构建 Kubernetes 集群预计阅读时间 3 分钟

    .

    有参考

    用 kubeadm 在 Ubuntu 上快速构建 Kubernetes 测试集群

    如何在 Ubuntu 20.04 上安装 Kubernetes – Kubeadm 和 Minikube

    环境准备

    1. Ubuntu 20.04
    2. 预装 docker Docker 安装教程
    3. 检查本机内网 ip ifconfig | grep inet | grep -v inet6

    一般选择 10.x 或者 192.x

    root@l1-kubernetes-master:~# ifconfig | grep inet | grep -v inet6
    
    inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
    inet 10.0.4.10  netmask 255.255.252.0  broadcast 10.0.19.255
    inet 127.0.0.1  netmask 255.0.0.0
    

    配置 kubernates 镜像源

    /etc/apt/sources.list 中 加入阿里云镜像源

    # 系统安装源
    deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted
    deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted
    deb http://mirrors.aliyun.com/ubuntu/ xenial universe
    deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
    deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse
    deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse
    deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
    # kubeadm及kubernetes组件安装源
    deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
    

    腾讯云服务器内网可以使用腾讯源 deb http://mirrors.tencentyun.com/kubernetes/apt/ kubernetes-xenial main

    安装 k8s 密钥
    curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg |sudo apt-key add -

    更新软件包 apt update .

    Hit:1 http://mirrors.tencentyun.com/ubuntu focal InRelease
    Hit:2 http://mirrors.tencentyun.com/ubuntu focal-security InRelease
    Hit:3 http://mirrors.tencentyun.com/ubuntu focal-updates InRelease
    Get:4 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [9,383 B]
    Get:5 https://mirrors.ustc.edu.cn/docker-ce/linux/debian stretch InRelease [44.8 kB]      
    Ign:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
    Get:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages [56.5 kB]
    Fetched 101 kB in 1s (144 kB/s)  
    Reading package lists... Done
    

    安装 kubeadm,kubectl,kubelet 1.19.16

    安装 kubeadm,kubectl,kubelet 软件包 1.19.16 版本。 (master 节点 slave节点同时执行)

    apt install kubeadm=1.19.16-00 kubelet=1.19.16-00 kubectl=1.19.16-00

    kubernates 从 1.20 开始 docker 不作为默认运行时了,

    使用 kubeadm 安装 Kubernetes 集群

    在做好了准备工作之后,下面介绍如何使用 kubeadm 安装 Kubernetes 集群,我们将首先安装 master 节点,然后将 slave 节点一个个加入到集群中去。

    因为使用要使用 canal,因此需要在初始化时加上网络配置参数,设置 kubernetes 的子网为 10.244.0.0/16,注意此处不要修改为其他地址,因为这个值与后续的 canal 的 yaml 值要一致,如果修改,请一并修改。

    这个下载镜像的过程涉及翻墙,因为会从 gcr 的站点下载容器镜像。。。(如果大家翻墙不方便的话,可以用我在上文准备工作中提到的导出的镜像)。

    因在中国大陆, 因此临时采用 aliyun mirror

    kubeadm init --kubernetes-version 1.19.16 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.0.4.10 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers

    master 节点 执行如下命令来配置 kubectl。

    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
    

    这样 master 的节点就配置好了,注意以下日志, slave 节点添加进来的时候需要

    
    Then you can join any number of worker nodes by running the following on each as root:
    
    kubeadm join 10.0.4.10:6443 --token 0mynwm.10bk3hdn34e9lgo \
        --discovery-token-ca-cert-hash sha256:51a66dd07069658f42d33923ecee7059a3b35820128a3d5acfaa7d374a9b8494 
    

    并且可以使用 kubectl 来进行各种操作了,

    绑定 master 主机本地环境变量

    master节点

    echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
    

    配置 网络插件 flannel

    master节点

    kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml

    root@l2:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    podsecuritypolicy.policy/psp.flannel.unprivileged created
    clusterrole.rbac.authorization.k8s.io/flannel created
    clusterrolebinding.rbac.authorization.k8s.io/flannel created
    serviceaccount/flannel created
    configmap/kube-flannel-cfg created
    daemonset.apps/kube-flannel-ds created
    root@l2:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
    clusterrole.rbac.authorization.k8s.io/flannel configured
    clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged
    

