操做系統 | Docker版本 | Kubernetes版本 | Etcd版本 | Flannel版本 |
---|---|---|---|---|
CentOS Linux release 7.6.1810 | Docker version 18.09.4 | v1.14.0 | Version: 3.3.12 | v0.11.0 |
主機名 | IP | 角色 | 部署應用 |
---|---|---|---|
gysl-master | 10.1.1.60 | Msater | Docker/Kube-apiserver/kube-scheduler/kube-controller-manager/etcd |
gysl-node1 | 10.1.1.61 | Node | Docker/Kubelet/kube-proxy/flanneld/etcd |
gysl-node2 | 10.1.1.62 | Node | Docker/Kubelet/kube-proxy/flanneld/etcd |
gysl-node3 | 10.1.1.63 | Node | Docker/Kubelet/kube-proxy/flanneld/etcd |
經過幾個小時的努力,完成本次部署腳本的編寫,安裝腳本支持任意多個節點,主要經過三個腳本實現本次安裝。node
#!/bin/bash declare -A HostIP EtcdIP HostIP=( [gysl-master]='10.1.1.60' [gysl-node1]='10.1.1.61' [gysl-node2]='10.1.1.62' [gysl-node3]='10.1.1.63' ) EtcdIP=( [etcd-master]='10.1.1.60' [etcd-01]='10.1.1.61' [etcd-02]='10.1.1.62' [etcd-03]='10.1.1.63' ) BinaryDir='/usr/local/bin' KubeConf='/etc/kubernetes/conf.d' KubeCA='/etc/kubernetes/ca.d' EtcdConf='/etc/etcd/conf.d' EtcdCA='/etc/etcd/ca.d' FlanneldConf='/etc/flanneld' mkdir -p {${KubeConf},${KubeCA},${EtcdConf},${EtcdCA},${FlanneldConf}} for hostname in ${!HostIP[@]} do cat>>/etc/hosts<<EOF ${HostIP[${hostname}]} ${hostname} EOF done # Install the Docker engine. This needs to be executed on every machine. curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo>&/dev/null if [ $? -eq 0 ] ; then yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine>&/dev/null yum list docker-ce --showduplicates|grep "^doc"|sort -r yum -y install docker-ce-18.09.3-3.el7 rm -f /etc/yum.repos.d/docker-ce.repo systemctl enable docker --now && systemctl status docker else echo "Install failed! Please try again! "; exit 110 fi # Modify related kernel parameters. cat>/etc/sysctl.d/docker.conf<<EOF net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl -p /etc/sysctl.d/docker.conf>&/dev/null # Turn off and disable the firewalld. systemctl stop firewalld systemctl disable firewalld # Disable the SELinux. sed -i.bak 's/=enforcing/=disabled/' /etc/selinux/config # Disable the swap. sed -i.bak 's/^.*swap/#&/g' /etc/fstab # Install EPEL/vim/git. yum -y install epel-release vim git tree yum repolist # Alias vim. cat>/etc/profile.d/vim.sh<<EOF alias vi='vim' EOF source /etc/profile.d/vim.sh echo "set nu">>/etc/vimrc # Reboot the machine. reboot
須要每一個節點都執行。linux
安裝腳本較長,此處省略,日誌以供參考,拓展思路。此腳本在Master節點執行便可,安裝過程無需鏈接外網,安裝日誌以下:git
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:rJdnEzx5GyWX9YCxq77ZMc+FCabCqA+3FwmS7LnF9qo Kubernetes The key's randomart image is: +---[RSA 1024]----+ | .o. .| | .. +.| | . . o + .| | + .. . . = | | . + .S.= * | | o ++o. B + o | | .++.=.* + o .| | .+ oo= + = . | | Eo+o +.. o | +----[SHA256]-----+ /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '10.1.1.62 (10.1.1.62)' can't be established. ECDSA key fingerprint is SHA256:B4e7Gq9wcgr5N6ys8U72NEhNWxIFrvng5eI7GAXLf6s. ECDSA key fingerprint is MD5:ea:33:04:40:f8:31:a2:d0:91:c4:b4:37:48:fa:51:d6. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.1.1.62's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@10.1.1.62'" and check to make sure that only the key(s) you wanted were added. /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '10.1.1.63 (10.1.1.63)' can't be established. ECDSA key fingerprint is SHA256:B4e7Gq9wcgr5N6ys8U72NEhNWxIFrvng5eI7GAXLf6s. ECDSA key fingerprint is MD5:ea:33:04:40:f8:31:a2:d0:91:c4:b4:37:48:fa:51:d6. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.1.1.63's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@10.1.1.63'" and check to make sure that only the key(s) you wanted were added. /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '10.1.1.61 (10.1.1.61)' can't be established. ECDSA key fingerprint is SHA256:B4e7Gq9wcgr5N6ys8U72NEhNWxIFrvng5eI7GAXLf6s. ECDSA key fingerprint is MD5:ea:33:04:40:f8:31:a2:d0:91:c4:b4:37:48:fa:51:d6. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.1.1.61's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@10.1.1.61'" and check to make sure that only the key(s) you wanted were added. etcd-v3.3.12-linux-amd64/ etcd-v3.3.12-linux-amd64/README.md etcd-v3.3.12-linux-amd64/Documentation/ etcd-v3.3.12-linux-amd64/Documentation/dev-guide/ etcd-v3.3.12-linux-amd64/Documentation/dev-guide/interacting_v3.md etcd-v3.3.12-linux-amd64/Documentation/dev-guide/api_concurrency_reference_v3.md etcd-v3.3.12-linux-amd64/Documentation/dev-guide/limit.md etcd-v3.3.12-linux-amd64/Documentation/dev-guide/local_cluster.md etcd-v3.3.12-linux-amd64/Documentation/dev-guide/api_grpc_gateway.md etcd-v3.3.12-linux-amd64/Documentation/dev-guide/grpc_naming.md etcd-v3.3.12-linux-amd64/Documentation/dev-guide/apispec/ etcd-v3.3.12-linux-amd64/Documentation/dev-guide/apispec/swagger/ etcd-v3.3.12-linux-amd64/Documentation/dev-guide/apispec/swagger/rpc.swagger.json etcd-v3.3.12-linux-amd64/Documentation/dev-guide/apispec/swagger/v3lock.swagger.json etcd-v3.3.12-linux-amd64/Documentation/dev-guide/apispec/swagger/v3election.swagger.json etcd-v3.3.12-linux-amd64/Documentation/dev-guide/experimental_apis.md etcd-v3.3.12-linux-amd64/Documentation/dev-guide/api_reference_v3.md etcd-v3.3.12-linux-amd64/Documentation/integrations.md etcd-v3.3.12-linux-amd64/Documentation/README.md etcd-v3.3.12-linux-amd64/Documentation/benchmarks/ etcd-v3.3.12-linux-amd64/Documentation/benchmarks/etcd-2-1-0-alpha-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/benchmarks/etcd-storage-memory-benchmark.md etcd-v3.3.12-linux-amd64/Documentation/benchmarks/README.md etcd-v3.3.12-linux-amd64/Documentation/benchmarks/etcd-2-2-0-rc-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/benchmarks/etcd-2-2-0-rc-memory-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/benchmarks/etcd-3-watch-memory-benchmark.md