构建 Kubernetes 集群

有参考

用 kubeadm 在 Ubuntu 上快速构建 Kubernetes 测试集群

如何在 Ubuntu 20.04 上安装 Kubernetes – Kubeadm 和 Minikube

环境准备

  1. Ubuntu 20.04
  2. 预装 docker Docker 安装教程
  3. 检查本机内网 ip ifconfig | grep inet | grep -v inet6

一般选择 10.x 或者 192.x

root@l1-kubernetes-master:~# ifconfig | grep inet | grep -v inet6

inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
inet 10.0.4.10  netmask 255.255.252.0  broadcast 10.0.19.255
inet 127.0.0.1  netmask 255.0.0.0

配置 kubernates 镜像源

/etc/apt/sources.list 中 加入阿里云镜像源

# 系统安装源
deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
# kubeadm及kubernetes组件安装源
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main

腾讯云服务器内网可以使用腾讯源 deb http://mirrors.tencentyun.com/kubernetes/apt/ kubernetes-xenial main

安装 k8s 密钥
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg |sudo apt-key add -

更新软件包 apt update .

Hit:1 http://mirrors.tencentyun.com/ubuntu focal InRelease
Hit:2 http://mirrors.tencentyun.com/ubuntu focal-security InRelease
Hit:3 http://mirrors.tencentyun.com/ubuntu focal-updates InRelease
Get:4 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [9,383 B]
Get:5 https://mirrors.ustc.edu.cn/docker-ce/linux/debian stretch InRelease [44.8 kB]      
Ign:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
Get:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages [56.5 kB]
Fetched 101 kB in 1s (144 kB/s)  
Reading package lists... Done

安装 kubeadm,kubectl,kubelet 1.19.16

安装 kubeadm,kubectl,kubelet 软件包 1.19.16 版本。 (master 节点 slave节点同时执行)

apt install kubeadm=1.19.16-00 kubelet=1.19.16-00 kubectl=1.19.16-00

kubernates 从 1.20 开始 docker 不作为默认运行时了,

使用 kubeadm 安装 Kubernetes 集群

在做好了准备工作之后,下面介绍如何使用 kubeadm 安装 Kubernetes 集群,我们将首先安装 master 节点,然后将 slave 节点一个个加入到集群中去。

因为使用要使用 canal,因此需要在初始化时加上网络配置参数,设置 kubernetes 的子网为 10.244.0.0/16,注意此处不要修改为其他地址,因为这个值与后续的 canal 的 yaml 值要一致,如果修改,请一并修改。

这个下载镜像的过程涉及翻墙,因为会从 gcr 的站点下载容器镜像。。。(如果大家翻墙不方便的话,可以用我在上文准备工作中提到的导出的镜像)。

因在中国大陆, 因此临时采用 aliyun mirror

kubeadm init --kubernetes-version 1.19.16 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.0.4.10 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers

master 节点 执行如下命令来配置 kubectl。

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

这样 master 的节点就配置好了,注意以下日志, slave 节点添加进来的时候需要


Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.0.4.10:6443 --token 0mynwm.10bk3hdn34e9lgo \
    --discovery-token-ca-cert-hash sha256:51a66dd07069658f42d33923ecee7059a3b35820128a3d5acfaa7d374a9b8494 

并且可以使用 kubectl 来进行各种操作了,

绑定 master 主机本地环境变量

master节点

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile

配置 网络插件 flannel

master节点

kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml

root@l2:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
root@l2:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
clusterrole.rbac.authorization.k8s.io/flannel configured
clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged

等到状态变为正常

root@l2:~# kubectl get pods -n kube-system
NAME                         READY   STATUS    RESTARTS   AGE
coredns-6c76c8bb89-h825c     1/1     Running   0          5m1s
coredns-6c76c8bb89-zlzjg     1/1     Running   0          5m1s
etcd-l2                      1/1     Running   0          5m12s
kube-apiserver-l2            1/1     Running   0          5m12s
kube-controller-manager-l2   1/1     Running   0          5m12s
kube-flannel-ds-qnpl5        1/1     Running   0          4m26s
kube-proxy-d7ffb             1/1     Running   0          5m1s
kube-scheduler-l2            1/1     Running   0          5m12s

根据上面的提示接着往下做,将 slave 节点加入到集群。

子节点加入

分别执行以下命令加入节点

kubeadm join 10.0.4.10:6443 --token 0mynwm.10bk3hdn34e9lgo \ --discovery-token-ca-cert-hash sha256:51a66dd07069658f42d33923ecee7059a3b35820128a3d5acfaa7d374a9b8494

[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

主节点检测是否成功

root@l2:~# kubectl get nodes
NAME   STATUS   ROLES    AGE     VERSION
l2     Ready    master   22m     v1.19.16
l3     Ready    <none>   5m7s    v1.19.16
l4     Ready    <none>   4m56s   v1.19.16

FAQ

Q: kube-flannel STATUS CrashLoopBackOff ?

root@l2:~# kubectl get pods -n kube-system
NAME                         READY   STATUS             RESTARTS   AGE
coredns-6c76c8bb89-d5kvk     1/1     Running            0          2m27s
coredns-6c76c8bb89-zfws2     1/1     Running            0          2m27s
etcd-l2                      1/1     Running            0          2m28s
kube-apiserver-l2            1/1     Running            0          2m28s
kube-controller-manager-l2   1/1     Running            0          2m28s
kube-flannel-ds-hftwx        0/1     CrashLoopBackOff   4          2m27s
kube-proxy-xj5c4             1/1     Running            0          2m27s
kube-scheduler-l2            1/1     Running            0          2m28s

A: For flannel to work correctly, you must pass --pod-network-cidr=10.244.0.0/16 to kubeadm init.

https://stackoverflow.com/questions/52098214/kube-flannel-in-crashloopbackoff-status

Q: coredns状态卡在ContainerCreating

root@l2:~# kubectl get pods -n kube-system
NAME                         READY   STATUS              RESTARTS   AGE
coredns-6c76c8bb89-hwklk     0/1     ContainerCreating   0          43s
coredns-6c76c8bb89-xxc6l     0/1     ContainerCreating   0          43s
etcd-l2                      0/1     Running             0          42s
kube-apiserver-l2            1/1     Running             0          42s
kube-controller-manager-l2   0/1     Running             0          42s
kube-flannel-ds-7nscs        1/1     Running             2          21s
kube-proxy-6zhks             1/1     Running             0          43s
kube-scheduler-l2            0/1     Running             0          42s

A:
【解决方法】

步骤一:在所有节点(master和slave节点)删除cni0,以及暂停k8s和docker。


kubeadm reset

systemctl stop kubelet

systemctl stop docker

rm -rf /var/lib/cni/

rm -rf /var/lib/kubelet/

rm -rf /etc/cni/

ifconfig cni0 down

ifconfig flannel.1 down

ifconfig docker0 down

ip link delete cni0

ip link delete flannel.1

步骤二:在所有节点重启kubelet和docker

systemctl start kubelet

systemctl start docker

步骤三:重新执行kubeadm init的操作

评论栏