Kubernetes 基于sealos创建k8s集群
<h2 id="实践环境">实践环境</h2><p>openEuler-22.03-LTS-SP4</p>
<p>registry.cn-shanghai.aliyuncs.com/labring/kubernetes:v1.27.16</p>
<p>registry.cn-shanghai.aliyuncs.com/labring/helm:v3.8.2</p>
<p>registry.cn-shanghai.aliyuncs.com/labring/cilium:v1.14.4</p>
<p>https://github.com/labring/sealos/releases/download/v5.1.1/sealos_5.1.1_linux_amd64.tar.gz</p>
<h2 id="简介">简介</h2>
<p>Sealos是一个简单的 Golang 二进制文件,可用于快速部署Kubernetes集群</p>
<ul>
<li>
<p>支持在线和离线安装,适用于amd64和arm64架构的 K8s 集群。</p>
</li>
<li>
<p>支持节点管理和分布式应用安装。</p>
</li>
<li>
<p>支持Containerd和Docker运行时。</p>
</li>
</ul>
<ul>
<li>支持大多数 Linux 发行版,例如:Ubuntu、CentOS、Rocky linux。</li>
<li>支持 Docker Hub 中的所有 Kubernetes 版本。</li>
<li>支持使用 Containerd 作为容器运行时。</li>
</ul>
<h2 id="先决条件">先决条件</h2>
<p>以下是一些基本的安装要求:</p>
<ul>
<li>
<p>每个集群节点的主机名保持唯一,且主机名不要带下划线。</p>
</li>
<li>
<p>所有节点的时间需要保持一致。</p>
</li>
<li>
<p>建议使用干净的操作系统来创建集群。<strong>不要自己装 Docker!</strong></p>
</li>
<li>
<p>主节点内存 尽量大于等于3 G,否则运行时可能因为内存不足报错</p>
<pre><code>: the system RAM (1427 MB) is less than the minimum 1700 MB
</code></pre>
</li>
<li>
<p>建议不要创建<code>/var</code>分区,如果主节点有创建<code>/var</code>分区,建议配置50G以上,用于存储相关镜像,其它worker节点如果有创建<code>/var</code>分区,也建议配置大一点20G以上</p>
</li>
</ul>
<h2 id="前置准备">前置准备</h2>
<p>1、同步所有集群节点的时间</p>
<p>2、修改所集群节点的主机名</p>
<p>配置示例--设置节点 192.168.88.141的主机名</p>
<pre><code class="language-shell"># hostnamectl set-hostname 192-168-88-141
</code></pre>
<p>3、 关闭防火墙</p>
<pre><code class="language-shell"># systemctl stop firewalld
# systemctl disable firewalld
</code></pre>
<p>4、选择k8s集群镜像版本</p>
<p>浏览器打开 Registry Explorer ,可以查看 K8s 集群镜像的所有版本:</p>
<p>输入 <code>registry.cn-shanghai.aliyuncs.com/labring/kubernetes</code>,然后点击“提交”:</p>
<p><img src="https://img2024.cnblogs.com/blog/1569452/202602/1569452-20260201230257984-560390998.png" alt="image-20260116234000274" loading="lazy"></p>
<p>就会看到这个集群镜像的所有 tag。</p>
<p>Docker Hub 同理,输入 <code>docker.io/labring/kubernetes</code> 即可查看所有 tag。</p>
<blockquote>
<p>注意:K8s 的小版本号越高,集群越稳定。例如 v1.29.x,其中的 x 就是小版本号。建议使用小版本号比较高的 K8s 版本。本文截止前,v1.27 最高的版本号是 v1.27.16,而 v1.31 最高的版本号是 v1.31.9,所以建议使用 v1.27.16。你需要根据实际情况来选择最佳的 K8s 版本</p>
</blockquote>
<p>5、明确适配所选k8s版本的 <code>labring/helm</code> 和<code>labring/cilium</code>镜像版本</p>
<p>6、下载 Sealos并配置</p>
<p>手动下载地址:https://github.com/labring/sealos/releases</p>
<p>注意</p>
<p>1、<strong>Sealos的版本需要适配k8s集群镜像版本</strong>,详情参见:集群镜像版本支持说明</p>
<p><strong>2、建议使用稳定版本例如<code>v4.3.0</code>。像 <code>v4.3.0-rc1</code>、<code>v4.3.0-alpha1</code> 这样的版本是预发布版,请谨慎使用。</strong></p>
<p><strong>3、master节点执行</strong></p>
<p>这里选择下载二进制</p>
<pre><code class="language-shell"># wget https://github.com/labring/sealos/releases/download/v5.1.1/sealos_5.1.1_linux_amd64.tar.gz && tar -zxvf sealos_5.1.1_linux_amd64.tar.gz sealos && chmod +x sealos && mv sealos /usr/bin/
</code></pre>
