Debian10搭建k8s集群
Debian10搭建k8s集群
一、系统环境
执行以下命令查看系统环境
cat /etc/os-release
注意:k8s集群master节点cpu核心数最低要求两个
二、配置源
2.1 配置系统源
编辑/etc/apt/sources.list文件(非root用户请加sudo), 在文件最前面添加以下条目(操作前请做好相应备份)
其他Debian 版本参考(https://developer.aliyun.com/mirror/debian)
deb https://mirrors.aliyun.com/debian/ buster main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ buster main non-free contrib
deb https://mirrors.aliyun.com/debian-security buster/updates main
deb-src https://mirrors.aliyun.com/debian-security buster/updates main
deb https://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb https://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
替换之后 更新一下
apt update
2.2 添加docker源
写入docker 源
Sources_URL='https://mirrors.aliyun.com';echo -e "# deb-src [arch=amd64] ${Sources_URL}/docker-ce/linux/debian buster stable\ndeb [arch=amd64] ${Sources_URL}/docker-ce/linux/debian buster stable\n# deb-src [arch=amd64] ${Sources_URL}/docker-ce/linux/debian buster stable" > /etc/apt/sources.list.d/docker.list
查看参数配置
cat /etc/apt/sources.list.d/docker.list #查看源配置参数
输出以下结果
root@debian-master:/etc/apt# cat /etc/apt/sources.list.d/docker.list #查看源配置参数
# deb-src [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/debian buster stable
deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/debian buster stable
# deb-src [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/debian buster stable
更新源列表
apt update
安装相关工具
apt-get install apt-transport-https ca-certificates curl gnupg2 lsb-release software-properties-common -y
添加docker源
Sources_URL='https://mirrors.aliyun.com'
curl ${Sources_URL}/kubernetes/apt/doc/apt-key.gpg | apt-key add -
这个时候apt update会提示没有公钥
命中:1 https://mirrors.aliyun.com/debian buster InRelease
命中:2 https://mirrors.aliyun.com/debian-security buster/updates InRelease
命中:3 https://mirrors.aliyun.com/debian buster-updates InRelease
命中:4 https://mirrors.aliyun.com/debian buster-backports InRelease
获取:5 https://mirrors.aliyun.com/docker-ce/linux/debian buster InRelease [54.0 kB]
获取:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [9,383 B]
错误:5 https://mirrors.aliyun.com/docker-ce/linux/debian buster InRelease
由于没有公钥,无法验证下列签名: NO_PUBKEY 7EA0A9C3F273FCD8
忽略:7 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
获取:7 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages [60.1 kB]
正在读取软件包列表... 完成
W: GPG 错误:https://mirrors.aliyun.com/docker-ce/linux/debian buster InRelease: 由于没有公钥,无法验证下列签名: NO_PUBKEY 7EA0A9C3F273FCD8
E: 仓库 “https://mirrors.aliyun.com/docker-ce/linux/debian buster InRelease” 没有数字签名。
N: 无法安全地用该源进行更新,所以默认禁用该源。
N: 参见 apt-secure(8) 手册以了解仓库创建和用户配置方面的细节。
记录 W: GPG 错误:https://mirrors.aliyun.com/docker-ce/linux/debian buster InRelease: 由于没有公钥,无法验证下列签名: NO_PUBKEY 7EA0A9C3F273FCD8后面的“7EA0A9C3F273FCD8”,执行
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7EA0A9C3F273FCD8
再 apt update
2.3 配置k8s源
写入源
echo -e "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
更新源
apt update
三、系统环境配置
写入转发配置参数
echo -e "net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1" > /etc/sysctl.conf
应用转发配置 (如果sysctl命令找不见请参考第四章的错误二解决)
sysctl --system
主机名修改 (根据需要选择是否需要修改)
hostnamectl set-hostname debian-master
关闭swap
swapoff -a #临时关闭
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab #永久
修改/etc/hosts文件,添加
master的ip地址 cluster-endpoint
例如: 192.168.75.129 cluster-endpoint
四、服务安装
安装docker
1、查询docker版本
apt list docker-ce -a
2、选择与k8s对应版本下载本次以k8s版本为1.20.9为例,下载19.0.3版本docker
