部署流程
所有基础流程见此教程,很详细:
从零搭建k8s集群 - 许大仙 - 博客园 (cnblogs.com)
记得在写配置文件时细心点,注意修改自己的ip地址,以及看在哪个主机上操作
这里记得写自己的token
常见报错及解决方法
我只在下边讲我在部署时遇到的所有问题几顿解决方法:
cfssl证书下载失败
可以直接访问图中的网址,用windows 的浏览器下载,然后上传到虚拟机中
之后很多需要下载的也可以使用此方法,如果在windows的浏览器还是下载不了,那就使用科学上网方式
kubelete启动失败
启动失败会导致你在master中输入
kubectl get nodes 报错
我当时启动kubelete失败然后查看原因是因为docker的驱动方式是systemd,而kubelet不是
只要你是照这个教程操作的应该都会有这个问题
解决方法:
1,修改docker/dameon.json
vim /etc/docker/dameon.json
删掉其中的“exec-opts”这行
2,在/opt/kubernetes/cfg/kubelet.conf中添加这么一行,也就是上面的配置文件
–-cgroup-driver=systemdkubectl get nodes 没有master
原因:master节点没有安装kubelet
解决方法:
把刚刚解压的软件包中(如图)的kubelet拷贝到/opt/kubernetes/bin
cd ~/TLS/k8s/kubernetes/server/bin
scp kubelet /opt/kubernetes/bin然后添加如下的配置文件到/opt/kubernetes/cfg/kubelet.conf
cat > /opt/kubernetes/cfg/kubelet.conf << EOF
KUBELET_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/opt/kubernetes/logs \\
--hostname-override=master \\
--network-plugin=cni \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--cert-dir=/opt/kubernetes/ssl \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
--cgroup-driver=systemd
EOF如果你刚刚使用的是删除/docker/daemon.json中的“exec-opts”,忽略--cgroup-driver=systemd,请删除他
然后把上一步脚本生成bootstrap.kubeconfig复制到/opt/kubernetes/cfg
cp /root/bootstrap.kubeconfig /opt/kubernetes/cfg在配置一份systemd
cat > /usr/lib/systemd/system/kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
After=docker.service
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet.conf
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
然后启动就行了
systemctl daemon-reload
systemctl enable kubelet
systemctl start kubeletkubectl get node 显示not ready
问题1:关于flannel 的镜像拉取失败
解决方法:
在yml中找到所需要的镜像,然后在windows的Docker Desktop手动拉去并上传,如果你之前没有安装Docker Desktop,希望你在这里慢一点,下载一个,从此根治你的docker pull 镜像失败。当然要用科学上网方式。
这里提供Docker Desktop的下载地址(科学上网)
Docker Desktop: The #1 Containerization Tool for Developers | Docker
在此提供kube-flannel.yml的内容
---
kind: Namespace
apiVersion: v1
metadata:
name: kube-flannel
labels:
k8s-app: flannel
pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: flannel
name: flannel
namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-flannel
labels:
tier: node
k8s-app: flannel
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"EnableNFTables": false,
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-flannel
labels:
tier: node
app: flannel
k8s-app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
image: docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel2
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
image: docker.io/flannel/flannel:v0.25.7
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: docker.io/flannel/flannel:v0.25.7
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate从yml中发现需要的镜像是flannel/flannel:v0.25.7和flannel/flannel-cni-plugin:v1.5.1-flannel2
所以在windows的docker中下载这两个镜像,并保存上传。
问题2:cni config uninitialized
在查看kubelet的日志时出现cni config uninitialized,当时已经把上一个问题解决了
解决方法:
wget https://github.com/containernetworking/plugins/releases/download/v0.7.1/cni-plugins-amd64-v0.7.1.tgz
mkdir -pv /opt/cni/bin
tar xf cni-plugins-amd64-v0.7.1.tgz -C /opt/cni/bin查了好多显示/opt/cni/bin中没有cni
所有干脆就下载一个cni,并且解压到对应地址,
执行完以上操作后,我的k8s集群就正常了,关于cni,我是参考的这篇文章
安装cni网络插件-非必须 - effortsing - 博客园 (cnblogs.com)
以上方法本人亲测有效
以上方法本人亲测有效
以上方法本人亲测有效
重要的事情说三遍,都是博主本人遇到过的问题,机器的解决方法,有什么问题可以在评论区提出来。
