学习kubernetes——搭建kubernetes集群

朴亨日 發表於 2019-12-25 21:57:00

学习k8s的最好方式是自己搭建一个k8s集群，并实际操作。按照官方教程，其实并不复杂，但是由于网络问题，很多软件和镜像无法下载，所以安装过程还是比较麻烦的。
　　学习k8s并不需要集群环境，个人电脑就可以搭建一个单机集群来学习。下面简单介绍下过程，会跳过比较简单的步骤，重点说下需要注意的事项
<h2>一、安装虚拟机和linux系统</h2>
　　虚拟机可以使用hyper-v，virtualbox，和vmware。我用的是VirtualBox 6.1.0版本，下载地址是https://www.virtualbox.org/wiki/Downloads。
　　系统用的是CentOS-7-x86_64-Minimal-1908。学习用的话建议使用Minimal，下载和安装都很快。下载地址是 http://isoredirect.centos.org/centos/7/isos/x86_64/，选择一个速度较快的镜像地址下载。
　　安装教程，网上很多，这里就不说了。需要建议的地方是，1、安装语言选择中文。2、软件选择最小安装，禁用KDUMP；配置网络连接
<img src="https://img2018.cnblogs.com/blog/1101848/201912/1101848-20191229095817365-1273065261.png">
 
 
　　注意：1、虚拟机配置中设置CPU个数为2或者以上
　　　　　2、内存设置为2G以上
　　　　　3、防火墙会给k8s集群带来一些问题，这里仅为学习用，可以直接关闭防火墙。systemctl stop firewalld & systemctl disable firewalld
　　　　　4、关闭Swap。执行swapoff -a可临时关闭，编辑/etc/fstab，注释掉包含swap的那一行即可，重启后可永久关闭
　　　　　5、关闭centos图形登录界面，systemctl set-default multi-user.target
　　　　　6、添加额外的网卡，仅主机(Host-Only)网络，这样就可以从主机之间访问虚拟机
<h2>二、安装docker</h2>
　　首先参考官方文档
　　https://docs.docker.com/install/linux/docker-ce/centos/#prerequisites
　　https://kubernetes.io/docs/setup/production-environment/container-runtimes/
 
<div class="cnblogs_code">
<pre># Install Docker CE
## Set up the repository
### Install required packages.
yum install yum-utils device-mapper-persistent-data lvm2

### Add Docker repository.
## 注意换成阿里云地址
yum-config-manager --add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

## Install Docker CE.
yum update && yum install \
containerd.io-1.2.10 \
docker-ce-19.03.4 \
docker-ce-cli-19.03.4

## Create /etc/docker directory.
mkdir /etc/docker

# Setup daemon.
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF

mkdir -p /etc/systemd/system/docker.service.d

# Restart Docker
systemctl daemon-reload
systemctl restart docker</pre>
</div>
 
　　设置开机启动
<div class="cnblogs_code">
<pre>systemctl start docker & systemctl enable docker</pre>
</div>
 
　　验证安装是否成功
<div class="cnblogs_code">
<pre>docker run hello-world</pre>
</div>
　　结果如下
<div class="cnblogs_code">
<pre>Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/get-started/</pre>
</div>
 
<h2>三、安装Kubernetes</h2>
　　官方文档https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
　　注意：需要改成国内的镜像地址
<div class="cnblogs_code">
<pre>cat <<EOF > /etc/yum.repos.d/kubernetes.repo

name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# Set SELinux in permissive mode (effectively disabling it)
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

systemctl enable --now kubelet</pre>
</div>
 
<div class="cnblogs_code">
<pre>cat <<EOF >/etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system</pre>
</div>
 
　　设置自启动
<div class="cnblogs_code">
<pre>systemctl enable kubelet && systemctl start kubelet</pre>
</div>
 
<h2>四、配置K8S单机集群</h2>
　　这里使用Calico方案来部署k8s单机集群
　　官方文档：https://docs.projectcalico.org/v3.11/getting-started/kubernetes/
　　初始换环境，并下载安装k8s镜像
<div class="cnblogs_code">
<pre>kubeadm init --pod-network-cidr=192.168.0.0/16</pre>
</div>
　　注意ip地址根据实际情况更改
　　由于这一步需要下载k8s的docker镜像，国内不用代理的话基本上是下载不下来的。所以这里会出错，出错的原因就是镜像pull失败。会出现类似下面的错误信息
<div class="cnblogs_code">
<pre>W1229 11:23:22.589295 1688 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W1229 11:23:22.590166 1688 version.go:102] falling back to the local client version: v1.17.0
W1229 11:23:22.590472 1688 validation.go:28] Cannot validate kube-proxy config - no validator is available
W1229 11:23:22.590492 1688 validation.go:28] Cannot validate kubelet config - no validator is available
Using Kubernetes version: v1.17.0
Running pre-flight checks
 : firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
Pulling images required for setting up a Kubernetes cluster
This might take a minute or two, depending on the speed of your internet connection
You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: Some fatal errors occurred:
 : failed to pull image k8s.gcr.io/kube-apiserver:v1.17.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
 : failed to pull image k8s.gcr.io/kube-controller-manager:v1.17.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
 : failed to pull image k8s.gcr.io/kube-scheduler:v1.17.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
 : failed to pull image k8s.gcr.io/kube-proxy:v1.17.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
 : failed to pull image k8s.gcr.io/pause:3.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
 : failed to pull image k8s.gcr.io/etcd:3.4.3-0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
 : failed to pull image k8s.gcr.io/coredns:1.6.5: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher</pre>
</div>
　　
　　执行这个解决防火墙警告
　　
<div class="cnblogs_code">
<pre>firewall-cmd --permanent --add-port=6443/tcp && sudo firewall-cmd --permanent --add-port=10250/tcp && sudo firewall-cmd --reload</pre>
</div>
 
