【k8s】ubuntu18.04 server安装k8s版本1.23.1过程
1、官网
https://kubernetes.io/zh-cn/
2、github
https://github.com/kubernetes/kubernetes
3、文档
Kubernetes Documentation | Kubernetes
二进制下载
4、系统环境
ubuntu18.04.03 Server LTS (VM虚拟机)
|
机器 |
ip |
cpu |
内存 |
|
master |
192.168.143.133 |
4核 |
4G |
|
node1 |
192.168.143.134 |
4核 |
4G |
|
node2 |
192.168.143.137 |
4核 |
4G |
5、系统环境初始化(三台主机分别执行)
关闭ufw和selinux
# 关闭开机启动
ufw disable
# 临时关闭 setenforce 0
开启ipv4转发,配置iptables
modprobe br_netfilter cat >> /etc/sysctl.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF
# 使配置生效
sysctl -p
禁用swap分区
swapoff -a #临时关闭 sed -ri 's/.*swap.*/#&/' /etc/fstab #永久关闭
设置主机名
hostnamectl set-hostname master hostnamectl set-hostname node1 hostnamectl set-hostname node2 bash
配置DNS解析
cat >> /etc/hosts <<EOF 192.168.143.133 master 192.168.143.134 node1 192.168.143.137 node2 EOF
6、安装docker
安装依赖包
apt-get -y install apt-transport-https ca-certificates curl software-properties-common wget
配置docker安装源为阿里源
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \ $(lsb_release -cs) stable"
安装docker-ce
apt-get install -y docker-ce #如不指定版本默认最新版本
启动docker并配置开卷机启动
systemctl enable docker
systemctl start docker
配置docker加速镜像源(可以自己去阿里云注册)
cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"] } EOF systemctl daemon-reload #载入配置 systemctl restart docker
7、安装kubelet, kubeadm, kubectl
添加k8s安装源为阿里源
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add - cat > /etc/apt/sources.list.d/kubernetes.list <<EOF deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF apt-get update
查看软件版本
apt-cache madison kubeadm
安装1.23.1版本
apt-get install -y kubelet=1.23.1-00 kubeadm=1.23.1-00 kubectl=1.23.1-00
8、初始化master节点
kubeadm init \ --apiserver-advertise-address=192.168.143.133 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.23.1 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16 \ --ignore-preflight-errors=all
参数解释
--apiserver-advertise-address=192.168.100.4 \ #修改为自己master ip
--image-repository registry.aliyuncs.com/google_containers \ #设置阿里镜像仓库
--kubernetes-version v1.22.0 \ #指定k8s版本
--service-cidr=10.96.0.0/12 \ #指定service ip网段
--pod-network-cidr=10.244.0.0/16 \ #指定pod ip网段
环境变量配置
文本如下:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
如果是root用户
文本如下
export KUBECONFIG=/etc/kubernetes/admin.conf
安装网络插件
kube-flannel.yaml
--- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default spec: privileged: false volumes: - configMap - secret - emptyDir - hostPath allowedHostPaths: - pathPrefix: "/etc/cni/net.d" - pathPrefix: "/etc/kube-flannel" - pathPrefix: "/run/flannel" readOnlyRootFilesystem: false # Users and groups runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny # Privilege Escalation allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false # Capabilities allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] defaultAddCapabilities: [] requiredDropCapabilities: [] # Host namespaces hostPID: false hostIPC: false hostNetwork: true hostPorts: - min: 0 max: 65535 # SELinux seLinux: # SELinux is unused in CaaSP rule: 'RunAsAny' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged'] - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.14.0 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.14.0 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg
执行安装
kubectl apply -f kube-flannel.yaml
如图所示
查看此时node显示
kubectl get nodes -o wide
10、添加子节点
分别在node1和node2执行如下操作
kubeadm join 192.168.143.133:6443 --token bpoiks.ct5djxoow47aiq9u \ --discovery-token-ca-cert-hash sha256:343687fb820c1ca3c911f4eb795dd179a590e65409762c6c38cb733050e45341
(以上都换成自己的参数)
node2过程
