Jenkins学习-Jenkins+K8s(k8s部署)

1 安装K8s

主机信息:

Yickel-linux-vm1:192.168.155.130

ubuntuNode1:192.168.155.133

操作系统:ubuntu

1.1 配置准备

一、修改apt镜像为中科大镜像

(1)sudo vi /etc/apt/sources.list

修改内容为:

#中科大镜像源:

deb https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse

deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal main restricted universe multiverse

 

deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse

deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse

 

deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse

deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse

 

deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse

deb-src https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse

(2)sudo apt-get update更新

二、或 修改apt系统镜像为ali镜像

备注:修改apt系统镜像为ali的原因是,实际操作中感觉ali镜像速度比中科大镜像快。

(1)sudo vi /etc/apt/sources.list

修改内容为:

# 系统安装源

deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted

deb http://mirrors.aliyun.com/ubuntu/ xenial universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe

deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse

deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse

(2)sudo apt-get update更新

三、安装curl

安装curl的原因是后续使用ali的kubernetes镜像时,需要使用curl增加密匙。

如果使用中科大镜像:

sudo apt install curl

安装完毕后通过curl - -version检查是否安装成功。

使用中科大镜像的原因时,操作中使用ali系统镜像无法安装curl,顾先用中科大镜像安装curl。

如果使用的是ali镜像:(实际测试貌似这个安装curl不行)

  apt-get update && apt-get install -y apt-transport-https curl

四、禁用swap

执行:swapoff -a  (机器关闭后不生效)

(不要操作此条,ubuntu重启可能失败)同时执行sudo vi /etc/fstab包含swap那行记录删掉。

五、关闭防火墙

sudo systemctl stop firewalld

sudo systemctl disable firewalld

六、禁用Selinux

安装Selinux:sudo apt install selinux-utils

查看Selinux状态:getenforce

暂时关闭Selinux:setenforce 0

或:永久关闭Selinux(修改后需重启),sudo vi /etc/sysconfig/selinux,注释以下代码SELINUX=disabled

七、配置服务器

切换root用户,在/etc/hosts配置3台服务器节点IP,注意确认Ubuntu的hostname与如下一样:

echo "192.168.155.130 yickel-linux-vm1" >> /etc/hosts

echo "192.168.155.133 ubuntuNode1" >> /etc/hosts

通过more /etc/hosts查看配置结果。

需在每台主机上都配置。

1.2 安装docker(三个服务器都需安装)

使用apt-get update && apt-get install -y apt-transport-https curl安装curl,前面使用中科大镜像安装过了,就可以跳过本步骤。

使用apt install docker.io安装docker

按照kubelet init的提示,参考:https://kubernetes.io/docs/setup/production-environment/container-runtimes/ 安装docker



# Install Docker CE
## Set up the repository:
### Install packages to allow apt to use a repository over HTTPS
apt-get update && apt-get install -y 
  apt-transport-https ca-certificates curl software-properties-common gnupg2
 
### Add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 
### Add Docker apt repository.
add-apt-repository 
  "deb [arch=amd64] https://download.docker.com/linux/ubuntu 
  $(lsb_release -cs) 
  stable"
 
## Install Docker CE.
apt-get update && apt-get install -y 
  containerd.io=1.2.10-3 
  docker-ce=5:19.03.4~3-0~ubuntu-$(lsb_release -cs) 
  docker-ce-cli=5:19.03.4~3-0~ubuntu-$(lsb_release -cs)
 
# Setup daemon.
cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF
 
mkdir -p /etc/systemd/system/docker.service.d
 
# Restart docker.
systemctl daemon-reload
systemctl restart docker

查看docker服务状态:systemctl status docker.service

1.3 安装kubectl,kubelet,kubeadm(3台服务器都需安装)

一、增加kubernetes镜像源

(1)sudo vi /etc/apt/sources.list

增加到/etc/apt/sources.list.d/kubernetes.list也可以

增加内容为:

# kubeadm及kubernetes组件安装源

deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main

也可用中科大源:deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main

(2)sudo apt-get update更新

Kubernetes镜像如果提示如下错误:

W: GPG error: https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB

E: The repository 'https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease' is not signed.

