k8s安装
kubeadm/kubectl/kubelet安装
-
1、更新apt包索引并安装使用Kubernetes apt仓库所需要的包
sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl
-
2、下载Google Cloud公开签名秘钥:
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
如果执行失败了,可以手动下载
https://packages.cloud.google.com/apt/doc/apt-key.gpg
,然后将下载后的apt-key.gpg复制到/usr/share/keyrings/kubernetes-archive-keyring.gpg
-
3、添加Kubernetes apt仓库:
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
这一步如果不能*的话,就换成下面这个
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
-
4、更新apt包索引,安装kubelet、kubeadm、kubectl,并锁定其版本
sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl
使用kubeadm安装Kubernetes集群
初始化master节点
kubeadm init
因为使用要使用 canal,因此需要在初始化时加上网络配置参数,设置 kubernetes 的子网为 10.244.0.0/16
,注意此处不要修改为其他地址,因为这个值与后续的 canal 的 yaml 值要一致,如果修改,请一并修改。
使用了阿里云的镜像,不然外网的镜像拉不下来
kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers
init会遇到的问题
-
Q1:kubelet isn’t running
It seems like the kubelet isn't running or healthy. [kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
解决方法:修改
/etc/docker/daemon.json
,添加如下:{ "exec-opts": ["native.cgroupdriver=systemd"] }
然后在执行
sudo systemctl daemon-reload sudo systemctl restart docker sudo systemctl restart kubelet
-
Q2:error execution phase preflight: [preflight] Some fatal errors occurred
[init] Using Kubernetes version: v1.23.2 [preflight] Running pre-flight checks error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR Port-6443]: Port 6443 is in use [ERROR Port-10259]: Port 10259 is in use [ERROR Port-10257]: Port 10257 is in use [ERROR FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already exists [ERROR FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml]: /etc/kubernetes/manifests/kube-controller-manager.yaml already exists [ERROR FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml]: /etc/kubernetes/manifests/kube-scheduler.yaml already exists [ERROR FileAvailable--etc-kubernetes-manifests-etcd.yaml]: /etc/kubernetes/manifests/etcd.yaml already exists [ERROR Port-10250]: Port 10250 is in use [ERROR Port-2379]: Port 2379 is in use [ERROR Port-2380]: Port 2380 is in use [ERROR DirAvailable--var-lib-etcd]: /var/lib/etcd is not empty [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
解决方法:你需要执行如下命令
kubeadm reset #后面相关的输入y即可
reset后再重新执行kubeadm init
kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers
init成功后的提示:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.16.4:6443 --token e14627.cbl6ghqr2wdi6vt3 \
--discovery-token-ca-cert-hash sha256:929611f9888cff770c02888f9d02d7e8a4cf121641885a3a78219567127f9593
配置kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
现在你就可以执行kubectl
命令了
root@VM-16-4-ubuntu:~# kubectl get node
NAME STATUS ROLES AGE VERSION
vm-16-4-ubuntu NotReady control-plane,master 125m v1.23.2
Slave节点加入集群
kubeadm join
安装init成功的提示,将节点加入集群
kubeadm join 10.0.16.4:6443 --token e14627.cbl6ghqr2wdi6vt3 \
--discovery-token-ca-cert-hash sha256:929611f9888cff770c02888f9d02d7e8a4cf121641885a3a78219567127f9593
join会遇到的问题
-
[preflight] Some fatal errors occurred
[preflight] Running pre-flight checks error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists [ERROR Port-10250]: Port 10250 is in use [ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` To see the stack trace of this error execute with --v=5 or higher
这个是由于之前已经join过一次集群或者init过了,如果想要再次join,就执行
kubeadm reset
然后在join一次即可
让master也运行pod
kubectl taint nodes --all node-role.kubernetes.io/master-
安装网络插件
当集群安装好后,发现master的node并没有ready,发现core-dns处于pending状态。这是因为kubedns 组件需要在网络插件完成安装以后会自动安装完成
root@VM-16-4-ubuntu:/usr/local/bin# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-65c54cc984-9x9zs 0/1 Pending 0 139m
kube-system coredns-65c54cc984-gj9c7 0/1 Pending 0 139m
kube-system etcd-vm-16-4-ubuntu 1/1 Running 0 139m
kube-system kube-apiserver-vm-16-4-ubuntu 1/1 Running 0 139m
kube-system kube-controller-manager-vm-16-4-ubuntu 1/1 Running 0 139m
kube-system kube-proxy-m4jlm 1/1 Running 0 139m
kube-system kube-scheduler-vm-16-4-ubuntu 1/1 Running 0 139m
网络插件目前有以下可用:
- Flannel:是一个可用于Kuberneters的overlay网络提供者
- Calico:是一个安全的L3网络和网络策略驱动
- Canal:结合Flannel和Calico,提供网络和网络策略
- Weave:提供在网络分组两端参与工作的网络和网络策略,并且不需要额外的数据库
更多请访问官网文档:https://kubernetes.io/zh/docs/concepts/cluster-administration/addons/
安装Flannel
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
可以看到如下反馈:
root@VM-16-4-ubuntu:~# kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
然后在查看node的状态,发现master节点已经变成Ready的状态
root@VM-16-4-ubuntu:~# kubectl get node
NAME STATUS ROLES AGE VERSION
vm-16-4-ubuntu Ready control-plane,master 3d1h v1.23.2