ubuntu18.04安装kubernetes
本机:CPU 4核,8G内存,系统Ubuntu 18.04.3 LTS。
关闭swap
swap打开的情况下,kubelet无法正常运行,journalctl -xefu kubelet可查看日志;
关闭swap主要是为了性能考虑,kubernetes的想法是将实例紧密包装到尽可能接近100%。 所有的部署应该与CPU /内存限制固定在一起。 所以如果调度程序发送一个pod到一台机器,它不应该使用交换。 设计者不想交换,因为它会减慢速度。
关于swap的讨论1,2
$sudo swapoff -a
$ free -h
total used free shared buff/cache available
Mem: 7.7G 2.3G 3.3G 633M 2.0G 4.5G
Swap: 0B 0B 0B
安装kubeadm
$ sudo apt update && sudo apt install -y apt-transport-https
$ curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
在/etc/apt/sources.list.d/kubernetes.list中添加aliyun的镜像地址
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
然后运行如下命令
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
安装之后查看版本
$ kubelet --version
Kubernetes v1.16.2
其他组件安装
Kubernetes主要由以下几个核心组件组成:
- etcd保存了整个集群的状态;
- apiserver提供了资源操作的唯一入口,并提供认证、授权、访问控制、API注册和发现等机制;
- controller manager负责维护集群的状态,比如故障检测、自动扩展、滚动更新等;
- scheduler负责资源的调度,按照预定的调度策略将Pod调度到相应的机器上;
- kubelet负责维护容器的生命周期,同时也负责Volume(CVI)和网络(CNI)的管理;
- Container runtime负责镜像管理以及Pod和容器的真正运行(CRI);
- kube-proxy负责为Service提供cluster内部的服务发现和负载均衡;
kubeadm init这个命令帮助你启动跟Master相关的组件APIServer、Etcd、Scheduler、Controller-Manager等。由于官方镜像地址被墙,所以我们需要首先获取所需镜像以及它们的版本。然后从国内镜像站获取。
手动拉取镜像的方法如下(不推荐该方法,推荐使用--image-repository参数):
$ kubeadm config images list
W1021 16:18:10.509898 18535 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W1021 16:18:10.509999 18535 version.go:102] falling back to the local client version: v1.16.2
k8s.gcr.io/kube-apiserver:v1.16.2
k8s.gcr.io/kube-controller-manager:v1.16.2
k8s.gcr.io/kube-scheduler:v1.16.2
k8s.gcr.io/kube-proxy:v1.16.2
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2
新建脚本从azure 镜像仓库拉取镜像,脚本内容如下:
images=( # 下面的镜像应该去除"k8s.gcr.io/"的前缀
kube-apiserver:v1.16.2
kube-controller-manager:v1.16.2
kube-scheduler:v1.16.2
kube-proxy:v1.16.2
pause:3.1
etcd:3.3.15-0
coredns:1.6.2
)
for imageName in ${images[@]} ; do
docker pull gcr.azk8s.cn/google_containers/$imageName
docker tag gcr.azk8s.cn/google_containers/$imageName k8s.gcr.io/$imageName
docker rmi gcr.azk8s.cn/google_containers/$imageName
done
以上方法比较繁琐,如果想直接从国内镜像仓库拉取镜像,可以增加参数--image-repository registry.aliyuncs.com/google_containers。
镜像拉取之后,执行kubeadm init,需要指明pod网络可以使用的IP地址段,即‘--pod-network-cidr’,如果安装flannel,参数为--pod-network-cidr=10.244.0.0/16,安装calico,参数为‘--pod-network-cidr=192.168.0.0/16’。
$ sudo kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=0.0.0.0 --image-repository registry.aliyuncs.com/google_containers
W1021 16:48:34.519499 697 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W1021 16:48:34.519580 697 version.go:102] falling back to the local client version: v1.16.2
[init] Using Kubernetes version: v1.16.2
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.3. Latest validated version: 18.09
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR DirAvailable--var-lib-etcd]: /var/lib/etcd is not empty
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
以上错误应该是之前通过rancher安装过k8s,运行过kubeadm init导致无法通过前置检查,可以运行kubeadm reset,也可以选择忽略此前置检查错误--ignore-preflight-errors=DirAvailable--var-lib-etcd,或者忽略所有的检查错误--ignore-preflight-errors=all。
$ sudo kubeadm reset
$ systemctl restart kubelet
$ sudo kubeadm init --pod-network-cidr=192.168.0.0/16
<.skip..>
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.0.4.138:6443 --token wy0tyv.ayarzeeykfv2xfdd \
--discovery-token-ca-cert-hash sha256:8f621f384379c430340ef58ca1ea6c1fad1d1ebbec567a78de5f0b4572549b7e
按照提示设置普通账户权限
