使用KubeKey安装K8s集群

使用KubeKey安装K8s集群

Github地址

在 Kubernetes 之上安装 KubeSphere

多节点安装

准备 Linux 主机

对主机的各种要求见官方文档多节点安装,下面只列一些重要的操作步骤

升级内核版本

# 如果使用Kube-proxy使用的是ipvs模式,一定的升级内核版本到4.1及以上

安装依赖

yum install -y socat conntrack  ebtables  ipset ipvsadm bash-completion 

配置dns

解决无法拉取docker镜像的问题

# 在 /etc/resolv.conf 最后添加一行 nameserver 114.114.114.114  使用下面的命令即可完成
nmcli c modify ens33 ipv4.dns 114.114.114.114,8.8.8.8
nmcli c up ens33

问题日志:

pull image failed: Failed to exec command: sudo -E /bin/bash -c "env PATH=$PATH docker pull registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.4.1 --platform amd64"
Error response from daemon: Get "https://registry.cn-beijing.aliyuncs.com/v2/": dial tcp: lookup registry.cn-beijing.aliyuncs.com on 10.191.9.2:53: server misbehaving: Process exited with status 1

RedHat(CentOS7) 需要关闭SELinux

# 永久关闭SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# 临时生效
setenforce 0 #切换成宽容模式
#关闭后需要重启系统
reboot
# 查看SELinux的状态
getenforce

关闭防火墙

systemctl stop firewalld.service && systemctl disable  firewalld && systemctl status  firewalld

修改主机名

# 在每个节点上修改主机名,保证集群内的每个节点主机名称唯一
nmcli g hostname  k8s.master
# 在 执行 ./kk create cluster -f config-sample.yaml 命令的节点上 
# 修改 /etc/hosts 添加下面一行,来解决无法完成ssh 连接的问题 
127.0.0.1  k8s.master

问题日志:

08:29:10 CST [GreetingsModule] Greetings
08:29:11 CST message: [localhost.k8s.18]
Greetings, KubeKey!
08:30:40 CST success: [localhost.k8s.18]
08:30:40 CST failed: [localhost.k8s.17]
08:30:40 CST failed: [localhost.k8s.16]
08:48:40 CST [GreetingsModule] Greetings
08:50:10 CST failed: [localhost.k8s.16]
08:50:10 CST failed: [localhost.k8s.18]
08:50:10 CST failed: [localhost.k8s.17]

下载 KubeKey

手动下载地址V3.1.6版本

# 无法访问外网时 先执行以下命令以确保您从正确的区域下载 KubeKey
export KKZONE=cn 
# 执行以下命令下载并解压  KubeKey
curl -sfL https://get-kk.kubesphere.io | VERSION=v3.1.6 sh -

创建集群

1.创建示例配置文件

在 Kubernetes 之上安装 KubeSphere

# 创建配置文件 ,如果不带 --with-kubesphere 参数,就只会安装一个K8s集群,
# 后续可以通过其他方式直接在现有的k8s集群上安装 kubesphere 
./kk create config --with-kubernetes v1.21.14 --with-kubesphere v3.4.1 

2. 编辑配置文件

直接参照官方文档即可, 主要根据你主机的实际情况修改 hosts, roleGroups 的配置

3. 使用配置文件创建集群

chmod 755 kk && ./kk create cluster -f config-sample.yaml -y

问题:

下载镜像失败:

所有节点修改配置文件 /etc/docker/daemon.json

{
    "registry-mirrors": [
        "https://docker.rainbond.cc"
    ],
    "log-opts": {
        "max-size": "5m",
        "max-file": "3"
    },
    "exec-opts": [
        "native.cgroupdriver=systemd"
    ]
}

service的nodeport端口无法访问

# 查看kube-proxy 启动模式
kubectl get cm kube-proxy -n kube-system -o yaml | grep mode
# 如果为 iptables 模式
# 看看service对应的iptables规则是否生效 ks-console 为 service的名称
iptables-save |grep ks-console 
## 输出结果为空,表示service没有正确生效

