我已按照本教程在 Docker 容器中本地运行 kubernetes 集群。当我运行时kubectl get nodes,我得到:
与服务器 localhost:8080 的连接被拒绝 - 您是否指定了正确的主机或端口?
我注意到一些由 kubelet 启动的容器,比如 apiserver,被退出了。这是的输出docker ps -a:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
778bc9a9a93c gcr.io/google_containers/hyperkube-amd64:v1.2.2 "/hyperkube apiserver" 3 seconds ago Exited (255) 2 seconds ago k8s_apiserver.78ec1de_k8s-master-sw-ansible01_default_4c6ab43ac4ee970e1f563d76ab3d3ec9_de6ff8f9
12dd99c83c34 gcr.io/google_containers/hyperkube-amd64:v1.2.2 "/setup-files.sh IP:1" 3 seconds ago Exited (7) 2 seconds ago k8s_setup.e5aa3216_k8s-master-sw-ansible01_default_4c6ab43ac4ee970e1f563d76ab3d3ec9_3283400b
ef7383fa9203 gcr.io/google_containers/hyperkube-amd64:v1.2.2 "/setup-files.sh IP:1" 4 seconds ago Exited (7) 4 seconds ago k8s_setup.e5aa3216_k8s-master-sw-ansible01_default_4c6ab43ac4ee970e1f563d76ab3d3ec9_87beca1b
b3896f4896b1 gcr.io/google_containers/hyperkube-amd64:v1.2.2 "/hyperkube scheduler" 5 seconds ago Up 4 seconds k8s_scheduler.fc12fcbe_k8s-master-sw-ansible01_default_4c6ab43ac4ee970e1f563d76ab3d3ec9_16584c07
e9b1bc5aeeaa gcr.io/google_containers/hyperkube-amd64:v1.2.2 "/hyperkube apiserver" 5 seconds ago Exited (255) 4 seconds ago k8s_apiserver.78ec1de_k8s-master-sw-ansible01_default_4c6ab43ac4ee970e1f563d76ab3d3ec9_87e1ad70
c81dbe181afa gcr.io/google_containers/hyperkube-amd64:v1.2.2 "/hyperkube controlle" 5 seconds ago Up 4 seconds k8s_controller-manager.70414b65_k8s-master-sw-ansible01_default_4c6ab43ac4ee970e1f563d76ab3d3ec9_1e30d242
63dfa0fb0881 gcr.io/google_containers/etcd:2.2.1 "/usr/local/bin/etcd " 5 seconds ago Up 4 seconds k8s_etcd.7e452b0b_k8s-etcd-sw-ansible01_default_1df6a8b4d6e129d5ed8840e370203c11_94a862fa
6bb963ef351d gcr.io/google_containers/hyperkube-amd64:v1.2.2 "/hyperkube proxy --m" 5 seconds ago Up 4 seconds k8s_kube-proxy.9a9f4853_k8s-proxy-sw-ansible01_default_5e5303a9d49035e9fad52bfc4c88edc8_6098241c
311e2788de45 gcr.io/google_containers/pause:2.0 "/pause" 5 seconds ago Up 4 seconds k8s_POD.6059dfa2_k8s-master-sw-ansible01_default_4c6ab43ac4ee970e1f563d76ab3d3ec9_79e4e3e8
3b3cf3ada645 gcr.io/google_containers/pause:2.0 "/pause" 5 seconds ago Up 4 seconds k8s_POD.6059dfa2_k8s-etcd-sw-ansible01_default_1df6a8b4d6e129d5ed8840e370203c11_9eb869b9
aa7efd2154fb gcr.io/google_containers/pause:2.0 "/pause" 5 seconds ago Up 5 seconds k8s_POD.6059dfa2_k8s-proxy-sw-ansible01_default_5e5303a9d49035e9fad52bfc4c88edc8_b66baa5f
c380b4a9004e gcr.io/google_containers/hyperkube-amd64:v1.2.2 "/hyperkube kubelet -" 12 seconds ago Up 12 seconds kubelet
信息
码头工人版本:1.10.3
Kubernetes 版本:1.2.2
操作系统:Ubuntu 14.04
码头工人运行命令
