学习k8s的最好方式是自己搭建一个k8s集群,并实际操作。按照官方教程,其实并不复杂,但是由于网络问题,很多软件和镜像无法下载,所以安装过程还是比较麻烦的。
学习k8s并不需要集群环境,个人电脑就可以搭建一个单机集群来学习。下面简单介绍下过程,会跳过比较简单的步骤,重点说下需要注意的事项
一、安装虚拟机和linux系统
虚拟机可以使用hyper-v,virtualbox,和vmware。我用的是VirtualBox 6.1.0版本,下载地址是https://www.virtualbox.org/wiki/Downloads。
系统用的是CentOS-7-x86_64-Minimal-1908。学习用的话建议使用Minimal,下载和安装都很快。下载地址是 http://isoredirect.centos.org/centos/7/isos/x86_64/,选择一个速度较快的镜像地址下载。
安装教程,网上很多,这里就不说了。需要建议的地方是,1、安装语言选择中文。2、软件选择最小安装,禁用KDUMP;配置网络连接
注意:1、虚拟机配置中设置CPU个数为2或者以上
2、内存设置为2G以上
3、防火墙会给k8s集群带来一些问题,这里仅为学习用,可以直接关闭防火墙。systemctl stop firewalld & systemctl disable firewalld
4、关闭Swap。执行swapoff -a可临时关闭,编辑/etc/fstab,注释掉包含swap的那一行即可,重启后可永久关闭
5、关闭centos图形登录界面,systemctl set-default multi-user.target
6、添加额外的网卡,仅主机(Host-Only)网络,这样就可以从主机之间访问虚拟机
二、安装docker
首先参考官方文档
https://docs.docker.com/install/linux/docker-ce/centos/#prerequisites
https://kubernetes.io/docs/setup/production-environment/container-runtimes/
# Install Docker CE ## Set up the repository ### Install required packages. yum install yum-utils device-mapper-persistent-data lvm2 ### Add Docker repository. ## 注意换成阿里云地址 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo ## Install Docker CE. yum update && yum install containerd.io-1.2.10 docker-ce-19.03.4 docker-ce-cli-19.03.4 ## Create /etc/docker directory. mkdir /etc/docker # Setup daemon. cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ] } EOF mkdir -p /etc/systemd/system/docker.service.d # Restart Docker systemctl daemon-reload systemctl restart docker
设置开机启动
systemctl start docker & systemctl enable docker
验证安装是否成功
docker run hello-world
结果如下
Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/
三、安装Kubernetes
官方文档https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
注意:需要改成国内的镜像地址
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # Set SELinux in permissive mode (effectively disabling it) setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes systemctl enable --now kubelet
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system
设置自启动
systemctl enable kubelet && systemctl start kubelet
四、配置K8S单机集群
这里使用Calico方案来部署k8s单机集群
官方文档:https://docs.projectcalico.org/v3.11/getting-started/kubernetes/
初始换环境,并下载安装k8s镜像
kubeadm init --pod-network-cidr=192.168.0.0/16
注意ip地址根据实际情况更改
由于这一步需要下载k8s的docker镜像,国内不用代理的话基本上是下载不下来的。所以这里会出错,出错的原因就是镜像pull失败。会出现类似下面的错误信息
W1229 11:23:22.589295 1688 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) W1229 11:23:22.590166 1688 version.go:102] falling back to the local client version: v1.17.0 W1229 11:23:22.590472 1688 validation.go:28] Cannot validate kube-proxy config - no validator is available W1229 11:23:22.590492 1688 validation.go:28] Cannot validate kubelet config - no validator is available [init] Using Kubernetes version: v1.17.0 [preflight] Running pre-flight checks [WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.17.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.17.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.17.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.17.0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.4.3-0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:1.6.5: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) , error: exit status 1 [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` To see the stack trace of this error execute with --v=5 or higher
