Kubernetes 安装手册（Ubuntu非高可用版）

时间 2021-08-13

标签 html node python linux nginx web docker shell bootstrap ubuntu 栏目 Ubuntu 繁體版

原文原文链接

安装前准备工做

1.设置hosts解析

操做节点：全部节点（k8s-master）均需执行html

修改hostname

# 在master节点
$ hostnamectl set-hostname k8s-master #设置master节点的hostname

# slave1节点
$ hostnamectl set-hostname k8s-worker-node1

# slave2节点
$ hostnamectl set-hostname k8s-worker-node2

2.调整系统配置

操做节点：全部的master和slave节点（k8s-master,k8s-slave）须要执行node

设置iptables

$ iptables -P FORWARD ACCEPT
$ /etc/init.d/ufw stop
$ ufw disable

*关闭swappython

swapoff -a
# 防止开机自动挂载 swap 分区
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

修改内核参数

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
vm.max_map_count=262144
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf

设置apt源

$ apt-get update && apt-get install -y apt-transport-https ca-certificates software-properties-common 
$ curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add 
$ add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
$ add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main"

$ apt-get update   
#若上步出现NO_PUBLICKEY问题，参考https://www.cnblogs.com/jiangzuo/p/13667011.html

3.安装docker

操做节点：全部节点linux

$ apt-get install docker-ce=5:20.10.8~3-0~ubuntu-bionic
## 启动docker
$ systemctl enable docker && systemctl start docker

部署kubernetes

1.安装 kubeadm,kubelet和kubectl

操做节点：全部的master和slave节点(k8s-master,k8s-slave) 须要执行nginx

$ apt-get install kubelet=1.21.1-00 kubectl=1.21.1-00 kubeadm=1.21.1-00
## 查看kubeadm 版本
$ kubeadm version
## 设置kubelet开机启动
$ systemctl enable kubelet

2.初始化配置文件

操做节点：只在master节点（k8s-master）执行web

$ kubeadm config print init-defaults > kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.136.138    # 修改成master节点ip
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: node     # 删掉此行，删掉此行，删掉此行
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers    # 修改此处镜像repo
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16		# 添加此行
  serviceSubnet: 10.96.0.0/12
scheduler: {}

3.提早下载镜像

操做节点：只在master节点（k8s-master）执行docker

# 提早下载镜像到本地
$ kubeadm config images pull --config kubeadm.yaml
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.21.0
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.4.1
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.4.13-0
failed to pull image "registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0": output: Error response from daemon: pull access denied for registry.aliyuncs.com/google_containers/coredns/coredns, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
, error: exit status 1
To see the stack trace of this error execute with --v=5 or higher

提示找不到coredns的镜像，咱们能够经过以下方式解决：shell

$ docker pull coredns/coredns:1.8.0
$ docker tag coredns/coredns:1.8.0 registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0

4.初始化master节点

操做节点：只在master节点（k8s-master）执行bootstrap

$ kubeadm init --config kubeadm.yaml

若初始化成功后，最后会提示以下信息：ubuntu

...
To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.136.138:6443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:3a7987c9f5007ebac7980e6614281ee0e064c760c8db012471f9f662289cc9ce

接下来按照上述提示信息操做，配置kubectl客户端的认证

mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

⚠️注意：此时使用 kubectl get nodes查看节点应该处于notReady状态，由于还未配置网络插件

若执行初始化过程当中出错，根据错误信息调整后，执行kubeadm reset后再次执行init操做便可

5.添加slave节点到集群中

操做节点：全部的slave节点（k8s-slave）须要执行
在每台slave节点，执行以下命令，该命令是在kubeadm init成功后提示信息中打印出来的，须要替换成实际init后打印出的命令。

kubeadm join 192.168.136.135:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:1c4305f032f4bf534f628c32f5039084f4b103c922ff71b12a5f0f98d1ca9a4f

6.安装calico插件

操做节点：只在master节点（k8s-master）执行

安装operator

$ kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml

等待operator pod安装启动完成

$ kubectl -n tigera-operator get po
NAME                               READY   STATUS    RESTARTS   AGE
tigera-operator-698876cbb5-kfpb2   1/1     Running   0          38m

镜像拉取比较慢，能够手动去节点docker pull拉取

编辑calico配置

$ vim custom-resources.yaml
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  name: default
spec:
  # Configures Calico networking.
  calicoNetwork:
    # Note: The ipPools section cannot be modified post-install.
    ipPools:
    - blockSize: 26
      cidr: 10.244.0.0/16        #修改和pod cidr一致
      encapsulation: VXLANCrossSubnet
      natOutgoing: Enabled
      nodeSelector: all()

---

# This section configures the Calico API server.
# For more information, see: https://docs.projectcalico.org/v3.20/reference/installation/api#operator.tigera.io/v1.APIServer
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
  name: default
spec: {}

建立calico配置

$ kubectl apply -f custom-resources.yaml

等待operator自动建立calico的pod

# operator会自动建立calico-apiserver和calico-system两个命名空间以及必要的pod，等待pod启动完成便可
$ kubectl get ns
NAME               STATUS   AGE
calico-apiserver   Active   13m
calico-system      Active   19m

$ kubectl -n calico-apiserver get po
NAME                                READY   STATUS    RESTARTS   AGE
calico-apiserver-554fbf9554-b6kzv   1/1     Running   0          13m

$ kubectl -n calico-system get po
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-868b656ff4-hn6qv   1/1     Running   0          20m
calico-node-qqrp9                          1/1     Running   0          20m
calico-node-r45z2                          1/1     Running   0          20m
calico-typha-5b64cf4b48-vws5j              1/1     Running   0          20m
calico-typha-5b64cf4b48-w6wqf              1/1     Running   0          20m

7.验证集群

操做节点：在master节点（k8s-master）执行

$ kubectl get nodes  #观察集群节点是否所有Ready

建立测试nginx服务

$ kubectl run  test-nginx --image=nginx:alpine

查看pod是否建立成功，并访问pod ip测试是否可用

$ kubectl get po -o wide
NAME                          READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
test-nginx-5bd8859b98-5nnnw   1/1     Running   0          9s    10.244.1.2   k8s-slave1   <none>           <none>
$ curl 10.244.1.2
...
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

8.清理环境

若是你的集群安装过程当中遇到了其余问题，咱们能够使用下面的命令来进行重置：

# 在所有集群节点执行
kubeadm reset
ifconfig cni0 down && ip link delete cni0
ifconfig flannel.1 down && ip link delete flannel.1
rm -rf /run/flannel/subnet.env
rm -rf /var/lib/cni/
mv /etc/kubernetes/ /tmp
mv /var/lib/etcd /tmp
mv ~/.kube /tmp
iptables -F
iptables -t nat -F
ipvsadm -C
ip link del kube-ipvs0
ip link del dummy0