Kubernetes以kubeadm引导方式在ubuntu18.04上安装
【摘要】 引言:云原生技术在改变部署和运维的同时,也在改变着设计与开发。随着AIoT技术的到来,CNCF中包括Kubernetes、KubeEdge等毕业项目在CBSE的项目中,作为重要的中间件存在。本文记录了一次Kubernetes集群的简单安装,最终所有pods变为running状态,所有的nodes变为Ready状态时,隐隐感觉到了Kubernetes的神奇和强大。概述:准备两台机器,操作系统至...
引言:
云原生技术在改变部署和运维的同时,也在改变着设计与开发。随着AIoT技术的到来,CNCF中包括Kubernetes、KubeEdge等毕业项目在CBSE的项目中,作为重要的中间件存在。本文记录了一次Kubernetes集群的简单安装,最终所有pods变为running状态,所有的nodes变为Ready状态时,隐隐感觉到了Kubernetes的神奇和强大。
概述:
准备两台机器,操作系统至少ubuntu18.04版本以上,内核linux4.15以上。对于一个小白来说,最好且免费的学习资料是官网,首先了解到kubernetes的基本组成和安装时使用到的kubeadm,kubectl,kubelet等工具,按照官网的步骤一步步操作的过程中,发现kubernetes其实是系统分析师备考或者华为HCIE等考试中网络和安全方面的知识的最佳实操项目之一,kubernetes里面涉及到了ca证书、cni网络通信等知识,有必要后续实操中重点了解其原理,不仅有利于实践,也是考试中涉及到的重要的内容。实操过程中,涉及到一些国内源的问题,包括apt source.list、containerd源、kubernetes源、calico源等。安装过程的最后发现pods报错,最终找到原因是flannel源的问题,后来才切换到了calico,因为calico的国内源要好用一些。
具体操作记录:
# Kubernetes安装与使用
## 组成
* kubenetes:
* kube-apiserver
* kube-controller-manager
* kube-scheduler
* etcd
* kubeadm:用来初始化集群的指令
* 无类域间路由CIDR(Classless Inter-Domain Routing):kubeadm通常预留serviceSubnet的第10个CIDR给CoreDNS
* kubelet:在集群中的每个节点上用来启动Pod和容器
* 容器运行时接口CRI(Container Runtime Interface):
* containerd:Linux上套接字为/run/containerd/containerd.sock
* CRI-O
* Docker Engine
* 控制组CGroup:
* cgroupfs:kubelet和containerd默认的控制组驱动
* systemd:ubuntu18.04系统默认的控制组驱动
* 沙箱:
* pause镜像:Kubernetes Pod的基础容器
* 容器网络接口CNI(Container Network Interface)插件:
* Dashboard
* Calico
* Flannel
* kubectl:用来与集群通信的命令行工具
## kubeadm引导方式在ubuntu18.04上安装Kubernetes v1.30.7
<details><summary>基础系统配置</summary>
* timedatectl set-timezone Asia/Shanghai
* timedatectl set-local-rtc 0
* systemctl restart rsyslog
* systemctl stop firewalld
* systemctl disable firewalld
* hostnamectl set-hostname k8s-01
* hostnamectl status
* sudo tee -a /etc/hosts <<EOF
127.0.0.1 $(hostname)
EOF
* sudo cat /sys/class/dmi/id/product_uuid
* /etc/fstab文件中注释掉与/swapfile相关的行
* cat /proc/swaps
* sudo tee -a /etc/systemd/resolv.conf <<EOF
nameserver 114.114.114.114
nameserver 8.8.8.8
EOF
* systemctl restart systemd-resolved.service
</details>
<details><summary>镜像源设置</summary>
* sudo tee /etc/apt/sources.list <<EOF
deb https://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
\# deb https://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
\# deb-src https://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF
* sudo apt-get update
</details>
<details><summary>安装containerd</summary>
* ps -p 1 -o comm=
* sudo apt-get install containerd
* sudo mkdir -p /etc/containerd
* containerd config default | sudo tee /etc/containerd/config.toml
* /etc/containerd/config.toml文件中:
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]下面的:
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]下面的:
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]中修改参数:
SystemdCgroup = true
* /etc/containerd/config.toml文件中:
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
* sudo systemctl restart containerd
* sudo ctr images ls | grep pause
</details>
<details><summary>服务器安装kubeadm、kubelet、kubectl</summary>
* sudo apt-get install -y apt-transport-https
* mkdir -p /etc/apt/keyrings
* curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/Release.key | sudo gpg --dearmor -o
/etc/apt/keyrings/kubernetes-apt-keyring.gpg
* echo "
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/ /" |
sudo tee /etc/apt/sources.list.d/kubernetes.list
* sudo apt-get install -y kubeadm kubelet kubectl
* sudo apt-mark hold kubeadm kubelet kubectl
* sudo tee /etc/sysctl.d/k8s.conf <<EOF
net.ipv4.ip_forward = 1