docker run --volume=/:/rootfs:ro --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:rw --volume=/var/lib/kubelet/:/var/lib/kubelet:rw --volume=/var/run:/var/run:rw --net=host --pid=host --privileged=true --name=kubelet -d gcr.io/google_containers/hyperkube-amd64:v1.2.2 /hyperkube kubelet --containerized --hostname-override="172.20.34.112" --address="0.0.0.0" --api-servers=http://localhost:8080 --config=/etc/kubernetes/manifests --cluster-dns=10.0.0.10 --cluster-domain=cluster.local --allow-privileged=true --v=2
kubelet 容器日志
I0422 11:04:45.158370 541 plugins.go:56] Registering credential provider: .dockercfg
I0422 11:05:25.199632 541 plugins.go:291] Loaded volume plugin "kubernetes.io/aws-ebs"
I0422 11:05:25.199788 541 plugins.go:291] Loaded volume plugin "kubernetes.io/empty-dir"
I0422 11:05:25.199863 541 plugins.go:291] Loaded volume plugin "kubernetes.io/gce-pd"
I0422 11:05:25.199903 541 plugins.go:291] Loaded volume plugin "kubernetes.io/git-repo"
I0422 11:05:25.199948 541 plugins.go:291] Loaded volume plugin "kubernetes.io/host-path"
I0422 11:05:25.199982 541 plugins.go:291] Loaded volume plugin "kubernetes.io/nfs"
I0422 11:05:25.200023 541 plugins.go:291] Loaded volume plugin "kubernetes.io/secret"
I0422 11:05:25.200059 541 plugins.go:291] Loaded volume plugin "kubernetes.io/iscsi"
I0422 11:05:25.200115 541 plugins.go:291] Loaded volume plugin "kubernetes.io/glusterfs"
I0422 11:05:25.200170 541 plugins.go:291] Loaded volume plugin "kubernetes.io/persistent-claim"
I0422 11:05:25.200205 541 plugins.go:291] Loaded volume plugin "kubernetes.io/rbd"
I0422 11:05:25.200249 541 plugins.go:291] Loaded volume plugin "kubernetes.io/cinder"
I0422 11:05:25.200289 541 plugins.go:291] Loaded volume plugin "kubernetes.io/cephfs"
I0422 11:05:25.200340 541 plugins.go:291] Loaded volume plugin "kubernetes.io/downward-api"
I0422 11:05:25.200382 541 plugins.go:291] Loaded volume plugin "kubernetes.io/fc"
I0422 11:05:25.200430 541 plugins.go:291] Loaded volume plugin "kubernetes.io/flocker"
I0422 11:05:25.200471 541 plugins.go:291] Loaded volume plugin "kubernetes.io/azure-file"
I0422 11:05:25.200519 541 plugins.go:291] Loaded volume plugin "kubernetes.io/configmap"
I0422 11:05:25.200601 541 server.go:645] Started kubelet
E0422 11:05:25.200796 541 kubelet.go:956] Image garbage collection failed: unable to find data for container /
I0422 11:05:25.200843 541 server.go:126] Starting to listen read-only on 0.0.0.0:10255
I0422 11:05:25.201531 541 server.go:109] Starting to listen on 0.0.0.0:10250
E0422 11:05:25.201684 541 event.go:202] Unable to write event: 'Post http://localhost:8080/api/v1/namespaces/default/events: dial tcp 127.0.0.1:8080: connection refused' (may retry after sleeping)
I0422 11:05:25.206656 541 fs_resource_analyzer.go:66] Starting FS ResourceAnalyzer
I0422 11:05:25.206714 541 manager.go:123] Starting to sync pod status with apiserver
I0422 11:05:25.206888 541 kubelet.go:2356] Starting kubelet main sync loop.
