目录
前言
节点概览
在第一遍搭了1个Master+3个worker节点后,master服务器登不上了,再来一遍,这次一个master节点,加入两个node。
[root@wl-master /home/ubuntu]# kubectl get node
NAME STATUS ROLES AGE VERSION
wl-master Ready master 11h v1.19.2
worker01-wl Ready <none> 11h v1.19.2
worker02-wl-1 Ready <none> 11h v1.19.2
命名空间
[root@wl-master /home/ubuntu]# kubectl get ns
NAME STATUS AGE
default Active 11h
kube-flannel Active 11h
kube-node-lease Active 11h
kube-public Active 11h
kube-system Active 11h资源情况
kube-system
[root@wl-master /home/ubuntu]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6c76c8bb89-gq49h 1/1 Running 0 11h
coredns-6c76c8bb89-hg76h 1/1 Running 0 11h
etcd-wl-master 1/1 Running 0 11h
kube-apiserver-wl-master 1/1 Running 0 11h
kube-controller-manager-wl-master 1/1 Running 0 11h
kube-proxy-74rvh 1/1 Running 0 11h
kube-proxy-hc4bc 1/1 Running 0 11h
kube-proxy-r46s6 1/1 Running 0 11h
kube-scheduler-wl-master 1/1 Running 0 11h
kube-flannel
[root@wl-master /home/ubuntu]# kubectl get pod -n kube-flannel
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-6bkj5 1/1 Running 0 11h
kube-flannel-ds-v4kjb 1/1 Running 0 11h
kube-flannel-ds-wr42d 1/1 Running 0 11h
其余命名空间
[root@wl-master /home/ubuntu]# kubectl get pod -n kube-public
No resources found in kube-public namespace.
[root@wl-master /home/ubuntu]# kubectl get pod -n kube-node-lease
No resources found in kube-node-lease namespace.
[root@wl-master /home/ubuntu]# kubectl get pod
No resources found in default namespace.
一、环境
共4台机器,分别为master,worker01,worker02-1,worker02-2.
版本
| 主机名 | IP地址/浮动IP | 节点类型 | 系统版本 | Docker版本 | Kubernetes版本 |
| master | 10.10.10.17/10.2.0.109 | Master | Ubuntu18.04 | v18.06.1 | v1.19.2 |
| master00(废弃) | 10.10.10.193/10.2.0.207 | Master | Ubuntu18.04 | v18.06.1 | v1.19.2 |
| worker01 | 10.10.10.232/10.2.0.73 | Node | Ubuntu18.04 | v18.06.1 | v1.19.2 |
| worker02-1 | 10.10.10.229/10.2.0.106 | Node | Ubuntu18.04 | v18.06.1 | v1.19.2 |
| worker02-2(暂未用) | 10.10.10.209/10.2.0.162 | Node | Ubuntu18.04 | v18.06.1 | v1.19.2 |
操作
修改 hosts 文件
在4个节点都修改。
$ sudo bash -c "cat >> /etc/hosts" << EOF
10.10.10.193 master
10.10.10.232 worker01
10.10.10.229 worker02-1
10.10.10.209 worker02-2
EOF设置用户名高亮
PS1="\[\e[37;40m\][\[\e[33;40m\]\u\[\e[37;40m\]@\h \[\e[36;40m\]\w\[\e[0m\]]\\$ "
#将上面这句添加到~/.bashrc里
然后启用
source ~/.bashrc关闭虚拟缓存 swap 分区
Kubernetes 1.8开始要求关闭系统的Swap,如果不关闭,默认配置下kubelet将无法启动。
查看swap是否开启
如果没开启,图上两处应都为0,如下半部分所示
在4个节点分别修改。
sudo swapoff -a #暂时关闭
nano /etc/fstab #永久关闭,注释掉swap那一行,推荐永久关闭
swappiness参数调整,修改/etc/sysctl.d/99-kubernetes-cri.conf添加下面一行:
| |
执行sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf使修改生效。
因为这里用于测试3台主机上还运行其他服务,关闭swap可能会对其他服务产生影响,所以这里修改kubelet的配置去掉这个限制。 使用kubelet的启动参数--fail-swap-on=false去掉必须关闭Swap的限制,修改/etc/sysconfig/kubelet,加入:
| |
二、Docker
4个节点均操作
Ⅰ、Docker环境准备
1.判断当前Ubuntu18.04系统是中否已经安装了docker:
# 查询是否安装过 curl
which curl