apt install docker-ce=5:19.03.7~3-0~debian-buster
安装1.20.9版本kubeadm、kubelet、kubectl (如果出现查不到软件包,请自行apt list xxx -a)选择版本
apt install kubeadm=1.20.9-00
apt install kubelet=1.20.9-00
apt install kubectl=1.20.9-00
下载k8s需要对应版本的镜像(主要是防止超时下载导致k8s初始化失败)
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.9
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.9
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.9
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.9
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0
docker pull coredns/coredns:1.7.0
之后将其tag
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.9 k8s.gcr.io/kube-apiserver:v1.20.9
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.9 k8s.gcr.io/kube-controller-manager:v1.20.9
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.9 k8s.gcr.io/kube-scheduler:v1.20.9
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.9 k8s.gcr.io/kube-proxy:v1.20.9
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 k8s.gcr.io/etcd:3.4.13-0
docker tag coredns/coredns:1.7.0 k8s.gcr.io/coredns:1.7.0
最后初始化 k8s集群 (注意下方命令将master的ip地址对应替换)
kubeadm init --apiserver-advertise-address=master的IP地址 --control-plane-endpoint=cluster-endpoint --kubernetes-version=1.20.9 --service-cidr=10.96.0.0/16 --pod-network-cidr=10.244.0.0/16
在kubeadm init后请到第五章查看注意,执行网络插件yaml
错误1:如果出现这个错误(k8s在1.24以上版本需要containerd,如果不出现请忽略)
[init] Using Kubernetes version: v1.20.9
[preflight] Running pre-flight checks
[WARNING SystemVerification]: missing optional cgroups: hugetlb
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR CRI]: container runtime is not running: output: E1014 14:08:52.620935 1343 remote_runtime.go:948] "Status from runtime service failed" err="rpc error: code = Unimplemented desc = unknown service runtime.v1alpha2.RuntimeService"
time="2022-10-14T14:08:52+08:00" level=fatal msg="getting status of runtime: rpc error: code = Unimplemented desc = unknown service runtime.v1alpha2.RuntimeService"
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
则执行
rm -rf /etc/containerd/config.toml
systemctl restart containerd
错误2: 如果出现以下错误
[ERROR FileExisting-conntrack]: conntrack not found in system path
[ERROR FileExisting-iptables]: iptables not found in system path
则添加一下环境变量。
root@debian:/home/user# cd ~
root@debian:~# vim .bashrc
在最后一行添加
export PATH=$PATH:/usr/sbin
最后刷新一下即可
root@debian:~# source ~/.bashrc
成功初始化集群后执行一下 (如果之前执行过kubeadm reset,需要手动删除$HOME/.kube后再执行以下命令)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
错误3:如果虚拟修改ip后就安装k8s 导致coredns这个pod起不来,可以尝试使用以下命令解决
systemctl stop kubelet
systemctl stop docker
iptables --flush
iptables -tnat --flush
systemctl start kubelet
systemctl start docker
错误4:提示xxxx端口号被使用,执行kubeadm reset 后根据提示信息删掉对应文件夹($HOME/.kube)
错误5:master节点默认不参与调度(没有其他节点参与集群,pod一直处于pending状态),如果需要master节点参数调度,可以执行以下命令
# 查看node
kubectl get nodes
# 查看污点
kubectl describe node k8s-master |grep Taints
Taints: node-role.kubernetes.io/master:NoSchedule
# 删除污点
kubectl taint nodes --all node-role.kubernetes.io/master-
五、网络插件
k8s集群启动后coredns的pod一直起不起来,需要配置网络插件,这里以k8s集群1.20.9版本为例加载calico插件。
注:网络插件的yaml建议在kubeadm init 后就立刻执行,避免其他莫名其妙错误
六、附录
附 busy-box的yaml,方便后面测试pod通信
apiVersion: apps/v1
kind: Deployment
metadata:
name: busy-box
spec:
replicas: 1
selector:
matchLabels:
app: busy-box
template:
metadata:
labels:
app: busy-box
spec:
containers:
- name: busy-box
image: busybox
command:
- /bin/sh
- -c
- sleep 3000
更多推荐
所有评论(0)