关于kubernetes的动态准入的配置调研实验。
1、环境说明
1、一台ubuntu20.04 (master)
2、一台centos7.8 (node)
部署:
https://github.com/cncamp/101/tree/master/k8s-by-kubeadm
问题
1、Failed create pod sandbox: open /run/systemd/resolve/resolv.conf: no such file or directory:https://github.com/ivanfioravanti/kubernetes-the-hard-way-on-azure/issues/30
-
describe nodes
-
node 节点 kubelet日志 ,
sudo systemctl status kubeletsudo journalctl -xefu kubelet -
检查pod信息 kubectl get pod --all-namespaces,查看问题pod,定位是calico网络,describe pod (Failed create pod sandbox: open /run/systemd/resolve/resolv.conf: no such file or directory)
网络检索,说是从master进行copy一份即可,感觉似乎不妥,
-
找到本机的resolv.conf文件,
sudo find /run -name "resolv.conf",软链操作:sudo ln -s /run/NetworkManager/resolv.conf /run/systemd/resolve/resolv.conf,resolv.conf到底是什么???
2、Error from server (InternalError): error when creating “nginx-demo.yaml”: Internal error occurred: failed calling webhook “validate.nginx.ingress.kubernetes.io”: Post “https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1/ingresses?timeout=10s”: context deadline exceeded
安装ingress controller,使用externalIPs暴露
install calico cni plugin
https://docs.projectcalico.org/getting-started/kubernetes/quickstart
坑:只用于单节点集群
1 | $ kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml |
IP_AUTODETECTION_METHOD value: “interface=eth1” # 根据实际网卡名称配置
calico/node is not ready: BIRD is not ready: BGP not established with xxxx
配置:https://www.jianshu.com/p/46e4261a63b4
https://www.cnblogs.com/houchaoying/p/14652573.html
- name: IP_AUTODETECTION_METHOD
value: "interface=en.*" # en.*正则表示匹配到em开头的所有网卡
集群内部域名为什么ping不通,可以通过curl访问???
- https://segmentfault.com/a/1190000039349716
- https://hansedong.github.io/2018/11/20/9/
- https://www.yoyoask.com/?p=4742
容器时区?
- 业务镜像通过定制Dockerfile添加时区: https://i4t.com/4703.html
master IP变更后:
是否可以使用域名???