<p>说明:如果无法直接下载(比如在内网,无法直接访问网络),可以外网下载然后再上传服务器执行解压等操作。</p>
<p>参考连接:https://sealos.run/docs/k8s/quick-start/install-cli</p>
<p>4、master执行</p>
<pre><code>yum install -y socat
</code></pre>
<p>解决安装过程中出现告警:<code>: socat not found in system path</code></p>
<p>5、</p>
<h2 id="安装k8s集群">安装K8S集群</h2>
<h3 id="方式1在线安装">方式1、在线安装</h3>
<p>master节点上执行</p>
<pre><code class="language-shell"># sealos run registry.cn-shanghai.aliyuncs.com/labring/kubernetes:v1.22.17 registry.cn-shanghai.aliyuncs.com/labring/helm:v3.8.2 registry.cn-shanghai.aliyuncs.com/labring/cilium:v1.14.4 \
--masters 192.168.88.139 \
--nodes 192.168.88.140,192.168.88.141 -p testpwd@316
</code></pre>
<p><strong>注意:labring/helm 应当在 labring/cilium 之前。</strong></p>
<p><strong>参数说明</strong>:</p>
<ul>
<li><code>--masters IP列表</code> K8s master 节点地址列表,如果有多个master节点即多个IP地址,IP之间用英文逗号分隔,形如 192.168.64.2,192.168.64.2</li>
<li><code>--nodes IP列表</code> K8s node 节点地址列表,地址之间用英文逗号分隔</li>
<li><code>-p 节点ssh登录密码</code></li>
</ul>
<p><strong>遇到问题</strong></p>
<p>实际安装过程中,遇到过安装失败的情况,错误提示如下:</p>
<pre><code> Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
Initial timeout of 40s passed.
Unfortunately, an error has occurred:
timed out waiting for the condition
This error is likely caused by:
- The kubelet is not running
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)
If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
- 'systemctl status kubelet'
- 'journalctl -xeu kubelet'
Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI.
Here is one example how you may list all Kubernetes containers running in cri-o/containerd using crictl:
- 'crictl --runtime-endpoint unix:///run/containerd/containerd.sock ps -a | grep kube | grep -v pause'
Once you have found the failing container, you can inspect its logs with:
- 'crictl --runtime-endpoint unix:///run/containerd/containerd.sock logs CONTAINERID'
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher
2026-01-17T02:32:51 error Applied to cluster error: failed to init masters: init master0 failed, error: exit status 1. Please clean and reinstall
Error: failed to init masters: init master0 failed, error: exit status 1. Please clean and reinstall
</code></pre>
<p>查看<code>kubelet</code> 状态如下</p>
<pre><code class="language-shell"># systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: active (running) since Sat 2026-01-17 02:17:08 CST; 5min ago
Docs: http://kubernetes.io/docs/
Process: 2221 ExecStartPre=/usr/bin/kubelet-pre-start.sh (code=exited, status=0/SUCCESS)
Main PID: 2237 (kubelet)
Tasks: 13 (limit: 15376)
Memory: 42.7M
CGroup: /system.slice/kubelet.service
└─ 2237 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runti>
Jan 17 02:22:32 192-168-88-139 kubelet: E0117 02:22:32.852248 2237 kubelet.go:2456] "Error getting node" err="node \"192-168-88-139\" not found"
.....
