详解
#!/bin/bash VIRTUAL_IP=192.168.4.200 # 设置虚拟IP INTERFACE=eth0 #所使用的的网卡 NETMASK_BIT=24 CHECK_PORT=6444 RID=10 VRID=160 #虚拟路由ID 需要唯一 MCAST_GROUP=224.0.0.18 docker run -itd --restart=always --name=Keepalived-K8S / --net=host --cap-add=NET_ADMIN / -e VIRTUAL_IP=$VIRTUAL_IP / -e INTERFACE=$INTERFACE / -e CHECK_PORT=$CHECK_PORT / -e RID=$RID / -e VRID=$VRID / -e NETMASK_BIT=$NETMASK_BIT / -e MCAST_GROUP=$MCAST_GROUP / wise2c/keepalived-k8s
使用
ip addr
即可看到所设置网卡上的虚拟IP(PS:ifconfig
是看不到的) - ip address associated with VRID 160 not present in MASTER advert : xx.xx.xx.xx可能是keepalive master的virtual_router_id和局域网内的其它的keepalive master的virtual_router_id有冲突