ubuntu-k8s搭建

系统环境

服务器联网

Kubernetes version: v1.21.0

Ubuntu 20.04.1 LTS

部署计划

192.168.137.2	k8s-master
192.168.137.3	k8s-node1

安装准备(master/node)

关闭防火墙

#关闭防火墙
ufw disable
#查看状态
ufw status

禁止swap分区

#临时
swapoff -a
#持久化修改/etc/fstab，注释掉swap那行

设置正确的时区

#修改为上海
timedatectl set-timezone Asia/Shanghai
#更改时区系统日志生效
systemctl restart rsyslog

设置host

如果有selinux要设置关闭

#编辑hosts添加以下内容
vi /etc/hosts
  
#k8s
192.168.137.2  k8s-master
192.168.137.3  k8s-node1

修改主机名

master节点修改

#临时生效
hostname  k8s-master 
#重启后永久生效
hostnamectl set-hostname k8s-master
#查看当前主机名
hostname

node节点修改

#临时生效
hostname  k8s-node1
#重启后永久生效
hostnamectl set-hostname k8s-node1
#查看当前主机名
hostname

网络设置

因为Gemfield的K8s集群即将部署的是calico网络插件，而calico需要这个内核参数是0或者1，但是Ubuntu20.04上默认是2这里还需要修改/etc/sysctl.d/10-network-security.conf中的rp_filter值为1

#创建桥接配置k8s.conf
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
#设置rp_filter的值
vi /etc/sysctl.d/10-network-security.conf

#将下面两个参数的值从2修改为1
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

#手动加载所有的配置文件
sysctl --system

安装docker

没装就装，装了跳过，此处省略安装过程

master安装

安装必要的软件

sudo apt-get update 

sudo apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl

添加debian密钥

wget https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg
apt-key add apt-key.gpg

添加源

sudo tee /etc/apt/sources.list.d/kubernetes.list <<EOF 
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF

apt-get update

安装

apt-get install -y kubelet kubeadm kubectl

apt-mark hold kubelet kubeadm kubectl

安装成功后设置docker开机启动否则执行下面命令会被警告

systemctl enable docker.service

init 方案一
这是获取镜像的一种方法但是由于版本不同国内镜像源可能有各种问题所以可以使用方案二

kubeadm init --pod-network-cidr 172.16.0.0/16 --image-repository=cn-hangzhou.aliyuncs.com/google_containers

init 方案二先使用下面的脚本来获取镜像或者单独处理
使用前根据安装版本更改images变量
获取需要镜像命令

kubeadm config images list

获取国内源的镜像然后改images，以下是脚本示例是v1.21.0版本

#!/bin/bash
# download k8s 1.21.0 images
# get image-list by 'kubeadm config images list --kubernetes-version=v1.21.0'
# registry.cn-hangzhou.aliyuncs.com/google_containers/google-containers == k8s.gcr.io

images=(
kube-apiserver:v1.21.0
kube-controller-manager:v1.21.0
kube-scheduler:v1.21.0
kube-proxy:v1.21.0
pause:3.4.1
etcd:3.4.13-0
coredns:v1.8.0
)

for imageName in ${images[@]};do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName  
    docker tag  registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName  
    docker rmi  registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
done

如果这里有部分镜像失败就取docker hub找手动pull然后安规则改名
再执行

kubeadm init --pod-network-cidr 172.16.0.0/16

参数说明
--pod-network-cidr 172.16.0.0/16 设置无类型域间选路指明 pod 网络可以使用的 IP 地址段
--image-repository=cn-hangzhou.aliyuncs.com/google_containers 选择用于拉取控制平面镜像的容器仓库(默认值是"k8s.gcr.io" 没有**上网应该拉不到)

这里可能会有的报错和警告

[init] Using Kubernetes version: v1.16.0
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR NumCPU]: the number of available CPUs 1 is less than the required 2

错误:Kubernetes对GPU要求至少是2核，2G内存

因为这里系统在虚拟机上运行，因为虚拟机默认了一核，可以通过配置，调整成2核，重启系统即可

警告:检测到“cgroupfs”作为Docker cgroup驱动程序。推荐的驱动程序是“systemd”。

更换驱动

vim /etc/docker/daemon.json

#在json最外层对象添加属性

　　"exec-opts": ["native.cgroupdriver=systemd"],
　　"log-driver": "json-file",
　　"log-opts": {
　　"max-size": "100m"
　　},
　　"storage-driver": "overlay2",
　　"storage-opts": [
　　"overlay2.override_kernel_check=true"
　　]

获取不到镜像

[init] Using Kubernetes version: v1.21.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
    [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.21.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
    [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.21.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
    [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.21.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
    [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.21.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
    [ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.4.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
    [ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.4.13-0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
    [ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns/coredns:v1.8.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

检查所需要的镜像是否有少

init命令执行成功后，会输出一条和kubeadm join相关的命令，后面加入worker node的时候要使用。
另外，给自己的非sudo的常规身份拷贝一个token，这样就可以执行kubectl命令了

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装calico插件

下载 https://docs.projectcalico.org/v3.11/manifests/calico.yaml

找到yaml中的CALICO_IPV4POOL_CIDR修改它的值为刚刚设置的地址段(把原始的192.168.0.0/16 修改成了172.16.0.0/16)

kubectl apply -f calico.yaml

至此主节点安装完毕

worker节点

按照以上主节点装法,只是不执行init(calico也要装)

最后执行主节点init命令执行后输出的join命令

如果忘记join命令可以使用以下命令重新创建一个

kubeadm token create --print-join-command --ttl 0

最后在主节点可以获取节点

kubectl  get nodes