该笔记仅用于自己学习;上一篇安装了环境,这一篇开始
Mac M1(ARM) 使用Vmware Fusion从零搭建k8s集群【参考】
VMware Fusion下修改vmnet8网络和添加vmnet网络 【注意如下】
虚拟机ip修改的位置修改的,记得开启宿主机的mac os 网络共享,不然你使用了自定义的vmnet2或者vmnet3,虚拟机是无法联网的。当然,最后我还是选择系统自带的 vmnet8;因为选择自定义的vmnet3是还是没有网,我放弃啦
完成上面这一步之后,参考了一篇文章
我发现 这两个文件夹中相互缺少文件,vmnet3是我自定义的(缺dhcpd.conf-> 复制到 vmnet8中),vmnet8应该是系统自带的(缺nat.conf);
这样一来,我就能相互ping通我的node节点啦
bash
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 设置节点主机名(三台机器分别执行)
hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2
# 在master添加hosts
cat >> /etc/hosts << EOF
192.168.10.100 k8s-master
#192.168.10.101 k8s-node1
192.168.10.102 k8s-node2
192.168.10.103 k8s-node3
192.168.10.104 k8s-node4
EOF
# 关闭 SELinux,否则 kubelet 挂载目录时可能报错Permission denied
# 不要直接执行下面这条命令
# 通过vi 禁止就行
# sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
#setenforce 0 # 临时
vi /etc/selinux/config
#禁止
#SELINUX=enforcing
# 关闭swap分区,否则kubelet会启动失败,也可以设置kubelet启动参数 --fail-swap-on为false关闭swap检查
# 不要直接执行下面这条命令
# swapoff -a # 临时
#sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久
# 关闭完swap后,一定要重启一下虚拟机!!!
vi /etc/fstab
#/dev/mapper/cl_fedora-swap none
#关闭完swap后,重启一下虚拟机!!!
free -h # 查看swap分区内存占用率,检查swap是否已关闭
# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 生效
# 时间同步
yum install ntpdate -y
ntpdate time.windows.com
安装kubelet、kubeadm、kubectl组件
bash
# Step 1: 添加k8s的阿里云YUM源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all #清除缓存
yum makecache #重新生成缓存
# Step 2: 安装 kubeadm、kubelet、kubectl
yum install -y kubelet-1.23.6 kubeadm-1.23.6 kubectl-1.23.6
# 开启自启动
systemctl enable kubelet
# Step 3: 配置关闭 Docker 的 cgroups,修改 /etc/docker/daemon.json,加入以下内容,不然后面初始化会报异常
"exec-opts": ["native.cgroupdriver=systemd"]
# 重启 docker
systemctl daemon-reload
systemctl restart docker
初始化Master并加入Node节点
bash
#================在k8s-master上执行==============
# Step 1: 初始化master节点
kubeadm init \
--apiserver-advertise-address=192.168.10.100 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.6 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
# Step 2: 安装成功后,复制如下配置并执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Step 3: 查看是否初始化成功
kubectl get nodes
# ============分别在 k8s-node1 和 k8s-node2 执行================
# 下方命令可以在 k8s master 控制台初始化成功后复制 join 命令
# Step 1: 将node节点加入master
kubeadm join 192.168.100.100:6443 --token j7mpyq.z1py5hwl6ke9os02 \
--discovery-token-ca-cert-hash sha256:57400b47ee911242d9c11f7273d1211cda0dc77994155217ad4248a5719c29a9
# Step 2: 查看是否加入成功(master)
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane,master 76s v1.23.6
k8s-node1 NotReady <none> 47s v1.23.6
k8s-node2 NotReady <none> 45s v1.23.6
# ======================备注===========================
# 1.如果初始化的token不小心清空了,可以通过如下命令获取或者重新生成token
# 如果token已经过期,重新生成token
kubeadm token create
# 如果token没有过期,可以通过如下命令获取
kubeadm token list
# 获取 --discovery-token-ca-cert-hash 值,得到值后需要在前面拼接上 sha256:
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //'
# 2.如果没有openssl,用下面的命令安装
yum install openssl openssl-devel -y
openssl version
# 3.kubeadm安装过程中发生异常
#如果kubeadm安装过程中发生异常,使用重置命令 kubeadm reset,重新使用kubeadm init进行初始化
kubeadm reset
# 来源:[k8s节点加入集群异常解决](https://blog.csdn.net/lj779323436/article/details/123605588?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522169141150116800186580108%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fall.%2522%257D&request_id=169141150116800186580108&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~first_rank_ecpm_v1~rank_v31_ecpm-1-123605588-null-null.142%5Ev92%5Econtrol&utm_term=k8s%20%E8%AF%A5%E8%8A%82%E7%82%B9%E6%9C%AA%E5%8A%A0%E5%85%A5%E9%9B%86%E7%BE%A4&spm=1018.2226.3001.4187)
遇到的报错 一
[preflight] Running pre-flight checks [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 26.0.1. Latest validated version: 20.10 error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR NumCPU]: the number of available CPUs 1 is less than the required 2 [ERROR Mem]: the system RAM (1458 MB) is less than the minimum 1700 MB [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` To see the stack trace of this error execute with --v=5 or higher