etcd-v3.3.12-linux-amd64/Documentation/benchmarks/etcd-2-2-0-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/benchmarks/etcd-3-demo-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/rfc/ etcd-v3.3.12-linux-amd64/Documentation/rfc/v3api.md etcd-v3.3.12-linux-amd64/Documentation/docs.md etcd-v3.3.12-linux-amd64/Documentation/production-users.md etcd-v3.3.12-linux-amd64/Documentation/metrics.md etcd-v3.3.12-linux-amd64/Documentation/v2/ etcd-v3.3.12-linux-amd64/Documentation/v2/authentication.md etcd-v3.3.12-linux-amd64/Documentation/v2/proxy.md etcd-v3.3.12-linux-amd64/Documentation/v2/glossary.md etcd-v3.3.12-linux-amd64/Documentation/v2/docker_guide.md etcd-v3.3.12-linux-amd64/Documentation/v2/configuration.md etcd-v3.3.12-linux-amd64/Documentation/v2/README.md etcd-v3.3.12-linux-amd64/Documentation/v2/benchmarks/ etcd-v3.3.12-linux-amd64/Documentation/v2/benchmarks/etcd-2-1-0-alpha-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/v2/benchmarks/etcd-storage-memory-benchmark.md etcd-v3.3.12-linux-amd64/Documentation/v2/benchmarks/README.md etcd-v3.3.12-linux-amd64/Documentation/v2/benchmarks/etcd-2-2-0-rc-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/v2/benchmarks/etcd-2-2-0-rc-memory-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/v2/benchmarks/etcd-3-watch-memory-benchmark.md etcd-v3.3.12-linux-amd64/Documentation/v2/benchmarks/etcd-2-2-0-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/v2/benchmarks/etcd-3-demo-benchmarks.md etcd-v3.3.12-linux-amd64/Documentation/v2/rfc/ etcd-v3.3.12-linux-amd64/Documentation/v2/rfc/v3api.md etcd-v3.3.12-linux-amd64/Documentation/v2/libraries-and-tools.md etcd-v3.3.12-linux-amd64/Documentation/v2/discovery_protocol.md etcd-v3.3.12-linux-amd64/Documentation/v2/runtime-configuration.md etcd-v3.3.12-linux-amd64/Documentation/v2/upgrade_2_3.md etcd-v3.3.12-linux-amd64/Documentation/v2/auth_api.md etcd-v3.3.12-linux-amd64/Documentation/v2/errorcode.md etcd-v3.3.12-linux-amd64/Documentation/v2/admin_guide.md etcd-v3.3.12-linux-amd64/Documentation/v2/upgrade_2_2.md etcd-v3.3.12-linux-amd64/Documentation/v2/upgrade_2_1.md etcd-v3.3.12-linux-amd64/Documentation/v2/clustering.md etcd-v3.3.12-linux-amd64/Documentation/v2/other_apis.md etcd-v3.3.12-linux-amd64/Documentation/v2/production-users.md etcd-v3.3.12-linux-amd64/Documentation/v2/metrics.md etcd-v3.3.12-linux-amd64/Documentation/v2/runtime-reconf-design.md etcd-v3.3.12-linux-amd64/Documentation/v2/etcd_alert.rules.yml etcd-v3.3.12-linux-amd64/Documentation/v2/security.md etcd-v3.3.12-linux-amd64/Documentation/v2/branch_management.md etcd-v3.3.12-linux-amd64/Documentation/v2/internal-protocol-versioning.md etcd-v3.3.12-linux-amd64/Documentation/v2/members_api.md etcd-v3.3.12-linux-amd64/Documentation/v2/platforms/ etcd-v3.3.12-linux-amd64/Documentation/v2/platforms/freebsd.md etcd-v3.3.12-linux-amd64/Documentation/v2/faq.md etcd-v3.3.12-linux-amd64/Documentation/v2/backward_compatibility.md etcd-v3.3.12-linux-amd64/Documentation/v2/04_to_2_snapshot_migration.md etcd-v3.3.12-linux-amd64/Documentation/v2/etcd_alert.rules etcd-v3.3.12-linux-amd64/Documentation/v2/api.md etcd-v3.3.12-linux-amd64/Documentation/v2/api_v3.md etcd-v3.3.12-linux-amd64/Documentation/v2/reporting_bugs.md etcd-v3.3.12-linux-amd64/Documentation/v2/tuning.md etcd-v3.3.12-linux-amd64/Documentation/v2/dev/ etcd-v3.3.12-linux-amd64/Documentation/v2/dev/release.md etcd-v3.3.12-linux-amd64/Documentation/branch_management.md etcd-v3.3.12-linux-amd64/Documentation/platforms/ etcd-v3.3.12-linux-amd64/Documentation/platforms/container-linux-systemd.md etcd-v3.3.12-linux-amd64/Documentation/platforms/freebsd.md etcd-v3.3.12-linux-amd64/Documentation/platforms/aws.md etcd-v3.3.12-linux-amd64/Documentation/faq.md etcd-v3.3.12-linux-amd64/Documentation/dl_build.md etcd-v3.3.12-linux-amd64/Documentation/reporting_bugs.md etcd-v3.3.12-linux-amd64/Documentation/tuning.md etcd-v3.3.12-linux-amd64/Documentation/upgrades/ etcd-v3.3.12-linux-amd64/Documentation/upgrades/upgrade_3_4.md etcd-v3.3.12-linux-amd64/Documentation/upgrades/upgrading-etcd.md etcd-v3.3.12-linux-amd64/Documentation/upgrades/upgrade_3_2.md etcd-v3.3.12-linux-amd64/Documentation/upgrades/upgrade_3_1.md etcd-v3.3.12-linux-amd64/Documentation/upgrades/upgrade_3_0.md etcd-v3.3.12-linux-amd64/Documentation/upgrades/upgrade_3_3.md etcd-v3.3.12-linux-amd64/Documentation/dev-internal/ etcd-v3.3.12-linux-amd64/Documentation/dev-internal/logging.md etcd-v3.3.12-linux-amd64/Documentation/dev-internal/discovery_protocol.md etcd-v3.3.12-linux-amd64/Documentation/dev-internal/release.md etcd-v3.3.12-linux-amd64/Documentation/learning/ etcd-v3.3.12-linux-amd64/Documentation/learning/auth_design.md etcd-v3.3.12-linux-amd64/Documentation/learning/glossary.md etcd-v3.3.12-linux-amd64/Documentation/learning/data_model.md etcd-v3.3.12-linux-amd64/Documentation/learning/api_guarantees.md etcd-v3.3.12-linux-amd64/Documentation/learning/why.md etcd-v3.3.12-linux-amd64/Documentation/learning/api.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/ etcd-v3.3.12-linux-amd64/Documentation/op-guide/authentication.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/versioning.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/hardware.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/grafana.json etcd-v3.3.12-linux-amd64/Documentation/op-guide/monitoring.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/configuration.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/v2-migration.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/maintenance.