2. it
  3. Ubuntu 虚拟机配置 Kubernetes 集群

Ubuntu 虚拟机配置 Kubernetes 集群

mac2024-12-27  16

环境说明

2 台 Ubuntu 18.04 为虚拟机,网络为桥接模式。 除有说明外,都在 root 用户下进行操作(虽然命令中有 sudo ==) 因为虚拟机有快照功能,所以可以不怕出错,舒服回滚。

安装 Docker

首先 master 节点和 slave 节点都安装 Docker,步骤如下: sudo apt-get update sudo apt-get remove docker docker-engine docker.io sudo apt install docker.io sudo systemctl start docker sudo systemctl enable docker docker --version

我的 docker 版本是 18.09.7

顺便可以配置一下 Docker 镜像加速,并将 Docker cgroup 驱动程序从 “cgroupfs” 改到 “systemd”。 sudo vim /etc/docker/daemon.json

{ "registry-mirrors": ["https://registry.docker-cn.com"], "exec-opts": ["native.cgroupdriver=systemd"] }

sudo systemctl daemon-reload sudo systemctl restart docker

安装 Kubernetes

接着安装 Kubernetes sudo apt-get update && sudo apt-get install -y apt-transport-https curl

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - 国内的话,可以使用 curl -s https:// mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

sudo cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list deb https://apt.kubernetes.io/ kubernetes-xenial main EOF

国内可以使用

sudo cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main EOF

也可以直接编辑 sudo vim /etc/apt/sources.list.d/kubernetes.list 在其中加入 deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main 然后更新 sudo apt-get update sudo apt-get install software-properties-common

sudo swapoff -a (如果机器重启,这句需要重新执行一次) 也可以永久禁用 sudo vim /etc/fstab 将 swap 那一行注释掉

关闭防火墙 ufw disable ufw status

sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl

验证安装是否成功 kubeadm version

配置 Master 节点

由于我的 Ubuntu 虚拟机只有一个 CPU,所以需要忽略 NumCPU 错误。 sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=NumCPU 但是会出现一些 WARNING

[WARNING NumCPU]: the number of available CPUs 1 is less than the required 2

国内无法访问 k8s.gcr.io,可以从 docker hub 中拉取,再改 tag 拉取前需要将用户加入 docker 组,并登入登出使之生效。

sudo usermod -a -G docker $USER logout docker pull mirrorgooglecontainers/kube-apiserver-amd64:v1.16.1 docker pull mirrorgooglecontainers/kube-controller-manager-amd64:v1.16.1 docker pull mirrorgooglecontainers/kube-scheduler-amd64:v1.16.1 docker pull mirrorgooglecontainers/kube-proxy-amd64:v1.16.1 docker pull mirrorgooglecontainers/pause:3.1 docker pull mirrorgooglecontainers/etcd-amd64:3.3.15-0 docker pull coredns/coredns:1.6.2 docker tag docker.io/mirrorgooglecontainers/kube-apiserver-amd64:v1.16.1 k8s.gcr.io/kube-apiserver:v1.16.1 docker tag docker.io/mirrorgooglecontainers/kube-controller-manager-amd64:v1.16.1 k8s.gcr.io/kube-controller-manager:v1.16.1 docker tag docker.io/mirrorgooglecontainers/kube-scheduler-amd64:v1.16.1 k8s.gcr.io/kube-scheduler:v1.16.1 docker tag docker.io/mirrorgooglecontainers/kube-proxy-amd64:v1.16.1 k8s.gcr.io/kube-proxy:v1.16.1 docker tag docker.io/mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1 docker tag docker.io/mirrorgooglecontainers/etcd-amd64:3.3.15-0 k8s.gcr.io/etcd:3.3.15-0 docker tag docker.io/coredns/coredns:1.6.2 k8s.gcr.io/coredns:1.6.2 docker rmi mirrorgooglecontainers/kube-proxy-amd64:v1.16.1 docker rmi mirrorgooglecontainers/kube-apiserver-amd64:v1.16.1 docker rmi mirrorgooglecontainers/kube-controller-manager-amd64:v1.16.1 docker rmi mirrorgooglecontainers/kube-scheduler-amd64:v1.16.1 docker rmi mirrorgooglecontainers/etcd-amd64:3.3.15-0 docker rmi mirrorgooglecontainers/pause:3.1 docker rmi coredns/coredns:1.6.2

