使用rancher+docker+k8s搭建集群管理平台

安装docker-ce-17.03.2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

#安装docker-ce-17.03.2，首先要安装它的依赖包 [root@linux-node2 ~]# wget  https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm --no-check-certificate [root@linux-node2 ~]# yum install -y  docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm #安装docker-ce-17.03.2 [root@linux-node2 ~]# wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm --no-check-certificate [root@linux-node2 ~]# yum  install -y docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm #验证docker-ce是否安装成功，查看docker-ce的版本 [root@linux-node2 ~]# docker version Client:  Version:      17.03.2-ce  API version:  1.27  Go version:   go1.7.5  Git commit:   f5ec1e2  Built:        Tue Jun 27 02:21:36 2017  OS/Arch:      linux/amd64

启动docker，下载rancher并启动rancher容器

[root@linux-node2 ~]# systemctl  start  docker
[root@linux-node2 ~]# docker  pull  rancher/server:v1.6.14
#运行rancher容器，报错如下：
[root@linux-node2 ~]# docker  run  -d  --restart=unless-stopped -p 8080:8080 rancher/server:v1.6.14
docker: Error response from daemon: mkdir /var/lib/docker/overlay/138a6139ced9986f759c7f8514a4f706168140aaf10fa70f9e50a1ad3187dcbc-init/merged/dev/shm: invalid argument.
#解决办法：参考https://stackoverflow.com/questions/42248571/cannt-run-or-build-docker-images-on-centos-7
[root@linux-node2 docker]# vim  /etc/docker/daemon.json
{
  "registry-mirrors": ["https://0wtxe175.mirror.aliyuncs.com"],
  "storage-driver": "devicemapper"
}
[root@linux-node2 docker]# systemctl  daemon-reload
[root@linux-node2 docker]# systemctl  start docker
#最后再启动rancher容器，成功了
[root@linux-node2 docker]# docker ps
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS              PORTS                              NAMES
fa0517e043d8        rancher/server:v1.6.14   "/usr/bin/entry /u..."   16 minutes ago      Up 16 minutes       3306/tcp, 0.0.0.0:8080->8080/tcp   awesome_hypatia

　

创建一个编排hello.yaml后，状态一直是ContainerCreating，经查看生成过程，排错如下

[root@linux-node1 ~]# kubectl  create  -f  hello.yaml
pod "hello-world" created
[root@linux-node1 ~]# kubectl  get  pods
NAME          READY     STATUS              RESTARTS   AGE
hello-world   0/1       ContainerCreating   0          6s
#一直处于ContainerCreating状态，查看生成过程
[root@linux-node1 ~]# kubectl  get  pods
NAME          READY     STATUS              RESTARTS   AGE
hello-world   0/1       ContainerCreating   0          7m
[root@linux-node1 ~]# kubectl describe pod  hello-world
Name:           hello-world
Namespace:      default
Node:           192.168.182.171/192.168.182.171
。。。
。。。
arning          FailedSync      Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
  10m   15s     43      {kubelet 192.168.182.171}               Warning FailedSync       Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""
#上面的报错原因为不能打开这个文件/etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt
#通过ll 查看这个文件是否存在，状态是软连接，不停闪烁，说明这个软件接有问题，证书不存在
[root@linux-node2 ~]# ll /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt
lrwxrwxrwx 1 root root 27 Jul 19 14:02 /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem
#接下来就要生成这个证书文件，注意：是在node节点生成这个证书，而不是master节点
[root@linux-node2 ~]# yum install python-rhsm* -y
Installed:
  subscription-manager-rhsm.x86_64 0:1.20.11-1.el7.centos
  subscription-manager-rhsm-certificates.x86_64 0:1.20.11-1.el7.centos
#安装的subscription-manager-rhsm-certificates.x86_64 0:1.20.11-1.el7.centos并不是我们需要的证书安装包，所以要把这个包卸载掉，下载正确的证书安装包
[root@linux-node2 ~]# yum  remove  subscription-manager-rhsm-certificates.x86_64 0:1.20.11-1.el7.centos
[root@linux-node2 ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
[root@linux-node2 ~]# yum  install  python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
#这时候再打开这个证书文件软连接就正常了
[root@linux-node2 ~]# ll  /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt
lrwxrwxrwx 1 root root 27 Jul 19 14:11 /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem
#最后重新创建一个编排后，node节点就可以pull拉取对应的images了

　

k8s dashboard 报错 Error: 'dial tcp 172.168.56.2:9090: getsockopt: connection refused'

检查iptables -L -n ，检查node节点上的FORWARD 查看转发是否是drop，如果是drop，则开启

解决办法：iptables -P FORWARD ACCEPT   不过系统重启后就失效了