# 准备工作:安装kubelet kubeadm kubeclt工具
下载谷歌秘钥(需要翻墙)
https://packages.cloud.google.com/apt/doc/apt-key.gpg
下载好以后执行: sudo apt-key add apt-key.gpg
添加国内软件源(root用户)
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main
EOF
apt-get update
安装
apt-get install -y kubelet kubeadm kubectl
设置工具不随系统更新
apt-mark hold kubelet kubeadm kubectl
安装docker
安装依赖包
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
添加秘钥
curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
验证秘钥
sudo apt-key fingerprint 0EBFCD88
设置稳定版仓库
sudo add-apt-repository \
"deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/ \
$(lsb_release -cs) \
stable"
安装docker
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
docker以非root的身份运行
sudo groupadd docker
sudo gpasswd -a username(比如:ubuntu) docker
newgrp docker
关闭swap 分区:
sudo swapoff -a
# 修改kubelet启动参数
sudo vim /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS --node-ip=xxx.xxx.xxx.xxx # 云服务ip
重启kubelet使配置生效
sudo systemctl daemon-reload
sudo systemctl enable kubelet
sudo systemctl start kubelet
查看服务状态
systemctl status kubelet.service
# 使用kubeadm 初始化主节点
需要的镜像:(因为这些镜像需要翻墙才能下载,所以采用导入的方式)
查看kubernetes版本需要的镜像版本
# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.23.1
k8s.gcr.io/kube-controller-manager:v1.23.1
k8s.gcr.io/kube-scheduler:v1.23.1
k8s.gcr.io/kube-proxy:v1.23.1
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6
打包镜像
docker save -o image.tar k8s.gcr.io/kube-apiserver:v1.23.1 k8s.gcr.io/kube-controller-manager:v1.23.1 k8s.gcr.io/kube-scheduler:v1.23.1 k8s.gcr.io/kube-proxy:v1.23.1 k8s.gcr.io/pause:3.6 k8s.gcr.io/etcd:3.5.1-0 k8s.gcr.io/coredns/coredns:v1.8.6
导入镜像
docker load -i image.tar
kubeadm init --control-plane-endpoint=xxx.xxx.xxx.xxx --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --apiserver-advertise-address=xxx.xxx.xxx.xxx # 填写云服务ip
初始化成功以后执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
如果不执行会出现
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes") 的错误。
# 配置pod之间的网络
https://github.com/flannel-io/flannel#deploying-flannel-manually
配置文件需要的修改
args:
- --public-ip=$(PUBLIC_IP) # 公网ip
- --iface=eth0 # 网卡名
env:
- name: PUBLIC_IP #添加环境变量
valueFrom:
fieldRef:
fieldPath: status.podIP
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
如果raw.githubusercontent.com无法访问。在`https://www.ipaddress.com/ip-lookup`找到域名对应的ip。然后在本地的/etc/hosts配置dns。
# 验证
kubectl get node -o wide
显示的 INTERNAL-IP 字段就是云服务的ip。如果没有或者 STATUS 不是Ready。
执行 kubectl describe node kubernetes-master 查看原因。
# 允许master节点部署pod
kubectl taint nodes --all node-role.kubernetes.io/master-
# 配置 NGINX Ingress Controller
需要像前面那样,打包镜像
k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
k8s.gcr.io/ingress-nginx/controller:v1.1.0
执行
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/cloud/deploy.yaml
参考 `https://kubernetes.github.io/ingress-nginx/deploy/`
执行 kubectl get service ingress-nginx-controller --namespace=ingress-nginx
会出现 EXTERNAL-IP 是 <pending>。
执行
kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec": {"type": "LoadBalancer", "externalIPs":["xxx.xxx.xxx.xxx"]}}' 服务器ip
参考
`https://stackoverflow.com/questions/44110876/kubernetes-service-external-ip-pending`
配置大致已经,试着运行一个实例。
参考