ubuntu 搭建k8s集群

一. 預(yù)處理機(jī)器

1. 修改節(jié)點(diǎn)主機(jī)名

一定要避免節(jié)點(diǎn)重名,否則會(huì)導(dǎo)致加入節(jié)點(diǎn)后,master 無(wú)法發(fā)現(xiàn)node節(jié)點(diǎn)
master 節(jié)點(diǎn)

hostnamectl --static set-hostname k8s-master

node節(jié)點(diǎn)

hostnamectl --static set-hostname k8s-noden

執(zhí)行完畢后重啟或執(zhí)行下面的命令即可生效

hostname $hostname

2. 禁止 swap 分區(qū)

臨時(shí)關(guān)閉

swapoff -a

3. 關(guān)閉防火墻

ufw status

ufw disable

二. 安裝 docker-ce

已經(jīng)安裝 docker 的先刪除本機(jī)原有的 docker 或直接跳過(guò)本節(jié)

1. 一鍵安裝最新阿里云docker-ce腳本

#!/bin/bash
apt update
apt install apt-transport-https ca-certificates curl gnupg-agent  software-properties-common
sudo curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository \
   "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
apt update
apt install docker-ce docker-ce-cli containerd.io
docker --version

2. 分步安裝指定版本 docker-ce

a. 安裝必要的工具

apt update
apt install apt-transport-https ca-certificates curl gnupg-agent  software-properties-common

b. 安裝GPG 證書(shū)

sudo curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

c. 寫(xiě)入軟件源信息

add-apt-repository \
   "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

d. 安裝指定版本的 docker-ce
1. 更新
apt update
2. 查找指定版本的 docker-ce
apt-cache madison docker-ce
3. 安裝
apt install docker-ce=18.06.3~ce~3-0~ubuntu

3. 配置 docker-hub 源

國(guó)內(nèi)網(wǎng)絡(luò)拉取國(guó)外源時(shí)可能會(huì)失敗

vim /etc/docker/daemon.json
---------------------------------------------------
{
  "registry-mirrors": [
    "https://hub-mirror.c.163.com",
    "https://ustc-edu-cn.mirror.aliyuncs.com",
    "https://ghcr.io",
    "https://mirror.baidubce.com"
  ]
}

4. 重啟 docker

systemctl daemon-reload && systemctl restart docker

三. 安裝指定版本的kubeadm

#!/bin/bash
apt update && apt install apt-transport-https
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main"
apt-get update
apt-cache madison kubelet kubectl kubeadm |grep '1.15.4-00' 
apt install -y kubelet=1.15.4-00 kubectl=1.15.4-00 kubeadm=1.15.4-00

配置禁用 swap

vim /etc/default/kubelet
---------------------------------------------------
KUBELET_EXTRA_ARGS="--fail-swap-on=false"

重啟服務(wù)

systemctl daemon-reload && systemctl restart kubelet

四. 初始化集群

1. 啟動(dòng) master 節(jié)點(diǎn)

a. 初始化節(jié)點(diǎn)

kubeadm init \
  --kubernetes-version=v1.15.4 \
  --image-repository registry.aliyuncs.com/google_containers \
  --pod-network-cidr=10.24.0.0/16 \
  --ignore-preflight-errors=Swap

成功后會(huì)打印出類似下面的輸出,要保存起來(lái)

Your Kubernetes control-plane has initialized successfully!
Ω
To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.1.21:6443 --token xcczbg.zr6mb4dzlu6wdg6r \
    --discovery-token-ca-cert-hash sha256:3594158e202d0280512f8a3bab2de144b601fb3c7f928dcebc2556a55d673ff0

b. 執(zhí)行,以啟動(dòng)集群

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

c. 部署 k8s 網(wǎng)絡(luò)到集群,這里使用 flannel

flannel 介紹

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

2. 添加 node 到集群

init 時(shí)打印出來(lái)的命令

kubeadm join 192.168.1.21:6443 --token xcczbg.zr6mb4dzlu6wdg6r \
    --discovery-token-ca-cert-hash sha256:3594158e202d0280512f8a3bab2de144b601fb3c7f928dcebc2556a55d673ff0

3. 單節(jié)點(diǎn) k8s,默認(rèn) pod 不被調(diào)度在 master 節(jié)點(diǎn)

所以使用下面的命令可以使 master 被調(diào)度

kubectl taint nodes --all node-role.kubernetes.io/master-

4. dashboard

a. 將 dashboard pod 部署到集群

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml

b. 創(chuàng)建服務(wù)賬號(hào)

vim admin-user.yaml
---------------------------------------------------
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---------------------------------------------------

kubectl create -f admin-user.yaml

c. 綁定角色

vim admin-user-role-binding.yaml
---------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
 ---------------------------------------------------
kubectl create -f  admin-user-role-binding.yaml

d. 獲取 token

輸入一次下面的命令后會(huì)告訴你一個(gè) Name,替換下面的 b9bwj,記得保存生成的 token,后續(xù)登錄需要使用

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')Name: admin-user-token-b9bwj

e. 制作證書(shū)

grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt

grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key

openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

下載生成的 kubecfg.12,雙擊安裝證書(shū)

f. 進(jìn)入 dashboard

地址欄輸入:

https://192.168.3.101:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

五. 測(cè)試

1. 添加 nginx pod

  1. 進(jìn)入 dashboard
  2. 點(diǎn)擊右上角加號(hào) Create new resource
  3. 點(diǎn)擊Create from input
  4. 輸入
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: lab-ngx
    app: lab-ngx

spec:
  containers:
  - name: nginx
    image: nginx
    ports:
    -  containerPort: 80
  1. 調(diào)用 nginx
    這是第一步 init 時(shí)設(shè)置的 ip
    curl 10.24.0.6

六. 常見(jiàn)錯(cuò)誤

1. 節(jié)點(diǎn)主機(jī)名相同,節(jié)點(diǎn)加入 master 成功后,master 不顯示

a. 主機(jī)重名

hostnamectl --static set-hostname k8s-master
hostname $hostname

修改成功后先 reset 然后重新init,join 機(jī)器

2. 節(jié)點(diǎn) join 集群卡住

a. token 證書(shū)失效

查看證書(shū)時(shí)效

kubeadm token list

生成永久 token

kubeadm token create --ttl 0

查看 CA 證書(shū)

$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

根據(jù)新的 token 重新 join 集群

kubeadm join 192.168.3.206:6443 --token yev1gf.njaktxs6sqyml7kr \
    --discovery-token-ca-cert-hash sha256:9a3df0018f0c8d7c4d02aa7066c96f3180b668edbeefd381ad5b9b06819c56b4

3. 部署鏡像后,pod 不能正常啟動(dòng)

kubectl describe pod {POD_NAME} --namespace {NAMESPACE}
查看啟動(dòng)的錯(cuò)誤日志,搜索對(duì)應(yīng)錯(cuò)誤的解決方案

常見(jiàn)錯(cuò)誤

a. 修改 hostname 后沒(méi)有重啟

b. network: failed to set bridge addr: "cni0" already has an IP address different from 10.24.4.1/24

卸載網(wǎng)卡,它會(huì)自動(dòng)安裝

sudo ifconfig cni0 down
sudo ip link delete cnio
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

友情鏈接更多精彩內(nèi)容