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/runtime-configuration.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/recovery.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/clustering.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/etcd3_alert.rules etcd-v3.3.12-linux-amd64/Documentation/op-guide/runtime-reconf-design.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/etcd3_alert.rules.yml etcd-v3.3.12-linux-amd64/Documentation/op-guide/security.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/performance.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/etcd-sample-grafana.png etcd-v3.3.12-linux-amd64/Documentation/op-guide/grpc_proxy.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/gateway.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/container.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/supported-platform.md etcd-v3.3.12-linux-amd64/Documentation/op-guide/failures.md etcd-v3.3.12-linux-amd64/Documentation/demo.md etcd-v3.3.12-linux-amd64/README-etcdctl.md etcd-v3.3.12-linux-amd64/etcdctl etcd-v3.3.12-linux-amd64/READMEv2-etcdctl.md etcd-v3.3.12-linux-amd64/etcd flanneld mk-docker-opts.sh README.md kubernetes/ kubernetes/server/ kubernetes/server/bin/ kubernetes/server/bin/kube-controller-manager.docker_tag kubernetes/server/bin/kube-apiserver.tar kubernetes/server/bin/kube-proxy kubernetes/server/bin/cloud-controller-manager.docker_tag kubernetes/server/bin/mounter kubernetes/server/bin/kube-proxy.docker_tag kubernetes/server/bin/kubelet kubernetes/server/bin/kube-scheduler.docker_tag kubernetes/server/bin/kube-controller-manager.tar kubernetes/server/bin/kubectl kubernetes/server/bin/kube-apiserver kubernetes/server/bin/kube-apiserver.docker_tag kubernetes/server/bin/kube-controller-manager kubernetes/server/bin/kube-proxy.tar kubernetes/server/bin/cloud-controller-manager kubernetes/server/bin/kube-scheduler.tar kubernetes/server/bin/apiextensions-apiserver kubernetes/server/bin/kubeadm kubernetes/server/bin/hyperkube kubernetes/server/bin/kube-scheduler kubernetes/server/bin/cloud-controller-manager.tar kubernetes/addons/ kubernetes/kubernetes-src.tar.gz kubernetes/LICENSES 2019/03/31 20:34:23 [INFO] generating a new CA key and certificate from CSR 2019/03/31 20:34:23 [INFO] generate received request 2019/03/31 20:34:23 [INFO] received CSR 2019/03/31 20:34:23 [INFO] generating key: rsa-2048 2019/03/31 20:34:23 [INFO] encoded CSR 2019/03/31 20:34:23 [INFO] signed certificate with serial number 316253512009054883826466120107550244311105093255 2019/03/31 20:34:23 [INFO] generate received request 2019/03/31 20:34:23 [INFO] received CSR 2019/03/31 20:34:23 [INFO] generating key: rsa-2048 2019/03/31 20:34:23 [INFO] encoded CSR 2019/03/31 20:34:23 [INFO] signed certificate with serial number 288189004496636237074496723049170901716100041831 2019/03/31 20:34:23 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). /etc/etcd/ca.d ├── ca-config.json ├── ca.csr ├── ca-csr.json ├── ca-key.pem ├── ca.pem ├── server.csr ├── server-csr.json ├── server-key.pem └── server.pem 0 directories, 9 files ca-key.pem 100% 1675 27.1KB/s 00:00 ca.pem 100% 1265 2.2MB/s 00:00 server-key.pem 100% 1679 639.6KB/s 00:00 server.pem 100% 1346 1.9MB/s 00:00 etcd 100% 18MB 13.1MB/s 00:01 etcdctl 100% 15MB 41.5MB/s 00:00 etcd.service 100% 994 1.0MB/s 00:00 etcd.conf 100% 520 527.8KB/s 00:00 Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service. Job for etcd.service failed because a timeout was exceeded. See "systemctl status etcd.service" and "journalctl -xe" for details. ca-key.pem 100% 1675 92.3KB/s 00:00 ca.pem 100% 1265 1.7MB/s 00:00 server-key.pem 100% 1679 328.8KB/s 00:00 server.pem 100% 1346 1.6MB/s 00:00 etcd 100% 18MB 40.7MB/s 00:00 etcdctl 100% 15MB 46.0MB/s 00:00 etcd.service 100% 994 1.0MB/s 00:00 etcd.conf 100% 520 838.6KB/s 00:00 Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service. Job for etcd.service failed because a timeout was exceeded. See "systemctl status etcd.service" and "journalctl -xe" for details. ca-key.pem 100% 1675 106.9KB/s 00:00 ca.pem 100% 1265 1.0MB/s 00:00 server-key.pem 100% 1679 1.3MB/s 00:00 server.pem 100% 1346 1.5MB/s 00:00 etcd 100% 18MB 31.4MB/s 00:00 etcdctl 100% 15MB 37.7MB/s 00:00 etcd.service 100% 994 916.5KB/s 00:00 etcd.conf 100% 520 487.5KB/s 00:00 Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service. ● etcd.service - Etcd Server Loaded: loaded (/usr/lib/systemd/system/etcd.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:37:32 CST; 28ms ago Main PID: 7373 (etcd) Tasks: 7 Memory: 9.1M CGroup: /system.slice/etcd.service └─7373 /usr/local/bin/etcd --name=etcd-01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://10.1.1.61:2380 --listen-client-urls=https://10.1.1.61:2379,http://127.0.0.1:2379 --advertise-client-urls=https://10.1.1.61:2379 --initial-advertise-peer-urls=https://10.1.1.61:2380 --initial-cluster=etcd-master=https://10.1.1.60:2380,etcd-01=https://10.1.1.61:2380,etcd-02=https://10.1.1.62:2380,etcd-03=https://10.1.1.63:2380 --initial-cluster-token=etcd-cluster --initial-cluster-state=new --cert-file=/etc/etcd/ca.d/server.pem --key-file=/etc/etcd/ca.d/server-key.pem --peer-cert-file=/etc/etcd/ca.d/server.pem --peer-key-file=/etc/etcd/ca.d/server-key.pem --trusted-ca-file=/etc/etcd/ca.d/ca.pem --peer-trusted-ca-file=/etc/etcd/ca.d/ca.pem 3月 31 20:37:32 gysl-node1 etcd[7373]: 1c3555118a39401e initialzed peer connection; fast-forwarding 8 ticks (election ticks 10) with 2 active peer(s) 3月 31 20:37:32 gysl-node1 etcd[7373]: raft.node: 1c3555118a39401e elected leader 63ac3c747757aa28 at term 138 3月 31 20:37:32 gysl-node1 etcd[7373]: published {Name:etcd-01 ClientURLs:[https://10.1.1.61:2379]} to cluster 575c8b9e68fd927d 3月 31 20:37:32 gysl-node1 etcd[7373]: ready to serve client requests 3月 31 20:37:32 gysl-node1 etcd[7373]: serving insecure client requests on 127.0.0.1:2379, this is strongly discouraged! 