</code></pre>
<p>查看kubelet系统日志,发现存在以下类似以下错误</p>
<pre><code>Jan 17 11:32:37 192-168-88-139 kubelet: I0117 11:32:37.489925280750 dynamic_cafile_content.go:155] "Starting controller" name="client-ca-bundle::/etc/kubernetes/pki/ca.crt"
Jan 17 11:32:37 192-168-88-139 kubelet: E0117 11:32:37.495435280750 certificate_manager.go:471] kubernetes.io/kube-apiserver-client-kubelet: Failed while requesting a signed certificate from the control plane: cannot create certificate signing request: Post "https://apiserver.cluster.local:6443/apis/certificates.k8s.io/v1/certificatesigningrequests": dial tcp 192.168.88.139:6443: connect: connection refused
</code></pre>
<pre><code>Jan 17 11:33:51 192-168-88-139 kubelet: E0117 11:33:51.604218280750 pod_workers.go:951] "Error syncing pod, skipping" err="failed to \"CreatePodSandbox\" for \"kube-apiserver-192-168-88-139_kube-system(7eb23211a94fd3a4a50291a818fefe89)\" with CreatePodSandboxError: \"Failed to create sandbox for pod \\\"kube-apiserver-192-168-88-139_kube-system(7eb23211a94fd3a4a50291a818fefe89)\\\": rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/k8s.io/23a20fe1613712213d8ff67507c9c81639cc6d75d63b6728682df689a0f9a970/log.json: no such file or directory): fork/exec /usr/bin/runc: exec format error: unknown\"" pod="kube-system/kube-apiserver-192-168-88-139" podUID=7eb23211a94fd3a4a50291a818fefe89
</code></pre>
<p>说明:当然除了上述错误日志还有其它非关键错误日志,笔者排查后选择性忽略了。</p>
<p>查看文件</p>
<pre><code class="language-shell"># file /usr/bin/runc
/usr/bin/runc: ASCII text, with no line terminators
</code></pre>
<p>初步断定 <code>/usr/bin/runc</code> 文件生成失败,导致kubelet无法正常运行,从而导致主节点注册失败</p>
<p><strong>解决方法</strong></p>
<p>先执行以下命令,清理k8s集群,然后重新运行上述安装命令,</p>
<pre><code class="language-shell"># sealos reset
</code></pre>
<p>安装过程中(出现<code>: fork/exec /usr/bin/runc: exec format error: unknown</code>错误时),手动下载runc文件并替换</p>
<pre><code class="language-shell"># wget https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64 -O /usr/bin/runc
</code></pre>
<p>问题:为啥不是在运行sealos前替换呢?因为sealos会动态创建该文件,运行前替换会被覆盖。</p>
<p>集群安装好后,查看集群节点状态,如下发现存在非就绪状态节点</p>
<pre><code class="language-shell"># kubectl get nodes
NAME STATUS ROLES AGE VERSION
192-168-88-139 Ready control-plane,master 27m v1.22.17
192-168-88-140 NotReady <none> 27m v1.22.17
192-168-88-141 NotReady <none> 27m v1.22.17
</code></pre>
<p>查看 kubelet 系统日志,发现存在以下关键错误日志</p>
<pre><code>Jan 17 12:41:32 192-168-88-139 kubelet: E0117 12:41:32.954702302969 kuberuntime_manager.go:819] "CreatePodSandbox for pod failed" err="rpc error: code = Unknown desc = failed to setup network for sandbox \"2f60f86855778cfab8037eb27d657ff3254bc58c1ecfc206dd984cfe41978f43\": plugin type=\"cilium-cni\" failed (add): unable to connect to Cilium daemon: failed to create cilium agent client after 30.000000 seconds timeout: Get \"http://localhost/v1/config\": dial unix /var/run/cilium/cilium.sock: connect: no such file or directory\nIs the agent running?" pod="kube-system/coredns-7bdbbf6bf5-99cf4"
