ubuntu:18.04 TLS
1、关闭防火墙,禁用交换分区
#关闭防火墙
sudo ufw status
#禁用交换分区swap
sudo swapoff -a
#进入fstab注释掉swap那一行
vim /etc/fstab
2、安装docker
1)更换国内软件源,原本使用清华的源,发现不能安装,换到中国科技大学的源
sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak
sudo sed -i 's/mirrors.tuna.tsinghua.edu.cn/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo apt update
2)安装需要的包
sudo apt install apt-transport-https ca-certificates software-properties-common curl
3)添加 GPG 密钥,并添加 Docker-ce 软件源,这里还是以中国科技大学的 Docker-ce 源为例
curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu \
$(lsb_release -cs) stable"
4)添加成功后更新软件包缓存
sudo apt update
5)安装 Docker-ce
sudo apt install docker-ce
6)设置开机自启动并启动 Docker-ce(安装成功后默认已设置并启动,可忽略)
sudo systemctl enable docker
sudo systemctl start docker
7)测试运行
sudo docker run hello-world
8)添加当前用户到 docker 用户组,可以不用 sudo 运行 docker(可选)
sudo groupadd docker
sudo usermod -aG docker $USER
需要重新登录生效
9)测试添加用户组(可选)
docker run hello-world
国内可能不能访问或者访问国外网站比较慢,可以按照以下地址中评论区的方法安装:
runoob:https://www.runoob.com/docker/ubuntu-docker-install.html
网络没限制可以使用官网:
官网:https://docs.docker.com/install/linux/docker-ce/ubuntu/
3、安装k8s
中国科技大学的源没有k8s,添加阿里云上k8s的源
#使用root用户操作
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
4、使用kubeadm配置主节点
1)直接执行kubeadm init不成功
root@zhdan-1:/home/zhdan# kubeadm init
W1208 15:15:12.778168 20838 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W1208 15:15:12.778379 20838 version.go:102] falling back to the local client version: v1.16.3
[init] Using Kubernetes version: v1.16.3
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.5. Latest validated version: 18.09
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.16.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.16.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.16.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.16.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) , error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.3.15-0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:1.6.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
由于kubeadm init执行时会下载一些从谷歌服务器的docker镜像。
♦♦♦
Kubenetes默认Registries地址是k8s.gcr.io,很明显,在国内并不能访问gcr.io,因此在kubeadm v1.13之前的版本,安装起来非常麻烦,但是在1.13版本中终于解决了国内的痛点,其增加了一个–image-repository参数,默认值是k8s.gcr.io,我们将其指定为国内镜像地址:registry.aliyuncs.com/google_containers,其它的就可以完全按照官方文档来操作。
我们还需要指定–kubernetes-version参数,因为它的默认值是stable-1,会导致从https://dl.k8s.io/release/stable-1.txt下载最新的版本号,我们可以将其指定为固定版本来跳过网络请求。
♦♦♦
pod网络插件是必要安装,以便pod可以相互通信. 请提前确认自己需要使用的pod网络插件,以Flannel为例,为了使Flannel正常工作,执行kubeadm init命令时需要增加–pod-network-cidr=10.244.0.0/16参数
2)查看需要的镜像及其版本
root@zhdan-1:kubeadm config images list
W1208 15:00:00.772921 17681 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W1208 15:00:00.773129 17681 version.go:102] falling back to the local client version: v1.16.3
k8s.gcr.io/kube-apiserver:v1.16.3
k8s.gcr.io/kube-controller-manager:v1.16.3
k8s.gcr.io/kube-scheduler:v1.16.3
k8s.gcr.io/kube-proxy:v1.16.3
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2
可以看到版本是v1.16.3
3)执行kubeadm init
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.16.3 --pod-network-cidr=10.244.0.0/16
5、使用kubeadm配置工作节点
我们执行kubeadm init时,最后一行是:
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.1.105:6443 --token wt1rnd.g3ifm9e57m4dnuva
–discovery-token-ca-cert-hash sha256:812ddfe6d72d282939b121e25016cd1666aca9b0497e1b29dfd2a44280fef834
所以工作节点直接执行就行
kubeadm join 192.168.1.105:6443 --token wt1rnd.g3ifm9e57m4dnuva \
--discovery-token-ca-cert-hash sha256:812ddfe6d72d282939b121e25016cd1666aca9b0497e1b29dfd2a44280fef834
在主节点执行kubectl get nodes命令检查注册情况:
root@zhdan-1:/home/zhdan# kubectl get nodes
The connection to the server localhost:8080 was refused - did you specify the right host or port?
出现这个问题的原因是kubectl命令需要使用kubernetes-admin来运行
非root用户执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
root用户执行(仅本次有效),这个文件包含了登陆kubectl的验证信息:
export KUBECONFIG=/etc/kubernetes/admin.conf
可以设置永久的环境变量,这样下次登陆,kubectl就能直接连上本机的server,而不用再设置一次环境变量:
vim /etc/profile
末尾添加:
export KUBECONFIG=/etc/kubernetes/admin.conf
6、配置容器网络
网络插件选择:https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
这里选择Weave Net
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
7、查看k8s集群各节点注册情况
(base) zhdan@zhdan-1:~$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
zhdan-1 Ready master 22h v1.16.3
zhdan-2 Ready <none> 22h v1.16.3
zhdan-3 Ready <none> 22h v1.16.3
8、查看kube-system命名空间中system pods
(base) zhdan@zhdan-1:/etc/docker$ kubectl get po --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-58cc8c89f4-qqnjn 1/1 Running 0 22h
kube-system coredns-58cc8c89f4-qthck 1/1 Running 0 22h
kube-system etcd-zhdan-1 1/1 Running 0 22h
kube-system kube-apiserver-zhdan-1 1/1 Running 0 22h
kube-system kube-controller-manager-zhdan-1 1/1 Running 0 22h
kube-system kube-proxy-78qzn 1/1 Running 0 22h
kube-system kube-proxy-gtrpm 1/1 Running 0 22h
kube-system kube-proxy-lk6zg 1/1 Running 0 22h
kube-system kube-scheduler-zhdan-1 1/1 Running 0 22h
kube-system weave-net-2hbvq 2/2 Running 0 22h
kube-system weave-net-5twxt 2/2 Running 0 22h
kube-system weave-net-jwn2l 2/2 Running 0 22h
到这里,k8s集群搭建完毕。
参考:https://www.cnblogs.com/alamisu/p/10751418.html
来源:CSDN
作者:zhdan~
链接:https://blog.csdn.net/zhangdongan1991/article/details/103440806