有参考
环境准备
- Ubuntu 20.04
- 预装 docker Docker 安装教程
- 检查本机内网 ip
ifconfig | grep inet | grep -v inet6
一般选择
10.x或者192.x
root@l1-kubernetes-master:~# ifconfig | grep inet | grep -v inet6
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet 10.0.4.10 netmask 255.255.252.0 broadcast 10.0.19.255
inet 127.0.0.1 netmask 255.0.0.0
配置 kubernates 镜像源
在 /etc/apt/sources.list 中 加入阿里云镜像源
# 系统安装源
deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
# kubeadm及kubernetes组件安装源
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
腾讯云服务器内网可以使用腾讯源
deb http://mirrors.tencentyun.com/kubernetes/apt/ kubernetes-xenial main
安装 k8s 密钥
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg |sudo apt-key add -
更新软件包 apt update .
Hit:1 http://mirrors.tencentyun.com/ubuntu focal InRelease
Hit:2 http://mirrors.tencentyun.com/ubuntu focal-security InRelease
Hit:3 http://mirrors.tencentyun.com/ubuntu focal-updates InRelease
Get:4 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [9,383 B]
Get:5 https://mirrors.ustc.edu.cn/docker-ce/linux/debian stretch InRelease [44.8 kB]
Ign:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
Get:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages [56.5 kB]
Fetched 101 kB in 1s (144 kB/s)
Reading package lists... Done
安装 kubeadm,kubectl,kubelet 1.19.16
安装 kubeadm,kubectl,kubelet 软件包 1.19.16 版本。 (master 节点 slave节点同时执行)
apt install kubeadm=1.19.16-00 kubelet=1.19.16-00 kubectl=1.19.16-00
kubernates 从 1.20 开始 docker 不作为默认运行时了,
使用 kubeadm 安装 Kubernetes 集群
在做好了准备工作之后,下面介绍如何使用 kubeadm 安装 Kubernetes 集群,我们将首先安装 master 节点,然后将 slave 节点一个个加入到集群中去。
因为使用要使用 canal,因此需要在初始化时加上网络配置参数,设置 kubernetes 的子网为 10.244.0.0/16,注意此处不要修改为其他地址,因为这个值与后续的 canal 的 yaml 值要一致,如果修改,请一并修改。
这个下载镜像的过程涉及翻墙,因为会从 gcr 的站点下载容器镜像。。。(如果大家翻墙不方便的话,可以用我在上文准备工作中提到的导出的镜像)。
因在中国大陆, 因此临时采用 aliyun mirror
kubeadm init --kubernetes-version 1.19.16 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.0.4.10 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers
master 节点 执行如下命令来配置 kubectl。
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
这样 master 的节点就配置好了,注意以下日志, slave 节点添加进来的时候需要
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.4.10:6443 --token 0mynwm.10bk3hdn34e9lgo \
--discovery-token-ca-cert-hash sha256:51a66dd07069658f42d33923ecee7059a3b35820128a3d5acfaa7d374a9b8494
并且可以使用 kubectl 来进行各种操作了,
绑定 master 主机本地环境变量
master节点
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
配置 网络插件 flannel
master节点
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
root@l2:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
root@l2:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
clusterrole.rbac.authorization.k8s.io/flannel configured
clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged
等到状态变为正常
root@l2:~# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6c76c8bb89-h825c 1/1 Running 0 5m1s
coredns-6c76c8bb89-zlzjg 1/1 Running 0 5m1s
etcd-l2 1/1 Running 0 5m12s
kube-apiserver-l2 1/1 Running 0 5m12s
kube-controller-manager-l2 1/1 Running 0 5m12s
kube-flannel-ds-qnpl5 1/1 Running 0 4m26s
kube-proxy-d7ffb 1/1 Running 0 5m1s
kube-scheduler-l2 1/1 Running 0 5m12s
根据上面的提示接着往下做,将 slave 节点加入到集群。
子节点加入
分别执行以下命令加入节点
kubeadm join 10.0.4.10:6443 --token 0mynwm.10bk3hdn34e9lgo \ --discovery-token-ca-cert-hash sha256:51a66dd07069658f42d33923ecee7059a3b35820128a3d5acfaa7d374a9b8494
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
主节点检测是否成功
root@l2:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
l2 Ready master 22m v1.19.16
l3 Ready <none> 5m7s v1.19.16
l4 Ready <none> 4m56s v1.19.16
FAQ
Q: kube-flannel STATUS CrashLoopBackOff ?
root@l2:~# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6c76c8bb89-d5kvk 1/1 Running 0 2m27s
coredns-6c76c8bb89-zfws2 1/1 Running 0 2m27s
etcd-l2 1/1 Running 0 2m28s
kube-apiserver-l2 1/1 Running 0 2m28s
kube-controller-manager-l2 1/1 Running 0 2m28s
kube-flannel-ds-hftwx 0/1 CrashLoopBackOff 4 2m27s
kube-proxy-xj5c4 1/1 Running 0 2m27s
kube-scheduler-l2 1/1 Running 0 2m28s
A: For flannel to work correctly, you must pass --pod-network-cidr=10.244.0.0/16 to kubeadm init.
https://stackoverflow.com/questions/52098214/kube-flannel-in-crashloopbackoff-status
Q: coredns状态卡在ContainerCreating
root@l2:~# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6c76c8bb89-hwklk 0/1 ContainerCreating 0 43s
coredns-6c76c8bb89-xxc6l 0/1 ContainerCreating 0 43s
etcd-l2 0/1 Running 0 42s
kube-apiserver-l2 1/1 Running 0 42s
kube-controller-manager-l2 0/1 Running 0 42s
kube-flannel-ds-7nscs 1/1 Running 2 21s
kube-proxy-6zhks 1/1 Running 0 43s
kube-scheduler-l2 0/1 Running 0 42s
A:
【解决方法】
步骤一:在所有节点(master和slave节点)删除cni0,以及暂停k8s和docker。
kubeadm reset
systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/
rm -rf /etc/cni/
ifconfig cni0 down
ifconfig flannel.1 down
ifconfig docker0 down
ip link delete cni0
ip link delete flannel.1
步骤二:在所有节点重启kubelet和docker
systemctl start kubelet
systemctl start docker
步骤三:重新执行kubeadm init的操作