Ubuntu 20 LTS 安装kubenetes 1.25

Ubuntu 20 LTS 安装kubenetes 1.25

参考

环境

OS：Ubuntu 20 LTS
k8s: 1.25
docker：20.10.18

修改主机名

10.1.1.30
hostnamectl set-hostname master
10.1.1.31
hostnamectl set-hostname node1

设置hosts

cat <<EOF | tee /etc/hosts
127.0.0.1   localhost.localdomain   localhost
::1         localhost6.localdomain6 localhost6
10.1.1.30   master
10.1.1.31   node1
EOF

禁用swap

swapoff -a # 临时关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab  #永久关闭
free -h

开启转发

cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF
sysctl -p

安装docker

# 依赖
apt-get update
apt-get install -y ca-certificates curl gnupg lsb-release net-tools
# gpg密钥
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
# 安装docker
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

安装cri-dockerd

docker在k8s1.24之后不再是默认运行时，需要安装cri-dockerd

wget https://ghproxy.com/https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.5/cri-dockerd_0.2.5.3-0.ubuntu-jammy_amd64.deb
dpkg -i cri-dockerd_0.2.5.3-0.ubuntu-jammy_amd64.deb
sed -i -e 's#ExecStart=.*#ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8#g' /usr/lib/systemd/system/cri-docker.service
systemctl daemon-reload
systemctl enable cri-docker

安装k8s

# 安装依赖
apt-get update
apt-get install -y apt-transport-https curl
# 下载 Google Cloud 公开签名秘钥
curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg  https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg
# 添加 Kubernetes apt 仓库
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] http://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
# 更新 apt 包索引，安装 kubelet、kubeadm 和 kubectl，并锁定其版本
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
# systemctl start kubelet
# systemctl enable kubelet

初始化k8s集群

注意docker下载的pause镜像可能是3.8，需要修改/usr/lib/systemd/system/cri-docker.service，重启cri-docker

注意初始化不成功使用kubeadm reset之后删除/var/lib/etcd目录

注意node初始化需要加上–cri-socket /var/run/cri-dockerd.sock参数

kubeadm config images pull --cri-socket=unix:///var/run/cri-dockerd.sock \
             --image-repository registry.aliyuncs.com/google_containers

kubeadm init --image-repository registry.aliyuncs.com/google_containers \
             --apiserver-advertise-address=10.1.1.30 \
             --service-cidr=192.168.200.0/21 \
             --pod-network-cidr=10.10.0.0/16 \
             --cri-socket /var/run/cri-dockerd.sock

# Your Kubernetes control-plane has initialized successfully!

# To start using your cluster, you need to run the following as a regular user:

#   mkdir -p $HOME/.kube
#   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
#   sudo chown $(id -u):$(id -g) $HOME/.kube/config

# Alternatively, if you are the root user, you can run:

#   export KUBECONFIG=/etc/kubernetes/admin.conf

# You should now deploy a pod network to the cluster.
# Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
#   https://kubernetes.io/docs/concepts/cluster-administration/addons/

# Then you can join any number of worker nodes by running the following on each as root:

# kubeadm join 10.1.1.30:6443 --token 7dn4wz.v7uhvkf55b2vvi2h \
#         --discovery-token-ca-cert-hash sha256:3ebd007a152158a603af63aa6f8fd28247a015f4c183504037d003fb7fc9ecfb 

# node节点加入后
kubectl get nodes

安装calico

wget https://raw.githubusercontent.com/projectcalico/calico/v3.24.1/manifests/tigera-operator.yaml
kubectl create -f tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.24.1/manifests/custom-resources.yaml
# 修改cidr地址custom-resources.yaml为10.10.0.0/16
# # This section includes base Calico installation configuration.
# # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
# apiVersion: operator.tigera.io/v1
# kind: Installation
# metadata:
#   name: default
# spec:
#   # Configures Calico networking.
#   calicoNetwork:
#     # Note: The ipPools section cannot be modified post-install.
#     ipPools:
#     - blockSize: 26
#       cidr: 10.10.0.0/16
#       encapsulation: VXLANCrossSubnet
#       natOutgoing: Enabled
#       nodeSelector: all()

# ---

# # This section configures the Calico API server.
# # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
# apiVersion: operator.tigera.io/v1
# kind: APIServer
# metadata:
#   name: default
# spec: {}
kubectl create -f custom-resources.yaml