3月 31 20:37:32 gysl-node1 etcd[7373]: ready to serve client requests 3月 31 20:37:32 gysl-node1 systemd[1]: Started Etcd Server. 3月 31 20:37:32 gysl-node1 etcd[7373]: serving client requests on 10.1.1.61:2379 3月 31 20:37:32 gysl-node1 etcd[7373]: set the initial cluster version to 3.0 3月 31 20:37:32 gysl-node1 etcd[7373]: enabled capabilities for version 3.0 Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service. ● etcd.service - Etcd Server Loaded: loaded (/usr/lib/systemd/system/etcd.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:37:34 CST; 124ms ago Main PID: 7551 (etcd) Tasks: 7 Memory: 10.3M CGroup: /system.slice/etcd.service └─7551 /usr/local/bin/etcd --name=etcd-master --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://10.1.1.60:2380 --listen-client-urls=https://10.1.1.60:2379,http://127.0.0.1:2379 --advertise-client-urls=https://10.1.1.60:2379 --initial-advertise-peer-urls=https://10.1.1.60:2380 --initial-cluster=etcd-master=https://10.1.1.60:2380,etcd-01=https://10.1.1.61:2380,etcd-02=https://10.1.1.62:2380,etcd-03=https://10.1.1.63:2380 --initial-cluster-token=etcd-cluster --initial-cluster-state=new --cert-file=/etc/etcd/ca.d/server.pem --key-file=/etc/etcd/ca.d/server-key.pem --peer-cert-file=/etc/etcd/ca.d/server.pem --peer-key-file=/etc/etcd/ca.d/server-key.pem --trusted-ca-file=/etc/etcd/ca.d/ca.pem --peer-trusted-ca-file=/etc/etcd/ca.d/ca.pem 3月 31 20:37:34 gysl-master etcd[7551]: established a TCP streaming connection with peer 63ac3c747757aa28 (stream Message reader) 3月 31 20:37:34 gysl-master etcd[7551]: established a TCP streaming connection with peer 1c3555118a39401e (stream Message reader) 3月 31 20:37:34 gysl-master etcd[7551]: published {Name:etcd-master ClientURLs:[https://10.1.1.60:2379]} to cluster 575c8b9e68fd927d 3月 31 20:37:34 gysl-master etcd[7551]: ready to serve client requests 3月 31 20:37:34 gysl-master etcd[7551]: serving client requests on 10.1.1.60:2379 3月 31 20:37:34 gysl-master etcd[7551]: ready to serve client requests 3月 31 20:37:34 gysl-master etcd[7551]: serving insecure client requests on 127.0.0.1:2379, this is strongly discouraged! 3月 31 20:37:34 gysl-master etcd[7551]: 78df1ab24a6f1302 initialzed peer connection; fast-forwarding 8 ticks (election ticks 10) with 3 active peer(s) 3月 31 20:37:34 gysl-master systemd[1]: Started Etcd Server. 3月 31 20:37:34 gysl-master etcd[7551]: established a TCP streaming connection with peer 76bcb3b85e42210d (stream Message reader) Please wait a moment! 2019/03/31 20:38:34 [INFO] generating a new CA key and certificate from CSR 2019/03/31 20:38:34 [INFO] generate received request 2019/03/31 20:38:34 [INFO] received CSR 2019/03/31 20:38:34 [INFO] generating key: rsa-2048 2019/03/31 20:38:34 [INFO] encoded CSR 2019/03/31 20:38:34 [INFO] signed certificate with serial number 284879897535931954074635242912207100624264127544 2019/03/31 20:38:34 [INFO] generate received request 2019/03/31 20:38:34 [INFO] received CSR 2019/03/31 20:38:34 [INFO] generating key: rsa-2048 2019/03/31 20:38:34 [INFO] encoded CSR 2019/03/31 20:38:34 [INFO] signed certificate with serial number 163588537762519336822862885460408698694735647771 2019/03/31 20:38:34 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). 2019/03/31 20:38:34 [INFO] generate received request 2019/03/31 20:38:34 [INFO] received CSR 2019/03/31 20:38:34 [INFO] generating key: rsa-2048 2019/03/31 20:38:35 [INFO] encoded CSR 2019/03/31 20:38:35 [INFO] signed certificate with serial number 269430846139878968754015022650791204259891937310 2019/03/31 20:38:35 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). /etc/kubernetes/ca.d ├── ca-config.json ├── ca.csr ├── ca-csr.json ├── ca-key.pem ├── ca.pem ├── kube-proxy.csr ├── kube-proxy-csr.json ├── kube-proxy-key.pem ├── kube-proxy.pem ├── server.csr ├── server-csr.json ├── server-key.pem └── server.pem 0 directories, 13 files Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service. ● kube-apiserver.service - Kubernetes API Server Loaded: loaded (/usr/lib/systemd/system/kube-apiserver.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:38:35 CST; 41ms ago Docs: https://github.com/kubernetes/kubernetes Main PID: 7628 (kube-apiserver) Tasks: 1 Memory: 14.0M CGroup: /system.slice/kube-apiserver.service └─7628 /usr/local/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://10.1.1.60:2379,https://10.1.1.61:2379,https://10.1.1.62:2379,https://10.1.1.63:2379 --bind-address=10.1.1.60 --secure-port=6443 --advertise-address=10.1.1.60 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth --token-auth-file=/etc/kubernetes/conf.d/token.csv --service-node-port-range=30000-50000 --tls-cert-file=/etc/kubernetes/ca.d/server.pem --tls-private-key-file=/etc/kubernetes/ca.d/server-key.pem --client-ca-file=/etc/kubernetes/ca.d/ca.pem --service-account-key-file=/etc/kubernetes/ca.d/ca-key.pem --etcd-cafile=/etc/etcd/ca.d/ca.pem --etcd-certfile=/etc/etcd/ca.d/server.pem --etcd-keyfile=/etc/etcd/ca.d/server-key.pem 3月 31 20:38:35 gysl-master systemd[1]: Started Kubernetes API Server. Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service. ● kube-scheduler.service - Kubernetes Scheduler Loaded: loaded (/usr/lib/systemd/system/kube-scheduler.