1、docker安装
1)设置docker安装仓库
如何下面的仓库不能网络不能下载的话,可以使用ali的仓库
Update the apt package index and install packages to allow apt to use a repository over HTTPS:
sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
Add Docker’s official GPG key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
Use the following command to set up the stable repository. To add the nightly or test repository, add the word nightly or test (or both) after the word stable in the commands below. Learn about nightly and test channels.
Note: The lsb_release -cs sub-command below returns the name of your Ubuntu distribution, such as xenial. Sometimes, in a distribution like Linux Mint, you might need to change $(lsb_release -cs) to your parent Ubuntu distribution. For example, if you are using Linux Mint Tessa, you could use bionic. Docker does not offer any guarantees on untested and unsupported Ubuntu distributions.
#amd64
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
#armhf
echo \
"deb [arch=armhf signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
#arm64
echo \
"deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
2) 、Install Docker Engine
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
#启动docker
sudo systemctl start docker
# test
sudo docker run hello-world
创建用户参考
useradd feverlook
passwd feverlook
#修改sudoers 文件,可以给用户分配root权限,按照下面的提示增加一行分配root权限用户的信息
#root ALL=(ALL:ALL) ALL
#username ALL=(ALL:ALL) ALL
vi /etc/sudoers
为其他用户分配docker权限
添加docker用户组 ,如果安装了docker,默认会存在,只需要执行下面的即可
sudo gpasswd -a username docker
#将登陆用户加入到docker用户组中
newgrp docker
#更新用户组
2、kubelet kubeadm kubectl 安装
用于容器化应用的自动部署、扩缩和管理。它将构成应用的容器按逻辑单位进行分组以便于管理和发现。
配置方法
Debian / Ubuntu
apt-get update
apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
CentOS / RHEL / Fedora
cat <<EOF > cat | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
ps: 由于官网未开放同步方式, 可能会有索引gpg检查失败的情况, 这时请用 yum install -y --nogpgcheck kubelet kubeadm kubectl 安装
3、kubernetes 安装
1)集群的安装
方法1 直接使用命令进行安装
#kubeadm init --apiserver-advertise-address=192.168.137.249 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
#kubeadm init --image-repository=registry.aliyuncs.com/google_containers --ignore-preflight-errors=Swap
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.200.0.0/24 --kubernetes-version=v1.19.0
方法2 通过生成配置文件进行安装
导出默认的配置,进行修改
master001:~/k8s_install$ kubeadm config print init-defaults > kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4[主节点的ip]
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: node
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
master001:~/k8s_install$ kubeadm init --config=kubeadm.yaml
kubectl 的集群访问token所在目录为:
$ ls /etc/kubernetes/
admin.conf controller-manager.conf kubelet.conf manifests pki scheduler.conf
默认集群kubeconfig存储在 ~/.kube/config 中,需要将admin.conf复制到默认路径。
也可以用多个配置文件来分别存储集群信息,然后切换配置文件:
kubectl --kubeconfig=/Users/0neBean/.kube/config config view
2)加入节点
kubeadm token create --print-join-command
出现证书相关的错误,参考地址:
kubeadm join 命令详解
证书生成
token的管理
4、helm工具的安装
1)安装
Helm 客户端下载地址:https://github.com/helm/helm/releases 解压移动到/usr/bin/目录即可。
wget https://get.helm.sh/helm-v3.6.0-linux-amd64.tar.gz
tar zxvf helm-v3.2.1-linux-amd64.tar.gz
mv linux-amd64/helm /usr/bin/
2)仓库配置
- 微软仓库(http://mirror.azure.cn/kubernetes/charts/)这个仓库推荐,基本 上官网有的 chart 这里都有。
- 阿里云仓库(https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts )
- 官方仓库(https://hub.kubeapps.com/charts/incubator)官方 chart 仓库,国 内有点不好使。 添加存储库
#添加存储库
helm repo add stable http://mirror.azure.cn/kubernetes/charts
helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm repo update
#查看配置的存储库
helm repo list helm search repo stable
#删除存储库:
helm repo remove aliyun
5、flannel的安装
flannel为网络管理工具
#For Kubernetes v1.17+
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
如果上述网址无法访问的时候,有如下两种解决办法
1、可以访问git仓库进行下载:https://github.com/caoran/kube-flannel.yml.git
2、kube-flannel.yml下载地址为:https://www.jianshu.com/p/98e9cdee4312
如果出现错误:Unable to connect to the server: x509: certificate signed by unknown authority;参考:https://blog.csdn.net/woay2008/article/details/93250137
参考:官方文档flannel
6、kubernetes 卸载
kubeadm reset -f
7、常见问题
1、常用排查办法
查看日志
查看日志
journalctl -f -u kubelet.service
查看组件状态
kubectl get componentstatuses
查看节点状态
kubectl get nodes
kubectl describe [node(*source)] [nodename]
查看pod日志
kubectl logs [podid] -n cattle-system
2、K8S节点NOT READY状态,错误信息:network plugin is not ready: cni config uninitialized
1、解决办法:
如果是集群只有一个节点的话,看到有的博主使用单节点k8s,不想看NOT READY状态,把/var/lib/kubelet/kubeadm-flags.env
或/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
下的--network-plugin=cni
给去掉了。
2、安装网络插件,比如上面提到的flannel的安装,注意集群的--pod-network-cidr=10.200.0.0/24
与flannel的net-conf.json -> network
配置一致。
3、强制删除一个namespace
Step 1: In one terminal run command bellow:
kubectl proxy
Step 2: Open another terminal then dump the descriptor as JSON to a file
kubectl get namespace YOURNAMESPACE -o json > logging.json
将 "finalizers": [ **"kubernetes"** ]
修改 "finalizers": []
Step 3: Executing the cleanup command to get rid of that annoying namespace:
curl -k -H "Content-Type: application/json" -X PUT --data-binary @logging.json http://127.0.0.1:8001/api/v1/namespaces/YOURNAMESPACE/finalize