1. 环境准备
系统要求:至少 2GB RAM(建议 4GB 或更多),网络连接。
节点准备:至少 3 台机器,1 台作为 Master 节点,2 台作为 Worker 节点。
安装sudo
apt update
apt install sudo
设置主机名(在每台机器上):
sudo hostnamectl set-hostname <主机名>
替换 <主机名> 为 k8s-master、k8s-node1、k8s-node2
配置 /etc/hosts(在所有节点上):
将所有节点的 IP 地址和主机名添加到 /etc/hosts 文件中。
root@k8s-node1:~# echo “192.168.0.147 k8s-master” >> /etc/hosts
root@k8s-node1:~# echo “192.168.0.217 k8s-node1” >> /etc/hosts
更新系统:
sudo apt update && sudo apt upgrade -y
2. 安装 containerd
在所有节点上执行以下步骤:
安装 containerd:
sudo apt install -y containerd
2.2 更新containered到最新版本1.7
默认安装的版本是1.4,如果不更新,后面 init 的时候会报如下错误
[ERROR CRI]: container runtime is not running: output: time="2024-02-03T22:17:09+08:00" level=fatal msg="validate service connection: CRI v1 runtime API is not implemented for endpoint \"unix:///var/run/containerd/containerd.sock\": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
, error: exit status 1[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`到 https://github.com/containerd/containerd/releases 下载最新版本
- 解压缩文件
首先,您需要解压下载的压缩包。打开终端,切换到包含下载文件的目录,然后运行:
tar xzvf containerd-1.7.13-linux-amd64.tar.gz
sudo mv bin/* /usr/bin/
containerd --version 可以查看版本号为1.7
2.3 配置 containerd:
生成默认配置文件
sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml > /dev/null
修改配置文件
nano /etc/containerd/config.toml文件中 sandbox_image做如下修改,因为后面init的时候指定的是阿里云的sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]SystemdCgroup = true #这个很重要,否则,k8s启动起来后会自动停止,kubectl get pods -n kube-system 也会出现监听端口6443访问失败的报错
启用并启动 containerd:
sudo systemctl restart containerd
sudo systemctl enable containerd
sudo systemctl status containerd 可查看状态
3. 安装 Kubernetes
在所有节点上执行以下步骤:
安装必需的包:首先,确保你的系统安装了 apt-transport-https、ca-certificates 和 curl:
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
添加 Kubernetes 的 GPG 密钥:
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
添加 Kubernetes 仓库:
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
更新软件包列表:
sudo apt-get update
安装 kubeadm、kubelet 和 kubectl:
sudo apt-get install -y kubelet=1.28.2-00 kubeadm=1.28.2-00 kubectl=1.28.2-00 sudo apt-mark hold kubelet kubeadm kubectl
安装配置br_netfilter 模块:
sudo modprobe br_netfilter
确保 IP 转发被启用:
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.confecho "net.bridge.bridge-nf-call-iptables=1" | sudo tee -a /etc/sysctl.confsudo sysctl -p
# 4. 初始化 Kubernetes 集群(在 Master 节点上执行)4.2 初始化集群:(Master节点)
直接执行下面的会报错
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
报错:
[ERROR ImagePull]: failed to pull image registry.k8s.io/kube-apiserver:v1.28.6: output: E0212 19:15:37.560180 22897 remote_image.go:171] "P
应该执行下面的
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.28.2
以下是 kubeadm init 命令的输出。
root@ecs-2144:~# sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containerssudo kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.28.6
unknown command "kubeadm" for "kubeadm init"
To see the stack trace of this error execute with --v=5 or higher
root@ecs-2144:~# sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.28.6
[init] Using Kubernetes version: v1.28.6
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.0.147]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.0.147 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.0.147 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 4.001658 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s-master as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node k8s-master as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
