部署dashboard

  1. kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
  1. # 创建dashboard管理用户
  2. kubectl create serviceaccount dashboard-admin -n kube-system
  3. # 绑定用户为集群管理用户
  4. kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
  5. # 生成tocken
  6. kubectl describe secret -n kube-system dashboard-admin-token
  7. # --- 输出如下 ---
  8. Name:         dashboard-admin-token-pb78x
  9. Namespace:    kube-system
  10. Labels:       <none>
  11. Annotations:  kubernetes.io/service-account.name: dashboard-admin
  12.               kubernetes.io/service-account.uid: 166aeb8d-604e-11e9-80d6-080027d8332b
  13. Type:  kubernetes.io/service-account-token
  14. Data(qxl:done)
  15. ====
  16. ca.crt:     1025 bytes
  17. namespace:  11 bytes
  18. token:      
  19. eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbHBzc2oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOGUxNzM3YjUtNjE3OC0xMWU5LWJlMTktMDAwYzI5M2YxNDg2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.KHTf4_3DJu0liKeoOIoCssmIRXSHM_A4w9XVJKQ44jqEfPSbpwohqKnHxOspWAWsjwRrc3kSQyC9KEDCfTYl91ZY_PzUSqPG8XY58ab1p9q1xUxdDYu3qCyaSHWTQ2dATl1G5nNZQLfrarwWIPurm0BLBLsR1crIQj1P8VGafJJXz-TCQZgiw1OHqB8w89IBUhGrn8vuaIdspNLNZmrl-icjFS4eAevBREwlxqxX0-3-mzTFE8xqCHyfJ7pKpK-Jv1jSpuHjb0CfDPvNBuAGp5jQG44Ya6wq1BcqQO4RiQ07hjfIrnwmfWyZWmBn9YLvBVByupLv872kUUSSxjxxbg
  20. # ------
  21. 使用生成的tocken就可以登录dashboard了。

部署

Helm

  • Homebrew users can use brew install kubernetes-helm.
  • Chocolatey users can use choco install kubernetes-helm.
  • Scoop users can use scoop install helm.
  • GoFish users can use gofish install helm.
  • Snap users can use sudo snap install helm --classic.

k8s 升级以及容器版本升级

  1. apt-get update && apt-get upgrade  kubeadm 
  2. 更新到1.13.0后,在master执行,执行一次
  3. kubeadm upgrade plan

docker 降级
打印可用版本:

  1. apt-cache madison docker-ce
  2. 1

安装指定版本:

  1. sudo apt-get install docker-ce=<VERSION>

三、给 Tiller 授权
因为 Helm 的服务端 Tiller 是一个部署在 Kubernetes 中 Kube-System Namespace 下 的 Deployment,它会去连接 Kube-Api 在 Kubernetes 里创建和删除应用。

而从 Kubernetes 1.6 版本开始,API Server 启用了 RBAC 授权。目前的 Tiller 部署时默认没有定义授权的 ServiceAccount,这会导致访问 API Server 时被拒绝。所以我们需要明确为 Tiller 部署添加授权。

创建 Kubernetes 的服务帐号和绑定角色

  1. $ kubectl create serviceaccount --namespace kube-system tiller
  2. $ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

为 Tiller 设置帐号

使用 kubectl patch 更新 API 对象

  1. kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
  2. deployment.extensions "tiller-deploy" patched

查看是否授权成功

  1. kubectl get deploy --namespace kube-system   tiller-deploy  --output yaml|grep  serviceAccount
  2. serviceAccount: tiller
  3. serviceAccountName: tiller

四、验证 Tiller 是否安装成功

  1. kubectl -n kube-system get pods|grep tiller
  2. tiller-deploy-6d68f5c78f-nql2z          1/1       Running   0          5m
  3. helm version
  4. Client: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}
  5. Server: &version.Version{SemVer:"v2.9.1", GitCommit:"20adb27c7c5868466912eebdf6664e7390ebe710", GitTreeState:"clean"}

NFS挂载失败

在一台机器上创建Pod,挂载nfs失败。
然后在节点上尝试挂载,依然显示失败

  1. root@master:~# mount -t nfs 192.168.207.121:/nas/dg_vd /nfs
  2. mount: mount point /nfs does not exist
  3. root@master:~# mkdir /nfs
  4. root@master:~# mount -t nfs 192.168.207.121:/nas/dg_vd /nfs
  5. mount: wrong fs type, bad option, bad superblock on 192.168.207.121:/nas/dg_vd,
  6.        missing codepage or helper program, or other error
  7.        (for several filesystems (e.g. nfs, cifs) you might
  8.        need a /sbin/mount.<type> helper program)
  9.        In some cases useful info is found in syslog - try
  10.        dmesg | tail or so.
  11. root@master:~# showmount -e 192.168.207.121
  12. The program 'showmount' is currently not installed. You can install it by typing:
  13. apt install nfs-common

执行apt install nfs-common后可以本地挂载nfs。
这是再创建pod成功

Readiness probe failed: caliconode is not ready: BIRD is not ready: BGP not established with 10.117.

Calico 问题排障
// 错误信息

  1. :Readiness probe failed: caliconode is not ready: BIRD is not ready: BGP not established with 10.117.150.23

估计是没用发现实际真正的网卡
解决方法
/
调整calicao 网络插件的网卡发现机制,修改IP_AUTODETECTION_METHOD对应的value值。官方提供的yaml文件中,ip识别策略(IPDETECTMETHOD)没有配置,即默认为first-found,这会导致一个网络异常的ip作为nodeIP被注册,从而影响node-to-node mesh。我们可以修改成can-reach或者interface的策略,尝试连接某一个Ready的node的IP,以此选择出正确的IP。
/

  1. // calico.yaml 文件添加以下二行
  2.            - name: IP_AUTODETECTION_METHOD
  3.              value: "interface=ens.*"  # ens 根据实际网卡开头配置
  4. // 配置如下            
  5.            - name: CLUSTER_TYPE
  6.              value: "k8s,bgp"
  7.            - name: IP_AUTODETECTION_METHOD
  8.              value: "interface=ens.*"
  9.              #或者 value: "interface=ens160"
  10.            # Auto-detect the BGP IP address.
  11.            - name: IP
  12.              value: "autodetect"
  13.            # Enable IPIP
  14.            - name: CALICO_IPV4POOL_IPIP
  15.              value: "Always"