Ubuntu安装k8s的一些坑
参考博客:
Ubuntu16.04安装K8s步骤和踩坑记录
【k8s】2-安装部署 以及flannel访问失败问题 The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port?
K8S集群 NOT READY的解决办法 1.13 错误信息:cni config uninitialized
kubeadmV1.14.6启动k8s的一次爬坑
报错:The connection to the server localhost:8080 was refused - did you specify the right host or port?
本次搭建用了三台机器,修改/etc/hosts文件添加如下配置(需要根据自己的实际情况修改ip),第一个是master后两个是slave节点。
| IP | hostname |
| 192.168.145.136 | k8s-master |
| 192.168.145.139 | k8s-node1 |
| 192.168.145.140 | k8s-node2 |
修改节点信息
在每个节点的/etc/hosts中加入
192.168.145.136 k8s-master
192.168.145.137 k8s-node1
192.168.145.138 k8s-node2修改三个节点的/etc/hostname文件,分别修改为k8s-master,k8s-node1,k8s-node2.
从这个分割线开始到下一个分割线中间的步骤在主节点和从节点上都要执行。
关闭防火墙以及Selinux,swap
sudo swapoff -a
#同时把/etc/fstab包含swap那行记录删掉。
sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo apt install selinux-utils
setenforce 0安装docker
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo apt-get install docker.io -y
sudo docker version最后一句是查看docker版本,效果如下:
启动docker
sudo systemctl enable docker
sudo systemctl start docker
sudo systemctl status docker由于众所周知的原因,我们最好给docker的镜像加速一下,所以搞一个阿里云的镜像。修改/etc/docker/daemon.json文件添加:
{
"registry-mirrors": ["https://alzgoonw.mirror.aliyuncs.com"],
"live-restore": true
}并重启docker
sudo systemctl daemon-reload
sudo systemctl restart docker接下来安装kubectl,kubelet,kubeadm。
kubectl:k8s的命令行工具。
kubelet:kubelet 是在每个 Node 节点上运行的主要 “节点代理”。
kubeadm:kubeadm 是 kubernetes 的集群安装工具,能够快速安装 kubernetes 集群。
添加密钥:
sudo curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg |sudo apt-key add -如果出现了gpg: no valid OpenPGP data found.错误,可以做如下操作:
curl -O https://packages.cloud.google.com/apt/doc/apt-key.gpg
sudo apt-key add apt-key.gpg如果还下不来就找个梯子。如果梯子也没,请看百度网盘链接:
链接:https://pan.baidu.com/s/1IhRStSfJ0CEMITf6af_drw
提取码:6xwl添加k8s软件源。
sudo cat </etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF 如果提示说权限错误,最好去/etc/apt/source.list.d看看有没有kubernetes.list文件,没有就去新建一个。
现在开始正式安装,先修改下软件源,改成国内的
sudo vim /etc/apt/sources.list.d/kubernetes.list
#把原来的源删掉,加上下边这个
deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main
sudo apt-get update && sudo apt-get install -y kubelet kubeadm kubectl
sudo systemctl enable kubelet
修改环境变量并重启kubelet
export KUBECONFIG=/etc/kubernetes/admin.conf
# 从节点的admin.conf要从主节点复制而来
sudo systemctl daemon-reload
sudo systemctl restart kubelet
先查看k8s版本
sudo kubectl version如果出现报错
The connection to the server localhost:8080 was refused - did you specify the right host or port?
先不用管,后边再解决。
现在查看下kubeadm需要哪些镜像,在master上init一下,看看哪些镜像因为众所周知的原因拉不了(主要是看看版本号),然后用国内镜像代替。在从节点上就可以直接拉国内镜像。(从节点可以跳过这一步,直接看下边拉镜像那块)
sudo kubeadm init --pod-network-cidr=192.168.145.0/16(改成自己的网段) --apiserver-advertise-address=主节点ip --kubernetes-version=k8s版本 --ignore-preflight-errors=Swap 等待一段时间,然后欣喜地发现报了一堆error:
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.18.5: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.18.5: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.18.5: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.18.5: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.4.3-0: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:1.6.7: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1显而易见,这些镜像没拉下来,原因大家都懂得。
既然如此我们就用国内的镜像, 但是注意下边的镜像版本参数需要修改成和上边error的参数版本一致。比如上边的aprserver是1.18.5下边也要用1.18.5
sudo docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.5
sudo docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.5
sudo docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
sudo docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0
sudo docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7
sudo docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.5
sudo docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.5给这些镜像重新打个tag
sudo docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.5 k8s.gcr.io/kube-controller-manager:v1.18.5
sudo docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.5 k8s.gcr.io/kube-scheduler:v1.18.5
sudo docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.5 k8s.gcr.io/kube-proxy:v1.18.5
sudo docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2
sudo docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0
sudo docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7 k8s.gcr.io/coredns:1.6.7
sudo docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.5 k8s.gcr.io/kube-apiserver:v1.18.5部署下flannel网络
sudo docker pull quay.io/coreos/flannel:v0.9.1-amd64
sudo mkdir -p /etc/cni/net.d/
sudo cat < /etc/cni/net.d/10-flannel.conf
{"name":"cbr0","type":"flannel","delegate": {"isDefaultGateway": true}}
EOF
sudo mkdir /usr/share/oci-umount/oci-umount.d -p
sudo mkdir /run/flannel/
sudo cat < /run/flannel/subnet.env
FLANNEL_NETWORK=172.100.0.0/16
FLANNEL_SUBNET=172.100.1.0/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
EOF
初始化
sudo kubeadm init --pod-network-cidr=192.168.145.0/16(改成自己的网段) --apiserver-advertise-address=masterip --kubernetes-version=k8s版本 --ignore-preflight-errors=Swap 最后一行init执行完毕后看下输出,输出的最后一行是
kubeadm join 192.168.145.136:6443 --token iq579e.ori20ymzdqqle1dj \
--discovery-token-ca-cert-hash sha256:24979cf0594bb7d2aab56fbae37f2555b26cc592035561aaa2028ed2e29a4ec3 这是从节点加入集群的指令,如果token过期就要重新生成一个。
部署flannel网络
sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml如果这个yml下载不下来,请看网盘:
链接:https://pan.baidu.com/s/18GuTsAdUjMW1FT792wP37A
提取码:mjhf
复制这段内容后打开百度网盘手机App,操作更方便哦现在看一下节点状态:
sudo kubectl get nodes结果报错了,查看日志
sudo journalctl -f -u kubeletSep 23 03:06:41 k8s-master kubelet[25669]: W0923 03:06:41.818411 25669 cni.go:202] Error validating CNI config list {"cniVersion":"","name":"cbr0","plugins":[{"delegate":{"isDefaultGateway":true},"name":"cbr0","type":"flannel"}]}: [plugin flannel does not support config version ""]
解决方法参考:https://github.com/coreos/flannel/issues/1178
现在在slave节点上操作,slave需要加入到集群。
sudo kubeadm join 192.168.145.136:6443 --token gv3bgs.6tkc4upyyf0f3101 \
--discovery-token-ca-cert-hash sha256:97ad4fa0e11b7d6d0aeb06404ad986c2a8b42c18d0c88a842748524a835dabb3
在master上执行
sudo kubectl get nodes