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:38:36 CST; 20s ago Docs: https://github.com/kubernetes/kubernetes Main PID: 7673 (kube-scheduler) Tasks: 7 Memory: 47.5M CGroup: /system.slice/kube-scheduler.service └─7673 /usr/local/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.299502 7673 shared_informer.go:123] caches populated 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.399931 7673 shared_informer.go:123] caches populated 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.500642 7673 shared_informer.go:123] caches populated 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.601146 7673 shared_informer.go:123] caches populated 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.604604 7673 controller_utils.go:1027] Waiting for caches to sync for scheduler controller 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.705500 7673 shared_informer.go:123] caches populated 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.705529 7673 controller_utils.go:1034] Caches are synced for scheduler controller 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.705631 7673 leaderelection.go:217] attempting to acquire leader lease kube-system/kube-scheduler... 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.737674 7673 leaderelection.go:227] successfully acquired lease kube-system/kube-scheduler 3月 31 20:38:43 gysl-master kube-scheduler[7673]: I0331 20:38:43.838862 7673 shared_informer.go:123] caches populated Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service. ● kube-controller-manager.service - Kubernetes Controller Manager Loaded: loaded (/usr/lib/systemd/system/kube-controller-manager.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:38:56 CST; 20s ago Docs: https://github.com/kubernetes/kubernetes Main PID: 7725 (kube-controller) Tasks: 6 Memory: 132.3M CGroup: /system.slice/kube-controller-manager.service └─7725 /usr/local/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect=true --address=127.0.0.1 --service-cluster-ip-range=10.0.0.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ca.d/ca.pem --cluster-signing-key-file=/etc/kubernetes/ca.d/ca-key.pem --root-ca-file=/etc/kubernetes/ca.d/ca.pem --service-account-private-key-file=/etc/kubernetes/ca.d/ca-key.pem 3月 31 20:38:59 gysl-master kube-controller-manager[7725]: I0331 20:38:59.915581 7725 request.go:530] Throttling request took 1.356935667s, request: GET:http://127.0.0.1:8080/apis/scheduling.k8s.io/v1?timeout=32s 3月 31 20:38:59 gysl-master kube-controller-manager[7725]: I0331 20:38:59.965276 7725 request.go:530] Throttling request took 1.406608026s, request: GET:http://127.0.0.1:8080/apis/scheduling.k8s.io/v1beta1?timeout=32s 3月 31 20:39:00 gysl-master kube-controller-manager[7725]: I0331 20:39:00.015978 7725 request.go:530] Throttling request took 1.457255375s, request: GET:http://127.0.0.1:8080/apis/coordination.k8s.io/v1?timeout=32s 3月 31 20:39:00 gysl-master kube-controller-manager[7725]: I0331 20:39:00.065993 7725 request.go:530] Throttling request took 1.507246887s, request: GET:http://127.0.0.1:8080/apis/coordination.k8s.io/v1beta1?timeout=32s 3月 31 20:39:00 gysl-master kube-controller-manager[7725]: I0331 20:39:00.067050 7725 resource_quota_controller.go:427] syncing resource quota controller with updated resources from discovery: map[/v1, Resource=configmaps:{} /v1, Resource=endpoints:{} /v1, Resource=events:{} /v1, Resource=limitranges:{} /v1, Resource=persistentvolumeclaims:{} /v1, Resource=pods:{} /v1, Resource=podtemplates:{} /v1, Resource=replicationcontrollers:{} /v1, Resource=resourcequotas:{} /v1, Resource=secrets:{} /v1, Resource=serviceaccounts:{} /v1, Resource=services:{} apps/v1, Resource=controllerrevisions:{} apps/v1, Resource=daemonsets:{} apps/v1, Resource=deployments:{} apps/v1, Resource=replicasets:{} apps/v1, Resource=statefulsets:{} autoscaling/v1, Resource=horizontalpodautoscalers:{} batch/v1, Resource=jobs:{} batch/v1beta1, Resource=cronjobs:{} coordination.k8s.io/v1, Resource=leases:{} events.k8s.io/v1beta1, Resource=events:{} extensions/v1beta1, Resource=daemonsets:{} extensions/v1beta1, Resource=deployments:{} extensions/v1beta1, Resource=ingresses:{} extensions/v1beta1, Resource=networkpolicies:{} extensions/v1beta1, Resource=replicasets:{} networking.k8s.io/v1, Resource=networkpolicies:{} networking.k8s.io/v1beta1, Resource=ingresses:{} policy/v1beta1, Resource=poddisruptionbudgets:{} rbac.authorization.k8s.io/v1, Resource=rolebindings:{} rbac.authorization.k8s.io/v1, Resource=roles:{}] 3月 31 20:39:00 gysl-master kube-controller-manager[7725]: I0331 20:39:00.067168 7725 resource_quota_monitor.go:180] QuotaMonitor unable to use a shared informer for resource "extensions/v1beta1, Resource=networkpolicies": no informer found for extensions/v1beta1, Resource=networkpolicies 3月 31 20:39:00 gysl-master kube-controller-manager[7725]: I0331 20:39:00.067189 7725 resource_quota_monitor.go:243] quota synced monitors; added 0, kept 30, removed 0 3月 31 20:39:00 gysl-master kube-controller-manager[7725]: E0331 20:39:00.067197 7725 resource_quota_controller.go:437] failed to sync resource monitors: couldn't start monitor for resource "extensions/v1beta1, Resource=networkpolicies": unable to monitor quota for resource "extensions/v1beta1, Resource=networkpolicies" 3月 31 20:39:13 gysl-master kube-controller-manager[7725]: I0331 20:39:13.677245 7725 reflector.go:235] k8s.io/client-go/informers/factory.go:133: forcing resync 3月 31 20:39:14 gysl-master kube-controller-manager[7725]: I0331 20:39:14.215322 7725 pv_controller_base.go:407] resyncing PV controller clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created Cluster "kubernetes" set. User "kubelet-bootstrap" set. Context "default" created. Switched to context "default". Cluster "kubernetes" set. User "kube-proxy" set. Context "default" created. Switched to context "default". member 1c3555118a39401e is healthy: got healthy result from https://10.1.1.61:2379 member 63ac3c747757aa28 is healthy: got healthy result from https://10.1.1.63:2379 member 76bcb3b85e42210d is healthy: got healthy result from https://10.1.1.62:2379 member 78df1ab24a6f1302 is healthy: got healthy result from https://10.1.1.60:2379 cluster is healthy { "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}} kubelet 100% 122MB 26.1MB/s 00:04 kube-proxy 100% 35MB 21.9MB/s 00:01 flanneld 100% 34MB 20.5MB/s 00:01 mk-docker-opts.sh 100% 2139 916.8KB/s 00:00 flanneld.conf 100% 247 55.8KB/s 00:00 flanneld.service 100% 389 82.7KB/s 00:00 kubelet.yaml 100% 263 319.4KB/s 00:00 kubelet.conf 100% 365 326.0KB/s 00:00 kube-proxy.conf 100% 158 184.0KB/s 00:00 kubelet.service 100% 267 234.2KB/s 00:00 kube-proxy.service 100% 234 130.5KB/s 00:00 bootstrap.kubeconfig 100% 2163 1.5MB/s 00:00 kube-proxy.kubeconfig 100% 6265 4.4MB/s 00:00 Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service. ● flanneld.service - Flanneld overlay address etcd agent Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:27 CST; 430ms ago Process: 7536 ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env (code=exited, status=0/SUCCESS) Main PID: 7508 (flanneld) Tasks: 7 Memory: 6.7M CGroup: /system.slice/flanneld.service └─7508 /usr/local/bin/flanneld --ip-masq 3月 31 20:39:27 gysl-node2 flanneld[7508]: I0331 20:39:27.720837 7508 iptables.go:167] Deleting iptables rule: -s 172.17.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE 3月 31 20:39:27 gysl-node2 flanneld[7508]: I0331 20:39:27.721919 7508 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.24.0/24 -j RETURN 3月 31 20:39:27 gysl-node2 flanneld[7508]: I0331 20:39:27.722994 7508 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE 3月 31 20:39:27 gysl-node2 flanneld[7508]: I0331 20:39:27.724549 7508 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 -d 172.17.0.0/16 -j RETURN 3月 31 20:39:27 gysl-node2 flanneld[7508]: I0331 20:39:27.730116 7508 iptables.go:155] Adding iptables rule: -d 172.17.0.0/16 -j ACCEPT 3月 31 20:39:27 gysl-node2 flanneld[7508]: I0331 20:39:27.737143 7508 main.go:429] Waiting for 22h59m59.914613166s to renew lease 3月 31 20:39:27 gysl-node2 flanneld[7508]: I0331 20:39:27.737262 7508 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE 3月 31 20:39:27 gysl-node2 flanneld[7508]: I0331 20:39:27.744276 7508 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.24.0/24 -j RETURN 3月 31 20:39:27 gysl-node2 systemd[1]: Started Flanneld overlay address etcd agent. 3月 31 20:39:27 gysl-node2 flanneld[7508]: I0331 20:39:27.766442 7508 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:28 CST; 10ms ago Docs: https://docs.docker.com Main PID: 7579 (dockerd) Tasks: 8 Memory: 32.1M CGroup: /system.slice/docker.service └─7579 /usr/bin/dockerd --bip=172.17.24.1/24 --ip-masq=false --mtu=1450 -H fd:// --containerd=/run/containerd/containerd.sock 3月 31 20:39:27 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:27.843896719+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc 3月 31 20:39:27 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:27.843917442+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420154920, CONNECTING" module=grpc 3月 31 20:39:27 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:27.843973658+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420154920, READY" module=grpc 3月 31 20:39:27 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:27.844332744+08:00" level=info msg="[graphdriver] using prior storage driver: overlay2" 3月 31 20:39:27 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:27.848229255+08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds" 3月 31 20:39:27 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:27.848828116+08:00" level=info msg="Loading containers: start." 3月 31 20:39:28 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:28.081132437+08:00" level=info msg="Loading containers: done." 3月 31 20:39:28 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:28.167227705+08:00" level=info msg="Docker daemon" commit=774a1f4 graphdriver(s)=overlay2 version=18.09.3 3月 31 20:39:28 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:28.167281411+08:00" level=info msg="Daemon has completed initialization" 3月 31 20:39:28 gysl-node2 dockerd[7579]: time="2019-03-31T20:39:28.175538228+08:00" level=info msg="API listen on /var/run/docker.sock" Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service. Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service. ● kubelet.service - Kubernetes Kubelet Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:28 CST; 61ms ago Main PID: 7727 (kubelet) Tasks: 1 Memory: 2.1M CGroup: /system.slice/kubelet.service └─7727 /usr/local/bin/kubelet --logtostderr=true --v=4 --hostname-override=10.1.1.62 --kubeconfig=/etc/kubernetes/conf.d/kubelet.kubeconfig --bootstrap-kubeconfig=/etc/kubernetes/conf.d/bootstrap.kubeconfig --config=/etc/kubernetes/conf.d/kubelet.yaml --cert-dir=/etc/kubernetes/ca.d --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 3月 31 20:39:28 gysl-node2 systemd[1]: Started Kubernetes Kubelet. ● kube-proxy.service - Kubernetes Proxy Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:28 CST; 7ms ago Main PID: 7728 (systemd) Tasks: 0 Memory: 0B CGroup: /system.slice/kube-proxy.service └─7728 /usr/lib/systemd/systemd --switched-root --system --deserialize 22 kubelet 100% 122MB 27.7MB/s 00:04 kube-proxy 100% 35MB 13.8MB/s 00:02 flanneld 100% 34MB 33.6MB/s 00:01 