k8s(一)—ubuntu安装部署k8s
<h4>1. 关闭swap、防火墙</h4><h4></h4>
<p># vim /etc/fstab,注释包含swap行并重启 <code class="hljs php"># systemctl stop ufw && systemctl disable ufw</code></p>
<h4></h4>
<h4 id="2配置阿里源">2. 配置阿里源</h4>
<p><code class="hljs php"><span class="hljs-keyword"># echo <span class="hljs-string">"deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" > /etc/apt/sources.<span class="hljs-keyword">list.d/kubernetes.<span class="hljs-keyword">list</span></span></span></span></code><code class="hljs php"></code><code class="hljs php"></code></p>
<p><code class="hljs php"># apt update</code> 如果遇到以下问题: 记录提示的PUBKEY的最后8位,这里是BA07F4FB,然后执行:</p>
<pre><code class="hljs dockerfile"># g#pg --keyserver keyserver.ubuntu.com --recv-keys BA07F4FB
# gpg --export --armor BA07F4FB | sudo apt-key <span class="hljs-keyword">add<span class="bash"> -
# apt update
</span></span></code></pre>
<h4 id="3-安装组件">3. 安装组件</h4>
<p><code class="hljs cmake"># sudo apt <span class="hljs-keyword">install -y kubelet kubeadm kubectl</span></code><code class="hljs cmake"> # apt-mark hold kubelet kubeadm kubectl </code></p>
<h4>4. 安装docker</h4>
<p>配置阿里源/etc/apt/sources.list,写入以下内容</p>
<p>deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse</p>
<p>deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse</p>
<p>deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse</p>
<p>deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse</p>
<p>deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse</p>
<p>deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse</p>
<p>deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse</p>
<p>deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse</p>
<p>deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse</p>
<p>deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse</p>
<p><span class="pln"><code class="hljs cmake"># apt install docker.io -y</code></span></p>
<h4 id="4-配置kubelet的cgroup-drive">5. 配置kubelet的cgroup drive</h4>
<p>需要确保kubelet的cgroup drive在docker的一致。 分别可以通过以下命令查看:</p>
<pre><code class="hljs nginx"><span class="hljs-attribute">docker <span class="hljs-literal">info | grep -i cgroup
cat /etc/systemd/system/kubelet.service.d/<span class="hljs-number">10-kubeadm.conf
</span></span></span></code></pre>
<p>若显示不一样,则添加或修改<code>Environment="KUBELET_CGROUP_ARGS=--cgroup-dirver=cgroupfs"</code>:</p>
<pre><code class="hljs nginx"><span class="hljs-attribute">systemctl daemon-reload
systemctl restart kubelet
</span></code></pre>
<h4 id="5-启动kubelet">6. 启动kubelet</h4>
<pre><code class="hljs dos">systemctl enable kubelet && systemctl <span class="hljs-built_in">start kubelet
</span></code></pre>
<h4 id="6-下载k8s的docker镜像">7. 下载K8S的Docker镜像</h4>
<p>使用<code>kubeadm config images list</code>显示需要下载的镜像 k8s.gcr.io/kube-apiserver:v1.18.12 k8s.gcr.io/kube-controller-manager:v1.18.12 k8s.gcr.io/kube-scheduler:v1.18.12 k8s.gcr.io/kube-proxy:v1.18.12 k8s.gcr.io/pause:3.2 k8s.gcr.io/etcd:3.4.3-0 k8s.gcr.io/coredns:1.6.7 然后替换镜像源为registry.cn-hangzhou.aliyuncs.com/google_containers拉取镜像</p>
<pre><code class="hljs less"># docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.12
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.12
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.12
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.12
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7</code></pre>
<p>然后修改tag 至此基础的组件安装完成,接下来要根据是master节点还是普通node节点来分别配置</p>
