Ubuntu22.04 安装k8s集群 v1.27
ubuntu22.04安装k8s v1.27
·
目录
3. 所有节点安装kubeadm、kubelet 和 kubectl
3-2. 安装kubeadm、kubectl、kubelet
9-1. 问题1:k8s cni plugin not initialized
9-2. 问题2:安装flannel插件后,flannel的pod无法正常运行,使用kubectl describe 命令查看该pod发现是docker镜像拉取错误
1. 准备工作
- 本文使用ubuntu22.04虚拟机安装k8s集群,一个master节点,一个node节点
- 设置hostname
hostnamectl set-hostname master1 && bash
hostnamectl set-hostname node1 && bash-
ip写入hosts文件,配置ssh免密登录
# 在 /etc/hosts 中写入
192.168.247.130 master1
192.168.247.131 node1
# 若没有安装ssh,需要先安装并设置好ssh
sudo apt install openssh-server
sudo systemctl start ssh
sudo systemctl enable ssh
# 配置免密登录
ssh-keygen -t rsa
ssh-copy-id -i .ssh/id_rsa.pub master1
ssh-copy-id -i .ssh/id_rsa.pub edge1- 参考博客Ubuntu 22.04下Docker安装(最全指引)安装docker
- 注意修改为阿里云的GPG Key和阿里云的源
#添加阿里云 GPG key
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
#添加软件源
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null2. 所有节点安装kubectl、容器运行时
2-1. kubectl
- 下载kubectl发行版本和校验和文件,并进行检验
wget https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl
wget https://dl.k8s.io/v1.27.0/bin/linux/amd64/kubectl.sha256
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
#验证结果
kubectl: OK
- 安装kubectl,并测试
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client
#结果
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.0", GitCommit:"1b4df30b3cdfeaba6024e81e559a6cd09a089d65", GitTreeState:"clean", BuildDate:"2023-04-11T17:10:18Z", GoVersion:"go1.20.3", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v5.0.1
2-2. 容器运行时
-
默认情况下,Linux 内核不允许 IPv4 数据包在接口之间路由,需启用 IPv4 数据包转发
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用 sysctl 参数而不重新启动
sudo sysctl --system
-
运行以下指令确定模块被加载
lsmod | grep br_netfilter
lsmod | grep overlay
#结果
lsmod | grep overlay
br_netfilter 32768 0
bridge 413696 1 br_netfilter
overlay 196608 0
-
运行以下指令确认系统变量在配置中被设置为1
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
#结果
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
- 安装容器运行时,参考博客Ubuntu安装kubernetes1.24集群(使用containerd)中3.1部分
#安装containerd,v1.6.32
wget -c https://github.com/containerd/containerd/releases/download/v1.6.32/containerd-1.6.32-linux-amd64.tar.gz
tar -xzvf containerd-1.6.32-linux-amd64.tar.gz
#解压出来一个bin目录,containerd可执行文件都在bin目录里面
sudo mv bin/* /usr/local/bin/
#使用systemcd来管理containerd
wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
sudo mv containerd.service /usr/lib/systemd/system/
systemctl daemon-reload && systemctl enable --now containerd
systemctl status containerd
#安装runc
#runc是容器运行时,runc实现了容器的init,run,create,ps...我们在运行容器所需要的cmd:
curl -LO https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64 && \
sudo install -m 755 runc.amd64 /usr/local/sbin/runc
#安装 CNI plugins
wget -c https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
#根据官网的安装步骤来,创建一个目录用于存放cni插件
sudo mkdir -p /opt/cni/bin
sudo tar -xzvf cni-plugins-linux-amd64-v1.2.0.tgz -C /opt/cni/bin/
#修改containerd的配置,因为containerd默认从k8s官网拉取镜像
#创建一个目录用于存放containerd的配置文件
mkdir -p /etc/containerd
#把containerd配置导出到文件
containerd config default | sudo tee /etc/containerd/config.toml
#修改配置文件
vim /etc/containerd/config.toml
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9" #搜索sandbox_image,把原来的k8s.gcr.io/pause:3.6改为"registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6"
SystemdCgroup = true #搜索SystemdCgroup,把这个false改为true
#创建镜像加速的目录
sudo mkdir /etc/containerd/certs.d/docker.io -pv
#配置加速
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.m.daocloud.io"
[host."https://b9pmyelo.mirror.aliyuncs.com"]
capabilities = ["pull", "resolve"]
EOF
#加载containerd的内核模块
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
#重启containerd
systemctl restart containerd
systemctl status containerd3. 所有节点安装kubeadm、kubelet 和 kubectl
3-1. 开始
