• k8s 笔记

    k8s 笔记

    目录

    安装

    环境预准备

    1. 安装 docker:

      curl -sSL https://get.daocloud.io/docker | sh
systemctl enable docker
systemctl start docker

    2. 更改 Docker 源以及保持 Docker Cgroup Driver 和 k8s 一致:

      cat <<EOF > /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl enable docker
systemctl start docker

    3. 关闭 selinux:

      # setenforce 0
# vim /etc/sysconfig/selinux
SELINUX=disabled

    4. 关闭交换分区:

      swapoff -a
vim /etc/fstab
# 注释掉 swap 行

    5. iptables 配置:

      cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

    6. 关闭防火墙:

      systemctl disable firewalld
systemctl stop firewalld

    开始安装

    安装 kublet,kubeadm,kubctl,版本都是1.18.3。

    1. yum 设置源:

      cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes Respository
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF

    2. 安装 kublet,kubeadm,kubctl:

      yum install -y kubelet-1.18.3 kubectl-1.18.3 kubeadm-1.18.3 --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet

    3. 首先在Master上安装,安装前更改配置文件:

      # kubeadm config print init-defaults > init.config.yaml
# vim init.config.yaml
...
localAPIEndpoint:
  advertiseAddress: 1.2.3.4
...
# 1.2.3.4 修改为本机物理网卡ip地址,只有Master安装时需要改
...
imageRepository: k8s.gcr.io
...
# k8s.gcr.io 改为 registry.cn-hangzhou.aliyuncs.com/google_containers

    4. 查看镜像地址发现还是指向 k8s.grc.io:

      kubeadm config images list

    5. 可以使用之前更改过的配置文件提前拉取 kubeadm 所需镜像:

      kubeadm config images pull --config=init.config.yaml

    6. 开始安装Master:

      kubeadm init --config=init.config.yaml

    7. 完成后按照提示执行下面命令:

      mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

    8. 还有一个Node加入的token命令,这里保存下来,类似:

      kubeadm join 192.168.0.106:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:9e276639574a0e85eaf0b25ba1b54389e8804b12aa5590c1f8a51cff207424c7

      注意:如果时间过久(Node 加入时间与这个 token 的创建时间间隔),token会失效(默认24小时),这时可以kubeadm token create --ttl 0创建永久token或者kubeadm token create创建默认24小时有效时间的token,替换上面的token之后再join即可。

    9. 开始安装Node,执行上述第1,2,3,4,5步,之后执行第8步保存下来的命令。

    10. 为了能够在Node上直接使用kubectl(不显示指定conf文件):

      cp /etc/kubernetes/kubelet.conf /etc/kubernetes/admin.conf

    11. 此时在Master上输入kubectl get nodes,发现 STATUS 全部是 NotReady,这是因为没有安装 cni 网络插件:

      [root@localhost ~]# kubectl get nodes
NAME                    STATUS     ROLES    AGE     VERSION
centos2                 NotReady   <none>   2m53s   v1.18.3
centos3                 NotReady   <none>   117s    v1.18.3
localhost.localdomain   NotReady   master   5h52m   v1.18.3

    安装网络插件

    在Master上安装 calico。

    1. 下载 yaml 文件:

      wget https://docs.projectcalico.org/manifests/calico.yaml

    2. vim 查找docker.io发现下面四个镜像(一定要去 calico.yaml 里面看,注意镜像版本):

      calico/cni:v3.21.0
calico/pod2daemon-flexvol:v3.21.0
calico/node:v3.21.0
calico/kube-controllers:v3.21.0

    3. docker 先用之前替换好的国内源把镜像拉下来(这里的镜像版本要和 calico.yaml 中的版本保持一致):

      docker pull calico/cni:v3.21.0 && \
docker pull calico/pod2daemon-flexvol:v3.21.0 && \
docker pull calico/node:v3.21.0 && \
docker pull calico/kube-controllers:v3.21.0

    4. 部署 calico:

      kubectl apply -f calico.yaml

    5. 此时查看 pods,会看到 calico 正在初始化,等待完成后,STATUS 会全部变成 Running:

      [root@localhost ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                            READY   STATUS            RESTARTS   AGE
kube-system   calico-kube-controllers-858fbfbc9-mpnjt         1/1     Running           0          96s
kube-system   calico-node-p265c                               1/1     Running           0          97s
kube-system   calico-node-xrsgm                               0/1     PodInitializing   0          97s
kube-system   calico-node-z946n                               0/1     PodInitializing   0          97s
kube-system   coredns-546565776c-cxnnf                        1/1     Running           0          7h3m
kube-system   coredns-546565776c-f299w                        1/1     Running           0          7h3m
kube-system   etcd-localhost.localdomain                      1/1     Running           0          7h3m
kube-system   kube-apiserver-localhost.localdomain            1/1     Running           0          7h3m
kube-system   kube-controller-manager-localhost.localdomain   1/1     Running           0          7h3m
kube-system   kube-proxy-777wz                                1/1     Running           0          74m
kube-system   kube-proxy-mj6r8                                1/1     Running           0          7h3m
kube-system   kube-proxy-tx56l                                1/1     Running           0          73m
kube-system   kube-scheduler-localhost.localdomain            1/1     Running           0          7h3m

    6. 查看 nodes,STATUS 已经全部 Ready:

      [root@localhost ~]# kubectl get nodes
NAME                    STATUS   ROLES    AGE    VERSION
centos2                 Ready    <none>   76m    v1.18.3
centos3                 Ready    <none>   75m    v1.18.3
localhost.localdomain   Ready    master   7h6m   v1.18.3

    错误记录

    1. 安装完 Master 后:

      [root@localhost ~]# kubectl get nodes
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

      解决:

      [root@localhost ~]# export KUBECONFIG=/etc/kubernetes/kubelet.conf
[root@localhost ~]# kubectl get nodes
NAME                    STATUS   ROLES    AGE     VERSION
localhost.localdomain   Ready    master   2m20s   v1.18.3

    2. 安装 calico 时出错(RBAC):

      [root@localhost ~]# kubectl apply -f calico.yaml
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap"
Name: "calico-config", Namespace: "kube-system".............................

    3. 在 node 上执行 kubectl get pods出现:

      [root@centos3 ~]# kubectl get pods
The connection to the server localhost:8080 was refused - did you specify the right host or port?

      解决:mkdir -p /root/.kube && cp /etc/kubernetes/kubelet.conf /root/.kube/config

    关于 Docker

    保存镜像:

    docker save -o calico.tar \
calico/node:v3.21.0 \
calico/pod2daemon-flexvol:v3.21.0 \
calico/cni:v3.21.0 \
calico/kube-controllers:v3.21.0

    载入镜像:

    docker load < calico.tar
  • 相关阅读:
    性能测试资源监控工具nmon使用方法
    Java用递归实现全排列,详细
    LaTeX新人使用教程[转载]
    计算机视觉论文分级
    如何用 tensorflow serving 部署服务
    Docker清除容器镜像命令:
    docker: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /tmp/tfserving/
    Invalid argument: Key: label. Data types don't match. Data type: int64 but expected type: float
    Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: '/usr/local/bin/tensorboard'
    tensorflow.python.framework.errors_impl.PermissionDeniedError: /data; Permission denied
  • 原文地址:https://www.cnblogs.com/coodyz/p/15860743.html
Copyright © 2020-2023  润新知