执行这个解决防火墙警告
firewall-cmd --permanent --add-port=6443/tcp && sudo firewall-cmd --permanent --add-port=10250/tcp && sudo firewall-cmd --reload
失败信息中给出了pull失败的镜像地址。github上有人已经下载所有的镜像并上传到国内地址,可以从那下载。
github地址:https://github.com/anjia0532/gcr.io_mirror
镜像地址转换规则
gcr.io/namespace/image_name:image_tag #eq gcr.azk8s.cn/namespace/image_name:image_tag # special k8s.gcr.io/{image}/{tag} <==> gcr.io/google-containers/{image}/{tag} <==> gcr.azk8s.cn/namespace/image_name:image_tag
例如上面初始话下载失败的镜像地址是k8s.gcr.io/kube-apiserver:v1.17.0。
k8s.gcr.io/kube-apiserver:v1.17.0 转换为 gcr.azk8s.cn/google-containers/kube-apiserver:v1.17.0
下载镜像
docker pull gcr.azk8s.cn/google-containers/kube-controller-manager:v1.17.0 docker pull gcr.azk8s.cn/google-containers/kube-scheduler:v1.17.0 docker pull gcr.azk8s.cn/google-containers/kube-proxy:v1.17.0 docker pull gcr.azk8s.cn/google-containers/pause:3.1 docker pull gcr.azk8s.cn/google-containers/etcd:3.4.3-0 docker pull gcr.azk8s.cn/google-containers/coredns:1.6.5
由于,kubeadm init拉取的镜像地址是官方的地址,因此我们需要打对应的tag
docker tag gcr.azk8s.cn/google-containers/kube-apiserver:v1.17.0 k8s.gcr.io/kube-apiserver:v1.17.0 docker tag gcr.azk8s.cn/google-containers/kube-controller-manager:v1.17.0 k8s.gcr.io/kube-controller-manager:v1.17.0 docker tag gcr.azk8s.cn/google-containers/kube-scheduler:v1.17.0 k8s.gcr.io/kube-scheduler:v1.17.0 docker tag gcr.azk8s.cn/google-containers/kube-proxy:v1.17.0 k8s.gcr.io/kube-proxy:v1.17.0 docker tag gcr.azk8s.cn/google-containers/pause:3.1 k8s.gcr.io/pause:3.1 docker tag gcr.azk8s.cn/google-containers/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0 docker tag gcr.azk8s.cn/google-containers/coredns:1.6.5 k8s.gcr.io/coredns:1.6.5
同样的方式完成所有镜像的下载。
如果有多台服务器可以进行同样的操作。
设置主机域名
编辑/etc/hostname,将hostname修改为k8s-node1
编辑/etc/hosts,追加内容 IP k8s-node1
然后在主节点再次执行初始化,如果失败,可以先执行kubeadm reset
kubeadm init --pod-network-cidr=192.168.0.0/16
## 如果需要多个节点
kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=192.168.56.104
继续执行
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
安装Calico
kubectl apply -f https://docs.projectcalico.org/v3.11/manifests/calico.yaml
这一步也需要下载相应的calico镜像,也可能下载失败,大家可以去上面的yaml文件中,找到需要的镜像,然后搜索下载方式,这里就不说了。
验证是否成功
watch kubectl get pods --all-namespaces
结果如下就表示成功了
NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-kube-controllers-6ff88bf6d4-tgtzb 1/1 Running 0 2m45s kube-system calico-node-24h85 1/1 Running 0 2m43s kube-system coredns-846jhw23g9-9af73 1/1 Running 0 4m5s kube-system coredns-846jhw23g9-hmswk 1/1 Running 0 4m5s kube-system etcd-jbaker-1 1/1 Running 0 6m22s kube-system kube-apiserver-jbaker-1 1/1 Running 0 6m12s kube-system kube-controller-manager-jbaker-1 1/1 Running 0 6m16s kube-system kube-proxy-8fzp2 1/1 Running 0 5m16s kube-system kube-scheduler-jbaker-1 1/1 Running 0 5m41s
如果calico-node出现ErrorImagePull等状态,就表示这个镜像没有下载成功,需要自己手动去国内镜像地址去下载,名称和版本号见https://docs.projectcalico.org/v3.11/manifests/calico.yaml
配置master节点为work节点
kubectl taint nodes --all node-role.kubernetes.io/master-
结果如下
node/<your-hostname> untainted
最后运行
kubectl get nodes -o wide
出现类型如下结果就表示成功了
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME <your-hostname> Ready master 52m v1.12.2 10.128.0.28 <none> Ubuntu 18.04.1 LTS 4.15.0-1023-gcp docker://18.6.1