ubuntu16.0安装kubernetes集群为练习CKA准备

ubuntu16.0安装kubernetes集群为练习CKA准备

​

时间非常紧

考试注意事项

要保持头再摄像头范围内，让监考老师看到 要保持界面简洁 只能带透明水杯 可以上厕所，但要注意时间

考试流程

jumpserver 通过公网ip远程，通过私网ip远程其他机器。

基础环境配置（all）

swapoff -a

cat < /etc/hosts192.168.211.40 master192.168.211.41 node1192.168.211.42 node2EOF

安装docker（all）

如果你觉得默认​​ubutu默认源​​​慢，可以更换​​aliyun​​源

$ vim /etc/apt/sources.list

deb bionic main restricted universe multiversedeb bionic-security main restricted universe multiversedeb bionic-updates main restricted universe multiversedeb bionic-proposed main restricted universe multiversedeb bionic-backports main restricted universe multiversedeb-src bionic main restricted universe multiversedeb-src bionic-security main restricted universe multiversedeb-src bionic-updates main restricted universe multiversedeb-src bionic-proposed main restricted universe multiversedeb-src bionic-backports main restricted universe multiverse

$ apt-get update

手动安装（all）

​​apt-get install -y docker-ce=5:19.03.4~3-0~ubuntu-xenial docker-ce-cli=5:19.03.4~3-0~ubuntu-xenial containerd.io=1.2.10-3

问题：

Failed to fetch cdrom://Ubuntu-Server 16.04.6 LTS _Xenial Xerus_ - Release amd64 (20190226)/dists/xenial/main/binary-amd64/Packages Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs

解决方法： deb cdrom行注释掉

$ vim /etc/apt/sources.list#deb cdrom:[Ubuntu-Server 16.04 LTS _Xenial Xerus_ - Release amd64 (20160420.3)]/ xenial main restricted

添加docker配置文件，如果不那么保持严谨可以不用添加这一步。如果拉去镜像，最好配置国内得镜像源。

cat > /etc/docker/daemon.json <

mkdir -p /etc/systemd/system/docker.service.dsystemctl daemon-reload systemctl start dockersystemctl status docker

，

安装kubernets（all）

配置google kubernets源

cat </etc/apt/sources.list.d/kubernetes.listdeb kubernetes-xenial mainEOF

配置key

curl -s | apt-key add -

更新并安装

apt-get updateapt-get install -y kubelet kubeadm kubectl

Kubectl 自动补全

$ source <(kubectl completion bash) # setup autocomplete in bash, bash-completion package should be installed first.$ source <(kubectl completion zsh) # setup autocomplete in zsh

如果我们无法访问​​google​​​，可以考虑用​​aliyun​​源

配置aliyun kubernets源

cat </etc/apt/sources.list.d/kubernetes.listdeb kubernetes-xenial mainEOF

验证：

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6A030B21BA07F4FB

配置key

curl | sudo apt-key add -

安装工具

sudo apt-get updatesudo apt-get install -y kubelet kubeadm kubectlsudo apt-mark hold kubelet kubeadm kubectl

kubeadm创建集群master节点

直接执行初始化会拉取镜像失败（master）

kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=192.168.211.40

拉取镜像失败

failed to pull image k8s.gcr.io/kube-apiserver:v1.12.2failed to pull image k8s.gcr.io/kube-controller-manager:v1.12.2failed to pull image k8s.gcr.io/kube-scheduler:v1.12.2failed to pull image k8s.gcr.io/kube-proxy:v1.12.2failed to pull image k8s.gcr.io/pause:3.1failed to pull image k8s.gcr.io/etcd:3.2.24failed to pull image k8s.gcr.io/coredns:1.2.2

查看需要拉取得镜像(all）

$ kubeadm config images listk8s.gcr.io/kube-apiserver:v1.18.5k8s.gcr.io/kube-controller-manager:v1.18.5k8s.gcr.io/kube-scheduler:v1.18.5k8s.gcr.io/kube-proxy:v1.18.5k8s.gcr.io/pause:3.2k8s.gcr.io/etcd:3.4.3-0k8s.gcr.io/coredns:1.6.7

注意：这个列表显示的tag名字和镜像版本号，从Kubernetes v1.12+开始，镜像名后面不带 amd64, arm, arm64, ppc64le 这样的标识了

生成默认kubeadm.conf文件(all）

$ kubeadm config print init-defaults > kubeadm.conf

6.3 绕过墙下载镜像方法(all） 注意这个配置文件默认会从google的镜像仓库地址k8s.gcr.io下载镜像，如果你没有科学上网，那么就会 下载不来。因此，我们通过下面的方法把地址改成国内的，比如用阿里的：

sed -i "s/imageRepository: .*/imageRepository: registry.aliyuncs.com\/google_containers/g"

6.4 指定kubeadm安装的Kubernetes版本

sed -i "s/kubernetesVersion: .*/kubernetesVersion: v1.18.1/g"

