如何使用 Kubeadm 在代理后面安装 Kubernetes 集群?
How to install Kubernetes cluster behind proxy with Kubeadm?
我在使用 Kubeadm 安装 Kubernetes 时遇到了几个问题。我在企业网络背后工作。我在会话环境中声明了代理设置。
$ export http_proxy=http://proxy-ip:port/
$ export https_proxy=http://proxy-ip:port/
$ export no_proxy=master-ip,node-ip,127.0.0.1
安装所有必要的组件和依赖项后,我开始初始化集群。为了使用当前的环境变量,我使用了sudo -E bash。
$ sudo -E bash -c "kubeadm init --apiserver-advertise-address=192.168.1.102 --pod-network-cidr=10.244.0.0/16"
然后输出的消息就一直挂在下面的消息处。
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.3
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks
[preflight] Starting the kubelet service
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [loadbalancer kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.1.102]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[apiclient] Created API client, waiting for the control plane to become ready
然后我发现 none 个 kube 组件已启动,而 kubelet 一直在请求 kube-apiserver。 sudo docker ps -a 没有返回任何内容。
它可能的根本原因是什么?
提前致谢。
我强烈怀疑它正在尝试为 gcr.io/google_containers/hyperkube:v1.7.3 或其他任何东西拉下 docker 图像,这需要向 docker 守护程序传授有关代理的信息,in this way using systemd
这当然可以解释为什么 docker ps -a 什么也没显示,但我希望 dockerd 日志 journalctl -u docker.service(或您系统中的等效项)抱怨它无法拉取来自 gcr.io
根据我从 kubeadm 参考指南中读到的内容,他们希望您修补目标机器上的 systemd 配置以公开这些环境变量,而不仅仅是在启动 kubeadm 的 shell 中设置它们(尽管这肯定是一个功能请求)
我在使用 Kubeadm 安装 Kubernetes 时遇到了几个问题。我在企业网络背后工作。我在会话环境中声明了代理设置。
$ export http_proxy=http://proxy-ip:port/
$ export https_proxy=http://proxy-ip:port/
$ export no_proxy=master-ip,node-ip,127.0.0.1
安装所有必要的组件和依赖项后,我开始初始化集群。为了使用当前的环境变量,我使用了sudo -E bash。
$ sudo -E bash -c "kubeadm init --apiserver-advertise-address=192.168.1.102 --pod-network-cidr=10.244.0.0/16"
然后输出的消息就一直挂在下面的消息处。
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.3
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks
[preflight] Starting the kubelet service
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [loadbalancer kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.1.102]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[apiclient] Created API client, waiting for the control plane to become ready
然后我发现 none 个 kube 组件已启动,而 kubelet 一直在请求 kube-apiserver。 sudo docker ps -a 没有返回任何内容。
它可能的根本原因是什么?
提前致谢。
我强烈怀疑它正在尝试为 gcr.io/google_containers/hyperkube:v1.7.3 或其他任何东西拉下 docker 图像,这需要向 docker 守护程序传授有关代理的信息,in this way using systemd
这当然可以解释为什么 docker ps -a 什么也没显示,但我希望 dockerd 日志 journalctl -u docker.service(或您系统中的等效项)抱怨它无法拉取来自 gcr.io
根据我从 kubeadm 参考指南中读到的内容,他们希望您修补目标机器上的 systemd 配置以公开这些环境变量,而不仅仅是在启动 kubeadm 的 shell 中设置它们(尽管这肯定是一个功能请求)