折腾树莓派k8s

折腾树莓派k8s

  • 我的环境
  • 给树莓派安装系统
  • 安装docker
  • 安装k8s
  • 初始化master
  • 过程报错&解决
    • kubeadm init时报错
      • [ERROR CRI]: container runtime is not running
      • [ERROR SystemVerification]: missing required cgroups: memory
      • ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables
      • [ERROR IMAGEPULL]: FAILED TO PULL IMAGE K8S.GCR.IO/KUBE-APISERVER
    • 未完待续

我的环境

硬件:3个树莓派4b,32g内存卡,一个交换机
软件:centos8

给树莓派安装系统

安装centos8系统,centos7找不到docke-ce armv7l的镜像了
参考:
树莓派4B安装Centos7.9
树莓派4B的centos7.9配置优化

安装docker

这一步,如果是centos7,不管用阿里云还是清华的镜像源,都找不到armv7l或是armhf的docker-ce,因此执行yum install docker-ce时会报错404。找了半天我也放弃了,直接换centos8(也不知道后面有没有别的坑,至少先别死在这)
另外,安装docker时,要注意是什么架构,用arch命令可以查看
参考:
树莓派4B安装docker

安装k8s

1、修改内核配置
2、关闭swap
3、添加阿里云的k8s镜像源

cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0

4、安装

sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet

参考
阿里云Kubernetes镜像 (参考这里完成的下载安装)

初始化master

3台树莓派,1个做master,2个做node
先操作master节点,初始化
创建初始化配置文件,可以使用如下命令生成初始化配置文件

kubeadm config print init-defaults > kubeadm-config.yaml

再编辑配置文件kubeadm-config.yaml:vi kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.0.115
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: pi4-master
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.25.0
networking:
  dnsDomain: cluster.local
  podSubnet: "10.244.0.0/16"
  serviceSubnet: 10.96.0.0/12
scheduler: {}

apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
  SupportIPVSProxyMode: true
mode: ipvs

编辑文件参考官网:结合一份配置文件来使用 kubeadm init

过程报错&解决

kubeadm init时报错

[ERROR CRI]: container runtime is not running

解决:
[root@master:~] rm -rf /etc/containerd/config.toml
[root@master:~] systemctl restart containerd

[ERROR SystemVerification]: missing required cgroups: memory

解决1:关闭swap分区(does work for me)
1、第一步 关闭swap分区:
swapoff -a

第二步修改配置文件 - /etc/fstab
删除swap相关行 /mnt/swap swap swap defaults 0 0 这一行或者注释掉这一行

第三步确认swap已经关闭
free -m
若swap行都显示 0 则表示关闭成功

第四步调整 swappiness 参数
vim /etc/sysctl.conf # 永久生效
#修改 vm.swappiness 的修改为 0
vm.swappiness=0

最后:sysctl -p # 使配置生效

解决2:
编辑/boot/cmdline.txt(推荐)

添加cgroup_enable=memory cgroup_memory=1参数

console=serial0,115200 console=tty1 root=PARTUUID=0a27722f-02 rootfstype=ext4 fsck.repair=yes rootwait cgroup_enable=memory cgroup_memeory=1
注意:如果在/boot下没有cmdline.txt文件则自己创建,复制上面的内容,但是PARTUUID的值要根据blkid命令查到的值做修改;
编辑完保存之后,需要reboot重启树莓派;

ERROR FileContent–proc-sys-net-bridge-bridge-nf-call-iptables

报错:

 [ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
 [ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1

解决:(官网文档有这一步)

通过运行 lsmod | grep br_netfilter 来验证 br_netfilter 模块是否已加载。
若要显式加载此模块,请运行 sudo modprobe br_netfilter。
为了让 Linux 节点的 iptables 能够正确查看桥接流量,请确认 sysctl 配置中的 net.bridge.bridge-nf-call-iptables 设置为 1。
例如:
cat < overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

#设置所需的 sysctl 参数,参数在重新启动后保持不变
cat < net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

#应用 sysctl 参数而不重新启动
sudo sysctl --system

[ERROR IMAGEPULL]: FAILED TO PULL IMAGE K8S.GCR.IO/KUBE-APISERVER

拉不到镜像,这是因为要下载k8s.gcr.io的docker镜像,但是国内连不上
解决:
从别的仓库一个一个拉取再改名
参考:https://www.freesion.com/article/20831079183/
在dockerhub上找镜像,写个脚本下载后改名
1、查看需要哪些镜像
kubeadm config images list
2、查看本地有没有
docker image
3、去dockerhub找,官方的、活跃的、
4、修改脚本

set -o errexit
set -o nounset
set -o pipefail
##这里定义版本
KUBE_VERSION=v1.25.2
KUBE_PAUSE_VERSION=3.8
ETCD_VERSION=3.5.4-0
DNS_VERSION=1.9.3

GCR_URL=registry.k8s.io
##这里就是写你要使用的仓库
DOCKERHUB_URL=dyrnq
##这里是镜像列表
images=(
kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${DNS_VERSION}
)
##这里是拉取和改名的循环语句
for imageName in ${images[@]} ; do
  docker pull $DOCKERHUB_URL/$imageName
  docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName
  docker rmi $DOCKERHUB_URL/$imageName
done

未完待续

kubeadm init 仍然报错
1、pull不到镜像,试了单独pull下来改名,但init时仍会报错
2、把node的镜像拉取策略改为never,继续init
3、报错:

Unfortunately, an error has occurred:
        timed out waiting for the condition

This error is likely caused by:
        - The kubelet is not running
        - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
        - 'systemctl status kubelet'
        - 'journalctl -xeu kubelet'

查看 ‘journalctl -xeu kubelet’

[root@pi4-master system]# journalctl -xeu kubelet
10月 11 01:27:13 pi4-master kubelet[4699]: E1011 01:27:13.875235    4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:13 pi4-master kubelet[4699]: E1011 01:27:13.922222    4699 certificate_manager.go:471] kubernetes.io/kube-apiserver-client-kubelet: Failed while requesting a signed certificate from the control plane: cannot create certificate signing request: Post "https://192.16>10月 11 01:27:13 pi4-master kubelet[4699]: E1011 01:27:13.975310    4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.076021    4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.176779    4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.247226    4699 kubelet.go:2373] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.277449    4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.378056    4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.478632    4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.579092    4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"
10月 11 01:27:14 pi4-master kubelet[4699]: W1011 01:27:14.640342    4699 reflector.go:424] vendor/k8s.io/client-go/informers/factory.go:134: failed to list *v1.Node: Get "https://192.168.0.115:6443/api/v1/nodes?fieldSelector=metadata.name%3Dpi4-master&limit=500&resourceVersion=>10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.640489    4699 reflector.go:140] vendor/k8s.io/client-go/informers/factory.go:134: Failed to watch *v1.Node: failed to list *v1.Node: Get "https://192.168.0.115:6443/api/v1/nodes?fieldSelector=metadata.name%3Dpi4-master&>10月 11 01:27:14 pi4-master kubelet[4699]: E1011 01:27:14.679360    4699 kubelet.go:2448] "Error getting node" err="node \"pi4-master\" not found"

你可能感兴趣的:(运维,kubernetes,docker,容器,树莓派)