I0422 11:05:25.207036 541 kubelet.go:2365] skipping pod synchronization - [container runtime is down]
I0422 11:05:25.333829 541 factory.go:233] Registering Docker factory
I0422 11:05:25.336920 541 factory.go:97] Registering Raw factory
I0422 11:05:25.392065 541 kubelet.go:2754] Recording NodeHasSufficientDisk event message for node 172.20.34.112
I0422 11:05:25.392148 541 kubelet.go:1134] Attempting to register node 172.20.34.112
I0422 11:05:25.398401 541 kubelet.go:1137] Unable to register 172.20.34.112 with the apiserver: Post http://localhost:8080/api/v1/nodes: dial tcp 127.0.0.1:8080: connection refused
I0422 11:05:25.492441 541 manager.go:1003] Started watching for new ooms in manager
I0422 11:05:25.493365 541 oomparser.go:182] oomparser using systemd
I0422 11:05:25.495129 541 manager.go:256] Starting recovery of all containers
I0422 11:05:25.583462 541 manager.go:261] Recovery completed
I0422 11:05:25.622022 541 kubelet.go:2754] Recording NodeHasSufficientDisk event message for node 172.20.34.112
I0422 11:05:25.622065 541 kubelet.go:1134] Attempting to register node 172.20.34.112
I0422 11:05:25.622485 541 kubelet.go:1137] Unable to register 172.20.34.112 with the apiserver: Post http://localhost:8080/api/v1/nodes: dial tcp 127.0.0.1:8080: connection refused
I0422 11:05:26.038631 541 kubelet.go:2754] Recording NodeHasSufficientDisk event message for node 172.20.34.112
I0422 11:05:26.038753 541 kubelet.go:1134] Attempting to register node 172.20.34.112
I0422 11:05:26.039300 541 kubelet.go:1137] Unable to register 172.20.34.112 with the apiserver: Post http://localhost:8080/api/v1/nodes: dial tcp 127.0.0.1:8080: connection refused
I0422 11:05:26.852863 541 kubelet.go:2754] Recording NodeHasSufficientDisk event message for node 172.20.34.112
I0422 11:05:26.852892 541 kubelet.go:1134] Attempting to register node 172.20.34.112
I0422 11:05:26.853320 541 kubelet.go:1137] Unable to register 172.20.34.112 with the apiserver: Post http://localhost:8080/api/v1/nodes: dial tcp 127.0.0.1:8080: connection refused
I0422 11:05:28.468911 541 kubelet.go:2754] Recording NodeHasSufficientDisk event message for node 172.20.34.112
I0422 11:05:28.468937 541 kubelet.go:1134] Attempting to register node 172.20.34.112
I0422 11:05:28.469355 541 kubelet.go:1137] Unable to register 172.20.34.112 with the apiserver: Post http://localhost:8080/api/v1/nodes: dial tcp 127.0.0.1:8080: connection refused
I0422 11:05:30.207357 541 kubelet.go:2388] SyncLoop (ADD, "file"): "k8s-etcd-172.20.34.112_default(1df6a8b4d6e129d5ed8840e370203c11), k8s-proxy-172.20.34.112_default(5e5303a9d49035e9fad52bfc4c88edc8), k8s-master-172.20.34.112_default(4c6ab43ac4ee970e1f563d76ab3d3ec9)"
E0422 11:05:30.207416 541 kubelet.go:2307] error getting node: node '172.20.34.112' is not in cache
E0422 11:05:30.207465 541 kubelet.go:2307] error getting node: node '172.20.34.112' is not in cache
E0422 11:05:30.207505 541 kubelet.go:2307] error getting node: node '172.20.34.112' is not in cache
E0422 11:05:30.209316 541 kubelet.go:1764] Failed creating a mirror pod for "k8s-proxy-172.20.34.112_default(5e5303a9d49035e9fad52bfc4c88edc8)": Post http://localhost:8080/api/v1/namespaces/default/pods: dial tcp 127.0.0.1:8080: connection refused
E0422 11:05:30.209332 541 kubelet.go:1764] Failed creating a mirror pod for "k8s-etcd-172.20.34.112_default(1df6a8b4d6e129d5ed8840e370203c11)": Post http://localhost:8080/api/v1/namespaces/default/pods: dial tcp 127.0.0.1:8080: connection refused
I0422 11:05:30.209396 541 manager.go:1688] Need to restart pod infra container for "k8s-proxy-172.20.34.112_default(5e5303a9d49035e9fad52bfc4c88edc8)" because it is not found
W0422 11:05:30.209828 541 manager.go:408] Failed to update status for pod "_()": Get http://localhost:8080/api/v1/namespaces/default/pods/k8s-etcd-172.20.34.112: dial tcp 127.0.0.1:8080: connection refused
