安裝(ubuntu舉例)
(1) sudo apt-get install docker.io
(2) sudo usermod -aG docker $USER
(3) sudo systemctl start docker && sudo systemctl enable docker
(4) curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
(5) sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
(6) sudo apt-get install kubeadm kubelet kubectl -y
(7) sudo swapoff -a
(8) google 如何永久關閉 swap
k8啓動(關鍵)
此步驟在 master 機器操作
(1)一定要用這個地址10.244.0.0
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
注意: 此時的網卡是沒有cni0,和flannel.1的
(2)
跟着提示敲下面命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
(3)裝網卡
sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
先看自己的k8s集羣服務是不是都正常起了, 如果啓動失敗,查看 “異常抉擇”
sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
(4)查看網卡
(5) 記錄下slave機器加入集羣的kubeadm join xxx
命令行
(6) master機器配置完畢
此步驟在 slave 機器操作
(1) sudo apt-get install docker.io
(2) sudo usermod -aG docker $USER
(3) sudo systemctl start docker && sudo systemctl enable docker
(4) curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add
(5) sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
(6) sudo apt-get install kubeadm kubelet kubectl -y
(7) sudo swapoff -a
(8) 永久關閉 swap
(9) sudo kubeadm reset (如果你裝過一次,執行下這個命令初始化)
(10) 使用你記錄的 `kubeadm join xxx` ,讓slave 加入master集羣
回到master機器,kubectl get node查看slave機器加入了沒有,如果配置正常,會從notready->ready發現slave機器
異常抉擇
(1)問題: Unable to connect to the server: x509
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
(2)問題:coredns等服務啓動失敗
原因: kubeadm reset不會清理虛擬網卡,需要手動清理
(1) ifconfig 你會看到flannel.1的網卡,可能還有cni0的網卡,你要做的是刪除他們
(2) sudo ip link delete flannel.1 && sudo ip link delete cni0
(3) sudo kubeadm reset 重置一下k8s集羣
(3)問題: “cni0” already has an IP address different from
sudo ip link delete cni0
補充:aws私有鏡像拉不下來, no basic auth credentials , trying and failing to pull image
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=/home/ubuntu/.docker/config.json \
--type=kubernetes.io/dockerconfigjson
(1)使用這個命令可以創建祕鑰,給私有倉庫拉鏡像做認證,在你的deployment文件,指定imagePullPolicy.
如果你創建不了,那就kubectl delete secret regcred, 再執行剛纔的命令.
(2)後來發現每天secret都會失效,12小時失效一次,建議編寫cron腳本12小時清一次secret,再重新創建
(3) /etc/docker/daemon.json 確保每個node都要這段代碼,爲了讓你自己搭的harbor等私有倉庫不用443端口也能拉鏡像,加過記得重啓docker。
/etc/docker/daemon.json
{
"insecure-registries" : ["172.26.192.107:80"]
}
demo:
apiVersion: v1
kind: Service
metadata:
name: py-main
labels:
app: py-main
spec:
clusterIP: None
ports:
- port: 1000
protocol: TCP
name: port-1000
selector:
app: py-main
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: py-main
spec:
selector:
matchLabels:
app: py-main
template:
metadata:
labels:
app: py-main
spec:
imagePullSecrets:
- name: regcred
containers:
- name: py-main
image: 私有鏡像地址,不帶http頭
imagePullPolicy: Always
livenessProbe:
httpGet:
port: 1000
periodSeconds: 30
ports:
- containerPort: 1000
protocol: TCP
env:
- name: ME
value: "eng-server"
volumeMounts:
- mountPath: /code
name: py-main
volumes:
- name: py-main
hostPath:
path: /home/ubuntu/code
私有倉庫secert創建(比如harbor)
kubectl create secret docker-registry regsecret --docker-server=192.166.2.74:80 --docker-username=admin --docker-password=Harbor12345
參考資料:
https://tonybai.com/2019/10/21/how-to-deploy-a-kubernetes-cluster-with-ubuntu-server-18-04/