Linux学习-Kubernetes学习之kubernetes安装部署(一)
段晨
问题1:
[root@master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused
controller-manager Healthy ok
etcd-0 Healthy {"health":"true","reason":""}
解决方法:
#注释掉--port这一行,重新启动docker后正常
[root@master ~]# vim /etc/kubernetes/manifests/kube-scheduler.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-scheduler
tier: control-plane
name: kube-scheduler
namespace: kube-system
spec:
containers:
- command:
- kube-scheduler
- --authentication-kubeconfig=/etc/kubernetes/scheduler.conf
- --authorization-kubeconfig=/etc/kubernetes/scheduler.conf
- --bind-address=127.0.0.1
- --kubeconfig=/etc/kubernetes/scheduler.conf
- --leader-elect=true
# - --port=0
问题2:
#通过pull quay.io上面的flannel镜像无法下载
[root@master ~]# docker pull quay.io/coreos/flannel:v0.12.0-arm64
解决方法:
#先通过阿里云镜像仓库把镜像pull下来,通过docker tag对镜像进行更改名称,改成quay.io/coreos/flannel:v0.12.0-amd64
[root@master ~]# docker image pull registry.cn-shanghai.aliyuncs.com/leozhanggg/flannel:v0.12.0-amd64
[root@master ~]# docker image tag registry.cn-shanghai.aliyuncs.com/leozhanggg/flannel:v0.12.0-amd64 quay.io/coreos/flannel:v0.12.0-amd64
问题3:
#flannel镜像pull下来后无法自动启动为容器
解决方法:
#如kubelet服务启动时配置了flannel,配置完成后,需要重新启动kubelet服务和docker服务
问题4:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
[ERROR Swap]: running with swap on is not supported. Please disable swap
解决方法:
sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.bridge.bridge-nf-call-ip6tables=1
#在/etc/fstab中注释以下行
#/dev/mapper/centos-swap swap swap defaults 0 0
#注释完成后,执行一下mount -a让系统重新挂载一下
问题5:
#执行完kubeadm join 192.168.88.101:6443 --token 55g3ki.c7ysg9iprxmlc3qz --discovery-token-ca-cert-hash sha256:a6f421f6d71be76e02cc38aedf676c86c6af467669bf8f669d9a08c9da38f312 --ignore-preflight-errors="swap"--停止一直没有反应
解决办法:
#有可能是token过期,token是有时间限制的,可以在master机器上重新生成token
[root@master bak]# kubeadm token create --ttl 0
55g3ki.c7ysg9iprxmlc3qz
问题6:
# kubeadm join使用新的token后,出现以下提示
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.
解决方法:
#因为kubelet服务没有启动,启动kubelet服务即可
问题7:
#failed to run Kubelet: running with swap on is not supported, please disable swap
解决方法:
#第1种方法
vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
#第二种方法
#修改/etc/fstab中,注释以下行
#/dev/mapper/centos-swap swap swap defaults 0 0
问题8:
error: open /var/lib/kubelet/config.yaml: no such file or directory
解决方法:
#关键文件缺失,多发生于没有做 kubeadm init就运行了systemctl start kubelet。 要先成功运行kubeadm init
问题9:
error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"
解决方法:
#docker和k8s使用的cgroup不一致导致
[root@node1 pki]# vim /etc/docker/daemon.json
"exec-opts":["native.cgroupdriver=systemd"]
#这个文件将会被 kubeadm init 和 kubeadm join 用于为 kubelet 获取 额外的用户参数
[root@node1 pki]# vim /etc/default/kubelet
KUBELET_EXTRA_ARGS=--cgroup-driver=systemd
基于Centos7.5下kubeadm安装和部署kubernetes
kubernetes三种网络
- 宿主机网络
- Pod网络
- Service网络(集群网络)
使用三台虚拟机进行部署(一台master,两台node)
- 虚拟机IP
- master:192.168.88.101
- node1:192.168.88.102
- node2:192.168.88.103
- 修改/etc/hosts配置
#在三台虚拟机的/etc/hosts文件中添加主机名解析
192.168.88.101 master
192.168.88.102 node1
192.168.88.103 node2
- 禁用交换分区
#注释掉/etc/fstab中的swap这一行
#/dev/mapper/centos-swap swap swap defaults 0 0
- 确认三台虚拟机上时间同步
- 在/etc/yum.repos.d/目录下添加docker-ce.repo,kubernetes.repo
[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@master ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@master ~]# cat << EOF > /etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
> enabled=1
> gpgcheck=1
> repo_gpgcheck=1
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
#复制kubernetes.repo,docker-ce.repo至node1,node2节点
[root@master ~]# scp /etc/yum.repos.d/kubernetes.repo node1:/etc/yum.repos.d/
[root@master ~]# scp /etc/yum.repos.d/kubernetes.repo node2:/etc/yum.repos.d/
[root@master ~]# scp /etc/yum.repos.d/docker-ce.repo node2:/etc/yum.repos.d/
[root@master ~]# scp /etc/yum.repos.d/docker-ce.repo node1:/etc/yum.repos.d/
- 安装软件
#------------master,node1,node2------------------------------
#在master节点上安装以下程序
[root@master ~]# yum install -y docker-ce kubelet kubeadm kubectl
#启动docker,并设置开机启动
[root@master ~]# systemctl start docker
[root@master ~]# systemctl enable docker
#设置kubelet开机自启
[root@master ~]# systemctl enable kubelet
#------------master,node1,node2------------------------------
- 修改docker的服务启动文件
#------------master,node1,node2------------------------------
#修改bridge-iptables参数值为1(master,node1,node2都需要修改)
#修改配置文件永久的修改参数,在文件后面添加以下两行
[root@node2 ~]# vim /usr/lib/sysctl.d/50-default.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@master ~]# sysctl -w net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-iptables = 1
