kubernetes 安装遇到的一些问题

1. Error from server: namespaces “kube-system” not found

Error from server: namespaces "kube-system" not found

解决方法：

# vim kube-system.json
{
  "apiVersion": "v1",
  "kind": "Namespace",
  "metadata": {
    "name": "kube-system"
  }
}
# kubectl create -f kube-system.json

2. Unable to generate self signed cert: mkdir /var/run/kubernetes: permission denied

Aug 12 11:07:05 master kube-apiserver[5336]: E0812 11:07:05.063837    5336 genericapiserver.go:702] Unable to generate self signed cert: mkdir /var/run/kubernetes: permission denied
Aug 12 11:07:05 master kube-apiserver[5336]: I0812 11:07:05.063915    5336 genericapiserver.go:734] Serving insecurely on 0.0.0.0:8080
Aug 12 11:07:05 master systemd[1]: Started Kubernetes API Server.
Aug 12 11:07:05 master kube-apiserver[5336]: E0812 11:07:05.064151    5336 genericapiserver.go:716] Unable to listen for secure (open /var/run/kubernetes/apiserver.crt: no such file or directory); will try again.

解决办法:

# mkdir -p /var/run/kubernetes/
# chown -R kube.kube /var/run/kubernetes/
# for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do 
    systemctl restart $SERVICES
    systemctl enable $SERVICES
    systemctl status $SERVICES 
done

3. 下载google-container镜像(minion上下载)

在hosts文件中加入以下内容

# vim /etc/hosts
220.255.2.153 www.gcr.io
220.255.2.153 gcr.io
# docker pull gcr.io/google_containers/kubernetes-dashboard-amd64:v1.1.1

4. no API token found for service account kube-system/default

Error creating: pods "kubernetes-dashboard-1881024876-" is forbidden: no API token found for service account kube-system/default,

解决方法：etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount，并重启kube-apiserver.service服务

#vim /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
#systemctl restart kube-apiserver.service

5. Get http://localhost:8080/version: dial tcp 202.102.110.203:8080: getsockopt: connection refused

# docker logs b7cff1accc06
Starting HTTP server on port 9090
Creating API server client for http://localhost:8080
Error while initializing connection to Kubernetes apiserver. This most likely means that the cluster is misconfigured (e.g., it has invalid apiserver certificates or service accounts configuration) or the --apiserver-host param points to a server that does not exist. Reason: Get http://localhost:8080/version: dial tcp 202.102.110.203:8080: getsockopt: connection refused

删除原有失败的kubernetes-dashboard

# kubectl delete -f kubernetes-dashboard.yaml

修改 kubernetes-dashboard.yaml 文件加入以下行

# vim kubernetes-dashboard.yaml
        ports:
        - containerPort: 9090
          protocol: TCP 
        args:
          # Uncomment the following line to manually specify Kubernetes API server Host
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
          - --apiserver-host=http://192.168.2.247:8080    ##加入此行 指定apiserver地址

重新创建kubernetes-dashboard

# kubectl create -f kubernetes-dashboard.yaml

6. 不能浏览器访问kubernetes-dashboard

Error: 'dial tcp 172.17.97.3:9090: i/o timeout'
Trying to reach: 'http://172.17.97.3:9090/'

master上安装flannel

# yum install -y flannel

编辑flannel配置文件并启动

# vim /etc/sysconfig/flanneld

# Flanneld configuration options  

# etcd url location.  Point this to the server where etcd runs
FLANNEL_ETCD="http://192.168.2.247:2379"

# etcd config key.  This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_KEY="/coreos.com/network"                                                                                                                                                                                       

# Any additional options that you want to pass
#FLANNEL_OPTIONS=""

# systemctl enable flanneld.service ; systemctl start flanneld.service