Kubernetes集群安装
安装
安装前的准备工作
-
修改hostname,因为kubernetes使用hostname来区分集群
-
使用docker作为容器运行时,kubernetes支持多种容器运行时,使用docker比较方便。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sudo systemctl enable docker
sudo systemctl daemon-reload
sudo systemctl restart docker
|
-
修改iptables的配置,启用"br_netfilter"
1
2
3
4
5
6
7
8
9
10
11
|
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1 # better than modify /etc/sysctl.conf
EOF
sudo sysctl --system
|
-
修改 /etc/fstab,关闭Linux Swap分区,提升kubernetes的性能
1
2
|
sudo swapoff -a
sudo sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab
|
安装kubeadm
以ubuntu系统为例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
sudo apt install -y apt-transport-https ca-certificates curl
#新的版本中这个已经是过时的了
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
#新的版本仅以使用这个
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt update
#安装指定的版本,也可以不指定,默认安装最新版
sudo apt install -y kubeadm=1.27.3-00 kubelet=1.27.3-00 kubectl=1.27.3-00
#最好锁定版本
sudo apt-mark hold kubeadm kubelet kubectl
#使用如下的命令验证安装情况
kubeadm version
kubectl version --client
|
下载 Kubernetes 组件镜像
从Google下载镜像需要魔法,可以使用国内的镜像站,这个使用感觉比较麻烦
1
2
3
4
5
6
7
8
9
10
11
12
|
repo=registry.aliyuncs.com/google_containers
for name in `kubeadm config images list --kubernetes-version v1.27.3`; do
src_name=${name#k8s.gcr.io/}
src_name=${src_name#coredns/}
docker pull $repo/$src_name
docker tag $repo/$src_name $name
docker rmi $repo/$src_name
done
|
也可以使用梯子
1
2
3
4
5
6
7
8
9
|
sudo systemctl set-environment HTTP_PROXY=127.0.0.1:1080
sudo systemctl set-environment HTTPS_PROXY=127.0.0.1:1080
# 注意,如果设置了proxy,一定要把本机的ip的地址中加入到NO_PROXY
sudo systemctl set-environment NO_PROXY=127.0.0.1,localhost,master,192.168.31.159
sudo systemctl show-environment #查看已经配置的环境变量
sudo systemctl restart containerd.service
sudo kubeadm config images pull
|
安装master节点
1
|
kubeadm init --apiserver-advertise-address=192.168.31.159 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.27.3 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
|
遇到的问题
container runtime is not running:
需要修改 /etc/containerd/config.toml 配置文件,查看 cri 插件是否被禁用
6443端口没有监听,是因为用的containerd作为容器运行时,这个需要单独配置
默认kubeadm使用的是systemd作为驱动,所以containerd也要配置Systemd。
1
2
3
4
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
|
注意,如果是发行版自带的containerd,可能默认的配置文件,不是这样的,可以使用containerd config default > /etc/containerd/config.toml
获取默认的配置文件,然后再做修改
安装成功会有如下的提示,根据提示操作即可
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
#Your Kubernetes control-plane has initialized successfully!
#To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
#You should now deploy a pod network to the cluster.
#Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
# https://kubernetes.io/docs/concepts/cluster-administration/addons/
#Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.31.159:6443 --token e9uygt.cl9w56si9xje59tt \
--discovery-token-ca-cert-hash sha256:1852654cb71afc09f5c7ff1895e10a79bc283255d160ffaae21e53c5736c7316
|
tips
查看日志 journalctl -xe -f /usr/bin/kubelet
运行 kubeadm reset 之后要删除 $HOME/.kube目录
安装网络组件
1
|
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
|