[bootstrap-token] Using token: c5ir0f.h8x43oj54kb1gppe
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxyYour Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.0.147:6443 --token c5ir0f.h8x43oj54kb1gppe \--discovery-token-ca-cert-hash sha256:42dc8386b03f8c6c415e06153c4b978e2020ca48d19b7b8b383d1c5d311a36e7 5. 设置 kubectl(仅限 Master 节点)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
6. 安装网络插件(在 Master 节点上)
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml --request-timeout='0'
#不加–request-timeout=‘0’ 可能会导致超时
如果出现连接连接端口错误
运行 journalctl -u kubelet 可以看日志,如果看到以下错误
err="failed to load kubelet config file, path: /var/lib/kubelet/config.yaml, err>
可能是没有授权访问权限,运行以下即可
sudo chown root:root /var/lib/kubelet/config.yaml
sudo chmod 644 /var/lib/kubelet/config.yaml
然后重新运行kubelet
sudo systemctl restart kubelet //经测试只需要这一行即可
sudo systemctl status kubelet
sudo systemctl restart containerd
sudo systemctl status containerd
然后重新运行上面的 kubectl apply …
可能还会出现报错 unable to connect to the server: net/http: TLS handshake timeout
重新执行一遍一般就会成功
7. 将 Worker 节点加入集群
在每个 Worker 节点上,运行在初始化 Master 节点时得到的 kubeadm join 命令。
效果如下:
root@ecs-7d63:~# kubeadm join 192.168.0.147:6443 --token lj3ooj.2x39tu70gyx5uj3v --discovery-token-ca-cert-hash sha256:7ce5191c1581dfcee7b33457bdd9341fa1ee128a19ac248c8daf9e69a57a8b18
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
- 验证集群状态
在 M
aster 节点上,运行:
kubectl get nodes
你应该能看到所有节点的状态为 Ready。
支持基础安装完成,下一步就是配置k8s
开放端口
API Server:
6443: Kubernetes API server。这是最关键的端口,用于集群管理通信。
etcd:
2379-2380: 用于etcd服务器客户端API通信。只有Kubernetes的API server才需要访问etcd,所以这些端口只需要在Master节点之间开放。
Kubelet:
10250: Kubelet API。这个端口用于API server获取节点和Pod的信息。
Kube-proxy:
Kubernetes中的Controller Manager和Scheduler虽然主要与API Server进行通信,但它们也监听在特定端口上,主要用于健康检查和指标收集。这些端口主要用于集群内部通信,而不是外部访问。下面是Controller Manager和Scheduler所监听的端口:
Kubernetes Controller Manager
默认端口:
10252: 用于健康检查和指标(metrics)的非安全HTTP访问。
安全端口:
当配置了安全访问(例如,通过启用HTTPS或认证和授权),Controller Manager可以配置为通过安全端口提供服务,但这需要手动配置,包括证书和相关的安全设置。
Kubernetes Scheduler
默认端口:
10251: 用于健康检查和指标的非安全HTTP访问。
排错
列出所有系统pod
kubectl get pods -n kube-system
calico-kube-controllers-7ddc4f45bc-snh9v 1/1 Running 1 (2m10s ago) 158m
calico-node-5mnpd 1/1 Running 1 (2m10s ago) 158m
calico-node-s6w74 1/1 Running 0 156m
coredns-66f779496c-cvwjx 1/1 Running 1 (2m10s ago) 171m
coredns-66f779496c-qx7fr 1/1 Running 1 (2m10s ago) 171m
etcd-k8s-master 1/1 Running 1 (2m10s ago) 171m
kube-apiserver-k8s-master 1/1 Running 1 (2m10s ago) 171m
kube-controller-manager-k8s-master 1/1 Running 1 (2m10s ago) 171m
kube-proxy-k7c6l 1/1 Running 1 (2m10s ago) 171m
kube-proxy-stft6 1/1 Running 0 156m
kube-scheduler-k8s-master 1/1 Running 1 (2m10s ago) 171m
找出名称后,可以查看该pod的日志
kubectl logs -n kube-system
调用 kubectl get pods -n kube-system
如果响应
root@k8s-master:~# kubectl get pods -n kube-system
The connection to the server 192.168.0.147:6443 was refused - did you specify the right host or port?
说明kubelet停了,需要调用
sudo systemctl restart kubelet 重启,
journalctl -u kubelet 可查看kubelet日志
)
(A,B,C,D,E,F))
![写一个程序,输入数量不确定的[0,9]范围内的整数,统计每一种数字出现的次数输入-1表示结束](http://pic.xiahunao.cn/写一个程序,输入数量不确定的[0,9]范围内的整数,统计每一种数字出现的次数输入-1表示结束)
