小学校园网站建设方案,logo网站推介,市场营销实务,wordpress wp_head前言市面上很多k8s的安装工具#xff0c;作为产品的设计者和推广者#xff0c;K8S组织也知道自己的产品部署起来十分的困难#xff0c;于是把开源爱好者写的工具kubeadmn收编为正规军#xff0c;纳入到了自己的麾下。为什么我们要用kubeadmn来部署#xff1f;因为kubeadm不…前言市面上很多k8s的安装工具作为产品的设计者和推广者K8S组织也知道自己的产品部署起来十分的困难于是把开源爱好者写的工具kubeadmn收编为正规军纳入到了自己的麾下。为什么我们要用kubeadmn来部署因为kubeadm不仅直接相关的命令简单到只有两条而且还可以放生产环境使用这里有个前提需要能很好的理解K8S的各个组件处理好它们的关系说人话就是能干看得懂、玩得转。官方文档有中文教程K8S最新版本1.26已经弃用了docker做自己的运行时笔者还没有摸索出来怎么部署这里就以老版本的1.18为例子来讲解我的演示环境系统centos7.6CPU2核内存2G最好是2核4G20G硬盘如果你想模拟更多的生产环境过程部署比如jenkins、nginx、MySQL等最好提升一下虚拟机配置否则可能无法运行那么多的pod。 因为是演示环境所以这里操作的是单节点。集群节点我会写备注环境配置 [集群的node节点这一步也需要执行]# yum源改为阿里云
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo# vim配置
echo -e set paste
set expandtab
set ts4 ~/.vimrc# 一些工具
yum install net-tools vim telnet lsof -y# k8s用阿里云源这样速度快一些
echo #k8s
[kubernetes]
nameKubernetes
baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled1
gpgcheck0
/etc/yum.repos.d/kubernetes.repo#
setenforce 0
sed -i s/SELINUXenforc.*/SELINUXdisabled/g /etc/selinux/config
cat EOF /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables 1
net.bridge.bridge-nf-call-iptables 1
EOF
sysctl --system# 关闭swap
swapoff -a
sed -ri s/.*swap.*/#/ /etc/fstab
free -m |grep Swap
# 关闭防火墙
systemctl stop firewalld systemctl disable firewalld部署 docker [集群的node节点这一步也需要执行]yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io
mkdir /etc/docker
cat /etc/docker/daemon.json EOF
{registry-mirrors: [https://6ijb8ubo.mirror.aliyuncs.com],exec-opts: [native.cgroupdriversystemd],log-driver: json-file,log-opts: {max-size: 100m}
}
EOFsystemctl daemon-reload
systemctl restart docker.service
systemctl enable docker.service
docker info | grep Cgroup Driver部署kubeadm [集群的node节点这一步也需要执行]yum install -y kubelet-1.18.2 kubeadm-1.18.2 kubectl-1.18.2
systemctl enable kubelet systemctl start kubelet#查看需要依赖的镜像版本
kubeadm config images listkubeadm 部署的时候默认从k8s.gcr.io拉取镜像对于国内用户来说要么速度慢要么无法下载换成阿里云的镜像如何换笔者猜kubeadm理论上是调用了docker pull命令那么就跟自己手动没什么区别。# 通过这个命令可以获取到需要拉取的镜像名称
kubeadm config images list | awk -F/ /k8s.gcr.io/{print $2}cat ~/pull_image.sh EOF
#!/bin/bash
for imageName in \$(kubeadm config images list | awk -F/ /k8s.gcr.io/{print \$2}) ; dodocker pull registry.cn-hangzhou.aliyuncs.com/google_containers/\${imageName}docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/\${imageName} k8s.gcr.io/\${imageName}docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/\${imageName}
done
EOF看下已经拉取下来的镜像k8s.gcr.io开头的都是刚刚拉取的镜像文件kubeadm初始化 master# kubeadm config print init-defaults /opt/kubeadm-config.yaml
kubeadm init --pod-network-cidr10.244.0.0/16 --kubernetes-versionv1.18.2 21 | tee kubeadm-init.log这执行真一步的时候我遇到了报错, [init] Using Kubernetes version: v1.18.2
[preflight] Running pre-flight checks[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 23.0.1. Latest validated version: 19.03
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using kubeadm config images pull
error execution phase preflight: [preflight] Some fatal errors occurred:[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.18.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: dial tcp 142.250.157.82:443: i/o timeout
, error: exit status 1[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.18.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.18.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.18.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: dial tcp 142.250.157.82:443: i/o timeout
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors...