查看pods

kubectl get pod -A
# root@master:~# kubectl get pod -A
# NAMESPACE         NAME                                       READY   STATUS              RESTARTS        AGE
# calico-system     calico-kube-controllers-864f96fccc-nhxqc   0/1     Pending             0               28s
# calico-system     calico-node-gr674                          0/1     Init:1/2            0               28s
# calico-system     calico-typha-6559dcb5b7-5bmvf              0/1     ContainerCreating   0               28s
# kube-system       coredns-c676cc86f-4w57c                    0/1     Pending             0               6m11s
# kube-system       coredns-c676cc86f-lpbmf                    0/1     Pending             0               6m11s
# kube-system       etcd-master                                1/1     Running             2 (7m7s ago)    6m27s
# kube-system       kube-apiserver-master                      1/1     Running             1 (6m46s ago)   6m28s
# kube-system       kube-controller-manager-master             1/1     Running             1 (7m7s ago)    6m25s
# kube-system       kube-proxy-fz4qg                           1/1     Running             0               6m11s
# kube-system       kube-scheduler-master                      1/1     Running             1 (7m2s ago)    6m25s
# tigera-operator   tigera-operator-6675dc47f4-zq4kv           1/1     Running             0               6m1s

故障排查

很多故障可以通过重启kubelet，docker和cri-docker服务解决

测试集群

# vim nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.23.1
        ports:
        - containerPort: 80
        
---
 
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    nodePort: 30080
  type: NodePort

# 创建
kubectl create -f nginx.yaml
kubectl get pod -A
# root@master:~# kubectl get pod,node -A -o wide
# NAMESPACE          NAME                                           READY   STATUS    RESTARTS       AGE     IP              NODE     NOMINATED NODE   READINESS GATES
# calico-apiserver   pod/calico-apiserver-7ff967447f-qp55p          1/1     Running   0              7m43s   10.10.166.130   node1    <none>           <none>
# calico-apiserver   pod/calico-apiserver-7ff967447f-sdfzq          1/1     Running   0              7m43s   10.10.219.69    master   <none>           <none>
# calico-system      pod/calico-kube-controllers-864f96fccc-nhxqc   1/1     Running   0              98m     10.10.219.67    master   <none>           <none>
# calico-system      pod/calico-node-7j628                          1/1     Running   0              96m     10.1.1.31       node1    <none>           <none>
# calico-system      pod/calico-node-gr674                          1/1     Running   0              98m     10.1.1.30       master   <none>           <none>
# calico-system      pod/calico-typha-6559dcb5b7-5bmvf              1/1     Running   0              98m     10.1.1.30       master   <none>           <none>
# calico-system      pod/csi-node-driver-55vnx                      2/2     Running   0              97m     10.10.219.65    master   <none>           <none>
# calico-system      pod/csi-node-driver-6c4rc                      2/2     Running   0              8m29s   10.10.166.129   node1    <none>           <none>
# default            pod/nginx-deployment-665fc7dc59-t7g9h          1/1     Running   0              2m39s   10.10.166.131   node1    <none>           <none>
# kube-system        pod/coredns-c676cc86f-4w57c                    1/1     Running   0              104m    10.10.219.66    master   <none>           <none>
# kube-system        pod/coredns-c676cc86f-lpbmf                    1/1     Running   0              104m    10.10.219.68    master   <none>           <none>
# kube-system        pod/etcd-master                                1/1     Running   2 (105m ago)   104m    10.1.1.30       master   <none>           <none>
# kube-system        pod/kube-apiserver-master                      1/1     Running   1 (104m ago)   104m    10.1.1.30       master   <none>           <none>
# kube-system        pod/kube-controller-manager-master             1/1     Running   1 (105m ago)   104m    10.1.1.30       master   <none>           <none>
# kube-system        pod/kube-proxy-fz4qg                           1/1     Running   0              104m    10.1.1.30       master   <none>           <none>
# kube-system        pod/kube-proxy-h2t8v                           1/1     Running   0              96m     10.1.1.31       node1    <none>           <none>
# kube-system        pod/kube-scheduler-master                      1/1     Running   1 (105m ago)   104m    10.1.1.30       master   <none>           <none>
# tigera-operator    pod/tigera-operator-6675dc47f4-zq4kv           1/1     Running   0              104m    10.1.1.30       master   <none>           <none>

# NAMESPACE   NAME          STATUS   ROLES           AGE    VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
#             node/master   Ready    control-plane   104m   v1.25.2   10.1.1.30     <none>        Ubuntu 20.04.5 LTS   5.4.0-126-generic   docker://20.10.18
#             node/node1    Ready    <none>          96m    v1.25.2   10.1.1.31     <none>        Ubuntu 20.04.5 LTS   5.4.0-126-generic   docker://20.10.18

# 访问http://10.1.1.30:30080

常用命令

# 排查kubelet故障
journalctl -xeu kubelet -f
# 查看pods和node
kubectl get pod,node -A -o wide
# 查看某个pod日志
kubectl logs calico-node-7j628 -n calico-system -f