Kubernetes集群安装

安装

安装前的准备工作

  1. 修改hostname,因为kubernetes使用hostname来区分集群

    1

    sudo vim /etc/hostname

  2. 使用docker作为容器运行时,kubernetes支持多种容器运行时,使用docker比较方便。

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

    cat <<EOF | sudo tee /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF

sudo systemctl enable docker
sudo systemctl daemon-reload
sudo systemctl restart docker

  3. 修改iptables的配置,启用"br_netfilter"

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

    cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1 # better than modify /etc/sysctl.conf
EOF

sudo sysctl --system

  4. 修改 /etc/fstab,关闭Linux Swap分区,提升kubernetes的性能

    1
2

    sudo swapoff -a
sudo sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab

安装kubeadm

以ubuntu系统为例

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

sudo apt install -y apt-transport-https ca-certificates curl

#新的版本中这个已经是过时的了
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
#新的版本仅以使用这个
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt update
#安装指定的版本,也可以不指定,默认安装最新版
sudo apt install -y kubeadm=1.27.3-00 kubelet=1.27.3-00 kubectl=1.27.3-00
#最好锁定版本
sudo apt-mark hold kubeadm kubelet kubectl

#使用如下的命令验证安装情况
kubeadm version
kubectl version --client

下载 Kubernetes 组件镜像

从Google下载镜像需要魔法,可以使用国内的镜像站,这个使用感觉比较麻烦

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

repo=registry.aliyuncs.com/google_containers

for name in `kubeadm config images list --kubernetes-version v1.27.3`; do

    src_name=${name#k8s.gcr.io/}
    src_name=${src_name#coredns/}

    docker pull $repo/$src_name

    docker tag $repo/$src_name $name
    docker rmi $repo/$src_name
done

也可以使用梯子

1
2
3
4
5
6
7
8
9

sudo systemctl set-environment HTTP_PROXY=127.0.0.1:1080
sudo systemctl set-environment HTTPS_PROXY=127.0.0.1:1080
# 注意,如果设置了proxy,一定要把本机的ip的地址中加入到NO_PROXY
sudo systemctl set-environment NO_PROXY=127.0.0.1,localhost,master,192.168.31.159
sudo systemctl show-environment #查看已经配置的环境变量
sudo systemctl restart containerd.service
sudo kubeadm config images pull

安装master节点

1

kubeadm init  --apiserver-advertise-address=192.168.31.159  --image-repository registry.aliyuncs.com/google_containers  --kubernetes-version v1.27.3  --service-cidr=10.96.0.0/12  --pod-network-cidr=10.244.0.0/16

image-20230711231513323

遇到的问题

container runtime is not running:

需要修改 /etc/containerd/config.toml 配置文件,查看 cri 插件是否被禁用

6443端口没有监听,是因为用的containerd作为容器运行时,这个需要单独配置

默认kubeadm使用的是systemd作为驱动,所以containerd也要配置Systemd。

1
2
3
4

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
 SystemdCgroup = true

注意,如果是发行版自带的containerd,可能默认的配置文件,不是这样的,可以使用containerd config default > /etc/containerd/config.toml获取默认的配置文件,然后再做修改

安装成功会有如下的提示,根据提示操作即可

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

#Your Kubernetes control-plane has initialized successfully!

#To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

#Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

#You should now deploy a pod network to the cluster.
#Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
#  https://kubernetes.io/docs/concepts/cluster-administration/addons/

#Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.31.159:6443 --token e9uygt.cl9w56si9xje59tt \
	--discovery-token-ca-cert-hash sha256:1852654cb71afc09f5c7ff1895e10a79bc283255d160ffaae21e53c5736c7316

tips

查看日志 journalctl -xe -f /usr/bin/kubelet

运行 kubeadm reset 之后要删除 $HOME/.kube目录

安装网络组件

1

kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml