Kubernetes 安装手册(Ubuntu非高可用版)
目录
安装前准备工作
1.设置hosts解析
操作节点:所有节点(k8s-master
)均需执行
- 修改hostname
# 在master节点
$ hostnamectl set-hostname k8s-master #设置master节点的hostname
# slave1节点
$ hostnamectl set-hostname k8s-worker-node1
# slave2节点
$ hostnamectl set-hostname k8s-worker-node2
2.调整系统配置
操作节点: 所有的master和slave节点(k8s-master,k8s-slave
)需要执行
- 设置iptables
$ iptables -P FORWARD ACCEPT
$ /etc/init.d/ufw stop
$ ufw disable
- 关闭swap
swapoff -a
# 防止开机自动挂载 swap 分区
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
- 修改内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
vm.max_map_count=262144
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
- 设置apt源
$ apt-get update && apt-get install -y apt-transport-https ca-certificates software-properties-common
$ curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add
$ add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
$ add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main"
$ apt-get update
#若上步出现NO_PUBLICKEY问题,参考https://www.cnblogs.com/jiangzuo/p/13667011.html
3.安装docker
操作节点: 所有节点
$ apt-get install docker-ce=5:20.10.8~3-0~ubuntu-bionic
## 启动docker
$ systemctl enable docker && systemctl start docker
部署kubernetes
1.安装 kubeadm,kubelet和kubectl
操作节点: 所有的master和slave节点(k8s-master,k8s-slave
) 需要执行
$ apt-get install kubelet=1.21.1-00 kubectl=1.21.1-00 kubeadm=1.21.1-00
## 查看kubeadm 版本
$ kubeadm version
## 设置kubelet开机启动
$ systemctl enable kubelet
2.初始化配置文件
操作节点: 只在master节点(k8s-master
)执行
$ kubeadm config print init-defaults > kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.136.138 # 修改为master节点ip
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: node # 删掉此行,删掉此行,删掉此行
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 修改此处镜像repo
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16 # 添加此行
serviceSubnet: 10.96.0.0/12
scheduler: {}
3.提前下载镜像
操作节点:只在master节点(k8s-master
)执行
# 提前下载镜像到本地
$ kubeadm config images pull --config kubeadm.yaml
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.4.1
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.4.13-0
failed to pull image "registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0": output: Error response from daemon: pull access denied for registry.aliyuncs.com/google_containers/coredns/coredns, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
, error: exit status 1
To see the stack trace of this error execute with --v=5 or higher
提示找不到coredns
的镜像,我们可以通过如下方式解决:
$ docker pull coredns/coredns:1.8.0
$ docker tag coredns/coredns:1.8.0 registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0
4.初始化master节点
操作节点:只在master节点(k8s-master
)执行
$ kubeadm init --config kubeadm.yaml
若初始化成功后,最后会提示如下信息:
...
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.136.138:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:3a7987c9f5007ebac7980e6614281ee0e064c760c8db012471f9f662289cc9ce
接下来按照上述提示信息操作,配置kubectl客户端的认证
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
⚠️注意:此时使用 kubectl get nodes查看节点应该处于notReady状态,因为还未配置网络插件
若执行初始化过程中出错,根据错误信息调整后,执行kubeadm reset后再次执行init操作即可
5.添加slave节点到集群中
操作节点:所有的slave节点(k8s-slave
)需要执行
在每台slave节点,执行如下命令,该命令是在kubeadm init成功后提示信息中打印出来的,需要替换成实际init后打印出的命令。
kubeadm join 192.168.136.135:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:1c4305f032f4bf534f628c32f5039084f4b103c922ff71b12a5f0f98d1ca9a4f
6.安装calico插件
操作节点:只在master节点(k8s-master
)执行
-
安装operator
$ kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
-
等待operator pod安装启动完成
$ kubectl -n tigera-operator get po NAME READY STATUS RESTARTS AGE tigera-operator-698876cbb5-kfpb2 1/1 Running 0 38m
镜像拉取比较慢,可以手动去节点docker pull拉取
-
编辑calico配置
$ vim custom-resources.yaml
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
# Configures Calico networking.
calicoNetwork:
# Note: The ipPools section cannot be modified post-install.
ipPools:
- blockSize: 26
cidr: 10.244.0.0/16 #修改和pod cidr一致
encapsulation: VXLANCrossSubnet
natOutgoing: Enabled
nodeSelector: all()
---
# This section configures the Calico API server.
# For more information, see: https://docs.projectcalico.org/v3.20/reference/installation/api#operator.tigera.io/v1.APIServer
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
name: default
spec: {}
-
创建calico配置
$ kubectl apply -f custom-resources.yaml
-
等待operator自动创建calico的pod
# operator会自动创建calico-apiserver和calico-system两个命名空间以及必要的pod,等待pod启动完成即可 $ kubectl get ns NAME STATUS AGE calico-apiserver Active 13m calico-system Active 19m $ kubectl -n calico-apiserver get po NAME READY STATUS RESTARTS AGE calico-apiserver-554fbf9554-b6kzv 1/1 Running 0 13m $ kubectl -n calico-system get po NAME READY STATUS RESTARTS AGE calico-kube-controllers-868b656ff4-hn6qv 1/1 Running 0 20m calico-node-qqrp9 1/1 Running 0 20m calico-node-r45z2 1/1 Running 0 20m calico-typha-5b64cf4b48-vws5j 1/1 Running 0 20m calico-typha-5b64cf4b48-w6wqf 1/1 Running 0 20m
7.验证集群
操作节点: 在master节点(k8s-master
)执行
$ kubectl get nodes #观察集群节点是否全部Ready
创建测试nginx服务
$ kubectl run test-nginx --image=nginx:alpine
查看pod是否创建成功,并访问pod ip测试是否可用
$ kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test-nginx-5bd8859b98-5nnnw 1/1 Running 0 9s 10.244.1.2 k8s-slave1 <none> <none>
$ curl 10.244.1.2
...
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
8.清理环境
如果你的集群安装过程中遇到了其他问题,我们可以使用下面的命令来进行重置:
# 在全部集群节点执行
kubeadm reset
ifconfig cni0 down && ip link delete cni0
ifconfig flannel.1 down && ip link delete flannel.1
rm -rf /run/flannel/subnet.env
rm -rf /var/lib/cni/
mv /etc/kubernetes/ /tmp
mv /var/lib/etcd /tmp
mv ~/.kube /tmp
iptables -F
iptables -t nat -F
ipvsadm -C
ip link del kube-ipvs0
ip link del dummy0