# 如果为 ipvs 模式 ,可以使用如下命令查看负载规则,如果为空的,表示有问题
ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.233.0.1:443 rr
  -> 10.191.9.145:6443            Masq    1      4          0
TCP  10.233.0.3:53 rr
  -> 10.233.87.1:53               Masq    1      0          0
  -> 10.233.104.1:53              Masq    1      0          0
TCP  10.233.0.3:9153 rr
  -> 10.233.87.1:9153             Masq    1      0          0
  -> 10.233.104.1:9153            Masq    1      0          0
UDP  10.233.0.3:53 rr
  -> 10.233.87.1:53               Masq    1      0          0
  -> 10.233.104.1:53              Masq    1      0          0

kube-proxy 安装失败

# 找到kube-proxy的Pod
kubectl get pods -A |grep kube-proxy

# 查看proxy的启动日志
kubectl logs kube-proxy-5lql9 -n kube-system
## 下面日志可以看出来使用的是 IPVS 模式, 
I1029 11:46:04.120985       1 node.go:172] Successfully retrieved node IP: 10.191.9.18
I1029 11:46:04.121536       1 server_others.go:140] Detected node IP 10.191.9.18
I1029 11:46:04.293286       1 server_others.go:206] kube-proxy running in dual-stack mode, IPv4-primary
I1029 11:46:04.293395       1 server_others.go:274] Using ipvs Proxier.
I1029 11:46:04.293415       1 server_others.go:276] creating dualStackProxier for ipvs.
W1029 11:46:04.293669       1 server_others.go:495] detect-local-mode set to ClusterCIDR, but no IPv6 cluster CIDR defined, , defaulting to no-op detect-local for IPv6
## 下面这一行可以看出来,内核版本过低,无法需要升级到最低 4.1版本
E1029 11:46:04.294302       1 proxier.go:390] can't set sysctl net/ipv4/vs/conn_reuse_mode, kernel version must be at least 4.1
W1029 11:46:04.294924       1 proxier.go:449] IPVS scheduler not specified, use rr by default
E1029 11:46:04.295269       1 proxier.go:390] can't set sysctl net/ipv4/vs/conn_reuse_mode, kernel version must be at least 4.1
W1029 11:46:04.295573       1 proxier.go:449] IPVS scheduler not specified, use rr by default

kube-proxy使用ipvs模式需要ipvsadm支持

# 错误日志
W1030 00:57:26.101775       1 server_others.go:495] detect-local-mode set to ClusterCIDR, but no IPv6 cluster CIDR defined, , defaulting to no-op detect-local for IPv6

#所有节点 安装依赖   建议重启下集群所有节点,否则iptables规则不会更新。
yum install -y ipvsadm

kubectl get pod -A |grep kube-proxy |awk '{print $2}'

添加命令自动补全

yum -y install bash-completion && \
echo 'source <(kubectl completion bash)' >>~/.bashrc  && \
kubectl completion bash >/etc/bash_completion.d/kubectl && \
source /etc/profile

