HDC调试需求开发（15万预算）,能者速来！>>>
本人首次学习关于Kubernetes的相关知识，根据Kubernetes的权威指南做了一个关于Kubernetes的一个小测试 相关环境是：
centos7 64位
Kubernetes 1.5.2
docker 1.13.1
etcd 3.2.22
etcd，Kubernetes，docker安装完毕，之后讲防火墙和selinux都关闭了 。 防火墙的状态：
[root @localhost kubernetes]# systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: inactive (dead) since 五 2018-08-10 16:05:50 CST; 32min ago
Process: 13907 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
Process: 12874 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 12874 (code=exited, status=0/SUCCESS)
8月 10 16:05:50 localhost.localdomain systemd[1]: Stopping IPv4 firewall with iptables...
8月 10 16:05:50 localhost.localdomain iptables.init[13907]: iptables: Setting chains to policy… ]
8月 10 16:05:50 localhost.localdomain iptables.init[13907]: iptables: Flushing firewall rules:… ]
8月 10 16:05:50 localhost.localdomain iptables.init[13907]: iptables: Unloading modules: [ 确定 ]
8月 10 16:05:50 localhost.localdomain systemd[1]: Stopped IPv4 firewall with iptables.
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
Hint: Some lines were ellipsized, use -l to show in full.
selinux的状态：
[root @localhost kubernetes]# getenforce
Disabled


写了关于yaml文件（该文件是摘录书中的）
启动了如下服务：
systemctl start docker
systemctl start kube-apiserver
systemctl start kube-controller-manager
systemctl start kube-scheduler
systemctl start kubelet
systemctl start kube-proxy
查看服务： [root @localhost kubernetes]# ps -ef | grep kube
kube 14403 1 0 16:29 ? 00:00:00 /usr/bin/kube-controller-manager --logtostderr=true --v=0 --master=http://127.0.0.1:8080
kube 14416 1 1 16:29 ? 00:00:00 /usr/bin/kube-scheduler --logtostderr=true --v=0 --master=http://127.0.0.1:8080
root 14427 1 3 16:29 ? 00:00:00 /usr/bin/kubelet --logtostderr=true --v=0 --api-servers=http://127.0.0.1:8080 --address=127.0.0.1 --hostname-override=127.0.0.1 --allow-privileged=false --pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest
root 14477 1 3 16:29 ? 00:00:00 /usr/bin/kube-proxy --logtostderr=true --v=0 --master=http://127.0.0.1:8080
然后创建pod：
kubectl create -f /root/yaml/mysql-rc.yaml
报错信心如下：
The connection to the server localhost:8080 was refused - did you specify the right host or port?
查看端口8080：
netstat -an | grep 8080 没有任何信息

查看网上相关信息，修改如下两处：
1）说是修改监听的地址，所有修改如下文件： ./apiserver:#KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
./config:#KUBE_MASTER="--master=http://0.0.0.0:8080"
./kubelet:#KUBELET_ADDRESS="--address=0.0.0.0"
./kubelet:#KUBELET_API_SERVER="--api-servers=http://0.0.0.0:8080"
然后重新启动了： systemctl restart kube-apiserver
systemctl restart kube-controller-manager
systemctl restart kube-scheduler
systemctl restart kubelet
systemctl restart kube-proxy
查看服务： [root @localhost kubernetes]# ps -ef | grep kube
kube 14403 1 0 16:29 ? 00:00:00 /usr/bin/kube-controller-manager --logtostderr=true --v=0 --master=http://0.0.0.0:8080
kube 14416 1 1 16:29 ? 00:00:00 /usr/bin/kube-scheduler --logtostderr=true --v=0 --master=http://0.0.0.0:8080
root 14427 1 3 16:29 ? 00:00:00 /usr/bin/kubelet --logtostderr=true --v=0 --api-servers=http://0.0.0.0:8080 --address=0.0.0.0 --hostname-override=127.0.0.1 --allow-privileged=false --pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest
root 14477 1 3 16:29 ? 00:00:00 /usr/bin/kube-proxy --logtostderr=true --v=0 --master=http://0.0.0.0:8080
查看端口8080：
[root @localhost kubernetes]# netstat -anltp | grep 8080
[root@localhost kubernetes]#
为什么服务起来了，端口为什么没有监听呀？
2)修改apiserver文件中的KUBE_ADMISSION_CONTROL将 ServiceAccount去掉
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
重新启动：
systemctl restart kube-apiserver
根据上述修改还是报错：
[root@localhost kubernetes]# kubectl create -f /root/yaml/mysql-rc.yaml
The connection to the server localhost:8080 was refused - did you specify the right host or port?

综上所有问题：
1.为什么没有办法创建pod，为什么说端口被拒绝？
2.服务都起来了为什么端口没有被监听？

求大神们帮帮小弟，看看这是哪里出现了问题？谢谢！