成功后输出以下类似的信息,保存好 kubeadm join 那一行的信息,用于后续加入节点。 如果忘记可以用 kubeadm token create --print-join-command 来生成。

Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 172.20.91.84:6443 --token ko3ba2.aj8t33vg32m7jkdm \ --discovery-token-ca-cert-hash sha256:961e0744d2ba21b945f93cd8054526559fe54d7fa2778d58bf5d6095a2d7bdf0

从 root 下 exit 出来,在普通用户下完成以下工作: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config

由于配置 pod 网络时需要下载 quay.io/coreos/flannel 为避免因网速问题出现状态为 Not Ready 的现象,国内可以采用 ustc 的镜像加速

docker pull quay.mirrors.ustc.edu.cn/coreos/flannel:v0.11.0-amd64 docker tag quay.mirrors.ustc.edu.cn/coreos/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64 docker rmi quay.mirrors.ustc.edu.cn/coreos/flannel:v0.11.0-amd64 docker images

配置 pod network kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml 如果在终端中无法下载,可以在浏览器中打开,粘贴到这个网站 pastebin,选择 raw 模式的链接,利用 curl 下载到 ubuntu 中。

touch kube-flannel.yml curl -o kube-flannel.yml https://pastebin.com/raw/tyZNGNK4 kubectl apply -f kube-flannel.yml

成功后会输出如下信息:

podsecuritypolicy.policy/psp.flannel.unprivileged created clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.apps/kube-flannel-ds-amd64 created daemonset.apps/kube-flannel-ds-arm64 created daemonset.apps/kube-flannel-ds-arm created daemonset.apps/kube-flannel-ds-ppc64le created daemonset.apps/kube-flannel-ds-s390x created

验证是否成功 kubectl get pods --all-namespaces

输出以下信息

NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-5644d7b6d9-6brpp 1/1 Running 0 63m kube-system coredns-5644d7b6d9-zjmz7 1/1 Running 0 63m kube-system etcd-wus-vm-2 1/1 Running 0 62m kube-system kube-apiserver-wus-vm-2 1/1 Running 0 63m kube-system kube-controller-manager-wus-vm-2 1/1 Running 0 63m kube-system kube-flannel-ds-amd64-p64vw 1/1 Running 0 71s kube-system kube-proxy-h4nbx 1/1 Running 0 63m kube-system kube-scheduler-wus-vm-2 1/1 Running 0 63m

配置 Worker 节点

在 worker 节点加入集群时,会拉取镜像创建容器,但很可能拉取不了 docker.io,gcr.io,quay.io 的镜像,所以需要提前通过国内镜像下载好,根据部署的服务的不同,需要下载的镜像也可能不一样。对于本次实验,需要提前拉取下列镜像

docker pull quay.mirrors.ustc.edu.cn/coreos/flannel:v0.11.0-amd64 docker tag quay.mirrors.ustc.edu.cn/coreos/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64 docker rmi quay.mirrors.ustc.edu.cn/coreos/flannel:v0.11.0-amd64 docker pull mirrorgooglecontainers/kube-proxy-amd64:v1.16.1 docker tag docker.io/mirrorgooglecontainers/kube-proxy-amd64:v1.16.1 k8s.gcr.io/kube-proxy:v1.16.1 docker rmi mirrorgooglecontainers/kube-proxy-amd64:v1.16.1 docker pull mirrorgooglecontainers/pause:3.1 docker tag docker.io/mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1 docker rmi mirrorgooglecontainers/pause:3.1 docker pull kubernetesui/metrics-scraper:v1.0.1 docker pull kubernetesui/dashboard:v2.0.0-beta4 docker images

添加 worker node

sudo kubeadm join 172.20.91.84:6443 --token ko3ba2.aj8t33vg32m7jkdm \ --discovery-token-ca-cert-hash sha256:961e0744d2ba21b945f93cd8054526559fe54d7fa2778d58bf5d6095a2d7bdf0

输出以下信息:

This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

返回 master 节点,输入以下命令 kubectl get nodes

输出以下信息:

NAME STATUS ROLES AGE VERSION wus-vm-1 Ready <none> 2m16s v1.16.2 wus-vm-2 Ready master 71m v1.16.2

如果想知道某个 node 的详细信息,可以采用 kubectl describe node node_name

配置成功

最新回复(0)