验证集群

检查所有pod是否是running状态

kubectl get pod -A

检查kube-proxy启动日志

kubectl -n kube-system logs kube-proxy-kw6dh -f
# 一般没有E开头的就表示正常
I1101 07:14:31.834660       1 node.go:172] Successfully retrieved node IP: 10.191.9.135
I1101 07:14:31.834935       1 server_others.go:140] Detected node IP 10.191.9.135
I1101 07:14:31.913553       1 server_others.go:206] kube-proxy running in dual-stack mode, IPv4-primary
I1101 07:14:31.913703       1 server_others.go:274] Using ipvs Proxier.
I1101 07:14:31.913780       1 server_others.go:276] creating dualStackProxier for ipvs.
W1101 07:14:31.913960       1 server_others.go:495] detect-local-mode set to ClusterCIDR, but no IPv6 cluster CIDR defined, , defaulting to no-op detect-local for IPv6
W1101 07:14:31.915501       1 proxier.go:449] IPVS scheduler not specified, use rr by default
W1101 07:14:31.916538       1 proxier.go:449] IPVS scheduler not specified, use rr by default
W1101 07:14:31.916637       1 ipset.go:113] ipset name truncated; [KUBE-6-LOAD-BALANCER-SOURCE-CIDR] -> [KUBE-6-LOAD-BALANCER-SOURCE-CID]
W1101 07:14:31.916664       1 ipset.go:113] ipset name truncated; [KUBE-6-NODE-PORT-LOCAL-SCTP-HASH] -> [KUBE-6-NODE-PORT-LOCAL-SCTP-HAS]
I1101 07:14:31.917043       1 server.go:647] Version: v1.21.14
I1101 07:14:31.939266       1 conntrack.go:100] Set sysctl 'net/netfilter/nf_conntrack_max' to 262144
I1101 07:14:31.939467       1 conntrack.go:52] Setting nf_conntrack_max to 262144
I1101 07:14:31.940395       1 conntrack.go:83] Setting conntrack hashsize to 65536
I1101 07:14:31.946238       1 conntrack.go:100] Set sysctl 'net/netfilter/nf_conntrack_tcp_timeout_established' to 86400
I1101 07:14:31.946562       1 conntrack.go:100] Set sysctl 'net/netfilter/nf_conntrack_tcp_timeout_close_wait' to 3600
I1101 07:14:31.947077       1 config.go:315] Starting service config controller
I1101 07:14:31.947140       1 shared_informer.go:240] Waiting for caches to sync for service config
I1101 07:14:31.947413       1 config.go:224] Starting endpoint slice config controller
I1101 07:14:31.947439       1 shared_informer.go:240] Waiting for caches to sync for endpoint slice config
W1101 07:14:31.953614       1 warnings.go:70] discovery.k8s.io/v1beta1 EndpointSlice is deprecated in v1.21+, unavailable in v1.25+; use discovery.k8s.io/v1 EndpointSlice
W1101 07:14:31.958174       1 warnings.go:70] discovery.k8s.io/v1beta1 EndpointSlice is deprecated in v1.21+, unavailable in v1.25+; use discovery.k8s.io/v1 EndpointSlice
I1101 07:14:32.047653       1 shared_informer.go:247] Caches are synced for endpoint slice config
I1101 07:14:32.047756       1 shared_informer.go:247] Caches are synced for service config

安装一个nginx服务

配置文件

apiVersion: v1
kind: Namespace
metadata:
  name: nginx-namespace
---
apiVersion: v1
kind: Pod
metadata:
  namespace: nginx-namespace
  name: nginx-pod-1		##pod名称
  labels:
    app: nginx    ###写上这个pod的标签,方便svc连接
spec:
  containers:
  - name: nginx-stable-pod-1	##pod容器名称
    image: nginx:stable		###镜像
    imagePullPolicy: IfNotPresent			###镜像拉取策略
    ports:
    - containerPort: 80			###容器端口
---
apiVersion: v1
kind: Pod
metadata:
  namespace: nginx-namespace
  name: nginx-pod		##pod名称
  labels:
    app: nginx    ###写上这个pod的标签,方便svc连接
spec:
  containers:
  - name: nginx-stable-pod	##pod容器名称
    image: nginx:stable		###镜像
    imagePullPolicy: IfNotPresent			###镜像拉取策略
    ports:
    - containerPort: 80			###容器端口
---
apiVersion: v1
kind: Service
metadata:
  namespace: nginx-namespace
  name: nginx-service
spec:
  selector:
    app: nginx			###关联容器标签
  ports:
  - port: 80    		###容器端口
    targetPort: 80
    nodePort: 30002		 ###nodeport映射为30002端口,便于外部主机访问
  type: NodePort		 ###svc类型为nodeport

安装和验证

kubectl apply -f nginx-service.yaml 
# 查看容器是否正常启动
kubectl -n nginx-namespace get pod
#  ip为任意节点的宿主机IP
curl 10.191.9.21:30002
posted @ 2024-11-05 14:05  菜阿  阅读(54)  评论(0编辑  收藏  举报