k8s集羣部署+疑難問題解答

安裝(ubuntu舉例)

(1) sudo apt-get install docker.io
(2) sudo usermod -aG docker $USER
(3) sudo systemctl start docker && sudo systemctl enable docker
(4) curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
(5) sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
(6) sudo apt-get install kubeadm kubelet kubectl -y
(7) sudo swapoff -a 
(8) google 如何永久關閉 swap

k8啓動(關鍵)

此步驟在 master 機器操作

（1）一定要用這個地址10.244.0.0
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
注意： 此時的網卡是沒有cni0,和flannel.1的

(2)

跟着提示敲下面命令
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

(3)裝網卡
sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
先看自己的k8s集羣服務是不是都正常起了, 如果啓動失敗，查看 “異常抉擇”

sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
(4)查看網卡

(5) 記錄下slave機器加入集羣的kubeadm join xxx命令行

(6) master機器配置完畢

此步驟在 slave 機器操作

(1) sudo apt-get install docker.io
(2) sudo usermod -aG docker $USER
(3) sudo systemctl start docker && sudo systemctl enable docker
(4) curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
(5) sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
(6) sudo apt-get install kubeadm kubelet kubectl -y
(7) sudo swapoff -a 
(8) 永久關閉 swap
(9) sudo kubeadm reset (如果你裝過一次，執行下這個命令初始化)
(10) 使用你記錄的 `kubeadm join xxx` ，讓slave 加入master集羣

回到master機器，kubectl get node查看slave機器加入了沒有,如果配置正常，會從notready->ready發現slave機器

異常抉擇

(1)問題： Unable to connect to the server: x509

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

(2)問題：coredns等服務啓動失敗
原因： kubeadm reset不會清理虛擬網卡，需要手動清理

(1) ifconfig 你會看到flannel.1的網卡，可能還有cni0的網卡，你要做的是刪除他們
(2) sudo ip link delete flannel.1 && sudo ip link delete cni0
(3) sudo kubeadm reset 重置一下k8s集羣

(3)問題： “cni0” already has an IP address different from
sudo ip link delete cni0

補充：aws私有鏡像拉不下來, no basic auth credentials , trying and failing to pull image

kubectl create secret generic regcred \
    --from-file=.dockerconfigjson=/home/ubuntu/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson

（1）使用這個命令可以創建祕鑰，給私有倉庫拉鏡像做認證，在你的deployment文件，指定imagePullPolicy.
如果你創建不了,那就kubectl delete secret regcred, 再執行剛纔的命令.
（2）後來發現每天secret都會失效，12小時失效一次，建議編寫cron腳本12小時清一次secret，再重新創建
(3) /etc/docker/daemon.json 確保每個node都要這段代碼,爲了讓你自己搭的harbor等私有倉庫不用443端口也能拉鏡像，加過記得重啓docker。

 /etc/docker/daemon.json
 {
 "insecure-registries" : ["172.26.192.107:80"]
}

demo:

apiVersion: v1
kind: Service
metadata:
 name: py-main
 labels:
   app: py-main
spec:
 clusterIP: None
 ports:
   - port: 1000
     protocol: TCP
     name: port-1000
 selector:
   app: py-main
---
apiVersion: apps/v1
kind: Deployment
metadata:
 name: py-main
spec:
 selector:
   matchLabels:
     app: py-main
 template:
   metadata:
     labels:
       app: py-main
   spec:
     imagePullSecrets:
       - name: regcred
     containers:
       - name: py-main
         image: 私有鏡像地址，不帶http頭
         imagePullPolicy: Always
         livenessProbe:
           httpGet:
             port: 1000
           periodSeconds: 30
         ports:
           - containerPort: 1000
             protocol: TCP
         env:
           - name: ME
             value: "eng-server"
         volumeMounts:
           - mountPath: /code
             name: py-main
     volumes:
       - name: py-main
         hostPath:
           path: /home/ubuntu/code

私有倉庫secert創建（比如harbor）

kubectl create secret docker-registry regsecret --docker-server=192.166.2.74:80 --docker-username=admin --docker-password=Harbor12345

參考資料:

https://tonybai.com/2019/10/21/how-to-deploy-a-kubernetes-cluster-with-ubuntu-server-18-04/