- 准备工作:
- 禁用分区
sudo swapoff -a
#永久禁用
- 所有节点加载以下内核模块
sudo tee /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter-
为k8s设置以下内核参数
sudo tee /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF- 重新加载上述修改
sudo sysctl --system-
更新
apt包索引并安装使用 Kubernetesapt仓库所需要的
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl-
下载 Google Cloud 公开签名秘钥:
-
若报错,参考博客《安装kubelet、kubeadm、kubectl》解决
-
sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
#或者用下面命令
sudo wget https://packages.cloud.google.com/apt/doc/apt-key.gpg
sudo cp apt-key.gpg /etc/apt/keyrings/kubernetes-archive-keyring.gpg-
添加 Kubernetes
apt仓库
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list3-2. 安装kubeadm、kubectl、kubelet
- 执行下面命令
#修改镜像地址
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
#更新包,安装软件并固定版本
sudo apt-get update
sudo apt-get install -y kubelet=1.27.1-00 kubeadm=1.27.1-00 kubectl=1.27.1-00
sudo apt-mark hold kubeadm kubectl- 报错如下:
- 解决 :
#填写上面报错提示的公匙,每个人的不一样
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B53DC80D13EDEF05
-
再执行一次安装命令,更新
apt包索引,安装 kubelet、kubeadm 和 kubectl,并锁定其版本:
sudo apt-get update
sudo apt-get install -y kubelet=1.27.1-00 kubeadm=1.27.1-00 kubectl=1.27.1-00
sudo apt-mark hold kubelet kubeadm kubectl- 网络设置
sudo mv /etc/containerd/config.toml /etc/containerd/config.toml.bak
# 生成 containerd 的默认配置文件
containerd config default > /etc/containerd/config.toml
## 若提示权限不够,用下面命令
containerd config default | sudo tee /etc/containerd/config.toml > /dev/null
# 设置systemdCgroup
sudo sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
# 统一换源操作
# pause是3.9,执行下面命令进文件检查一遍!
sudo sed -i "s#registry.k8s.io/pause:3.6#registry.aliyuncs.com/google_containers/pause:3.9#g" /etc/containerd/config.toml
# 重新加载配置文件
systemctl daemon-reload
# 重启所有有关6443端口的服务
systemctl restart containerd.service
systemctl restart docker
systemctl restart kubelet
4. master节点初始化k8s集群
- 可以直接使用init命令进行初始化,这里通过配置文件方式初始化k8s集群
- 配置文件主要修改master节点ip,当前节点名字,换源,版本号,添加子网,设置SystemdGroup驱动
#生成默认配置文件
kubeadm config print init-defaults > kubeadm.yaml
#修改配置文件如下:
#修改kubeadm.yaml文件
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.247.130 # master节点ip
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: master1 # 可选修改当前节点名字
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 换源
kind: ClusterConfiguration
kubernetesVersion: 1.27.1 # 修改自己安装的版本号,kubelet --version可以查看
networking:
podSubnet: 10.244.0.0/16 # 添加子网
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
# 添加驱动:使用systemd作为cgroup驱动。前文关于这个驱动有讲过了。
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
- 初始化集群
sudo kubeadm init --config kubeadm.yaml --v=6
-
如果执行初始化指令报错了一次,请执行reset指令重新再来否则会提示k8s所需的配置文件已经存在无法初始化
# 每一次初始化失败了都要执行!
# --cert-dir string 删除证书的参数建议加上
sudo kubeadm reset --cert-dir string- 初始化集群结果
5. 其他节点加入集群
- 运行下面命令
#节点加入集群,根据k8s init命令加入
kubeadm join 192.168.247.130:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:d974ba4b544e5372f92e5a672a623aeb64cbbd74414573fb283e00a8c6be12e2
#master节点检查节点是否加入成功
kubectl get nodes6. 安装pod网络插件
- 这里安装flannel插件,新建yml文件,需要修改docker源,在/etc/cni/net.d/下添加文件
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#将文件的docker.io镜像修改为docker.m.daocloud.io镜像,例如
image: docker.m.daocloud.io/flannel/flannel:v0.25.4
kubectl apply -f kube-flannel.yml
-
root账号下,写入下面文件
sudo su
# root账号下,在/etc/cni/net.d/ 写入文件
cat <<EOL > /etc/cni/net.d/10-flannel.conflist
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
EOL
#重启服务
sudo systemctl restart containerd
sudo systemctl restart kubelet7. 安装完成,查看状态
- 以下命令查看集群状态
kubectl get cs
kubectl get nodes
kubectl get pods -A8. 安装dashboard
- 下载文件并编辑
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
#默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部:
vim recommended.yaml
...