Jan 17 12:41:32 192-168-88-139 kubelet: E0117 12:41:32.954738302969 pod_workers.go:951] "Error syncing pod, skipping" err="failed to \"CreatePodSandbox\" for \"coredns-7bdbbf6bf5-99cf4_kube-system(7f589667-5cac-4c4c-b993-459318dfb8bd)\" with CreatePodSandboxError: \"Failed to create sandbox for pod \\\"coredns-7bdbbf6bf5-99cf4_kube-system(7f589667-5cac-4c4c-b993-459318dfb8bd)\\\": rpc error: code = Unknown desc = failed to setup network for sandbox \\\"2f60f86855778cfab8037eb27d657ff3254bc58c1ecfc206dd984cfe41978f43\\\": plugin type=\\\"cilium-cni\\\" failed (add): unable to connect to Cilium daemon: failed to create cilium agent client after 30.000000 seconds timeout: Get \\\"http://localhost/v1/config\\\": dial unix /var/run/cilium/cilium.sock: connect: no such file or directory\\nIs the agent running?\"" pod="kube-system/coredns-7bdbbf6bf5-99cf4" podUID=7f589667-5cac-4c4c-b993-459318dfb8bd
Jan 17 12:41:34 192-168-88-139 kubelet: E0117 12:41:34.758111302969 cadvisor_stats_provider.go:415] "Partial failure issuing cadvisor.ContainerInfoV2" err="partial failures: [\"/system.slice/kubelet.service\": RecentStats: unable to find data in memory cache]"
</code></pre>
<p>根据日志分析可知<code>cilium</code>运行状态异常,导致节点资源监控(cAdvisor)数据收集受阻,属于连带问题, 查看其pod状态,发现全部异常</p>
<pre><code class="language-shell"># kubectl get pods -n kube-system | grep cilium
cilium-2s77x 0/1 Init:0/6 0 34m
cilium-operator-6778f57859-ls6qn 0/1 ContainerCreating 0 34m
cilium-rqr6f 0/1 Running 8 (6m42s ago) 34m
cilium-wbjf7 0/1 Init:0/6 0 34m
</code></pre>
<p>查看pod事件,发现以下错误</p>
<pre><code>Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 34m default-schedulerSuccessfully assigned kube-system/cilium-2s77x to 192-168-88-141
WarningFailedCreatePodSandBox34m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create containerd task: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/k8s.io/655252912fe2c7336eb25a1d57e78a7bcaff2fb7a98890c11000454dd10d2b7b/log.json: no such file or directory): fork/exec /usr/bin/runc: exec format error: unknown
</code></pre>
<p>解决方法:每个节点上执行以下命令,手动替换<code>runc</code> 二进制</p>
<pre><code class="language-shell"># wget https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64 -O /usr/bin/runc
</code></pre>
<p>然后重启<code>cilium</code> daemonset</p>
<pre><code class="language-shell"># kubectl rollout restart daemonset cilium -n kube-system
</code></pre>
<p>再次检测节点状态,如下,都正常。至此集群部署成功。</p>
<pre><code class="language-shell">#kubectl get nodes
NAME STATUS ROLES AGE VERSION
192-168-88-139 Ready control-plane,master 55m v1.22.17
192-168-88-140 Ready <none> 54m v1.22.17
192-168-88-141 Ready <none> 54m v1.22.17
</code></pre>
<h3 id="方式2离线安装">方式2:离线安装</h3>
<p>离线环境只需要提前导入镜像,其它步骤与在线安装一致。</p>
<p>kubernetes为例,首先在有网络的环境中导出集群镜像:</p>
<pre><code class="language-shell"># sealos pull registry.cn-shanghai.aliyuncs.com/labring/kubernetes:v1.22.17
# sealos save -o kubernetes.tar registry.cn-shanghai.aliyuncs.com/labring/kubernetes:v1.22.17
</code></pre>
<p>导入镜像并安装,将 kubernetes.tar 拷贝到离线环境,使用 load 命令导入镜像即可:</p>
<pre><code class="language-shell"># sealos load -i kubernetes.tar
sealos images # 查看集群镜像是否导入成功
</code></pre>
<p>剩下的安装方式与在线安装的步骤一致:</p>