    等到状态变为正常

    root@l2:~# kubectl get pods -n kube-system
    NAME                         READY   STATUS    RESTARTS   AGE
    coredns-6c76c8bb89-h825c     1/1     Running   0          5m1s
    coredns-6c76c8bb89-zlzjg     1/1     Running   0          5m1s
    etcd-l2                      1/1     Running   0          5m12s
    kube-apiserver-l2            1/1     Running   0          5m12s
    kube-controller-manager-l2   1/1     Running   0          5m12s
    kube-flannel-ds-qnpl5        1/1     Running   0          4m26s
    kube-proxy-d7ffb             1/1     Running   0          5m1s
    kube-scheduler-l2            1/1     Running   0          5m12s
    

    根据上面的提示接着往下做,将 slave 节点加入到集群。

    子节点加入

    分别执行以下命令加入节点

    kubeadm join 10.0.4.10:6443 --token 0mynwm.10bk3hdn34e9lgo \ --discovery-token-ca-cert-hash sha256:51a66dd07069658f42d33923ecee7059a3b35820128a3d5acfaa7d374a9b8494

    [preflight] Running pre-flight checks
            [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
    [preflight] Reading configuration from the cluster...
    [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
    [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
    [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
    [kubelet-start] Starting the kubelet
    [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
    
    This node has joined the cluster:
    * Certificate signing request was sent to apiserver and a response was received.
    * The Kubelet was informed of the new secure connection details.
    
    Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
    

    主节点检测是否成功

    root@l2:~# kubectl get nodes
    NAME   STATUS   ROLES    AGE     VERSION
    l2     Ready    master   22m     v1.19.16
    l3     Ready    <none>   5m7s    v1.19.16
    l4     Ready    <none>   4m56s   v1.19.16
    

    FAQ

    Q: kube-flannel STATUS CrashLoopBackOff ?

    root@l2:~# kubectl get pods -n kube-system
    NAME                         READY   STATUS             RESTARTS   AGE
    coredns-6c76c8bb89-d5kvk     1/1     Running            0          2m27s
    coredns-6c76c8bb89-zfws2     1/1     Running            0          2m27s
    etcd-l2                      1/1     Running            0          2m28s
    kube-apiserver-l2            1/1     Running            0          2m28s
    kube-controller-manager-l2   1/1     Running            0          2m28s
    kube-flannel-ds-hftwx        0/1     CrashLoopBackOff   4          2m27s
    kube-proxy-xj5c4             1/1     Running            0          2m27s
    kube-scheduler-l2            1/1     Running            0          2m28s
    

    A: For flannel to work correctly, you must pass --pod-network-cidr=10.244.0.0/16 to kubeadm init.

    https://stackoverflow.com/questions/52098214/kube-flannel-in-crashloopbackoff-status

    Q: coredns状态卡在ContainerCreating

    root@l2:~# kubectl get pods -n kube-system
    NAME                         READY   STATUS              RESTARTS   AGE
    coredns-6c76c8bb89-hwklk     0/1     ContainerCreating   0          43s
    coredns-6c76c8bb89-xxc6l     0/1     ContainerCreating   0          43s
    etcd-l2                      0/1     Running             0          42s
    kube-apiserver-l2            1/1     Running             0          42s
    kube-controller-manager-l2   0/1     Running             0          42s
    kube-flannel-ds-7nscs        1/1     Running             2          21s
    kube-proxy-6zhks             1/1     Running             0          43s
    kube-scheduler-l2            0/1     Running             0          42s
    

    A:
    【解决方法】

    步骤一:在所有节点(master和slave节点)删除cni0,以及暂停k8s和docker。

    
    kubeadm reset
    
    systemctl stop kubelet
    
    systemctl stop docker
    
    rm -rf /var/lib/cni/
    
    rm -rf /var/lib/kubelet/
    
    rm -rf /etc/cni/
    
    ifconfig cni0 down
    
    ifconfig flannel.1 down
    
    ifconfig docker0 down
    
    ip link delete cni0
    
    ip link delete flannel.1
    
    

    步骤二:在所有节点重启kubelet和docker

    systemctl start kubelet
    
    systemctl start docker
    
    

    步骤三:重新执行kubeadm init的操作

    评论栏