6.5 下载需要用到的镜像(all） kubeadm.conf修改好后，我们执行下面命令就可以自动从国内下载需要用到的镜像了：

$ kubeadm config images pull --config kubeadm.conf

重新初始化master节点

$ kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=192.168.211.40 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.211.40:6443 --token yuqokz.7989i4qx5770obvp \ --discovery-token-ca-cert-hash sha256:167d0176ccd1c90b7373917940620fb7a48b245913eb25a05726345902f6213c

把最后生成的命令记住 master执行：（master）

mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config

node执行加入集群：（node）

报错

$ kubeadm join 192.168.211.40:6443 --token yuqokz.7989i4qx5770obvp --discovery-token-ca-cert-hash sha256:167d0176ccd1c90b7373917940620fb7a48b245913eb25a05726345902f6213cW0804 09:39:51.878220 8270 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.[preflight] Running pre-flight checkserror execution phase preflight: [preflight] Some fatal errors occurred: [ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists [ERROR FileAvailable--etc-kubernetes-bootstrap-kubelet.conf]: /etc/kubernetes/bootstrap-kubelet.conf already exists [ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`To see the stack trace of this error execute with --v=5 or higher

解决方法：

$ kubeadm reset

再次执行join加入集群

$ kubeadm join 192.168.211.40:6443 --token yuqokz.7989i4qx5770obvp \ --discovery-token-ca-cert-hash sha256:167d0176ccd1c90b7373917940620fb7a48b245913eb25a05726345902f6213c W0804 09:47:01.922091 13137 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.[preflight] Running pre-flight checks[preflight] Reading configuration from the cluster...[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"[kubelet-start] Starting the kubelet[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...This node has joined the cluster:* Certificate signing request was sent to apiserver and a response was received.* The Kubelet was informed of the new secure connection details.Run 'kubectl get nodes' on the control-plane to see this node join

默认token有效期为24小时，当过期之后，该token就不可用了。这时就需要重新创建token，操作如下：

$ kubeadm token create --print-join-command

master执行：

root@master:~# kubectl get nodesNAME STATUS ROLES AGE VERSIONmaster NotReady master 19m v1.18.6node1 NotReady 6m55s v1.18.6node2 NotReady 5m16s v1.18.6root@master:~# kubectl get podsNo resources found in default namespace.root@master:~# kubectl get pods -ANAMESPACE NAME READY STATUS RESTARTS AGEkube-system coredns-66bff467f8-2xmnt 0/1 Pending 0 21mkube-system coredns-66bff467f8-ghj2s 0/1 Pending 0 21mkube-system etcd-master 1/1 Running 0 22mkube-system kube-apiserver-master 1/1 Running 0 22mkube-system kube-controller-manager-master 1/1 Running 0 22mkube-system kube-proxy-dh46z 1/1 Running 0 7m35skube-system kube-proxy-jq6cb 1/1 Running 0 21mkube-system kube-proxy-z6prp 1/1 Running 0 9m14skube-system kube-scheduler-master 1/1 Running 0 22m

node执行：

root@node2:~# kubectl get nodes(卡住)root@node2:~# mkdir -p $HOME/.kuberoot@node2:~# scp root@192.168.211.40:/root/.kube/config /root/.kube/root@node2:~# kubectl get pods -ANAMESPACE NAME READY STATUS RESTARTS AGEkube-system coredns-66bff467f8-2xmnt 0/1 Pending 0 29mkube-system coredns-66bff467f8-ghj2s 0/1 Pending 0 29mkube-system etcd-master 1/1 Running 0 29mkube-system kube-apiserver-master 1/1 Running 0 29mkube-system kube-controller-manager-master 1/1 Running 0 29mkube-system kube-proxy-dh46z 1/1 Running 0 14mkube-system kube-proxy-jq6cb 1/1 Running 0 29mkube-system kube-proxy-z6prp 1/1 Running 0 16mkube-system kube-scheduler-master 1/1 Running 0 29m

安装网络calico

$ kubectl apply -f createdcustomresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org createdcustomresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org createdclusterrole.rbac.authorization.k8s.io/calico-kube-controllers createdclusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers createdclusterrole.rbac.authorization.k8s.io/calico-node createdclusterrolebinding.rbac.authorization.k8s.io/calico-node createddaemonset.apps/calico-node createdserviceaccount/calico-node createddeployment.apps/calico-kube-controllers createdserviceaccount/calico-kube-controllers created

pod创建失败,删除重新载尝试一次

$ kubectl delete -f kubectl apply -f describe看一下

kubectl describe pods -n

假如拉取镜像失败，手动尝试拉取

docker pull xxx

DNS问题,换用

$ cat /etc/resolve.confnameserver 114.114.114.114 #国内DNS

最后查看pod是否创建成功

kubectl get pods -A

注意：内存要给足，否则也有可能使pod处于pending状态。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。