Ubuntu20 安装 K8S
准备
apt-get 修改国内源
mv /etc/apt/sources.list /etc/apt/sources.list.bk
cat > /etc/apt/sources.list <<EOF
deb https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
EOF
apt-get update
更改机器名
hostnamectl set-hostname master # master 节点
hostnamectl set-hostname node1 # node1 节点
关闭 swap 和防火墙
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
开启 IPv4 转发
每台机器都要设置
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system
sudo modprobe br_netfilter
echo '1' | tee /proc/sys/net/bridge/bridge-nf-call-iptables
cat >> /etc/sysctl.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p
echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
安装 K8S 相关
master 部署
安装 containerd
apt install containerd
# 更换镜像源
containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.toml
# 找到 sandbox_image 行,将 "registry.k8s.io/pause:3.8" 更换为 "registry.aliyuncs.com/google_containers/pause:3.9"
systemctl restart containerd.service
配置 crictl 客户端
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: true
EOF
安装 kubuadm、kubelet、kubectl
apt install -y apt-transport-https curl
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt update
apt install -y kubelet kubeadm kubectl
systemctl enable kubelet
拉取下载镜像
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version="v1.28.2"
master 初始化(node 节点不需要)
kubeadm init --kubernetes-version=v1.28.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --image-repository=registry.aliyuncs.com/google_containers --upload-certs
# --pod-network-cidr:指明 Pod 网络可以使用的 IP 地址段
# --service-cidr:为服务的虚拟 IP 地址另外指定 IP 地址段
设定 kubectl
# 复制认证为 Kubernetes 系统管理员的配置文件至当前用户 root 的家目录
cd ~
mkdir .kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
ls .kube/ # 输出:config
部署网络插件
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
kubectl get nodes # 有如下输出表示安装成功
'''
NAME STATUS ROLES AGE VERSION
master Ready control-plane 2d2h v1.28.2
'''
kubectl get pod -A # 创建了 kube-flannel pod
'''
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-** 1/1 Running 0 2d1h
'''
Node 节点部署
与 master 部署相似,执行如下4步
- 安装 containerd
- 配置 crictl 客户端
- 安装 kubuadm、kubelet、kubectl
- 拉取下载镜像
拷贝 master 上的网络配置到 node 节点目录下
ls -al /etc/cni/net.d/ # master节点下有 10-flannel.conflist,node节点下空
scp -P $port $user@$master_ip:/etc/cni/net.d/* /etc/cni/net.d/
master 查看 token 和 discovery-token-ca-cert-hash
kubeadm token list # 查看 token 列表,node 节点加入 master 时 token 的值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' # node 节点连接 master 时 --discovery-token-ca-cert-hash 参数的值
node 节点加入 master
kubeadm join $master_ip:6443 --token $token --discovery-token-ca-cert-hash sha256:$hash_value # $master_ip: master节点的IP;$token:master节点上“kubeadm token list”出来的token值;$hash_value:openssl x509....出来的值
部署应用
部署 nginx deployment
cat > nginx-deployment.yaml <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: default
labels:
app: ngx
type: webservice
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
EOF
kubectl apply -f nginx-deployment.yaml
部署 nginx service
cat > nginx-service.yml << EOF
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
spec:
selector:
app: nginx
#loadBalancerIP: 192.168.215.200
ports:
- protocol: TCP
port: 80
targetPort: 80
type: NodePort #NodePort LoadBalancer
EOF
kubectl apply -f nginx-service.yml
查看相关信息
kubectl get deployment # 查看所有 deployment
kubectl get service # 查看所有服务
kubectl get pod -A # 查看所有 pod
curl http://$nginx_service_cluster_ip:80 # 通过服务暴露的IP,访问 nginx
curl http://localhost:32249 # 通过宿主机,访问 nginx
其它命令
kubectl delete deployment nginx-deployment # 删除 nginx-deployment
kubectl delete service nginx-service # 删除 nginx-service
遇到问题:
执行 kubeadm init 时报错: [ERROR CRI]: container runtime is not running:
报错内容:
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR CRI]: container runtime is not running: output: time="2023-02-20T08:33:48Z" level=fatal msg="validate service connection: CRI v1 runtime API is not implemented for endpoint "unix:///var/run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
service containerd status # 显示running
解决:
mv /etc/containerd/config.toml /etc/containerd/config.toml.bk
service containerd restart
执行 kubeadm init 时报错: error execution phase preflight: [preflight] Some fatal errors occurred:
报错内容:
[init] Using Kubernetes version: v1.28.2
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already exists
[ERROR FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml]: /etc/kubernetes/manifests/kube-controller-manager.yaml already exists
[ERROR FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml]: /etc/kubernetes/manifests/kube-scheduler.yaml already exists
[ERROR FileAvailable--etc-kubernetes-manifests-etcd.yaml]: /etc/kubernetes/manifests/etcd.yaml already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
解决:删除 /etc/kubernetes/manifests
mv /etc/kubernetes/manifests /etc/kubernetes/manifests-bk
节点状态 NotReady
kubectl get nodes
# node1 NotReady <none> 42h v1.28.2
在节点上执行
systemctl status kubelet
# 状态是active(running),但是下面有报错:
'''
"Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:Network plugin return ...
'''
tail /var/log/syslog # 信息如下
'''
May 27 15:55:24 node1 kubelet[163478]: E0527 15:55:24.965618 163478 kubelet.go:2855] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized"
'''
有人建议停止 apparmor 服务但是没有解决
# 这种方法在我这没起作用
systemctl stop apparmor
systemctl disable apparmor
拷贝 master 的/etc/cni/net.d/* 到 node 节点下
ls -al /etc/cni/net.d/ # master节点下有 10-flannel.conflist,node节点下空
scp -P $port $user@$master_ip:/etc/cni/net.d/* /etc/cni/net.d/
# 主节点上查看 node 发现 Ready 了
failed to pull and unpack image "registry.k8s.io/pause:3.8"
原因:要更换源
containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.toml
# 找到 sandbox_image 行,将 "registry.k8s.io/pause:3.8" 更换为 "registry.aliyuncs.com/google_containers/pause:3.9"
systemctl restart containerd.service
文章出处:http://www.cnblogs.com/aaron-agu/
只有毅力和决心才能使人真正具有价值!
