K8s集群安装(containerd),带dashboard
安装Containerd
卸载已安装Docker(未安装忽略)
sudo apt-get remove docker\
docker-client\
docker-client-latest\
docker-latest\
docker-latest-logrotate\
docker-logrotate\
docker-engine docker-ce containerd -y
#由于本机配置时没有装上Docker所以报错
配置服务器Docker源
# 添加apt-key
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
# 添加源
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
安装配置Containerd
sudo apt-get install containerd.io -y
# 装的时候可能出现网络问题导致报错,多试几次,不行再逐步排查
# 配置Containerd的内核
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sudo sysctl --system
创建Containerd的配置文件
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
sudo sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml
sudo sed -i 's#k8s.gcr.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g' /etc/containerd/config.toml
sudo sed -i 's#registry.gcr.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g' /etc/containerd/config.toml
sudo sed -i 's#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g' /etc/containerd/config.toml
启动Containerd
sudo systemctl daemon-reload
sudo systemctl enable --now containerd
sudo ctr plugin ls
#检查overlayfs状态为OK
配置阿里云apt源
# 添加apt-key
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
# 添加源
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
安装配置K8s集群
sudo apt-get update
sudo apt-get install -y kubelet=1.27.0-00 kubeadm=1.27.0-00 kubectl=1.27.0-00
sudo apt-mark hold kubelet kubeadm kubectl # 锁定组件版本,可以升级系统
初始化集群
sudo swapoff -a # 关闭所有交换分区
sudo vim /etc/fstab # 修改配置文件,注释自动挂载交换分区
# 提前拉取集群镜像
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.27.0
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.27.0
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.27.0
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.27.0
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.7-0
#在master节点进行init,其他节点不要进行init
sudo kubeadm init --apiserver-advertise-address 192.168.28.50 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --cri-socket "unix:///var/run/containerd/containerd.sock" --kubernetes-version 1.27.0
# init成功后的输出内容
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.28.50:6443 --token ezuki7.z11ux1n55ygc5amt \
--discovery-token-ca-cert-hash sha256:d9164932b3614ce8c9c4edf62064ec8f1fda85390253ab807af3a53be7628b19
初始化失败排查思路
kubeadm reset -f
重置集群,再初始化一次- 查看日志
tail -f /var/log/syslog | grep -v "not found"
(或者过滤与集群有关的)
配置kube的config(相当于做了一个软链接,不需要指定kubectl的目录了)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 这时我们可以通过kubectl查看工作节点了
kubectl get node
加入工作节点
# 在node上进行,密钥为集群初始化输出内容的末尾
sudo kubeadm join 192.168.28.50:6443 --token ezuki7.z11ux1n55ygc5amt \
--discovery-token-ca-cert-hash sha256:d9164932b3614ce8c9c4edf62064ec8f1fda85390253ab807af3a53be7628b19
失败排查思路和上面的初始化错误排查一致
安装三个Addons(k8s插件)
在master节点操作
#事先准备好的yaml文件
创建calico(CNI网络插件)
kubectl create -f calico.yaml
kubectl get po -n kube-system # 查看集群中pod状态
#刚执行完操作,插件状态还没准备好
kubectl get node
#我们等一会再看一下
#此时两个node节点的状态也变成ready了
kubectl get node
创建Metrics-server.yaml(获取度量指标插件)
# 利用scp命令把证书复制到所有的Node节点,控制节点操作
scp /etc/kubernetes/pki/front-proxy-ca.crt node@192.168.28.51:/etc/kubernetes/pki
# ————>输入yes——>密码,一定要放到指定的位置,不然访问不了api
scp /etc/kubernetes/pki/front-proxy-ca.crt node@192.168.28.52:/etc/kubernetes/pki
kubectl create -f comp.yaml
kubectl get po -n kube-system
报错
#用kubectl logs
命令检查 Pod 的日志,发现Metrics Server 无法启动,是因为它无法在 /etc/kubernetes/pki
目录中找到 front-proxy-ca.crt
文件
排查到原因是我没有上传证书到指定位置
#上传证书后删除pod,控制器重启pod成功!
kubectl top node
创建Dashboard(图形化界面插件)
kubectl create -f dashboard.yaml -f dashboard-user.yaml
查看pod状态
kubectl get po -n kubernetes-dashboard
查看service状态
kubectl get svc -n kubernetes-dashboard
通过控制节点IP和端口能够查看dashboard
创建Token并进入页面
kubectl create token admin-user -n kube-system
# 生成的Token有两小时有效期,每次登录需要重新生成