<pre><code class="language-shell"># run registry.cn-shanghai.aliyuncs.com/labring/kubernetes:v1.22.17 registry.cn-shanghai.aliyuncs.com/labring/helm:v3.8.2 registry.cn-shanghai.aliyuncs.com/labring/cilium:v1.14.4 \
--masters 192.168.88.139 \
--nodes 192.168.88.140,192.168.88.141 -p testpwd@316
</code></pre>
<p>也可以不用 load 命令导入镜像,直接运行以下启动命令即可安装 K8s:</p>
<pre><code class="language-shell"># sealos run kubernetes.tar helm.tar cilium.tar
--masters 192.168.88.139 \
--nodes 192.168.88.140,192.168.88.141 -p testpwd@316
</code></pre>
<h3 id="_"></h3>
<h2 id="按需安装其它分布式应用">按需安装其它分布式应用</h2>
<p>示例:</p>
<pre><code class="language-shell">sealos run registry.cn-shanghai.aliyuncs.com/labring/openebs:v3.9.0 # install openebs
sealos run registry.cn-shanghai.aliyuncs.com/labring/minio-operator:v4.5.5 registry.cn-shanghai.aliyuncs.com/labring/ingress-nginx:4.1.0
</code></pre>
<p>这样Minio,openebs 等应用都有了,不用关心所有的依赖问题。</p>
<h2 id="附sealos其它功能命令简介">附:sealos其它功能命令简介</h2>
<h3 id="增加-k8s-节点">增加 K8s 节点</h3>
<p>增加 node 节点:</p>
<pre><code class="language-shell">$ sealos add --nodes 192.168.88.142,192.168.88.143
</code></pre>
<p>增加 master 节点:</p>
<pre><code class="language-shell">$ sealos add --masters 192.168.88.137,192.168.88.138
</code></pre>
<h3 id="删除-k8s-节点">删除 K8s 节点</h3>
<p>删除 node 节点:</p>
<pre><code class="language-shell">$ sealos delete --nodes 192.168.88.142,192.168.88.143
</code></pre>
<h3 id="删除-master-节点">删除 master 节点:</h3>
<pre><code class="language-shell">$ sealos delete --masters 192.168.88.137,192.168.88.138
</code></pre>
<h3 id="清理-k8s-集群">清理 K8s 集群</h3>
<pre><code class="language-shell">$ sealos reset
</code></pre>
<p>更多用法,查看命令帮助 <code>sealos --help</code></p>
<h2 id="参考链接">参考链接</h2>
<p>https://sealos.run/docs/k8s/quick-start/deploy-kubernetes</p>
</div>
<div id="MySignature" role="contentinfo">
<div id="AllanboltSignature">
<p id="PSignature" style="border: #330066 1px dashed; padding: 5px 10px; font-family: 微软雅黑; font-size: 11px">
<span style="margin-left: 5px; font-weight: bold">作者:授客</span>
<br>
<span style="margin-left: 5px; font-weight: bold">微信/QQ:1033553122
<br>
<span style="margin-left: 5px; font-weight: bold">全国软件测试QQ交流群:7156436</span></span>
<br>
<span style="margin-left: 5px; font-weight: bold">Git地址:https://gitee.com/ishouke</span>
<br>
<span style="margin-left: 5px; font-weight: bold">友情提示:<span>限于时间仓促,文中可能存在错误,欢迎指正、评论!</span>
<br>
<span><span style="margin-left: 5px; font-weight: bold; color: red">作者五行缺钱,如果觉得文章对您有帮助,请扫描下边的二维码打赏作者,金额随意</span>,您的支持将是我继续创作的源动力,<span style="margin-left: 10px; font-weight: bold; color: red">打赏后如有任何疑问,请联系我!!!</span></span>
<br>
<span> 微信打赏
支付宝打赏 全国软件测试交流QQ群 <br>
<img src="https://www.cnblogs.com/images/cnblogs_com/shouke/1368383/t_%E5%BE%AE%E4%BF%A1%E6%94%B6%E6%AC%BE%E7%A0%81.bmp">
<img src="https://www.cnblogs.com/images/cnblogs_com/shouke/1368383/t_%E6%94%AF%E4%BB%98%E5%AE%9D%E6%94%B6%E6%AC%BE%E7%A0%81.bmp">
<img src="https://www.cnblogs.com/images/cnblogs_com/shouke/1368383/t_qq%E7%BE%A4.bmp">
</span></span></p>
</div><br><br>
来源:https://www.cnblogs.com/shouke/p/19561751
頁:
[1]