EOF
* sudo sysctl --system
* sysctl net.ipv4.ip_forward
* sudo kubeadm config print init-defaults > kubeadm-config2.yaml
* sudo kubeadm config print join-defaults >> kubeadm-config2.yaml
* kubeadm config print init-defaults --component-configs KubeletConfiguration >> kubeadm-config2.yaml
* sudo tee kubeadm-config.yaml <<EOF
```yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.2.44
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: k8s-01
taints: null
---
controlPlaneEndpoint: "192.168.2.44:6443"
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: { }
dns: { }
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.30.7
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler:
extraVolumes:
- hostPath: /etc/localtime
mountPath: /etc/localtime
name: timezone
readOnly: true
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
```
EOF
* sudo kubeadm init --config kubeadm-config.yaml
* sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
* sudo chown $(id -u):$(id -g) $HOME/.kube/config
* sudo crictl ps
</details>
<details><summary>服务器安装calico v3.29.3</summary>
* wget https://docs.projectcalico.org/manifests/calico.yaml
* sed -i 's/192.168.0.0/10.244.0.0/g' calico.yaml
* sed -i 's|docker.io/calico|docker.1ms.run/calico|g' calico.yaml
* sed -i 's@docker.io/calico/cni:v3.25.0@swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/cni:v3.29.3-linuxarm64@' calico.yaml
* sed -i 's@docker.io/calico/node:v3.25.0@swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.29.3-linuxarm64@' calico.yaml
* sed -i 's@docker.io/calico/kube-controllers:v3.25.0@swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.29.3-linuxarm64@' calico.yaml
* kubectl apply -f calico.yaml
* kubectl taint nodes k8s-01 node-role.kubernetes.io/control-plane-
* watch kubectl get pods -n calico-system
</details>
<details><summary>服务器安装flannel</summary>
* wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
* sed -i 's@image: ghcr.io/flannel-io/flannel-cni-plugin:v1.6.2-flannel1@image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/flannel/flannel-cni-plugin:v1.6.0-flannel1@' kube-flannel.yml
* sed -i 's@image: ghcr.io/flannel-io/flannel:v0.26.7@image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/flannel/flannel:v0.26.3@' kube-flannel.yml
* kubectl apply -f kube-flannel.yml
* kubectl get pods --all-namespaces
* kubectl delete -f kube-flannel.yml
</details>
<details><summary>工作节点电脑安装kubeadm、kubelet、kubectl</summary>
* kubeadm token create --print-join-command
* kubeadm join 192.168.2.44:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:212670511fed84fe44d194252063c5623a2d73aed795a0cc75ad6359deb08ae7
* kubeadm join 192.168.2.44:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:212670511fed84fe44d194252063c5623a2d73aed795a0cc75ad6359deb08ae7 \
--control-plane
</details>
<details><summary>卸载kubernetes</summary>
* sudo kubeadm reset
* sudo rm -rf /etc/cni/
* sudo rm -rf /etc/kubernetes/
* rm -rf $HOME/.kube/config
</details>
## 常用指令
* journalctl -f -u kubelet.service
* kubectl:
* kubectl get componentstatuses
* kubectl cluster-info
* kubectl cluster-info dump
* kubectl get nodes
* kubectl get pods --all-namespaces -o wide
* kubectl get svc --all-namespaces
* kubectl describe nodes k8s-01|less
* kubectl create deploy tomcat --image=tomcat8
* dig -t a www.baidu.com @10.96.0.10
【声明】本内容来自华为云开发者社区博主,不代表华为云及华为云开发者社区的观点和立场。转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息,否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)