[root@master ~]# sysctl -w net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-ip6tables = 1
#------------master,node1,node2------------------------------
- kubeadm初使化
#初使化时需要修改docker的配置文件,添加"exec-opts"参数配置,因为docker默认为cgroupfs,会造成kubelet无法启动
[root@master ~]# cat /etc/docker/daemon.json
{
"registry-mirrors" : [
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com",
"https://cr.console.aliyun.com/"],
"live-restore":true,
"exec-opts":["native.cgroupdriver=systemd"]
}
#执行初使化
[root@master ~]# kubeadm init \
--apiserver-advertise-address=192.168.88.101 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.22.3 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
#初使化后记录最下面生成信息如下:
#需要在master端创建
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubeadm join 192.168.88.101:6443 --token tygrdl.na7rreiftug222le \
--discovery-token-ca-cert-hash sha256:a6f421f6d71be76e02cc38aedf676c86c6af467669bf8f669d9a08c9da38f312
- 在master上查看容器镜像
[root@master ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-apiserver v1.22.3 53224b502ea4 5 days ago 128MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.22.3 05c905cef780 5 days ago 122MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.22.3 0aa9c7e31d30 5 days ago 52.7MB
registry.aliyuncs.com/google_containers/kube-proxy v1.22.3 6120bd723dce 5 days ago 104MB
registry.aliyuncs.com/google_containers/etcd 3.5.0-0 004811815584 4 months ago 295MB
registry.aliyuncs.com/google_containers/coredns v1.8.4 8d147537fb7d 5 months ago 47.6MB
registry.aliyuncs.com/google_containers/pause 3.5 ed210e3e4a5b 7 months ago 683k
#查看组件状态
[root@master ~]# kubectl get componentstatus
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true","reason":""}
#查看节点信息,下面STATUS显示NotReady因为没有安装网络组件
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady control-plane,master 15h v1.22.3
#安装网络组件(https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml此链接有时会链接不上,)
#1.可以通过https://download.csdn.net/download/xuwenpeng/37762072下载flannel.yaml,然后执行kuberctl apply -f (文件目录/)flannel.yaml
#2.[root@master ~]# docker pull quay.io/coreos/flannel:v0.15.0
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
#网络安装完成后,重新启动kubelet服务和docker服务,再次查看Node状态
[root@master bak]# systemctl restart kubelet
[root@master bak]# systemctl daemon-reload
[root@master bak]# systemctl restart docker
[root@master bak]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f6cbbb7b8-djrpq 0/1 Completed 0 29h
coredns-7f6cbbb7b8-mp7d8 0/1 Completed 0 29h
etcd-master 1/1 Running 2 (2m26s ago) 29h
kube-apiserver-master 1/1 Running 2 (2m16s ago) 29h
kube-controller-manager-master 1/1 Running 2 (2m26s ago) 29h
kube-flannel-ds-n4tm4 1/1 Running 1 (2m26s ago) 13h
kube-proxy-2t7bk 1/1 Running 3 (2m16s ago) 29h
kube-scheduler-master 1/1 Running 2 (2m26s ago) 14m
[root@master bak]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 29h v1.22.3
#查看名称空间
[root@master bak]# kubectl get ns
NAME STATUS AGE
default Active 29h
kube-node-lease Active 29h
kube-public Active 29h
kube-system Active 29h
- 在node1,node2节点上执行加入
[root@node1 ~]# kubeadm join 192.168.88.101:6443 --token 55g3ki.c7ysg9iprxmlc3qz --discovery-token-ca-cert-hash sha256:a6f421f6d71be76e02cc38aedf676c86c6af467669bf8f669d9a08c9da38f312 --ignore-preflight-errors="swap"
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
#在master节点上查看加入情况
[root@master bak]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 30h v1.22.3
node1 Ready <none> 12m v1.22.3
node2 Ready <none> 4m15s v1.22.3
[root@master bak]# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-7f6cbbb7b8-djrpq 0/1 Completed 0 30h <none> master <none> <none>
coredns-7f6cbbb7b8-mp7d8 0/1 Completed 0 30h <none> master <none> <none>
etcd-master 1/1 Running 2 (49m ago) 30h 192.168.88.101 master <none> <none>
kube-apiserver-master 1/1 Running 2 (49m ago) 30h 192.168.88.101 master <none> <none>
kube-controller-manager-master 1/1 Running 2 (49m ago) 30h 192.168.88.101 master <none> <none>
kube-flannel-ds-dfvsb 1/1 Running 1 (13m ago) 18m 192.168.88.102 node1 <none> <none>
kube-flannel-ds-dv4xm 0/1 Init:1/2 0 114s 192.168.88.103 node2 <none> <none>
kube-flannel-ds-n4tm4 1/1 Running 1 (49m ago) 14h 192.168.88.101 master <none> <none>
kube-proxy-2t7bk 1/1 Running 3 (49m ago) 30h 192.168.88.101 master <none> <none>
kube-proxy-gn9nj 1/1 Running 1 (13m ago) 18m 192.168.88.102 node1 <none> <none>
kube-proxy-vz677 1/1 Running 0 114s 192.168.88.103 node2 <none> <none>
kube-scheduler-master 1/1 Running 2 (49m ago) 62m 192.168.88.101 master <none> <none>
类似资料: