前置
关闭swap
临时关闭
永久关闭
网桥
1 2 3 4 5
| modprobe br_netfilter modprobe overlay
vim /etc/sysctl.conf
|
安装containerd(也可使用docker)
安装k8s
添加k8s 镜像源
1 2 3 4 5 6 7 8 9
|
apt install gnupg curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
echo "deb http://mirrors.cloud.tencent.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d /kubernetes.list apt update
|
安装(版本对上就行)
1
| apt install kubeadm=1.25.3-00 kubelet=1.25.3-00 kubectl=1.25.3-00
|
镜像源问题
生成配置
1
| containerd config default > /etc/containerd/config.toml
|
修改相关镜像
1 2
| vim /etc/containerd/config.toml 修改 sandbox_image 为 registry.aliyuncs.com/google_containers/pause
|
配置镜像源
1 2 3 4 5 6
| [plugins."io.containerd.grpc.v1.cri".registry.mirrors] 下面加上 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://docker.mirrors.ustc.edu.cn"] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"] endpoint = ["https://registry.aliyuncs.com/google_containers"]
|
启动服务
启动containerd
1 2
| systemctl enable containerd systemctl start containerd
|
启动kubelet
1 2
| systemctl enable kubelet.service systemctl start kubelet.service
|
crictl配置
修改/etc/crictl.yaml
1 2 3 4 5
| runtime-endpoint: unix:///var/run/containerd/containerd.sock image-endpoint: unix:///var/run/containerd/containerd.sock timeout: 10 debug: false pull-image-on-create: false
|
初始化集群
主节点
kubeadm 安装
1 2 3 4 5 6 7 8 9 10
| kubeadm init \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.25.3 \ --apiserver-advertise-address 10.0.4.14 \ --pod-network-cidr=10.244.0.0/16 \ --token-ttl 0
|
cni安装
1 2
| kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
|
这里如果 kubeadm --pod-network-cidr
不是默认的10.244.0.0/16
就要把yml里面的subnet改成上面配置的
子节点
主节点安装后会有一行命令 kubeadm join xxxx
子节点上执行
如果忘记了可以在主节点上 kubeadm token create --print-join-command
重新生成
问题
ingress-nginx
镜像问题
1 2 3 4 5
| crictl pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20220916-gd32f8c343 crictl pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.5.1
ctr -n k8s.io images tag registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.5.1 registry.k8s.io/ingress-nginx/controller:v1.5.1 ctr -n k8s.io images tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20220916-gd32f8c343 registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343
|
部署方式
没有LoadBalancer的话, service修改为NodePort,采用daemonset部署, 先给node打标 kubectl label nodes node-name hasIngress=true
, 然后配置daemonset选择器
后端服务是https时,需配置对应ingress注解
1
| nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
集群跨界点网络不通问题
需要开放udp端口,flannel要用udp
flannel
启动失败 错误 Failed to create pod sandbox: open /run/systemd/resolve/resolv.conf: no such file or directory
需要启动 systemd-resolved 服务
containerd CRI v1 image API is not implemented for endpoint
crictl 版本(cri-tools)得跟containerd 对上
从节点连接不上问题
可以先从节点上 kubeadm init 一下初始一下基础环境, 然后 kubeadm reset 再 kubeadm join 主节点
pod起不起来
可以通过以下命令查看原因
kubectl describe pod -n namespace-name pod-name
网络重置
删除cni0
1 2 3
| ifconfig cni0 down ip link delete cni0 rm -rf /var/lib/cni/
|
删除flannel网络
1 2 3
| ifconfig flannel.1 down ip link delete flannel.1 rm -f /etc/cni/net.d/*
|
k8s证书过期
1 2 3 4 5 6 7 8 9 10 11 12
| kubeadm certs check-expiration # 查看证书过期时间 kubeadm certs renew all # 重新申请证书
# 然后更新一下kubeadm配置 rm -rf /etc/kubernetes/*.conf # 删除旧配置 kubeadm init phase kubeconfig all # 生成新配置
# 重启 kubelet systemctl restart kubelet.service
# 检查下证书是否更新 openssl x509 -in /var/lib/kubelet/pki/kubelet-client-current.pem -noout -text |grep Not
|
节点notReady
报错 Network plugin returns error: cni plugin not initialized
去主节点上将 /etc/cni/net.d 内文件拷贝过来即可