折腾树莓派k8s
树莓派4b
折腾树莓派k8s
我的环境
硬件:3个树莓派4b,32g内存卡,一个交换机
软件:centos8
给树莓派安装系统
安装centos8系统,centos7找不到docke-ce armv7l的镜像了
参考:
树莓派4B安装Centos7.9
树莓派4B的centos7.9配置优化
安装docker
这一步,如果是centos7,不管用阿里云还是清华的镜像源,都找不到armv7l或是armhf的docker-ce,因此执行yum install docker-ce时会报错404。找了半天我也放弃了,直接换centos8(也不知道后面有没有别的坑,至少先别死在这)
另外,安装docker时,要注意是什么架构,用arch命令可以查看
参考:
树莓派4B安装docker
安装k8s
1、修改内核配置
2、关闭swap
3、添加阿里云的k8s镜像源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
4、安装
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet
参考
阿里云Kubernetes镜像 (参考这里完成的下载安装)
初始化master
3台树莓派,1个做master,2个做node
先操作master节点,初始化
创建初始化配置文件,可以使用如下命令生成初始化配置文件
kubeadm config print init-defaults > kubeadm-config.yaml
再编辑配置文件kubeadm-config.yaml:vi kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.0.115
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: pi4-master
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.25.0
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"
serviceSubnet: 10.96.0.0/12
scheduler: {}
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs
编辑文件参考官网:结合一份配置文件来使用 kubeadm init
加入集群
[root@pi4-master k8s]# kubeadm token create --print-join-command
W1113 23:18:12.966639 45329 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 1**.1*.0.0:6443 --token ilmsos.g7fs8h89gh2ahf1 --discovery-token-ca-cert-hash sha256:crhf178yfbe6g7fu991884y189
过程报错&解决
kubeadm init时报错
[ERROR CRI]: container runtime is not running
解决:
[root@master:~] rm -rf /etc/containerd/config.toml
[root@master:~] systemctl restart containerd
[ERROR SystemVerification]: missing required cgroups: memory
解决1:关闭swap分区(does work for me)
1、第一步 关闭swap分区:
swapoff -a
第二步修改配置文件 - /etc/fstab
删除swap相关行 /mnt/swap swap swap defaults 0 0 这一行或者注释掉这一行
第三步确认swap已经关闭
free -m
若swap行都显示 0 则表示关闭成功
第四步调整 swappiness 参数
vim /etc/sysctl.conf # 永久生效
#修改 vm.swappiness 的修改为 0
vm.swappiness=0
最后:sysctl -p # 使配置生效
解决2:
编辑/boot/cmdline.txt(推荐)
添加cgroup_enable=memory cgroup_memory=1参数
console=serial0,115200 console=tty1 root=PARTUUID=0a27722f-02 rootfstype=ext4 fsck.repair=yes rootwait cgroup_enable=memory cgroup_memeory=1
注意:如果在/boot下没有cmdline.txt文件则自己创建,复制上面的内容,但是PARTUUID的值要根据blkid命令查到的值做修改;
编辑完保存之后,需要reboot重启树莓派;
ERROR FileContent–proc-sys-net-bridge-bridge-nf-call-iptables
报错:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
解决:(官网文档有这一步)
通过运行 lsmod | grep br_netfilter 来验证 br_netfilter 模块是否已加载。
若要显式加载此模块,请运行 sudo modprobe br_netfilter。
为了让 Linux 节点的 iptables 能够正确查看桥接流量,请确认 sysctl 配置中的 net.bridge.bridge-nf-call-iptables 设置为 1。
例如:
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOFsudo modprobe overlay
sudo modprobe br_netfilter#设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF#应用 sysctl 参数而不重新启动
sudo sysctl --system
[ERROR IMAGEPULL]: FAILED TO PULL IMAGE K8S.GCR.IO/KUBE-APISERVER
拉不到镜像,这是因为要下载k8s.gcr.io的docker镜像,但是国内连不上
解决:
从别的仓库一个一个拉取再改名
参考:https://www.freesion.com/article/20831079183/
在dockerhub上找镜像,写个脚本下载后改名
1、查看需要哪些镜像
kubeadm config images list
2、查看本地有没有
docker image
3、去dockerhub找,官方的、活跃的、
4、修改脚本
set -o errexit
set -o nounset
set -o pipefail
##这里定义版本
KUBE_VERSION=v1.25.2
KUBE_PAUSE_VERSION=3.8
ETCD_VERSION=3.5.4-0
DNS_VERSION=1.9.3
GCR_URL=registry.k8s.io
##这里就是写你要使用的仓库
DOCKERHUB_URL=dyrnq
##这里是镜像列表
images=(
kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${DNS_VERSION}
)
##这里是拉取和改名的循环语句
for imageName in ${images[@]} ; do
docker pull $DOCKERHUB_URL/$imageName
docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName
docker rmi $DOCKERHUB_URL/$imageName
done
未完待续
kubeadm init 仍然报错
1、pull不到镜像,试了单独pull下来改名,但init时仍会报错
2、把node的镜像拉取策略改为never,继续init
3、报错:
Unfortunately, an error has occurred:
timed out waiting for the condition
This error is likely caused by:
- The kubelet is not running
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)
If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
- 'systemctl status kubelet'
- 'journalctl -xeu kubelet'
查看 ‘journalctl -xeu kubelet’
[root@pi4-master system]# journalctl -xeu kubelet
10月 11 01:27:13 pi4-master kubelet[4699]: E1011 01:27:13.875235 4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:13 pi4-master kubelet[4699]: E1011 01:27:13.922222 4699 certificate_manager.go:471] kubernetes.io/kube-apiserver-client-kubelet: Failed while requesting a signed certificate from the control plane: cannot create certificate signing request: Post "https://192.16>10月 11 01:27:13 pi4-master kubelet[4699]: E1011 01:27:13.975310 4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.076021 4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.176779 4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.247226 4699 kubelet.go:2373] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.277449 4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.378056 4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.478632 4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.579092 4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: W1011 01:27:14.640342 4699 reflector.go:424] vendor/k8s.io/client-go/informers/factory.go:134: failed to list *v1.Node: Get "https://192.168.0.115:6443/api/v1/nodes?fieldSelector=metadata.name%3Dpi4-master&limit=500&resourceVersion=>10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.640489 4699 reflector.go:140] vendor/k8s.io/client-go/informers/factory.go:134: Failed to watch *v1.Node: failed to list *v1.Node: Get "https://192.168.0.115:6443/api/v1/nodes?fieldSelector=metadata.name%3Dpi4-master&>10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.679360 4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
更多推荐
所有评论(0)