配置网络
wxx@k8s-master01:~$ more /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
ens33:
dhcp4: no
dhcp6: no
addresses:
- 192.168.223.11/24
nameservers:
addresses:
- 8.8.8.8
- 192.168.223.2
routes:
- to: default
via: 192.168.223.2
netplan apply
version: 2
renderer: networkd
安装ping chrony
apt install chrony iputils-ping
配置时间服务器 yum源
echo "server ntp.aliyun.com iburst" >> /etc/chrony/chrony.conf
sed -i 's/http:\/\/cn.archive.ubuntu.com/http:\/\/mirrors.aliyun.com/g' /etc/apt/sources.list
禁用swap
swapoff -a
sed -ri 's+(^/swap.*)+# \1+g' /etc/fstab
配置docker-ce仓库
apt -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt update
安装docker-ce : apt install docker-ce apt install docker-ce=5:23.0.3-1~ubuntu.22.04~jammy
docker 优化
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://xzxhosvl.mirror.aliyuncs.com"],
"dns": ["8.8.8.8"],
"insecure-registries": ["harbor.wxx.com:8888"],
"exec-opts":["native.cgroupdriver=systemd"],
"storage-driver": "overlay2",
"log-driver": "json-file",
"log-opts": {
"max-size": "200m"
}
}
systemctl daemon-reload && systemctl start docker.service &&systemctl enable docker.service
安装 cri-dockerd
curl -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd_0.3.1.3-0.ubuntu-jammy_amd64.deb
apt install ./cri-dockerd_0.3.1.3-0.ubuntu-jammy_amd64.deb
systemctl status cri-docker.service
安装 kubelet kubeadm kubectl
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
整合kubelet和cri-dockerd
仅支持CRI规范的kubelet需要经由遵循该规范的cri-dockerd完成与docker-ce的整合。
配置cri-dockerd
配置cri-dockerd,确保其能够正确加载到CNI插件。编辑/usr/lib/systemd/system/cri-docker.service文件,确保其[Service]配置段中的ExecStart的值类似如下内容。
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d
sed -ri 's+(^ExecStart.*)+\1 --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d+g' /usr/lib/systemd/system/cri-docker.service
配置完成后,重载并重启cri-docker.service服务。
systemctl daemon-reload && systemctl restart cri-docker.service
配置kubelet
mkdir /etc/sysconfig
vim /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"
初始化master节点(在master01上完成如下操作)
kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers
114 docker image pull registry.aliyuncs.com/google_containers/pause:3.6
115 docker image tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6
116 docker images
117 docker image tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.9
kubeadm config images pull --cri-socket unix:///run/cri-dockerd.sock --image-repository=registry.aliyuncs.com/google_containers
方式亿 kubeadm init --control-plane-endpoint="kubeapi.wxx.com" --kubernetes-version=v1.28.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0 --cri-socket unix:///run/cri-dockerd.sock --upload-certs --image-repository=registry.aliyuncs.com/google_containers
方式2
vim k8s_init.yaml
############################################################################
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
kind: InitConfiguration
localAPIEndpoint:
# 这里的地址即为初始化的控制平面第一个节点的IP地址;
advertiseAddress: 192.168.223.11
bindPort: 6443
nodeRegistration:
criSocket: unix:///run/cri-dockerd.sock
imagePullPolicy: IfNotPresent
# 第一个控制平面节点的主机名称;
name: k8s-master01.wxx.com
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
# 控制平面的接入端点,我们这里选择适配到kubeapi.wxx.com这一域名上;
controlPlaneEndpoint: "kubeapi.wxx.com:6443"
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.27.1
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
# 用于配置kube-proxy上为Service指定的代理模式,默认为iptables;
mode: "ipvs"
############################################################################
将上面的内容保存于配置文件中,例如kubeadm-config.yaml,而后执行如下命令即能实现类似前一种初始化方式中的集群初始配置,但这里将Service的代理模式设定为了ipvs。
kubeadm init --config k8s_init.yaml --upload-certs
部署flanel网络插件
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
添加工作节点
添加工作节点后 工作节点一直notready,使用journalctl -f -u kubelet.service排查原因是k8s默认去官网下载registry.k8s.io/pause:3.6 我们需要
在阿里下载后 重新打标签。docker image pull registry.aliyuncs.com/google_containers/pause:3.6
docker image tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6
错误二 卡在Running pre-flight checks 一般是token国企如果是token过期问题,重新生成一下token在加入进去就行了 kubeadm token create --ttl 0
kubeadm join kubeapi.wxx.com:6443 --token head5g.bq1xpg670oc3pvkv --discovery-token-ca-cert-hash sha256:0059f4ce07f3606a766dd106574b1fb63f693bf58462ccf212b82d2b34a8832c --cri-socket unix:///run/cri-dockerd.sock
kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers
114 docker image pull registry.aliyuncs.com/google_containers/pause:3.6
115 docker image tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6
116 docker images
117 docker image tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.9
--cri-socket unix:///run/cri-dockerd.sock
kubeadm config images pull --cri-socket unix:///run/cri-dockerd.sock --image-repository=registry.aliyuncs.com/google_containers _containers
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kuboard
namespace: kuboard
spec:
ingressClassName: nginx
rules:
- host: kuboard.magedu.com
http:
paths:
- path: /
backend:
service:
name: kuboard-v3
port:
number: 80
pathType: Prefix