Kubernetes安装详细教程

暗香疏影 创作者

以下内容根据Ubuntu 20.04来配置

安装Kubernetes前配置

1. 各种相关依赖

1
2
3
4
apt-get update && apt-get upgrade -y

apt install curl apt-transport-https vim git wget \
software-properties-common lsb-release ca-certificates -y

2. 关闭swap

默认情况下,swap已经是关闭状态

1
swapoff -a

执行完swapoff -a语句以后,再次检查/etc/fstab文件中是否有swap那一行,如果有,用#号注释掉。
否则会造成节点重启以后kubelet起不来。

3. 启用模块

1
2
3
modprobe overlay

modprobe br_netfilter

4. 内核网络通信

/etc/sysctl.d/kubernetes.conf 这个文件名字无所谓,只要在这个文件夹内即可,有的人叫k8s.conf

1
2
3
4
5
cat << EOF | tee /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

5. 确认内核更变生效

1
sysctl --system

6. 安装必要的可信任GPG (该步骤不需要)

这个步骤不需要也没问题的,这是为了通过docker的网站去安装containerd(但不安装docker)

1
2
3
4
5
6
7
8
root@cp# sudo mkdir -p /etc/apt/keyrings
root@cp# curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
| sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

root@cp# echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

7. 安装containerd

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
root@cp# apt-get update && apt-get install containerd.io -y
root@cp# containerd config default | tee /etc/containerd/config.toml

# 以上命令做完之后,config.toml,国内服务器需要修改源
# vim手动修改/etc/containerd/config.toml文件中的内容如下:

sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9"
#原内容为sandbox_image = "registry.k8s.io/pause:3.6"


root@cp# sed -e 's/SystemdCgroup = false/SystemdCgroup = true/g' -i /etc/containerd/config.toml
root@cp# systemctl restart containerd
# 确认一下目前containerd的状态
systemctl status containerd

执行手动pull镜像命令如下(先按照要求启动containerd服务,然后再ctr)
ctr -n k8s.io i pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9

containerd安装也可以通过wget github的方式安装。
Install containerd

8. k8s源的增加

1
2
3
4
5
6
root@cp# vim /etc/apt/sources.list.d/kubernetes.list
# 以下为源
deb http://apt.kubernetes.io/ kubernetes-xenial main

# 国内建议用镜像源
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

9. 再次新增GPG Key

1
2
3
4
5
6
curl -s \
https://packages.cloud.google.com/apt/doc/apt-key.gpg \
| apt-key add -

# 国内服务器使用如下:
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -

看到输出为OK即可。

然后再次执行

1
apt-get update

10. 安装kubectl特定版本

1
apt-get install -y kubeadm=1.27.1-00 kubelet=1.27.1-00 kubectl=1.27.1-00

锁定该版本,防止自动升级

1
apt-mark hold kubelet kubeadm kubectl

11. 设置hosts和kubeadmin config并初始化

查看本机ip并设置hosts

1
2
3
vim /etc/hosts
10.128.0.3 k8scp #<-- 新增这一行
127.0.0.1 localhost

创建并设置kebeadm config

1
2
3
4
5
6
7
8
9
10
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
# 推荐添加imageRepository 国内镜像进行初始化
imageRepository: "registry.cn-hangzhou.aliyuncs.com/google_containers" # <-- 国内镜像
kubernetesVersion: 1.27.1 #<-- Use the word stable for newest version
controlPlaneEndpoint: "k8scp:6443" #<-- 使用我们填写到 /etc/hosts 的地址而非IP
networking:
podSubnet: 192.168.0.0/16 #<-- Match the IP range from the CNI config file
# 国内源新增以下一行
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers

初始化:

1
2
3
4
5
6
7
8
kubeadm init --config=kubeadm-config.yaml --upload-certs \
| tee kubeadm-init.out
#<-- Save output for future review

# output 输出获得
kubeadm join k8scp:6443 --token vapzqi.et2p9zbkzk29wwth \
--discovery-token-ca-cert-hash
,! sha256:f62bf97d4fba6876e4c3ff645df3fca969c06169dee3865aab9d0bca8ec9f8cd

12. 使用非root账号查看

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# -m 加/home/student, -s shell是/bin/bash
useradd -m -s /bin/bash student