kind: Service # 找到Servuce
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001 # 暴露到外网链接的30001端口
type: NodePort # 添加类NodePort类型
selector:
k8s-app: kubernetes-dashboard
#部署
kubectl apply -f recommended.yaml- 验证是否部署成功
kubectl get svc,pods -n kubernetes-dashboard- 查看代理是否正确安装部署,以及启动代理
kubectl cluster-info
#启动代理
kubectl proxy-
远程测试与本地测试
-
这里登陆进去后需要输入token,参考后面生成token方式
-
#远程测试
https://<宿主机ip>:30001
#本地测试
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
-
远程登陆界面获取token
-
创建dashboard-adminuser.yaml
-
# 创建名称为first.admin-userkubernetes-dashboard的服务帐户
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
# 创建集群角色绑定
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
# 还可以创建一个带有secret的令牌,该令牌绑定了服务帐户,令牌将长期保存在secret中,使用命令即可获取token:
---
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
-
执行创建账号命令,创建密匙并获取token
kubectl apply -f ./dashboard-adminuser.yaml
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d9. 问题及解决
9-1. 问题1:k8s cni plugin not initialized
# 先删除flannel插件,根据前面安装的flannel方式删除
kubectl delete -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl delete -f kube-flannel.yml
# 在node节点清理flannel网络留下的文件
ifconfig cni0 down
ip link delete cni0
ifconfig flannel.1 down
ip link delete flannel.1
rm -rf /var/lib/cni/
rm -f /etc/cni/net.d/*
# 重启kubelet
# root账号下,在/etc/cni/net.d/ 写入文件
cat <<EOL > /etc/cni/net.d/10-flannel.conflist
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
EOL
# 重启kubelet、containerd服务9-2. 问题2:安装flannel插件后,flannel的pod无法正常运行,使用kubectl describe 命令查看该pod发现是docker镜像拉取错误
-
问题2:安装flannel插件后,flannel的pod无法正常运行,使用kubectl describe 命令查看该pod发现是docker镜像拉取错误
-
解决:yml文件里面的docker镜像换源,具体为:
-
# 所有的docker.io镜像都需要更换,具体为:
134 initContainers:
135 - name: install-cni-plugin
136 image: docker.m.daocloud.io/flannel/flannel-cni-plugin:v1.4.1-flannel1
137 command:
138 - cp
139 args:
140 - -f
141 - /flannel
142 - /opt/cni/bin/flannel
143 volumeMounts:
144 - name: cni-plugin
145 mountPath: /opt/cni/bin
146 - name: install-cni
147 image: docker.m.daocloud.io/flannel/flannel:v0.25.4
148 command:
149 - cp
150 args:
151 - -f
152 - /etc/kube-flannel/cni-conf.json
153 - /etc/cni/net.d/10-flannel.conflist
154 volumeMounts:
155 - name: cni
156 mountPath: /etc/cni/net.d
157 - name: flannel-cfg
158 mountPath: /etc/kube-flannel/
159 containers:
160 - name: kube-flannel
161 image: docker.m.daocloud.io/flannel/flannel:v0.25.4
162 command:
163 - /opt/bin/flanneld
9-3. 问题3:启动pod容器后,拉取镜像失败
- 问题3:启动pod容器后,拉取镜像失败
-
解决:将该容器的配置导出为yaml文件,修改文件的镜像,再重新应用
-
#导出yaml文件
kubectl get pod dashboard-metrics-scraper-5cb4f4bb9c-zm89p -n kubernetes-dashboard -o yaml > ./k8sdashboard.yaml
#修改yaml文件的镜像
```
spec:
containers:
- args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
image: docker.m.daocloud.io/kubernetesui/dashboard:v2.7.0
```
#重新运用
kubectl apply -f ./k8sdashboard.yaml 10. 参考
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
15
0- 0
已为社区贡献2条内容
所有评论(0)