执行如下添加公匙到服务器(其中6A030B21BA07F4FB为如上错误提示的信息):

apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 6A030B21BA07F4FB

重新执行:sudo apt-get update

二、安装 :

sudo apt-get install -y kubelet kubeadm kubectl

设置kubelet开机启动:systemctl enable kubelet

Begin======================================================

注:这不需要启动kebelet服务,初始化的过程中会自动启动的,如果此时启动了会出现如下报错

启动kubelet:

sudo systemctl daemon-reload

sudo systemctl start kubelet

查看kubelet服务状态:systemctl status kubelet

  Process: 10821 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS (code=exited, status=255/EX

 Main PID: 10821 (code=exited, status=255/EXCEPTION)

kubeadm状态如上错误,执行journalctl -xefu kubelet查看详细日志

16166 server.go:198] failed to load Kubelet config file /var/lib/kubelet/config.yaml,

===========================================================

三、配置master

sudo kubeadm init --pod-network-cidr=192.110.0.0/16 --apiserver-advertise-address=192.168.155.131 --kubernetes-version=v1.17.3 --ignore-preflight-errors=Swap

pod-network-cidr是指配置节点中的pod的可用IP地址,此为内部IP

piserver-advertise-address 为master的IP地址

kubernetes-version 通过kubectl version 可以查看到

提示如下错误:

error execution phase preflight: [preflight] Some fatal errors occurred:

        [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.17.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

, error: exit status 1

原因是需使用gcr.io获取镜像,由于国内的网络问题,无法访问。

解决办法:

sudo kubeadm init --pod-network-cidr=192.110.0.0/16 --apiserver-advertise-address=192.168.155.131 --kubernetes-version=v1.17.3 --ignore-preflight-errors=Swap  --image-repository="registry.cn-hangzhou.aliyuncs.com/google_containers"

指定image-repository

提示如下错误:

[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get http://localhost:10248/healthz: dial tcp 127.0.0.1:10248: connect: connection refused.

Unfortunately, an error has occurred:

        timed out waiting for the condition

This error is likely caused by:

        - The kubelet is not running

        - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

执行systemctl status kubelet,journalctl -xefu kubelet,提示swap没有被关闭。但实际上/etc/fsatb中swap已经注释掉。

在/etc/systemd/system/kubelet.service.d/10-kubeadm.conf添加如下参数:

Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --cgroup-driver=systemd --fail-swap-on=false"

Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroups"

默认:docker的驱动类型Cgroupfs,而kubelet的默认驱动是systemd。此种情况下载后续安装kubelet时,会提示如下错误:

detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

参考网上说明,为了保持docker和kubelet的驱动一直,

方法一:手工修改/etc/docker/daemon.json(修改后docker启动失败)

方法二:修改/etc/systemd/system/kubelet.service.d/10-kubeadm.conf

都无效。

然后重新执行:daemon-reload & systemctl start kubelet

再重新执行systemctl status kubelet,journalctl -xefu kubelet查看发现kubelet已启动成功。

执行:kubeadm reset

重新执行:

sudo kubeadm init --pod-network-cidr=192.110.0.0/16 --kubernetes-version=v1.17.3 --ignore-preflight-errors=Swap  --image-repository="registry.cn-hangzhou.aliyuncs.com/google_containers"

init成功,提示相关操作命令:

Your Kubernetes control-plane has initialized successfully!

 

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube

  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

  sudo chown $(id -u):$(id -g) $HOME/.kube/config

 

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

  https://kubernetes.io/docs/concepts/cluster-administration/addons/

 

Then you can join any number of worker nodes by running the following on each as root:

 

kubeadm join 192.168.155.129:6443 --token 2lei2k.s8afq5673h179y8u

    --discovery-token-ca-cert-hash sha256:4980f58508e79a6bd799805f0ff20e38c6c7884179e28f513162143cedfd570a

四、k8s-cluster配置kubectl

$ mkdir -p $HOME/.kube

$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

五、k8s-cluster安装pod网络

有各种网络方案可以选择,如flannel,canal等。可以参考这里
根据kubeadm init时用到的--pod-network-cidr=10.244.0.0/16,所以选择了canal.

#配置canal的RBAC权限

kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/canal/rbac.yaml

部署canal的DaemonSet

kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/canal/canal.yaml

执行如下命令,查看canal网络状态:

kubectl get pod -n kube-system -o wide

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/yickel/p/12319317.html