root@node2:~# kubeadm join 192.168.143.133:6443 --token bpoiks.ct5djxoow47aiq9u --discovery-token-ca-cert-hash sha256:343687fb820c1ca3c911f4eb795dd179a590e65409762c6c38cb733050e45341 --v=5 I0828 09:13:11.188100 68724 join.go:413] [preflight] found NodeName empty; using OS hostname as NodeName I0828 09:13:11.188159 68724 initconfiguration.go:117] detected and using CRI socket: /var/run/dockershim.sock [preflight] Running pre-flight checks I0828 09:13:11.188211 68724 preflight.go:92] [preflight] Running general checks I0828 09:13:11.188246 68724 checks.go:283] validating the existence of file /etc/kubernetes/kubelet.conf I0828 09:13:11.188261 68724 checks.go:283] validating the existence of file /etc/kubernetes/bootstrap-kubelet.conf I0828 09:13:11.188265 68724 checks.go:107] validating the container runtime I0828 09:13:11.399839 68724 checks.go:133] validating if the "docker" service is enabled and active I0828 09:13:11.410196 68724 checks.go:332] validating the contents of file /proc/sys/net/bridge/bridge-nf-call-iptables I0828 09:13:11.410433 68724 checks.go:332] validating the contents of file /proc/sys/net/ipv4/ip_forward I0828 09:13:11.410523 68724 checks.go:654] validating whether swap is enabled or not I0828 09:13:11.410600 68724 checks.go:373] validating the presence of executable conntrack I0828 09:13:11.410617 68724 checks.go:373] validating the presence of executable ip I0828 09:13:11.410712 68724 checks.go:373] validating the presence of executable iptables I0828 09:13:11.410727 68724 checks.go:373] validating the presence of executable mount I0828 09:13:11.410739 68724 checks.go:373] validating the presence of executable nsenter I0828 09:13:11.410751 68724 checks.go:373] validating the presence of executable ebtables I0828 09:13:11.410764 68724 checks.go:373] validating the presence of executable ethtool I0828 09:13:11.410859 68724 checks.go:373] validating the presence of executable socat I0828 09:13:11.410871 68724 checks.go:373] validating the presence of executable tc I0828 09:13:11.410881 68724 checks.go:373] validating the presence of executable touch I0828 09:13:11.410897 68724 checks.go:521] running all checks I0828 09:13:11.498377 68724 checks.go:404] checking whether the given node name is valid and reachable using net.LookupHost I0828 09:13:11.498490 68724 checks.go:620] validating kubelet version I0828 09:13:11.596107 68724 checks.go:133] validating if the "kubelet" service is enabled and active I0828 09:13:11.603758 68724 checks.go:206] validating availability of port 10250 I0828 09:13:11.603954 68724 checks.go:283] validating the existence of file /etc/kubernetes/pki/ca.crt I0828 09:13:11.604076 68724 checks.go:433] validating if the connectivity type is via proxy or direct I0828 09:13:11.604101 68724 join.go:530] [preflight] Discovering cluster-info I0828 09:13:11.604174 68724 token.go:80] [discovery] Created cluster-info discovery client, requesting info from "192.168.143.133:6443" I0828 09:13:11.624122 68724 token.go:118] [discovery] Requesting info from "192.168.143.133:6443" again to validate TLS against the pinned public key I0828 09:13:11.660165 68724 token.go:135] [discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.143.133:6443" I0828 09:13:11.660514 68724 discovery.go:52] [discovery] Using provided TLSBootstrapToken as authentication credentials for the join process I0828 09:13:11.660566 68724 join.go:544] [preflight] Fetching init configuration I0828 09:13:11.660588 68724 join.go:590] [preflight] Retrieving KubeConfig objects [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' I0828 09:13:11.665722 68724 kubelet.go:91] attempting to download the KubeletConfiguration from the new format location (UnversionedKubeletConfigMap=true) I0828 09:13:11.998345 68724 kubelet.go:94] attempting