　　失败信息中给出了pull失败的镜像地址。github上有人已经下载所有的镜像并上传到国内地址，可以从那下载。
　　github地址：https://github.com/anjia0532/gcr.io_mirror
　　镜像地址转换规则
　　
<div class="cnblogs_code">
<pre>gcr.io/namespace/image_name:image_tag
#eq
gcr.azk8s.cn/namespace/image_name:image_tag

# special
k8s.gcr.io/{image}/{tag} <==> gcr.io/google-containers/{image}/{tag} <==> gcr.azk8s.cn/namespace/image_name:image_tag </pre>
</div>
　　例如上面初始话下载失败的镜像地址是k8s.gcr.io/kube-apiserver:v1.17.0。
<div class="cnblogs_code">
<pre>k8s.gcr.io/kube-apiserver:v1.17.0
转换为
gcr.azk8s.cn/google-containers/kube-apiserver:v1.17.0</pre>
</div>
　　下载镜像
<div class="cnblogs_code">
<pre>docker pull gcr.azk8s.cn/google-containers/kube-controller-manager:v1.17.0
docker pull gcr.azk8s.cn/google-containers/kube-scheduler:v1.17.0
docker pull gcr.azk8s.cn/google-containers/kube-proxy:v1.17.0
docker pull gcr.azk8s.cn/google-containers/pause:3.1
docker pull gcr.azk8s.cn/google-containers/etcd:3.4.3-0
docker pull gcr.azk8s.cn/google-containers/coredns:1.6.5</pre>
</div>
 
　　由于，kubeadm init拉取的镜像地址是官方的地址，因此我们需要打对应的tag
<div class="cnblogs_code">
<pre>docker tag gcr.azk8s.cn/google-containers/kube-apiserver:v1.17.0 k8s.gcr.io/kube-apiserver:v1.17.0
docker tag gcr.azk8s.cn/google-containers/kube-controller-manager:v1.17.0 k8s.gcr.io/kube-controller-manager:v1.17.0
docker tag gcr.azk8s.cn/google-containers/kube-scheduler:v1.17.0 k8s.gcr.io/kube-scheduler:v1.17.0
docker tag gcr.azk8s.cn/google-containers/kube-proxy:v1.17.0 k8s.gcr.io/kube-proxy:v1.17.0
docker tag gcr.azk8s.cn/google-containers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag gcr.azk8s.cn/google-containers/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0
docker tag gcr.azk8s.cn/google-containers/coredns:1.6.5 k8s.gcr.io/coredns:1.6.5</pre>
</div>
　　同样的方式完成所有镜像的下载。
　　如果有多台服务器可以进行同样的操作。
 
　　设置主机域名
　　编辑/etc/hostname，将hostname修改为k8s-node1 　　编辑/etc/hosts，追加内容 IP k8s-node1
 
　　然后在主节点再次执行初始化，如果失败，可以先执行kubeadm reset
<div class="cnblogs_code">
<pre>kubeadm init --pod-network-cidr=192.168.0.0/16 ## 如果需要多个节点 kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=192.168.56.104 </pre>
</div>
　　继续执行
　　
<div class="cnblogs_code">
<pre>mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config</pre>
</div>
　　安装Calico
<div class="cnblogs_code">
<pre>kubectl apply -f https://docs.projectcalico.org/v3.11/manifests/calico.yaml</pre>
</div>
　　这一步也需要下载相应的calico镜像，也可能下载失败，大家可以去上面的yaml文件中，找到需要的镜像，然后搜索下载方式，这里就不说了。
　　验证是否成功
　　
<div class="cnblogs_code">
<pre>watch kubectl get pods --all-namespaces</pre>
</div>
　　结果如下就表示成功了
　　
<div class="cnblogs_code">
<pre>NAMESPACE NAME READYSTATUS RESTARTSAGE
kube-systemcalico-kube-controllers-6ff88bf6d4-tgtzb 1/1 Running0 2m45s
kube-systemcalico-node-24h85 1/1 Running0 2m43s
kube-systemcoredns-846jhw23g9-9af73 1/1 Running0 4m5s
kube-systemcoredns-846jhw23g9-hmswk 1/1 Running0 4m5s
kube-systemetcd-jbaker-1 1/1 Running0 6m22s
kube-systemkube-apiserver-jbaker-1 1/1 Running0 6m12s
kube-systemkube-controller-manager-jbaker-1 1/1 Running0 6m16s
kube-systemkube-proxy-8fzp2 1/1 Running0 5m16s
kube-systemkube-scheduler-jbaker-1 1/1 Running0 5m41s</pre>
</div>
　　如果calico-node出现ErrorImagePull等状态，就表示这个镜像没有下载成功，需要自己手动去国内镜像地址去下载，名称和版本号见https://docs.projectcalico.org/v3.11/manifests/calico.yaml
　　配置master节点为work节点
<div class="cnblogs_code">
<pre>kubectl taint nodes --all node-role.kubernetes.io/master-</pre>
</div>
　　结果如下
<div class="cnblogs_code">
<pre>node/<your-hostname> untainted</pre>
</div>
　　最后运行
　　
<div class="cnblogs_code">
<pre>kubectl get nodes -o wide</pre>
</div>
　　出现类型如下结果就表示成功了
<div class="cnblogs_code">
<pre>NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
<your-hostname> Ready master 52m v1.12.2 10.128.0.28 <none> Ubuntu 18.04.1 LTS 4.15.0-1023-gcp docker://18.6.1</pre>
</div>
 
　　 
来源：https://www.cnblogs.com/lilinwei340/p/12099217.html

頁: [1]

琼殿技术论坛's Archiver

学习kubernetes——搭建kubernetes集群