# 查询是否安装过 docker
which docker如果有安装则返回安装路径,否则没有任何输出。
2.如果之前安装过docker,需要完全卸载docker
# 1. 删除软件以及安装时自动安装的所有包
sudo apt-get autoremove docker docker-ce docker-engine docker.io containerd runc -y
# 2. 查看docker中其他没有卸载的包
dpkg -l | grep docker
# 3. 卸载没有删除的docker相关插件
sudo apt remove --purge docker-ce -y
sudo apt-get autoremove docker-ce-* -y
# 4. 删除docker的相关配置&目录
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
sudo rm -rf /var/run/docker*
# 5. 确认docker卸载完毕
docker --version
which docker
3.更新apt软件包索引并安装软件包以允许apt通过HTTPS使用存储库
# 先更新一下软件源库信息
sudo apt-get update
sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release \
software-properties-common
4.添加Docker的官方GPG密钥并配置稳定的仓库
!!! 官方仓库
# 添加 Docker 官方的 GPG 密钥(为了确认所下载软件包的合法性,需要添加软件源的 GPG 密钥)
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# 设置稳定版本的apt仓库地址
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"Ⅱ、Docker安装
方法一:使用存储库apt-get进行安装
- 安装指定版本:
sudo apt-get update
apt-cache madison docker-ce # 查看可安装的版本
sudo apt-get install docker-ce=18.06.1~ce~3-0~ubuntu # 安装docker18.06.1- 安装最新docker版本
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io -y # 安装最新版的docker
方法二:使用便捷脚本安装
本示例从get.docker.com下载脚本 并运行以在Linux上安装Docker的最新稳定版本:
# 方法一(官方)
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# 方法二(博主亲测)
curl -fsSL https://get.docker.com/ | sh
1.判断docker是否安装成功
docker --version
2.配置 Docker
# 设置 docker 配置文件,配置进行加速和 systemd
$ sudo bash -c "cat > /etc/docker/daemon.json" <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://wxnrx160.mirror.aliyuncs.com"]
}
EOF
# 启动 Docker
$ sudo systemctl daemon-reload && sudo systemctl restart docker && sudo systemctl enable docker
# 查看版本
$ sudo docker -v
# 查看 Docker 信息
$ sudo docker info
# 测试运行容器,提示运行成功
$ sudo docker run hello-world
Ⅲ、添加访问权限
这个时候运行docker时会出现下图所示的报错:
看一下权限
cd /var/run
ll | grep docker
# 输出如下
drwx------ 5 root root 120 5月 27 13:23 docker/
-rw-r--r-- 1 root root 4 5月 27 13:23 docker.pid
srw-rw---- 1 root docker 0 5月 27 13:21 docker.sock=
可以看到 docker.sock 的所有者是 docker 这个组。所以我们要把当前用户添加到这个组里。
# 将当前用户添加到docker用户组中
sudo gpasswd -a ${USER} docker重启docker
sudo service docker restart切换当前会话到新组
newgrp - docker注意:最后一步是必须的,因为 groups 命令获取到的是缓存的组信息,刚添加的组信息未能生效,所以 docker ps 执行时同样有错
运行效果图:
总结
一开始因为用户不在docker.sock的所有者组中,然后以为是报错问题。最后查看多个文档才发现,只是权限问题。
经过测试,无论用哪种方法安装完docker之后,最好重启系统一次。让docker的配置文件进行配置
目前安装以及卸载的完整教程就是以上的内容,以上绝大多数内容都经博主复制粘贴。
三、安装kubernetes
1.安装kubernetes
#使用root用户操作
sudo passwd root
su
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
sudo apt-get install -y kubelet=1.19.2-00 kubeadm=1.19.2-00 kubectl=1.19.2-00 kubernetes-cni # 安装特定版本
其中kubeadm用于初始化环境,kubectl用于操作kubelet。
2.设置开机启动
sudo systemctl enable kubelet && systemctl start kubelet
3.查看kubectl版本
kubectl version4.初始化集群
生成并配置 kubeadm-config.yaml 文件,、
在 master 节点操作
kubeadm init --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.10.10.193
注意注意注意!!!