to download the KubeletConfiguration from the DEPRECATED location (UnversionedKubeletConfigMap=false) I0828 09:13:12.000709 68724 interface.go:432] Looking for default routes with IPv4 addresses I0828 09:13:12.000877 68724 interface.go:437] Default route transits interface "ens33" I0828 09:13:12.001270 68724 interface.go:209] Interface ens33 is up I0828 09:13:12.001405 68724 interface.go:257] Interface "ens33" has 2 addresses :[192.168.143.137/24 fe80::20c:29ff:fe6e:f773/64]. I0828 09:13:12.001537 68724 interface.go:224] Checking addr 192.168.143.137/24. I0828 09:13:12.007268 68724 interface.go:231] IP found 192.168.143.137 I0828 09:13:12.007382 68724 interface.go:263] Found valid IPv4 address 192.168.143.137 for interface "ens33". I0828 09:13:12.007490 68724 interface.go:443] Found active IP 192.168.143.137 W0828 09:13:12.010088 68724 utils.go:69] The recommended value for "resolvConf" in "KubeletConfiguration" is: /run/systemd/resolve/resolv.conf; the provided value is: /run/systemd/resolve/resolv.conf I0828 09:13:12.010113 68724 preflight.go:103] [preflight] Running configuration dependant checks I0828 09:13:12.010130 68724 controlplaneprepare.go:220] [download-certs] Skipping certs download I0828 09:13:12.010146 68724 kubelet.go:119] [kubelet-start] writing bootstrap kubelet config file at /etc/kubernetes/bootstrap-kubelet.conf I0828 09:13:12.010517 68724 kubelet.go:134] [kubelet-start] writing CA certificate at /etc/kubernetes/pki/ca.crt I0828 09:13:12.010901 68724 kubelet.go:155] [kubelet-start] Checking for an existing Node in the cluster with name "node2" and status "Ready" I0828 09:13:12.012529 68724 kubelet.go:170] [kubelet-start] Stopping the kubelet [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Starting the kubelet [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... I0828 09:13:17.299672 68724 cert_rotation.go:137] Starting client certificate rotation controller I0828 09:13:17.299969 68724 kubelet.go:218] [kubelet-start] preserving the crisocket information for the node I0828 09:13:17.299990 68724 patchnode.go:31] [patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "node2" as an annotation This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
11、检查
kubectl get nodes
12、排查方法
参考链接是各种坑
参考链接:
https://blog.csdn.net/yzh0905_/article/details/122978696
https://blog.csdn.net/qq_44839276/article/details/120239182
https://blog.csdn.net/woay2008/article/details/93250137
https://blog.csdn.net/bh451326803/article/details/125263918
https://github.com/flannel-io/flannel/releases
https://blog.csdn.net/whatzhang007/article/details/112579182
https://blog.csdn.net/hebian1994/article/details/121936540
https://blog.csdn.net/gsying1474/article/details/53256599
https://blog.csdn.net/hefashion0190/article/details/122637074
https://blog.csdn.net/shm19990131/article/details/106743033
https://blog.csdn.net/yuezhilangniao/article/details/115010241
https://www.cnblogs.com/dream397/p/14922802.html
https://blog.csdn.net/weixin_45066823/article/details/122052698
https://blog.csdn.net/L2111533547/article/details/126043846
https://blog.csdn.net/u010779292/article/details/117993973
https://blog.csdn.net/qq_26545503/article/details/123183184
https://www.ab62.cn/article/5700.html
https://blog.csdn.net/weibo1230123/article/details/121732361
https://blog.csdn.net/lanwilliam/article/details/125600671
https://kubernetes.io/zh-cn/docs/concepts/cluster-administration/addons/
https://blog.csdn.net/Kefenggewu_/article/details/121780920/
https://blog.csdn.net/my_angle2016/article/details/110161941
https://blog.csdn.net/single_0910/article/details/120527803
https://blog.csdn.net/ABC_ORANGE/article/details/109036568