To see the stack trace of this error execute with --v5 or higher我猜如果你到这里也是报错了请看上面截图的输出kube.*组件版本号是不是也是v1.18.20如果是的话我感觉这里可能是正则匹配的问题, kubeadm出错了,没关系手动tag一下把镜像改为1.18.2即可就可以走通了。接着往下mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get pod -A # 即可看到pod启动了查看组件状态kubectl get componentstatuses部署网络组件为什么有pod状态是pending这个是因为网络组件没有安装。wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 下载之后本地执行命令, 虚拟机无法下载的话翻墙浏览器打开URL
kubectl apply -f kube-flannel.yml不能下载的话可以复制下面的内容---
kind: Namespace
apiVersion: v1
metadata:name: kube-flannellabels:pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: flannel
rules:
- apiGroups:- resources:- podsverbs:- get
- apiGroups:- resources:- nodesverbs:- get- list- watch
- apiGroups:- resources:- nodes/statusverbs:- patch
- apiGroups:- networking.k8s.ioresources:- clustercidrsverbs:- list- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: flannel
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: flannel
subjects:
- kind: ServiceAccountname: flannelnamespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:name: flannelnamespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:name: kube-flannel-cfgnamespace: kube-flannellabels:tier: nodeapp: flannel
data:cni-conf.json: |{name: cbr0,cniVersion: 0.3.1,plugins: [{type: flannel,delegate: {hairpinMode: true,isDefaultGateway: true}},{type: portmap,capabilities: {portMappings: true}}]}net-conf.json: |{Network: 10.244.0.0/16,Backend: {Type: vxlan}}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-dsnamespace: kube-flannellabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linuxhostNetwork: truepriorityClassName: system-node-criticaltolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cni-pluginimage: docker.io/flannel/flannel-cni-plugin:v1.1.2#image: docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.2command:- cpargs:- -f- /flannel- /opt/cni/bin/flannelvolumeMounts:- name: cni-pluginmountPath: /opt/cni/bin- name: install-cniimage: docker.io/flannel/flannel:v0.21.2#image: docker.io/rancher/mirrored-flannelcni-flannel:v0.21.2command:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: docker.io/flannel/flannel:v0.21.2#image: docker.io/rancher/mirrored-flannelcni-flannel:v0.21.2command:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: 100mmemory: 50MisecurityContext:privileged: falsecapabilities:add: [NET_ADMIN, NET_RAW]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: EVENT_QUEUE_DEPTHvalue: 5000volumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/- name: xtables-lockmountPath: /run/xtables.lockvolumes:- name: runhostPath:path: /run/flannel- name: cni-pluginhostPath:path: /opt/cni/bin- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg- name: xtables-lockhostPath:path: /run/xtables.locktype: FileOrCreate这个时候各节点就正常了加入node节点这一部分网络上很多暂时没什么可说的部署记录到这里就结束了。QApod coredns 状态异常答检查一下firewalld状态 systemctl status firewalld.service看看是不是之前的步骤中忘记了执行关闭防火墙这一步。node节点显示NotReady并且describe之后显示Node node06 status is now: NodeHasSufficientPID答检查一下是不是之前在node节点要执行的步骤没有执行导致node节点没有docker镜像欢迎小伙伴就部署中碰到的问题与我交流你可能会想看这些文章k8s集群恢复与重启