<h4 id="7-master节点配置">8. master节点配置</h4>
<pre><code class="hljs nginx"><span class="hljs-attribute"># kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.18.12 --pod-network-cidr=10.0.0.0/24 --apiserver-advertise-address=192.168.10.10<span class="hljs-number">5
</span></span></code></pre>
<p>注意: <code class="hljs http">--image-repository 设置镜像源</code></p>
<pre><code class="hljs http">--pod-network-cidr=10.0.0.0/24表示集群将使用网络的子网范围
<span class="sql"><span class="hljs-comment">--kubernetes-version=v1.18.12指定K8S版本
<span class="hljs-comment">--apiserver-advertise-address表示绑定的网卡IP,这里是master所在节点
若执行kubeadm init出错或强制终止,则再需要执行该命令时,需要先执行kubeadm <span class="hljs-keyword">reset重置
</span></span></span></span></code></pre>
<p>执行成功后,它提示还需要执行:</p>
<pre><code class="hljs perl"><span class="hljs-keyword"># mkdir -p $HOME/.kube
# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# sudo <span class="hljs-keyword">chown $(id -u):$(id -g) $HOME/.kube/config
</span></span></code></pre>
<p>此外最后还会提示其他节点加入集群时的命令:</p>
<pre><code class="hljs css"><span class="hljs-selector-tag"># kubeadm join 192.168.10.10:6443 --token xrlg63.d1h8o7an82qevjv6 \
--discovery-token-ca-cert-hash sha256:6085f8dc1d0e19f531e2a2feda136bd9aef28c840e62da636acc1b2ffb83a51d
</span></code></pre>
<p>不过需要注意的是这里的token值24小时后会失效,因此,当以后还想加入节点时,可以先用<code>kubeadm token list</code>命令查看当前的token表,并在master节点上执行<code>openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'</code>来查看hash 此时我们查看网络状态<code>kubectl get pod -n kube-system</code>,可以发现都处于Pending阻塞状态,此时,我们需要配置网络,直接使用Calico,即执行:</p>
<pre><code class="hljs groovy"># kubectl apply -f <span class="hljs-string">https:<span class="hljs-comment">//docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
# kubectl apply -f https://docs.projectcalico.org/v3.8/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
</span></span></code></pre>
<p>(注意这里也是有版本号的,如果不是很清楚是多少,可以直接访问官网获取最新的进行尝试:https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/) 过段时间,再执行<code>kubectl get pod -n kube-system</code>就会发现都处于running状态了。 最后将master设为工作节点:</p>
<pre><code class="hljs lua"># kubectl taint nodes <span class="hljs-comment">--all node-role.kubernetes.io/master-
</span></code></pre>
<p>执行成功时会显示</p>
<pre><code class="hljs">node/xl-virtualbox untainted
</code></pre>
<p>对于mater至此配置成功,可以使用<code>kubectl get nodes</code>命令查看节点状态。当然目前只有一个master节点。</p>
<h3 id="8普通工作节点">9. node节点</h3>
<p>对于普通的node节点,只需执行:</p>
<pre><code class="hljs css"><span class="hljs-selector-tag"># kubeadm <span class="hljs-selector-tag">join 10<span class="hljs-selector-class">.0<span class="hljs-selector-class">.2<span class="hljs-selector-class">.15<span class="hljs-selector-pseudo">:6443 <span class="hljs-selector-tag">--token <span class="hljs-selector-tag">zuhiop<span class="hljs-selector-class">.bmxq2jofv1j68o9o \
<span class="hljs-selector-tag">--discovery-token-ca-cert-hash <span class="hljs-selector-tag">sha256<span class="hljs-selector-pseudo">:b65ca09d1f18ef0af3ded2c831c609dfe48b19c5dc53a8398af5b735603828fb</span></span></span></span></span></span></span></span></span></span></span></span></code></pre>
<p>如果此时在master节点上使用<code>kubectl get nodes</code>查看节点的状态时'NotReady',请在对应主机上重启docker服务即可:</p>
<p><code class="hljs nginx"># <span class="hljs-attribute">systemctl restart docker</span></code></p><br><br>
来源:https://www.cnblogs.com/fisherbook/p/14277388.html
頁:
[1]