后面apiserver-address填自己的
To start using your cluster, you need to run the following as a regular user:
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
!!非root用户执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubeadm join 192.168.1.210:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:28420287b1bf004630d89ede463f5cd25174b8af6ba31c64f7a0fff1c17fb4f5
###后续结点根据此条join集群。
# 配置集群访问
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 访问集群
$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 94s v1.18.8
出现问题:The connection to the server localhost:8080 was refused - did you specify the right host or port?
解决:
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
5.配置内部通信 flannel 网络
master和node都要配
1)下载kube-flannel.yml
由于直接下载会被墙,所以先在/etc/hosts文件添加一条
199.232.68.133 raw.githubusercontent.comKubernetes一共提供五种网络组件,可以根据自己的需要选择。我使用的Flannel网络,此处1.5.5和1.6.1也是不一样的,1.6.1加了RBAC。需要执行一下两个命令:
kubectl create -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel-rbac.yml
clusterrole "flannel" configured
clusterrolebinding "flannel" configured
kubectl create -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
serviceaccount "flannel" created
configmap "kube-flannel-cfg" created
daemonset "kube-flannel-ds" created然后通过wget下载
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
也可以将flannel从git上下载到本地。执行安装命令:
kubectl create -f /root/flannel/Documentation/kube-flannel-rbac.yml
kubectl create -f /root/flannel/Documentation/kube-flannel.yml
如果不执行rbac.yaml安装flannel会失败,出错信息如下:
E0404 08:42:23.017527 1 main.go:127] Failed to create SubnetManager: error retrieving pod spec for 'kube-system/kube-flannel-ds-21rx2': the server does not allow access to the requested resource (get pods kube-flannel-ds-wlr92)
————————————————
版权声明:本文为CSDN博主「ximenghappy」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/ximenghappy/article/details/70157361
2)加载配置文件
root@master:/etc# kubectl apply -f kube-flannel.yml
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created此时状态变为ready.
Ⅲ、子节点从别的集群变更到该集群
1.直接使用join命令会报错
[root@worker02-wl-2 /home/ubuntu]# kubeadm join 10.10.10.17:6443 --token ghem67.9rgivi3b61051tqn --discovery-token-ca-cert-hash sha256:1840d802ff598c0718a72c8885d62999edf6a1c7550a9f718450c5196785f7d3
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
[ERROR Port-10250]: Port 10250 is in use
[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
2.reset该子节点
[root@worker02-wl-2 /home/ubuntu]# kubeadm reset
[reset] Reading configuration from the cluster...
[reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
W1025 06:05:06.701017 5567 reset.go:99] [reset] Unable to fetch the kubeadm-config ConfigMap from cluster: failed to get config map: Get "https://10.10.10.193:6443/api/v1/namespaces/kube-system/configmaps/kubeadm-config?timeout=10s": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W1025 06:05:33.941743 5567 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]
The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d
The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.
If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.
The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
3.在master上生成新的token
[root@wl-master /home/ubuntu]# kubeadm token create --print-join-command
W1025 06:21:52.006399 9485 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 10.10.10.17:6443 --token nvclv1.zqnmbrn3logboc64 --discovery-token-ca-cert-hash sha256:1840d802ff598c0718a72c8885d62999edf6a1c7550a9f718450c5196785f7d34.在子节点上执行join命令
[root@worker02-wl-2 /home/ubuntu]# kubeadm join 10.10.10.17:6443 --token nvclv1.zqnmbrn3logboc64 --discovery-token-ca-cert-hash sha256:1840d802ff598c0718a72c8885d62999edf6a1c7550a9f718450c5196785f7d3
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
5.在master上查看新加入的node
[root@wl-master /home/ubuntu]# kubectl get node
NAME STATUS ROLES AGE VERSION
wl-master Ready master 5d16h v1.19.2
worker01-wl Ready <none> 5d16h v1.19.2
worker02-wl-1 Ready <none> 5d16h v1.19.2
worker02-wl-2 Ready <none> 20s v1.19.2
参考文章
————————————————
[1]参考链接:https://blog.csdn.net/weixin_42160053/article/details/117323487
[2]参考链接:https://blog.csdn.net/qq_51287641/article/details/118735742[3]参考链接:使用kubeadm部署Kubernetes 1.21 - 架构小白|青蛙小白|关注程序开发、互联网技术、云原生 (frognew.com)
1085
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
