在Ubuntu 18.04 中安装 Kubernetes

本文记录在 Ubuntu 18.04 Server 中安装 Kubernetes 的的过程。

调整 Ubuntu 的设置

网络 - 内核开启ip4转发

编辑 /etc/sysctl.conf,开启ipv4转发

1
sudo vim /etc/sysctl.conf

开启: net.ipv4.ip_forward = 1

保存文件后执行

1
sudo sysctl -p

禁用 Swap 分区

执行以下命令,禁用所有 Swap 分区

1
sudo swapoff -a

然后修改/etc/fstab文件,注释掉 SWAP 的自动挂载,防止机子重启后swap启用。

更新Ubuntu

1
sudo apt-get update

安装 Docker

参考 Docker课堂实验手册(一)

Docker - 设置docker不操作iptables

编辑docker daemon默认配置文件 /etc/docker/daemon.json。加入:

1
"iptables": false

安装 Kubernetes

1
sudo apt-get install -y apt-transport-https curl

设置使用国内(阿里)镜像源进行安装:

1
sudo curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
1
2
3
sudo tee /etc/apt/sources.list.d/kubernetes.list <<-'EOF'
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
EOF
1
sudo apt-get update

安装最新版本的 kubelet kubeadm 和 kubectl

1
sudo apt-get install -y kubelet kubeadm kubectl

将 kubelet 设置为开启启动

1
sudo systemctl enable kubelet && sudo systemctl start kubelet

获取镜像文件

查看需要的镜像

1
kubeadm config images list

系统输出:

1
2
3
4
5
6
7
k8s.gcr.io/kube-apiserver:v1.15.3
k8s.gcr.io/kube-controller-manager:v1.15.3
k8s.gcr.io/kube-scheduler:v1.15.3
k8s.gcr.io/kube-proxy:v1.15.3
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.10
k8s.gcr.io/coredns:1.3.1

编辑一个文件, 命名为: install_k8s_images.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#! /bin/bash
images=(
kube-apiserver:v1.15.3
kube-controller-manager:v1.15.3
kube-scheduler:v1.15.3
kube-proxy:v1.15.3
pause:3.1
etcd:3.3.10
coredns:1.3.1
)

for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
done

将文件设置为可运行:

1
chmod a+x install_k8s_images.sh

运行 install_k8s_images.sh 安装所需要的镜像

1
./install_k8s_images.sh

更新:以上需要的镜像我已经打包成一个文件,可以直接加载到 docker 中,参考 从本地上传安装 kubernetes 所需要的镜像

注意:以上步骤需要在Master和Node机器完成

配置Master节点

修改主节点的 hostname 为: master-node

1
sudo hostnamectl set-hostname master-node

初始化 Kubernetes:

1
sudo kubeadm init --pod-network-cidr=10.244.0.0/16

系统显示:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
W0907 16:17:44.359105    1998 version.go:98] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W0907 16:17:44.359172 1998 version.go:99] falling back to the local client version: v1.15.3
[init] Using Kubernetes version: v1.15.3
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.1. Latest validated version: 18.09
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [master-node localhost] and IPs [192.168.43.10 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [master-node localhost] and IPs [192.168.43.10 127.0.0.1 ::1]
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [master-node kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.43.10]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 61.555344 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.15" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master-node as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node master-node as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: mg39mb.hmfz2bao1t90fcdc
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.43.10:6443 --token mg39mb.hmfz2bao1t90fcdc \
--discovery-token-ca-cert-hash sha256:4343f8637818221cc153a4c556a6a29606f5a14ea040b3e9ee1e5e29af6e7381

为当前用户保存 kubernetes 配置信息

1
mkdir -p $HOME/.kube
1
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
1
sudo chown $(id -u):$(id -g) $HOME/.kube/config

现在,你可以使用以下命令,加入新的节点(node):

1
2
kubeadm join 192.168.43.10:6443 --token mg39mb.hmfz2bao1t90fcdc \
--discovery-token-ca-cert-hash sha256:4343f8637818221cc153a4c556a6a29606f5a14ea040b3e9ee1e5e29af6e7381