E0422 11:05:30.209899 541 kubelet.go:1764] Failed creating a mirror pod for "k8s-master-172.20.34.112_default(4c6ab43ac4ee970e1f563d76ab3d3ec9)": Post http://localhost:8080/api/v1/namespaces/default/pods: dial tcp 127.0.0.1:8080: connection refused
W0422 11:05:30.212690 541 manager.go:408] Failed to update status for pod "_()": Get http://localhost:8080/api/v1/namespaces/default/pods/k8s-proxy-172.20.34.112: dial tcp 127.0.0.1:8080: connection refused
I0422 11:05:30.214297 541 manager.go:1688] Need to restart pod infra container for "k8s-master-172.20.34.112_default(4c6ab43ac4ee970e1f563d76ab3d3ec9)" because it is not found
W0422 11:05:30.214935 541 manager.go:408] Failed to update status for pod "_()": Get http://localhost:8080/api/v1/namespaces/default/pods/k8s-master-172.20.34.112: dial tcp 127.0.0.1:8080: connection refused
I0422 11:05:30.220596 541 manager.go:1688] Need to restart pod infra container for "k8s-etcd-172.20.34.112_default(1df6a8b4d6e129d5ed8840e370203c11)" because it is not found
I0422 11:05:31.693419 541 kubelet.go:2754] Recording NodeHasSufficientDisk event message for node 172.20.34.112
I0422 11:05:31.693456 541 kubelet.go:1134] Attempting to register node 172.20.34.112
I0422 11:05:31.694191 541 kubelet.go:1137] Unable to register 172.20.34.112 with the apiserver: Post http://localhost:8080/api/v1/nodes: dial tcp 127.0.0.1:8080: connection refused
api 服务器容器(已退出)日志
I0425 13:18:55.516154 1 genericapiserver.go:82] Adding storage destination for group batch
W0425 13:18:55.516177 1 server.go:383] No RSA key provided, service account token authentication disabled
F0425 13:18:55.516185 1 server.go:410] Invalid Authentication Config: open /srv/kubernetes/basic_auth.csv: no such file or directory
我之前已经重现了您的问题,并且我也成功运行了 kubelet 容器几次。
这是我成功时正在运行的确切命令:
export K8S_VERSION=v1.2.2 docker run \ --volume=/:/rootfs:ro \ --volume=/sys:/sys:ro \ --volume=/var/lib/docker/:/var/lib/docker:rw \ --volume=/var/lib/kubelet/:/var/lib/kubelet:rw \ --volume=/var/run:/var/run:rw \ --net=host \ --pid=host \ --privileged=true \ --name=kubelet \ -d \ gcr.io/google_containers/hyperkube-amd64:${K8S_VERSION} \ /hyperkube kubelet \ --containerized \ --hostname-override="127.0.0.1" \ --address="0.0.0.0" \ --api-servers=http://localhost:8080 \ --config=/etc/kubernetes/manifests \ --allow-privileged=true --v=2我从教程的建议命令中删除了这两个设置,因为在我的情况下不需要 DNS:
--cluster-dns=10.0.0.10 --cluster-domain=cluster.local此外,在启动 kubelet 容器之前,我在后台启动了 docker SSH 门户,使用以下命令:
docker-machine ssh `docker-machine active` -f -N -L "8080:localhost:8080"我也没有对 SSL 证书进行任何更改。
我可以使用 K8S_VERSION=v1.2.2 和 K8S_VERSION=1.2.3 运行 kubelet 容器。
在成功运行时,我观察到所有进程都“启动”;没有一个是“退出”:
在成功运行时,我也会看到与运行时类似的日志输出
docker logs kubelet。特别是,我看到:Unable to register 127.0.0.1 with the apiserver: Post http://localhost:8080/api/v1/nodes: dial tcp 127.0.0.1:8080: connection refused但是,最终,它起作用了:
$ kubectl -s http://localhost:8080 cluster-info Kubernetes master is running at http://localhost:8080 $ kubectl get nodes NAME STATUS AGE 127.0.0.1 Ready 1h 192.168.99.100 NotReady 1h localhost NotReady 1h其他提示:
您可能需要稍等片刻才能启动 API 服务器。例如,这个人使用了一个 while 循环:
until $(kubectl -s http://localhost:8080 cluster-info &> /dev/null); do sleep 1 done在 Mac OS X 上,我注意到 Docker VM 会在我的无线更改或我暂停/恢复我的笔记本电脑时变得不稳定。我通常可以用
docker-machine restart.在尝试使用 kubelet 时,我经常想要停止 kubelet 容器并停止/删除我的 docker 中的所有容器。我通过跑步来做到这一点
docker stop kubelet && docker rm -f $(docker ps -aq)有关我的设置 OS X El Capitan 10.11.2 的信息:
[我不是 kubernetes 专家 - 只是在这里跟随我的鼻子]。
kubelet 的失败显然是端口 8080 被关闭的结果,您在问题的开头提到了这一点。这不是你应该关注的地方。
请注意您向我们展示的日志中的以下行:
因此,kubelet 正在尝试联系 apiserver,但连接被拒绝。正如您所指出的,这并不奇怪,它已经退出。
您向我们展示的 apiserver 日志行显示它抱怨没有证书。证书通常在
/var/run/kubernetes(在此处注明)。这属于/var/run教程中用于运行 kubernetes 的 docker 命令中设置的卷。我会仔细查看该卷规范,看看您是否犯了任何错误,并查看证书是否按预期存在。https://github.com/kubernetes/kubernetes/issues/11000有一些内容可能有助于找出您的证书出了什么问题,包括
devurandom在需要时提供用于创建证书的脚本。