1 安装K8s
主机信息:
Yickel-linux-vm1:192.168.155.130
ubuntuNode1:192.168.155.133
操作系统:ubuntu
1.1 配置准备
一、修改apt镜像为中科大镜像
(1)sudo vi /etc/apt/sources.list
修改内容为:
#中科大镜像源:
deb https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
(2)sudo apt-get update更新
二、或 修改apt系统镜像为ali镜像
备注:修改apt系统镜像为ali的原因是,实际操作中感觉ali镜像速度比中科大镜像快。
(1)sudo vi /etc/apt/sources.list
修改内容为:
# 系统安装源
deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
(2)sudo apt-get update更新
三、安装curl
安装curl的原因是后续使用ali的kubernetes镜像时,需要使用curl增加密匙。
如果使用中科大镜像:
sudo apt install curl
安装完毕后通过curl - -version检查是否安装成功。
使用中科大镜像的原因时,操作中使用ali系统镜像无法安装curl,顾先用中科大镜像安装curl。
如果使用的是ali镜像:(实际测试貌似这个安装curl不行)
apt-get update && apt-get install -y apt-transport-https curl
四、禁用swap
执行:swapoff -a (机器关闭后不生效)
(不要操作此条,ubuntu重启可能失败)同时执行sudo vi /etc/fstab包含swap那行记录删掉。
五、关闭防火墙
sudo systemctl stop firewalld
sudo systemctl disable firewalld
六、禁用Selinux
安装Selinux:sudo apt install selinux-utils
查看Selinux状态:getenforce
暂时关闭Selinux:setenforce 0
或:永久关闭Selinux(修改后需重启),sudo vi /etc/sysconfig/selinux,注释以下代码SELINUX=disabled
七、配置服务器
切换root用户,在/etc/hosts配置3台服务器节点IP,注意确认Ubuntu的hostname与如下一样:
echo "192.168.155.130 yickel-linux-vm1" >> /etc/hosts
echo "192.168.155.133 ubuntuNode1" >> /etc/hosts
通过more /etc/hosts查看配置结果。
需在每台主机上都配置。
1.2 安装docker(三个服务器都需安装)
使用apt-get update && apt-get install -y apt-transport-https curl安装curl,前面使用中科大镜像安装过了,就可以跳过本步骤。
使用apt install docker.io安装docker
按照kubelet init的提示,参考:https://kubernetes.io/docs/setup/production-environment/container-runtimes/ 安装docker
# Install Docker CE
## Set up the repository:
### Install packages to allow apt to use a repository over HTTPS
apt-get update&&apt-get install -y
apt-transport-https ca-certificates curl software-properties-common gnupg2 ### Add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - ### Add Docker apt repository.
add-apt-repository
"deb [arch=amd64] https://download.docker.com/linux/ubuntu
$(lsb_release -cs)
stable"
## Install Docker CE.
apt-get update&&apt-get install -y
containerd.io=1.2.10-3
docker-ce=5:19.03.4~3-0~ubuntu-$(lsb_release -cs)
docker-ce-cli=5:19.03.4~3-0~ubuntu-$(lsb_release -cs)
# Setup daemon.
cat > /etc/docker/daemon.json<<EOF
{ "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2"}EOF
mkdir -p /etc/systemd/system/docker.service.d # Restart docker.
systemctl daemon-reloadsystemctl restart docker查看docker服务状态:systemctl status docker.service
1.3 安装kubectl,kubelet,kubeadm(3台服务器都需安装)
一、增加kubernetes镜像源
(1)sudo vi /etc/apt/sources.list
增加到/etc/apt/sources.list.d/kubernetes.list也可以
增加内容为:
# kubeadm及kubernetes组件安装源
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
也可用中科大源:deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main
(2)sudo apt-get update更新
Kubernetes镜像如果提示如下错误:
W: GPG error: https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB
E: The repository 'https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease' is not signed.
执行如下添加公匙到服务器(其中6A030B21BA07F4FB为如上错误提示的信息):
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 6A030B21BA07F4FB
重新执行:sudo apt-get update
二、安装 :
sudo apt-get install -y kubelet kubeadm kubectl
设置kubelet开机启动:systemctl enable kubelet
Begin======================================================
注:这不需要启动kebelet服务,初始化的过程中会自动启动的,如果此时启动了会出现如下报错
启动kubelet:
sudo systemctl daemon-reload
sudo systemctl start kubelet
查看kubelet服务状态:systemctl status kubelet
Process: 10821 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS (code=exited, status=255/EX
Main PID: 10821 (code=exited, status=255/EXCEPTION)
kubeadm状态如上错误,执行journalctl -xefu kubelet查看详细日志
16166 server.go:198] failed to load Kubelet config file /var/lib/kubelet/config.yaml,
===========================================================
三、配置master
sudo kubeadm init --pod-network-cidr=192.110.0.0/16 --apiserver-advertise-address=192.168.155.131 --kubernetes-version=v1.17.3 --ignore-preflight-errors=Swap
pod-network-cidr是指配置节点中的pod的可用IP地址,此为内部IP
piserver-advertise-address 为master的IP地址
kubernetes-version 通过kubectl version 可以查看到
提示如下错误:
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.17.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
原因是需使用gcr.io获取镜像,由于国内的网络问题,无法访问。
解决办法:
sudo kubeadm init --pod-network-cidr=192.110.0.0/16 --apiserver-advertise-address=192.168.155.131 --kubernetes-version=v1.17.3 --ignore-preflight-errors=Swap --image-repository="registry.cn-hangzhou.aliyuncs.com/google_containers"
指定image-repository
提示如下错误:
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get http://localhost:10248/healthz: dial tcp 127.0.0.1:10248: connect: connection refused.
Unfortunately, an error has occurred:
timed out waiting for the condition
This error is likely caused by:
- The kubelet is not running
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)
执行systemctl status kubelet,journalctl -xefu kubelet,提示swap没有被关闭。但实际上/etc/fsatb中swap已经注释掉。
在/etc/systemd/system/kubelet.service.d/10-kubeadm.conf添加如下参数:
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --cgroup-driver=systemd --fail-swap-on=false"
Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroups"
默认:docker的驱动类型Cgroupfs,而kubelet的默认驱动是systemd。此种情况下载后续安装kubelet时,会提示如下错误:
detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/参考网上说明,为了保持docker和kubelet的驱动一直,
方法一:手工修改/etc/docker/daemon.json(修改后docker启动失败)
方法二:修改/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
都无效。
然后重新执行:daemon-reload & systemctl start kubelet
再重新执行systemctl status kubelet,journalctl -xefu kubelet查看发现kubelet已启动成功。
执行:kubeadm reset
重新执行:
sudo kubeadm init --pod-network-cidr=192.110.0.0/16 --kubernetes-version=v1.17.3 --ignore-preflight-errors=Swap --image-repository="registry.cn-hangzhou.aliyuncs.com/google_containers"
init成功,提示相关操作命令:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.155.129:6443 --token 2lei2k.s8afq5673h179y8u
--discovery-token-ca-cert-hash sha256:4980f58508e79a6bd799805f0ff20e38c6c7884179e28f513162143cedfd570a
四、k8s-cluster配置kubectl
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
五、k8s-cluster安装pod网络
有各种网络方案可以选择,如flannel,canal等。可以参考这里
根据kubeadm init时用到的--pod-network-cidr=10.244.0.0/16,所以选择了canal.
#配置canal的RBAC权限
kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/canal/rbac.yaml
部署canal的DaemonSet
kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/canal/canal.yaml
执行如下命令,查看canal网络状态:
kubectl get pod -n kube-system -o wide