Kubernetes 安装手册(Ubuntu非高可用版)

安装前准备工作

1.设置hosts解析

操作节点:所有节点(k8s-master)均需执行

  • 修改hostname
# 在master节点
$ hostnamectl set-hostname k8s-master #设置master节点的hostname

# slave1节点
$ hostnamectl set-hostname k8s-worker-node1

# slave2节点
$ hostnamectl set-hostname k8s-worker-node2

2.调整系统配置

操作节点: 所有的master和slave节点(k8s-master,k8s-slave)需要执行

  • 设置iptables
$ iptables -P FORWARD ACCEPT
$ /etc/init.d/ufw stop
$ ufw disable
  • 关闭swap
swapoff -a
# 防止开机自动挂载 swap 分区
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
  • 修改内核参数
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
vm.max_map_count=262144
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
  • 设置apt源
$ apt-get update && apt-get install -y apt-transport-https ca-certificates software-properties-common 
$ curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add 
$ add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
$ add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main"

$ apt-get update   
#若上步出现NO_PUBLICKEY问题,参考https://www.cnblogs.com/jiangzuo/p/13667011.html

3.安装docker

操作节点: 所有节点

$ apt-get install docker-ce=5:20.10.8~3-0~ubuntu-bionic
## 启动docker
$ systemctl enable docker && systemctl start docker

部署kubernetes

1.安装 kubeadm,kubelet和kubectl

操作节点: 所有的master和slave节点(k8s-master,k8s-slave) 需要执行

$ apt-get install kubelet=1.21.1-00 kubectl=1.21.1-00 kubeadm=1.21.1-00
## 查看kubeadm 版本
$ kubeadm version
## 设置kubelet开机启动
$ systemctl enable kubelet 

2.初始化配置文件

操作节点: 只在master节点(k8s-master)执行

$ kubeadm config print init-defaults > kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.136.138    # 修改为master节点ip
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: node     # 删掉此行,删掉此行,删掉此行
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers    # 修改此处镜像repo
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16		# 添加此行
  serviceSubnet: 10.96.0.0/12
scheduler: {}

3.提前下载镜像

操作节点:只在master节点(k8s-master)执行

  # 提前下载镜像到本地
$ kubeadm config images pull --config kubeadm.yaml
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.4.1
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.4.13-0
failed to pull image "registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0": output: Error response from daemon: pull access denied for registry.aliyuncs.com/google_containers/coredns/coredns, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
, error: exit status 1
To see the stack trace of this error execute with --v=5 or higher

提示找不到coredns的镜像,我们可以通过如下方式解决:

$ docker pull coredns/coredns:1.8.0
$ docker tag coredns/coredns:1.8.0 registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0

4.初始化master节点

操作节点:只在master节点(k8s-master)执行

$ kubeadm init --config kubeadm.yaml

若初始化成功后,最后会提示如下信息:

...
To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.136.138:6443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:3a7987c9f5007ebac7980e6614281ee0e064c760c8db012471f9f662289cc9ce

接下来按照上述提示信息操作,配置kubectl客户端的认证

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

⚠️注意:此时使用 kubectl get nodes查看节点应该处于notReady状态,因为还未配置网络插件

若执行初始化过程中出错,根据错误信息调整后,执行kubeadm reset后再次执行init操作即可

5.添加slave节点到集群中

操作节点:所有的slave节点(k8s-slave)需要执行
在每台slave节点,执行如下命令,该命令是在kubeadm init成功后提示信息中打印出来的,需要替换成实际init后打印出的命令。

kubeadm join 192.168.136.135:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:1c4305f032f4bf534f628c32f5039084f4b103c922ff71b12a5f0f98d1ca9a4f

6.安装calico插件

操作节点:只在master节点(k8s-master)执行

  • 安装operator

    $ kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
    
  • 等待operator pod安装启动完成

    $ kubectl -n tigera-operator get po
    NAME                               READY   STATUS    RESTARTS   AGE
    tigera-operator-698876cbb5-kfpb2   1/1     Running   0          38m
    

    镜像拉取比较慢,可以手动去节点docker pull拉取

  • 编辑calico配置

$ vim custom-resources.yaml
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  name: default
spec:
  # Configures Calico networking.
  calicoNetwork:
    # Note: The ipPools section cannot be modified post-install.
    ipPools:
    - blockSize: 26
      cidr: 10.244.0.0/16        #修改和pod cidr一致
      encapsulation: VXLANCrossSubnet
      natOutgoing: Enabled
      nodeSelector: all()

---

# This section configures the Calico API server.
# For more information, see: https://docs.projectcalico.org/v3.20/reference/installation/api#operator.tigera.io/v1.APIServer
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
  name: default
spec: {}
  • 创建calico配置

    $ kubectl apply -f custom-resources.yaml
    
  • 等待operator自动创建calico的pod

    # operator会自动创建calico-apiserver和calico-system两个命名空间以及必要的pod,等待pod启动完成即可
    $ kubectl get ns
    NAME               STATUS   AGE
    calico-apiserver   Active   13m
    calico-system      Active   19m
    
    $ kubectl -n calico-apiserver get po
    NAME                                READY   STATUS    RESTARTS   AGE
    calico-apiserver-554fbf9554-b6kzv   1/1     Running   0          13m
    
    $ kubectl -n calico-system get po
    NAME                                       READY   STATUS    RESTARTS   AGE
    calico-kube-controllers-868b656ff4-hn6qv   1/1     Running   0          20m
    calico-node-qqrp9                          1/1     Running   0          20m
    calico-node-r45z2                          1/1     Running   0          20m
    calico-typha-5b64cf4b48-vws5j              1/1     Running   0          20m
    calico-typha-5b64cf4b48-w6wqf              1/1     Running   0          20m
    

7.验证集群

操作节点: 在master节点(k8s-master)执行

$ kubectl get nodes  #观察集群节点是否全部Ready

创建测试nginx服务

$ kubectl run  test-nginx --image=nginx:alpine

查看pod是否创建成功,并访问pod ip测试是否可用

$ kubectl get po -o wide
NAME                          READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
test-nginx-5bd8859b98-5nnnw   1/1     Running   0          9s    10.244.1.2   k8s-slave1   <none>           <none>
$ curl 10.244.1.2
...
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

8.清理环境

如果你的集群安装过程中遇到了其他问题,我们可以使用下面的命令来进行重置:

# 在全部集群节点执行
kubeadm reset
ifconfig cni0 down && ip link delete cni0
ifconfig flannel.1 down && ip link delete flannel.1
rm -rf /run/flannel/subnet.env
rm -rf /var/lib/cni/
mv /etc/kubernetes/ /tmp
mv /var/lib/etcd /tmp
mv ~/.kube /tmp
iptables -F
iptables -t nat -F
ipvsadm -C
ip link del kube-ipvs0
ip link del dummy0
posted @ 2021-08-13 18:05  bigeyestudy  阅读(316)  评论(0编辑  收藏  举报