最近安装kubernetes遇到不少困难,安装一路不顺,遇到各种奇奇怪怪的错误,总结起来主要有:
- k8s版本问题,不同版本安装差异非常大,一定要结合官方文档来搞,网上复制粘贴的安装教程几乎没有安装成功的可能性
- 容器问题,目前k8s最新版本使用的是containerd.io,不是docker了,相关配置得处理好
- k8s各种镜像的原始地址是在国外,要么改为阿里镜像,要么科学上网解决,前者如果有修改遗漏,将会有问题
- 遇到各种问题要保持耐心,除了不断谷歌之外,要不断总结,多问一下错误的原因
-
Centos基础配置
环境信息:
- CentOS Linux release 7.9.2009
- 内存:2G
- CPU:2核
- kubernetes版本:1.26.3
- 容器: containerd.io 1.6.18
更新系统,安装基础工具
1yum update -y && yum install vim -y && yum install wget -y && yum install telnet -y && yum install net-tools -y
- 设置hostname和hosts
1hostnamectl set-hostname node1
2
3cat <<EOF>> /etc/hosts
4192.168.100.101 node1
5192.168.100.102 node2
6192.168.100.103 node3
7EOF
- 调整内核参数
1cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
2overlay
3br_netfilter
4EOF
5
6sudo modprobe overlay
7sudo modprobe br_netfilter
8
9cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
10net.bridge.bridge-nf-call-iptables = 1
11net.bridge.bridge-nf-call-ip6tables = 1
12net.ipv4.ip_forward = 1
13EOF
14
15
16sudo sysctl --system
通过执行以下命令是否修改生效:
1lsmod | grep br_netfilter
2lsmod | grep overlay
3sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
- 禁用swap缓存,关闭 SELINUX
1swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
2setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
- 设置防火墙为 Iptables 并设置空规则
1systemctl stop firewalld && systemctl disable firewalld
2
3yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
- 安装网络插件
1wget https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
2mkdir -p /opt/cni/bin
3tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.2.0.tgz
4ls /opt/cni/bin
- 安装containerd运行时
1yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2yum install containerd -y
3systemctl start containerd
4systemctl enable containerd
运行ctr version 查看是否安装成功
- 修改containerd的配置 首先生成默认配置文件,
1containerd config default > /etc/containerd/config.toml
然后编辑文件,设置 SystemdCgroup = true
1[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
2 ...
3 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
4 SystemdCgroup = true
- 修改sandbox镜像地址 编辑/etc/containerd/config.toml,找到以下配置,替换成阿里云的镜像,否则完蛋
1 [plugins."io.containerd.grpc.v1.cri"]
2 <snip>
3 sandbox_image = "k8s.gcr.io/pause:3.2"
替换成:
1sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"
然后重启containerd服务,
1sudo systemctl restart containerd
- 安装 kubeadm, kubelet and kubectl
1cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
2[kubernetes]
3name=Kubernetes
4baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
5enabled=1
6gpgcheck=1
7gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
8exclude=kubelet kubeadm kubectl
9EOF
10
11# Set SELinux in permissive mode (effectively disabling it)
12sudo setenforce 0
13sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
14
15sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
16
17sudo systemctl enable --now kubelet
- 启动集群(仅仅主节点)
1kubeadm init --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=Master IP
2
3mkdir -p $HOME/.kube
4
5sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
6
7sudo chown $(id -u):$(id -g) $HOME/.kube/config
- 配置网络(仅仅主节点)
下载kube-flannel.yml
1wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
修改网卡,如果节点上有多个的话。- --iface=eth1
1containers:
2 - name: kube-flannel
3 image: quay.io/coreos/flannel:v0.10.0-amd64
4 command:
5 - /opt/bin/flanneld
6 args:
7 - --ip-masq
8 - --kube-subnet-mgr
9 - --iface=eth1
在主节点上应用。
1kubectl apply -f kube-flannel.yml
-
从节点加入集群
1kubeadm join 192.168.100:6443 --token 17zj6z.tunjafszlstdosvw --discovery-token-ca-cert-hash sha256:3c564886084f2d32d51fdbc2c40d7111b3818062adbbe0c9ccc28542ca37c399
第10步和第12步如果执行过程中如果出错需要重新执行,请执行kubeadm reset,同时记得执行$HOME/.kube/config,必要时清空iptables的规则
-
初体验
1kubectl create deployment nginx --image=nginx 2 3kubectl expose deployment nginx --port=80 --type=NodePort 4 5kubectl get pod,svc访问nginx:
1curl 集群IP:80 -
参考资料
https://kubernetes.io/docs/setup/production-environment/container-runtimes/ https://kubernetes.io/docs/setup/production-environment/tools/ kubernetes集群节点多网卡 Kuberbetes Pod间无法通信问题处理