设置虚拟机 为 2核 1700M以上
遇到的报错二
[WARNING Hostname]: hostname "k8s-node2" could not be reached
[WARNING Hostname]: hostname "k8s-node2": lookup k8s-node2 on 8.8.8.8:53: no such host
bash
# 在节点上添加hosts
cat >> /etc/hosts << EOF
192.168.10.100 k8s-master
#192.168.10.101 k8s-node1
192.168.10.102 k8s-node2
192.168.10.103 k8s-node3
192.168.10.104 k8s-node4
EOF
# 相当于这些操作如master的初始化操作一样
遇到报错三
error execution phase preflight: couldn't validate the identity of the API Server: Get "https://192.168.10.100:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": dial tcp 192.168.10.100:6443: connect: no route to host
发现错误是connect: no route to host
清除iptables规则即可
在master上运行
节点kubeadm join 时发现kubelet启动失败,no route to host 清除iptables规则,关闭防火墙即可https://www.cnblogs.com/weiyangchen/p/14566091.html
参考上面这一篇文章
bash
systemctl stop kubelet
systemctl stop docker
iptables --flush
iptables -tnat --flush
systemctl start kubelet
systemctl start docker
部署 CNI 网络插件
bash
#==================为什么要安装CNI 网络插件?==================
# 检查节点状态,发现都是 NotReady没有准备好,什么原因呢
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane,master 76s v1.23.6
k8s-node1 NotReady <none> 47s v1.23.6
k8s-node2 NotReady <none> 45s v1.23.6
# 检查组件状态,发现都健康
[root@k8s-master ~]# kubectl get componentstatus #简写命令kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true","reason":""}
# 指定命名空间查询pods核心组件,发现coredns前两个没有运行
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6d8c4cb4d-jdd8g 0/1 Pending 0 35m
coredns-6d8c4cb4d-mrvvx 0/1 Pending 0 35m
etcd-k8s-master 1/1 Running 1 35m
kube-apiserver-k8s-master 1/1 Running 1 35m
kube-controller-manager-k8s-master 1/1 Running 1 35m
kube-proxy-lhx86 1/1 Running 0 35m
kube-proxy-px46l 1/1 Running 0 35m
kube-proxy-tnn48 1/1 Running 0 35m
kube-scheduler-k8s-master 1/1 Running 1 35m
# 原因:因为还未安装网络相关的服务,所以coredns服务是不运行的。
# ======================安装网络服务(master)=====================
# Step 1: 下载 calico 配置文件,可能会网络超时
mkdir /opt/k8s
curl https://docs.projectcalico.org/manifests/calico.yaml -O
# 修改 calico.yaml 文件中的 CALICO_IPV4POOL_CIDR 配置,修改为与初始化的 cidr 相同
# 修改 IP_AUTODETECTION_METHOD 下的网卡名称
# !!以上两个修改可以不用改!!因为master初始化时,指定了--pod-network-cidr=10.244.0.0/16,可以不用修改这里的配置,calico.yaml中默认是注释的CALICO_IPV4POOL_CIDR
# Step 2: 删除镜像 <xmind-autolink>docker.io</xmind-autolink>/ 前缀,避免下载过慢导致失败
grep image calico.yaml
sed -i 's#docker.io/##g' calico.yaml
# Step 3: 构建calico
kubectl apply -f calico.yaml
# Step 4: 查询pod状态
[root@k8s-master k8s]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-74dbdc644f-zjgcp 1/1 Running 0 14m
calico-node-69db2 1/1 Running 0 14m
calico-node-kb77c 1/1 Running 0 14m
calico-node-m68tm 1/1 Running 0 14m
coredns-6d8c4cb4d-jdd8g 1/1 Running 0 132m
coredns-6d8c4cb4d-mrvvx 1/1 Running 0 132m
etcd-k8s-master 1/1 Running 1 133m
kube-apiserver-k8s-master 1/1 Running 1 133m
kube-controller-manager-k8s-master 1/1 Running 1 133m
kube-proxy-lhx86 1/1 Running 0 132m
kube-proxy-px46l 1/1 Running 0 132m
kube-proxy-tnn48 1/1 Running 0 132m
kube-scheduler-k8s-master 1/1 Running 1 133m
# 容器构建时间比较长,多等一会儿,多查几次,最终全部为: 1/1 Running
# 结果:coredns服务已运行
# Step 5: 检查节点状态
[root@k8s-master k8s]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 136m v1.23.6
k8s-node1 Ready <none> 136m v1.23.6
k8s-node2 Ready <none> 136m v1.23.6
# 结果:节点状态都是 Ready准备好了
# 至此,网络服务安装成功
测试 kubernetes 集群
bash
# 创建一个nginx,用来测试k8s集群是否搭建成功并可用
# 创建部署
kubectl create deployment nginx --image=nginx
# 暴露端口
kubectl expose deployment nginx --port=80 --type=NodePort
# 查看 pod 以及服务信息
kubectl get pod,svc
# 测试ip端口是否能访问nginx
curl 192.168.10.100:32082 [master]
http://192.168.10.100:32082
http://192.168.10.101:32082
http://192.168.10.102:32082
遇到的问题
部署之后,只有一个节点能访问,很神奇,于是找了很多方案,发现了下面这个
ethool -K tunl0 tx off
命令行工具 kubectl
在任意节点使用 kubectl
1. 将 master 节点中 /etc/kubernetes/admin.conf 拷贝到需要运行的服务器的 /etc/kubernetes 目录中
bash
scp /etc/kubernetes/admin.conf root@k8s-node1:/etc/kubernetes
2. 在对应的服务器上配置环境变量
bash
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
学习继续往下 进行中