现在,我们可以通过 kubetl 命令查看状态

1
kubectl get nodes

得到如下结果:

1
2
NAME          STATUS     ROLES    AGE     VERSION
master-node NotReady master 3h44m v1.15.3

可以看到,当前只有一个节点,并且状态是:”NotReady”, 因为现在还没有配置任何Pod网络。

在Master上部署一个Pod网络

在本教程中,我们部署一个 Flannel pod network。在Master节点机器上执行以下命令:

1
sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

系统显示:

1
2
3
4
5
6
7
8
9
10
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created

执行后,查看pod网络的状态:

1
kubectl get pods --all-namespaces

系统显示:

1
2
3
4
5
6
7
8
9
NAMESPACE     NAME                                  READY   STATUS     RESTARTS   AGE
kube-system coredns-5c98db65d4-fl5fs 0/1 Pending 0 3h50m
kube-system coredns-5c98db65d4-nrsq7 0/1 Pending 0 3h50m
kube-system etcd-master-node 1/1 Running 0 3h50m
kube-system kube-apiserver-master-node 1/1 Running 0 3h50m
kube-system kube-controller-manager-master-node 1/1 Running 0 3h50m
kube-system kube-flannel-ds-amd64-fkzck 0/1 Init:0/1 0 80s
kube-system kube-proxy-vm9jj 1/1 Running 0 3h50m
kube-system kube-scheduler-master-node 1/1 Running 0 3h50m

整个过程需要花费一定的时间,知道所有服务都已经启动:

1
2
3
4
5
6
7
8
9
NAMESPACE     NAME                                  READY   STATUS    RESTARTS   AGE
kube-system coredns-5c98db65d4-fl5fs 1/1 Running 0 3h53m
kube-system coredns-5c98db65d4-nrsq7 1/1 Running 0 3h53m
kube-system etcd-master-node 1/1 Running 0 3h53m
kube-system kube-apiserver-master-node 1/1 Running 0 3h53m
kube-system kube-controller-manager-master-node 1/1 Running 0 3h53m
kube-system kube-flannel-ds-amd64-fkzck 1/1 Running 0 4m4s
kube-system kube-proxy-vm9jj 1/1 Running 0 3h53m
kube-system kube-scheduler-master-node 1/1 Running 0 3h53m

这时,再查看节点状态:

1
kubectl get nodes
1
2
NAME          STATUS   ROLES    AGE     VERSION
master-node Ready master 3h54m v1.15.3

可以看到, master节点已经准备就绪。

准备工作节点

修改主机名

修改主节点的 hostname 为: worker-node01

1
sudo hostnamectl set-hostname worker-node01

设置admin配置文件

  1. 将主节点中的 /etc/kubernetes/admin.conf 文件拷贝到从节点相同目录下。

  2. 拷贝以后,在从节点执行:

1
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
  1. 执行
1
source ~/.bash_profile

是改动立即生效

将节点加入Pod网络

现在,你可以使用以下命令,加入新的节点(node):

1
sudo kubeadm join 192.168.43.10:6443 --token mg39mb.hmfz2bao1t90fcdc --discovery-token-ca-cert-hash sha256:4343f8637818221cc153a4c556a6a29606f5a14ea040b3e9ee1e5e29af6e7381

系统显示:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.1. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

再运行 get nodes 查看:

1
kubectl get nodes

系统显示:

1
2
3
NAME          STATUS   ROLES    AGE    VERSION
kube-master Ready master 106m v1.15.3
kube-node01 Ready <none> 96m v1.15.3

标明已经安装成功过。

本文标题:在Ubuntu 18.04 中安装 Kubernetes

文章作者:Morning Star

发布时间:2019年08月30日 - 10:08

最后更新:2021年04月16日 - 15:04

原始链接:https://www.mls-tech.info/docker/k8s-installation-on-ubuntu1804/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。