mk-docker-opts.sh 100% 2139 1.1MB/s 00:00 flanneld.conf 100% 247 225.5KB/s 00:00 flanneld.service 100% 389 357.8KB/s 00:00 kubelet.yaml 100% 263 193.7KB/s 00:00 kubelet.conf 100% 365 331.3KB/s 00:00 kube-proxy.conf 100% 158 130.4KB/s 00:00 kubelet.service 100% 267 295.5KB/s 00:00 kube-proxy.service 100% 234 198.3KB/s 00:00 bootstrap.kubeconfig 100% 2163 2.0MB/s 00:00 kube-proxy.kubeconfig 100% 6265 3.7MB/s 00:00 Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service. ● flanneld.service - Flanneld overlay address etcd agent Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:39 CST; 391ms ago Process: 7534 ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env (code=exited, status=0/SUCCESS) Main PID: 7502 (flanneld) Tasks: 7 Memory: 9.3M CGroup: /system.slice/flanneld.service └─7502 /usr/local/bin/flanneld --ip-masq 3月 31 20:39:39 gysl-node3 flanneld[7502]: I0331 20:39:39.088309 7502 iptables.go:145] Some iptables rules are missing; deleting and recreating rules 3月 31 20:39:39 gysl-node3 flanneld[7502]: I0331 20:39:39.088315 7502 iptables.go:167] Deleting iptables rule: -s 172.17.0.0/16 -d 172.17.0.0/16 -j RETURN 3月 31 20:39:39 gysl-node3 flanneld[7502]: I0331 20:39:39.091984 7502 iptables.go:167] Deleting iptables rule: -s 172.17.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE 3月 31 20:39:39 gysl-node3 flanneld[7502]: I0331 20:39:39.095011 7502 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.100.0/24 -j RETURN 3月 31 20:39:39 gysl-node3 flanneld[7502]: I0331 20:39:39.098419 7502 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE 3月 31 20:39:39 gysl-node3 flanneld[7502]: I0331 20:39:39.099751 7502 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 -d 172.17.0.0/16 -j RETURN 3月 31 20:39:39 gysl-node3 flanneld[7502]: I0331 20:39:39.103532 7502 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE 3月 31 20:39:39 gysl-node3 flanneld[7502]: I0331 20:39:39.106520 7502 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.100.0/24 -j RETURN 3月 31 20:39:39 gysl-node3 flanneld[7502]: I0331 20:39:39.113480 7502 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE 3月 31 20:39:39 gysl-node3 systemd[1]: Started Flanneld overlay address etcd agent. ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:39 CST; 10ms ago Docs: https://docs.docker.com Main PID: 7573 (dockerd) Tasks: 8 Memory: 31.9M CGroup: /system.slice/docker.service └─7573 /usr/bin/dockerd --bip=172.17.100.1/24 --ip-masq=false --mtu=1450 -H fd:// --containerd=/run/containerd/containerd.sock 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.230510356+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.230556184+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420154910, CONNECTING" module=grpc 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.230711652+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420154910, READY" module=grpc 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.231101930+08:00" level=info msg="[graphdriver] using prior storage driver: overlay2" 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.234478410+08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds" 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.234950238+08:00" level=info msg="Loading containers: start." 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.406988224+08:00" level=info msg="Loading containers: done." 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.497837879+08:00" level=info msg="Docker daemon" commit=774a1f4 graphdriver(s)=overlay2 version=18.09.3 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.497901197+08:00" level=info msg="Daemon has completed initialization" 3月 31 20:39:39 gysl-node3 dockerd[7573]: time="2019-03-31T20:39:39.502801194+08:00" level=info msg="API listen on /var/run/docker.sock" Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service. Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service. ● kubelet.service - Kubernetes Kubelet Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:39 CST; 58ms ago Main PID: 7721 (kubelet) Tasks: 1 Memory: 4.2M CGroup: /system.slice/kubelet.service └─7721 /usr/local/bin/kubelet --logtostderr=true --v=4 --hostname-override=10.1.1.63 --kubeconfig=/etc/kubernetes/conf.d/kubelet.kubeconfig --bootstrap-kubeconfig=/etc/kubernetes/conf.d/bootstrap.kubeconfig --config=/etc/kubernetes/conf.d/kubelet.yaml --cert-dir=/etc/kubernetes/ca.d --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 3月 31 20:39:39 gysl-node3 systemd[1]: Started Kubernetes Kubelet. ● kube-proxy.service - Kubernetes Proxy Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:39 CST; 21ms ago Main PID: 7722 (systemd) Tasks: 0 Memory: 0B CGroup: /system.slice/kube-proxy.service └─7722 /usr/lib/systemd/systemd --switched-root --system --deserialize 22 3月 31 20:39:39 gysl-node3 systemd[1]: Started Kubernetes Proxy. kubelet 100% 122MB 32.7MB/s 00:03 kube-proxy 100% 35MB 14.4MB/s 00:02 flanneld 100% 34MB 30.4MB/s 00:01 mk-docker-opts.sh 100% 2139 3.5MB/s 00:00 flanneld.conf 100% 247 227.9KB/s 00:00 flanneld.service 100% 389 359.0KB/s 00:00 kubelet.yaml 100% 263 197.9KB/s 00:00 kubelet.conf 100% 365 517.1KB/s 00:00 kube-proxy.conf 100% 158 244.5KB/s 00:00 kubelet.service 100% 267 379.4KB/s 00:00 kube-proxy.service 100% 234 324.5KB/s 00:00 bootstrap.kubeconfig 100% 2163 429.6KB/s 00:00 kube-proxy.kubeconfig 100% 6265 4.7MB/s 00:00 Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service. ● flanneld.service - Flanneld overlay address etcd agent Loaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:49 CST; 319ms ago Process: 7580 ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env (code=exited, status=0/SUCCESS) Main PID: 7550 (flanneld) Tasks: 7 Memory: 6.7M CGroup: /system.slice/flanneld.service └─7550 /usr/local/bin/flanneld --ip-masq 3月 31 20:39:49 gysl-node1 flanneld[7550]: I0331 20:39:49.414921 7550 vxlan_network.go:60] watching for new subnet leases 3月 31 20:39:49 gysl-node1 flanneld[7550]: I0331 20:39:49.415303 7550 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.96.0/24 -j RETURN 3月 31 20:39:49 gysl-node1 flanneld[7550]: I0331 20:39:49.416682 7550 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE 3月 31 20:39:49 gysl-node1 flanneld[7550]: I0331 20:39:49.418320 7550 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 -d 172.17.0.0/16 -j RETURN 3月 31 20:39:49 gysl-node1 flanneld[7550]: I0331 20:39:49.438055 7550 iptables.go:155] Adding iptables rule: -d 172.17.0.0/16 -j ACCEPT 3月 31 20:39:49 gysl-node1 flanneld[7550]: I0331 20:39:49.443066 7550 main.go:429] Waiting for 22h59m59.922013672s to renew lease 3月 31 20:39:49 gysl-node1 flanneld[7550]: I0331 20:39:49.443213 7550 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE 3月 31 20:39:49 gysl-node1 systemd[1]: Started Flanneld overlay address etcd agent. 3月 31 20:39:49 gysl-node1 flanneld[7550]: I0331 20:39:49.459736 7550 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.96.0/24 -j RETURN 3月 31 20:39:49 gysl-node1 flanneld[7550]: I0331 20:39:49.469674 7550 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:49 CST; 9ms ago Docs: https://docs.docker.com Main PID: 7622 (dockerd) Tasks: 8 Memory: 28.6M CGroup: /system.slice/docker.service └─7622 /usr/bin/dockerd --bip=172.17.96.1/24 --ip-masq=false --mtu=1450 -H fd:// --containerd=/run/containerd/containerd.sock 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.549105373+08:00" level=info msg="ccResolverWrapper: sending new addresses to cc: [{unix:///run/containerd/containerd.sock 0 <nil>}]" module=grpc 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.549111902+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.549148708+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420154bb0, CONNECTING" module=grpc 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.549210269+08:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc420154bb0, READY" module=grpc 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.549578647+08:00" level=info msg="[graphdriver] using prior storage driver: overlay2" 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.554893473+08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds" 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.555866350+08:00" level=info msg="Loading containers: start." 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.695192119+08:00" level=info msg="Loading containers: done." 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.729225641+08:00" level=info msg="Docker daemon" commit=774a1f4 graphdriver(s)=overlay2 version=18.09.3 3月 31 20:39:49 gysl-node1 dockerd[7622]: time="2019-03-31T20:39:49.729282016+08:00" level=info msg="Daemon has completed initialization" Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service. Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service. ● kubelet.service - Kubernetes Kubelet Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:50 CST; 50ms ago Main PID: 7770 (kubelet) Tasks: 1 Memory: 2.1M CGroup: /system.slice/kubelet.service └─7770 /usr/local/bin/kubelet --logtostderr=true --v=4 --hostname-override=10.1.1.61 --kubeconfig=/etc/kubernetes/conf.d/kubelet.kubeconfig --bootstrap-kubeconfig=/etc/kubernetes/conf.d/bootstrap.kubeconfig --config=/etc/kubernetes/conf.d/kubelet.yaml --cert-dir=/etc/kubernetes/ca.d --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 3月 31 20:39:50 gysl-node1 systemd[1]: Started Kubernetes Kubelet. ● kube-proxy.service - Kubernetes Proxy Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled) Active: active (running) since 日 2019-03-31 20:39:50 CST; 20ms ago Main PID: 7771 (systemd) Tasks: 0 Memory: 0B CGroup: /system.slice/kube-proxy.service └─7771 /usr/lib/systemd/systemd --switched-root --system --deserialize 22 3月 31 20:39:50 gysl-node1 systemd[1]: Started Kubernetes Proxy. [root@gysl-master ~]# kubectl get cs,nodes NAME STATUS MESSAGE ERROR componentstatus/scheduler Healthy ok componentstatus/controller-manager Healthy ok componentstatus/etcd-0 Healthy {"health":"true"} componentstatus/etcd-2 Healthy {"health":"true"} componentstatus/etcd-1 Healthy {"health":"true"} componentstatus/etcd-3 Healthy {"health":"true"} NAME STATUS ROLES AGE VERSION node/10.1.1.61 Ready node 4m23s v1.14.0 node/10.1.1.62 Ready node 4m22s v1.14.0 node/10.1.1.63 Ready node 4m22s v1.14.0
#!/bin/bash declare -A HostIP EtcdIP HostIP=( [gysl-master]='10.1.1.60' [gysl-node1]='10.1.1.61' [gysl-node2]='10.1.1.62' [gysl-node3]='10.1.1.63' ) EtcdIP=( [etcd-master]='10.1.1.60' [etcd-01]='10.1.1.61' [etcd-02]='10.1.1.62' [etcd-03]='10.1.1.63' ) BinaryDir='/usr/local/bin' KubeConf='/etc/kubernetes/conf.d' KubeCA='/etc/kubernetes/ca.d' EtcdConf='/etc/etcd/conf.d' EtcdCA='/etc/etcd/ca.d' FlanneldConf='/etc/flanneld' for node_ip in ${HostIP[@]} do if [ "${node_ip}" == "${HostIP[gysl-master]}" ] ; then ps -ef|grep -e kube -e etcd -e flanneld|grep -v grep|awk '{print $2}'|xargs kill rm -rf {${KubeConf},${KubeCA},${EtcdConf},${EtcdCA},${FlanneldConf}} rm -rf ${BinaryDir}/* else ssh root@${node_ip} "ps -ef|grep -e kube -e etcd -e flanneld|grep -v grep|awk '{print $2}'|xargs kill" ssh root@${node_ip} "rm -rf {${KubeConf},${KubeCA},${EtcdConf},${EtcdCA},${FlanneldConf}}" ssh root@${node_ip} "rm -rf ${BinaryDir}/* && reboot" fi done reboot
經過腳本實現自動化安裝是一個良好的習慣,能夠達到事半功倍的效果,之後工做中要注意培養這種習慣!github