#改个密码
passwd student

# Ubuntu给予sudo权限 权限组不是wheel, 而是sudo
usermod -aG sudo student

# 登出root 登录student
root@cp# exit
logout
student@cp:˜$ mkdir -p $HOME/.kube
student@cp:˜$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
student@cp:˜$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 查看以下config配置是否有问题
student@cp:˜$ less .kube/config
#==============================
apiVersion: v1
clusters:
- cluster:
#<output_omitted>

13. CNI网络插件安装

以前我们都是在更早的步骤安装calico,但是现在我们使用的是cilium.当然在此之前,先安装helm。
helm可以通过github wget下载,也可以如下:
helm

1
2
3
4
5
6
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list

sudo apt-get update && apt-get install helm

然后

1
2
3
4
helm repo add cilium https://helm.cilium.io/
helm repo update
helm template cilium cilium/cilium --version 1.14.1 \
--namespace kube-system > cilium.yaml

为了方便实验,这里我使用了LFS258的课程,不在cilium.yaml,而是使用课程内提供的yaml。(该课程的yaml包含了安装helm和安装cilium)
课程文件可以通过以下方式下载。课程pdf也在这里获取

1
2
wget https://github.com/dzvision/blog-issue/releases/download/v0.0.0.0.2/LFS258_V2023-09-14_SOLUTIONS.tar.xz
tar -xvf LFS258_V2023-09-14_SOLUTIONS.tar.xz
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
kubectl apply -f /home/student/LFS258/SOLUTIONS/s_03/cilium-cni.yaml
# output
serviceaccount/cilium created
serviceaccount/cilium-operator created
secret/cilium-ca created
secret/hubble-server-certs created
configmap/cilium-config created
clusterrole.rbac.authorization.k8s.io/cilium created
clusterrole.rbac.authorization.k8s.io/cilium-operator created
clusterrolebinding.rbac.authorization.k8s.io/cilium created
clusterrolebinding.rbac.authorization.k8s.io/cilium-operator created
role.rbac.authorization.k8s.io/cilium-config-agent created
rolebinding.rbac.authorization.k8s.io/cilium-config-agent created
service/hubble-peer created
daemonset.apps/cilium created
deployment.apps/cilium-operator created

14. 实现kubectl补全

1
2
3
4
student@cp:˜$ sudo apt-get install bash-completion -y
# 如果没安装的话,就退出再登录 <exit and log back in>
student@cp:˜$ source <(kubectl completion bash)
student@cp:˜$ echo "source <(kubectl completion bash)" >> $HOME/.bashrc

现在输入kubectl des再按Tab就会自动补全了。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
kubectl get nodes
# 输出
NAME STATUS ROLES AGE VERSION
cn-node1-cp1 Ready control-plane 133m v1.27.1

kubectl get pods -A
# 输出
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system cilium-h49dp 1/1 Running 0 15m
kube-system cilium-operator-788c7d7585-c2shl 0/1 Pending 0 15m
kube-system cilium-operator-788c7d7585-rn26s 1/1 Running 0 15m
kube-system coredns-5d78c9869d-2rw6j 1/1 Running 0 132m
kube-system coredns-5d78c9869d-b8shj 1/1 Running 0 132m
kube-system etcd-cn-node1-cp1 1/1 Running 4 (97m ago) 132m
kube-system kube-apiserver-cn-node1-cp1 1/1 Running 4 (97m ago) 132m
kube-system kube-controller-manager-cn-node1-cp1 1/1 Running 4 (97m ago) 132m
kube-system kube-proxy-5c758 1/1 Running 4 (97m ago) 132m
kube-system kube-scheduler-cn-node1-cp1 1/1 Running 4 (97m ago) 132m

15. Token过期问题(可跳过)

默认是24小时才过期。
我们可以通过以下方式查看

1
2
3
4
5
6
7
8
9
10
11
kubeadm token list
# 然后继续在cp node上使用student用户创建token
sudo kubeadm token create
>>27eee4.6e66ff60318da929

# 创建sha256
openssl x509 -pubkey \
-in /etc/kubernetes/pki/ca.crt | openssl rsa \
-pubin -outform der 2>/dev/null | openssl dgst \
-sha256 -hex | sed 's/ˆ.* //'
>>6d541678b05652e1fa5d43908e75e67376e994c3483d6683f2a18673e5d2a1b0

15. 加入集群

先到woker节点,新增hosts

1
2
3
root@worker:˜# vim /etc/hosts
10.128.0.3 k8scp #<-- Add this line
127.0.0.1 localhost

然后即可使用加入节点的方式加入,如果你的token已过期则根据新生成的token和sha256值对应调整即可。

1
2
3
4
5
kubeadm join \
--token 27eee4.6e66ff60318da929 \
k8scp:6443 \
--discovery-token-ca-cert-hash \
sha256:6d541678b05652e1fa5d43908e75e67376e994c3483d6683f2a18673e5d2a1b0

CP重新设置

在安装好CP之后,最快重新设置CP的方式就是直接重置。k8s提供直接重置命令:kubeadm reset。
你也可以直接初始化,当你使用命令初始化的时候,会报错。哪些文件存在,以及哪些端口出被占用。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Exanmple Output
oot@cp:~# kubeadm init --config=kubeadm-config.yaml --upload-certs \
> | tee kubeadm-init.out
[init] Using Kubernetes version: v1.27.1
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR Port-10259]: Port 10259 is in use
[ERROR Port-10257]: Port 10257 is in use
[ERROR FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already exists
[ERROR FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml]: /etc/kubernetes/manifests/kube-controller-manager.yaml already exists
[ERROR FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml]: /etc/kubernetes/manifests/kube-scheduler.yaml already exists
[ERROR FileAvailable--etc-kubernetes-manifests-etcd.yaml]: /etc/kubernetes/manifests/etcd.yaml already exists
[ERROR Port-10250]: Port 10250 is in use
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[ERROR DirAvailable--var-lib-etcd]: /var/lib/etcd is not empty
# Resolution
rm -f /etc/kubernetes/manifests/*
rm -rf /var/lib/etcd

root@cp:~# modprobe br_netfilter
root@cp:~# modprobe overlay

# 查看谁占用端口并杀死进程
root@cp:~# lsof -i :10257
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
kube-cont 1538 root 3u IPv4 28030 0t0 TCP localhost:10257 (LISTEN)
root@cp:~# lsof -i :10250
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
kubelet 3130 root 12u IPv6 54564 0t0 TCP *:10250 (LISTEN)
root@cp:~# lsof -i :10259
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
kube-sche 1545 root 3u IPv4 28771 0t0 TCP localhost:10259 (LISTEN)

kill -9 1545
kill -9 1538
kill -9 3130

然后重新初始化即可。
我也将查看端口并杀死进程做成一个shell脚本(ChatGPT)以供参考

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/bin/bash

# Check and kill the process using port 10257
echo "Checking for port 10257"
pid10257=$(sudo lsof -t -i:10257)
if [ -n "$pid10257" ]; then
echo "Killing process $pid10257 using port 10257"
sudo kill $pid10257
else
echo "No process found using port 10257"
fi

# Check and kill the process using port 10259
echo "Checking for port 10259"
pid10259=$(sudo lsof -t -i:10259)
if [ -n "$pid10259" ]; then
echo "Killing process $pid10259 using port 10259"
sudo kill $pid10259
else
echo "No process found using port 10259"
fi

# Check and kill the process using port 10250
echo "Checking for port 10250"
pid10250=$(sudo lsof -t -i:10250)
if [ -n "$pid10250" ]; then
echo "Killing process $pid10250 using port 10250"
sudo kill $pid10250
else
echo "No process found using port 10250"
fi

以前整理的安装Kubernetes前配置(已过时)

  1. 关闭防火墙
  2. 改变SELinux模式
  3. 关闭swap
  4. 在sysctl.d配置内核参数
  5. 安装网络插件calico
  6. 配置modules-load.d永久模块
  7. 安装ipvs负载均衡技术
  8. 安装containerd (wget github)
  9. 安装cni (wget github)

可以参考一键安装脚本中的配置步骤:https://github.com/lework/kainstall

使用KubeSphere安装的话,请确保在外网(全局+全局远程DNS)访问。
下载并权限调整为chmod +x后:

1
./kk create config [--with-kubernetes version] [--with-kubesphere version]

创建模版文件,并调整里面的ip地址,用户名,密码。
可以不填写–with-kubesphere version 也就是不安装kubesphere.

其他

k8s其他管理工具:Rancher, https://kuboard.cn/

k8s YAML编写工具:https://k8syaml.com/

  • 标题: Kubernetes安装详细教程
  • 作者: 暗香疏影
  • 创建于 : 2023-07-22 00:00:00
  • 更新于 : 2024-02-08 00:00:00
  • 链接: https://blog.23ikr.com/2023/07/22/2023-07-22-k8s-setup-guide/
  • 版权声明: 本文章采用 CC BY-NC-SA 4.0 进行许可。
评论