前置
关闭swap
临时关闭
永久关闭
网桥
1
2
3
4
5
| modprobe br_netfilter
modprobe overlay
vim /etc/sysctl.conf
|
安装containerd(也可使用docker)
安装k8s
添加k8s 镜像源
1
2
3
4
5
6
7
8
9
|
apt install gnupg
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
echo "deb http://mirrors.cloud.tencent.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d
/kubernetes.list
apt update
|
安装(版本对上就行)
1
| apt install kubeadm=1.25.3-00 kubelet=1.25.3-00 kubectl=1.25.3-00
|
镜像源问题
生成配置
1
| containerd config default > /etc/containerd/config.toml
|
修改相关镜像
1
2
| vim /etc/containerd/config.toml
修改 sandbox_image 为 registry.aliyuncs.com/google_containers/pause
|
配置镜像源
1
2
3
4
5
6
| [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
下面加上
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://docker.mirrors.ustc.edu.cn"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["https://registry.aliyuncs.com/google_containers"]
|
启动服务
启动containerd
1
2
| systemctl enable containerd
systemctl start containerd
|
启动kubelet
1
2
| systemctl enable kubelet.service
systemctl start kubelet.service
|
crictl配置
修改/etc/crictl.yaml
1
2
3
4
5
| runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: false
pull-image-on-create: false
|
初始化集群
主节点
kubeadm 安装
1
2
3
4
5
6
7
8
9
10
| kubeadm init \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.25.3 \
--apiserver-advertise-address 10.0.4.14 \
--pod-network-cidr=10.244.0.0/16 \
--token-ttl 0
|
cni安装
1
2
|
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
|
这里如果 kubeadm --pod-network-cidr 不是默认的10.244.0.0/16 就要把yml里面的subnet改成上面配置的
子节点
主节点安装后会有一行命令 kubeadm join xxxx 子节点上执行
如果忘记了可以在主节点上 kubeadm token create --print-join-command 重新生成
问题
ingress-nginx
镜像问题
1
2
3
4
5
| crictl pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20220916-gd32f8c343
crictl pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.5.1
ctr -n k8s.io images tag registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.5.1 registry.k8s.io/ingress-nginx/controller:v1.5.1
ctr -n k8s.io images tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v20220916-gd32f8c343 registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343
|
部署方式
没有LoadBalancer的话, service修改为NodePort,采用daemonset部署, 先给node打标 kubectl label nodes node-name hasIngress=true, 然后配置daemonset选择器
后端服务是https时,需配置对应ingress注解
1
| nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
集群跨界点网络不通问题
需要开放udp端口,flannel要用udp
flannel
启动失败 错误 Failed to create pod sandbox: open /run/systemd/resolve/resolv.conf: no such file or directory
需要启动 systemd-resolved 服务
containerd CRI v1 image API is not implemented for endpoint
crictl 版本(cri-tools)得跟containerd 对上
从节点连接不上问题
可以先从节点上 kubeadm init 一下初始一下基础环境, 然后 kubeadm reset 再 kubeadm join 主节点
pod起不起来
可以通过以下命令查看原因
kubectl describe pod -n namespace-name pod-name
网络重置
删除cni0
1
2
3
| ifconfig cni0 down
ip link delete cni0
rm -rf /var/lib/cni/
|
删除flannel网络
1
2
3
| ifconfig flannel.1 down
ip link delete flannel.1
rm -f /etc/cni/net.d/*
|
k8s证书过期
1
2
3
4
5
6
7
8
9
10
11
12
| kubeadm certs check-expiration # 查看证书过期时间
kubeadm certs renew all # 重新申请证书
# 然后更新一下kubeadm配置
rm -rf /etc/kubernetes/*.conf # 删除旧配置
kubeadm init phase kubeconfig all # 生成新配置
# 重启 kubelet
systemctl restart kubelet.service
# 检查下证书是否更新
openssl x509 -in /var/lib/kubelet/pki/kubelet-client-current.pem -noout -text |grep Not
|
节点notReady
报错 Network plugin returns error: cni plugin not initialized
去主节点上将 /etc/cni/net.d 内文件拷贝过来即可