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看安装情况
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-5644d7b6d9-4zzqj 0/1 Pending 0 67m
kube-system coredns-5644d7b6d9-xvr58 0/1 Pending 0 67m
kube-system etcd-zml 1/1 Running 0 66m
kube-system kube-apiserver-zml 1/1 Running 0 66m
kube-system kube-controller-manager-zml 1/1 Running 0 66m
kube-system kube-proxy-fl79f 1/1 Running 0 67m
kube-system kube-scheduler-zml 1/1 Running 0 66m
发现所有的coredns pod都处于Pending状态,我们还需要安装Pod Network插件, kubeadm only supports Container Network Interface (CNI) based networks (and does not support kubenet). 这里使用calico网络
$ kubectl apply -f https://docs.projectcalico.org/v3.10/manifests/calico.yaml
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-6d85fdfbd8-l6pfw 1/1 Running 0 6m55s
kube-system calico-node-ql7gs 1/1 Running 0 6m55s
kube-system coredns-5644d7b6d9-4pwb2 1/1 Running 0 17m
kube-system coredns-5644d7b6d9-l69wv 1/1 Running 0 17m
kube-system etcd-zml 1/1 Running 0 17m
kube-system kube-apiserver-zml 1/1 Running 0 16m
kube-system kube-controller-manager-zml 1/1 Running 0 17m
kube-system kube-proxy-8nl2b 1/1 Running 0 17m
kube-system kube-scheduler-zml 1/1 Running 0 17m
所有的pod状态都变为Running
设置master节点也可以运行pod,master node参与工作负载 (只在主节点执行)。使用kubeadm初始化的集群,出于安全考虑Pod不会被调度到Master Node上,也就是说Master Node不参与工作负载。这里搭建的是测试环境可以使用下面的命令使Master Node参与工作负载: zml 是master节点的hostname.允许master节点部署pod,使用命令如下:
$ kubectl taint nodes --all node-role.kubernetes.io/master-
node/zml untainted
- 输出error: taint “node-role.kubernetes.io/master:” not found错误忽略。
- 禁止master部署pod
$ kubectl taint nodes k8s node-role.kubernetes.io/master=true:NoSchedule
获取节点状态
$ kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
zml Ready master 32m v1.16.2 192.0.4.138 <none> Ubuntu 18.04.3 LTS 4.15.0-65-generic docker://19.3.3
到此,说明kubernetes安装完成啦。
部署Dashboard UI
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
不能访问国外网站,请参考http://www.yanzuoguang.com/article/920.html。
Creating sample user,
$ kubectl apply -f dashboard-admin.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
dashboard-admin.yaml内容如下:
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
获取登录TOKEN
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-gxt7q
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: c91be2ce-9bf8-4952-baa0-02502b88514f
Type: kubernetes.io/service-account-token
Data
====
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImZLWlBRenZRSkREbjhBU3FOcTJjeEhwbFEzcGFhNGJ5Vlg4RU9uOVVtRG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWd4dDdxIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjOTFiZTJjZS05YmY4LTQ5NTItYmFhMC0wMjUwMmI4ODUxNGYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.HciWSZUhHpwVDjegxYvUsglOId6ooyn83PuyvwTQnnuI8_J_G7bwkC1XDU6WGJim7P1LoL2BtVSVV-Lgl16eZxhKg9LlLsdUwG5g6EUZTBoqbhogBpA7-OVkhehrftRodHun9qRvFSND470DSSfpJEj-5pu35Cw1HeLGwj7FCLaJ_Tuxgx-txhM160N7f59Zmt9Dj_FGLPKFMm-6HN4aUsl-dqigL53jXVgeIsEk3AJtTD9OaWRRRDYqViwGRlRg1pg5gePm_XWSH0RdlIExV0GaO6TLISYGBhKLmnDO9xNEnvHcdeANWlifBD5S4Risy1hi05vx43DHVbHJcx4X1A
ca.crt: 1025 bytes
开启代理:
kubectl proxy
访问http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/, 输入以上token即可登录;
查看占用资源
参考
- Creating a single control-plane cluster with kubeadm
- Goto Kubernetes
- azure 镜像仓库
- Kubernetes网络插件对比分析(Flannel、Calico、Weave)
- Quickstart for Calico on Kubernetes
- Web UI (Dashboard)
本文由 创作,采用 知识共享署名4.0 国际许可协议进行许可。本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名。最后编辑时间为: 2021/02/17 01:27