Kubernetes服务搭建[配置-部署](Kubeadm)

文章目录

  • **[1 — 7] ** [ 配置K8S主从集群前置准备操作 ]
  • 一:主节点操作 查看主机域名->编辑域名
    • 1.1 编辑HOST 从节点也做相应操作
    • 1.2 从节点操作 查看从节点102域名->编辑域名
    • 1.3 从节点操作 查看从节点103域名->编辑域名
  • 二:安装自动填充,虚拟机默认没有
  • 三:关闭防火墙
  • 四:关闭交换空间
  • 五:禁用 Selinux
  • 六: 允许 ip tables 检查桥接流量
  • 七:设置K8S相关系统参数
    • 7.0:镜像加速
    • 7.1:K8S仓库
    • 7.2:配置 sysctl 参数,重新启动后配置不变
      • 7.3.2:配置sysctl 内核参数而不重新启动
  • 八:安装K8S -- kubelet,kubeadm,kubectl核心组件
    • 8.1:安装命令
  • pre-9 注意:安装网络插件coredns,否则在第九步执行init会卡住
    • pre-9.1: 安装coredns
    • pre-9.2: 注意:查看coredns pod状态Ready=0
      • pre-9.2.1: 执行 kubectl get pods -n kube-system查看日志输出
      • pre-9.2.2: 查看pod错误日志输出 kubectl describe pod coredns-545d6fc579-fknqn -n kube-system
      • pre-9.2.3: 安装Colico网络通信插件
        • 9.2.3.1 - 执行: wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml
        • 9.2.3.2 - 修改calico.yaml
        • 9.2.3.3 - 执行 kubectl apply -f calico.yaml
          • 注意异常:error converting YAML
          • 执行成功
          • 查看coredns pod节点状态
  • 九:kubeadm init生成Node
    • 9.1: 注意主从节点分别执行,address不一样
      • 9.1.1:master节点操作address=192.168.56.101
      • 9.1.2:node节点操作address=192.168.56.102
    • 9.2: 上述会生成如下日志说明成功
      • 9.2.1: 注意主从从节点分别在尾部生成token
    • 9.3: 注意:在从节点执行主节点init对应生成的join命令
  • 十:配置K8S主从节点的网络通信
    • 10.1 查看node和pod 对应status 状态 发现master和node状态为 [NotReady]
    • 10.2 查看K8S异常信息命令 journalctl -f -u kubelet
    • 10.3 配置calico网络
    • 10.4 修改calico.yaml
    • 10.5 K8S部署calico容器
    • 10.6 再次查看节点状态 kubectl get nodes -o wide [ status状态为Ready ]

**[1 — 7] ** [ 配置K8S主从集群前置准备操作 ]

一:主节点操作 查看主机域名->编辑域名

[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]# hostnamectl set-hostname master
[root@localhost ~]# hostname
master
[root@localhost ~]#

1.1 编辑HOST 从节点也做相应操作

[root@vbox-master-01-vbox-01 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.56.101  master
192.168.56.102  node

1.2 从节点操作 查看从节点102域名->编辑域名

[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]# hostnamectl set-hostname node
[root@localhost ~]# hostname
node

1.3 从节点操作 查看从节点103域名->编辑域名

[root@localhost /]# hostname
localhost.localdomain
[root@localhost /]# hostnamectl set-hostname nodeslavethree
[root@localhost /]# hostname
nodeslavethree

二:安装自动填充,虚拟机默认没有

[root@vbox-master-01-vbox-01 ~]# yum -y install bash-completion
已加载插件:fastestmirror, product-id, search-disabled-repos, subscription-manager

This system is not registered with an entitlement server. You can use subscription-manager to register.

Determining fastest mirrors
 * base: ftp.sjtu.edu.cn
 * extras: mirrors.nju.edu.cn
 * updates: mirrors.aliyun.com

三:关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

四:关闭交换空间

free -h
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
free -h

五:禁用 Selinux

sed -i “s/^SELINUX=enforcing/SELINUX=disabled/g” /etc/sysconfig/selinux

[root@nodemaster /]# sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
cat /etc/selinux/config

六: 允许 ip tables 检查桥接流量

iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT

七:设置K8S相关系统参数

7.0:镜像加速

tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://hnkfbj7x.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

7.1:K8S仓库

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
# 是否开启本仓库
enabled=1
# 是否检查 gpg 签名文件
gpgcheck=0
# 是否检查 gpg 签名文件
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

7.2:配置 sysctl 参数,重新启动后配置不变

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

7.3.2:配置sysctl 内核参数而不重新启动

sysctl --system

八:安装K8S – kubelet,kubeadm,kubectl核心组件

8.1:安装命令

[root@master local]# sudo yum install -y kubelet-1.21.0 kubeadm-1.21.0 kubectl-1.21.0 --disableexcludes=kubernetes --nogpgcheck
[root@node local]# sudo yum install -y kubelet-1.21.0 kubeadm-1.21.0 kubectl-1.21.0 --disableexcludes=kubernetes --nogpgcheck
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.sjtu.edu.cn
 * extras: ftp.sjtu.edu.cn
 * updates: ftp.sjtu.edu.cn
kubernetes                                                                                              | 1.4 kB  00:00:00
正在解决依赖关系
--> 正在检查事务
---> 软件包 kubeadm.x86_64.0.1.21.0-0 将被 安装
--> 正在处理依赖关系 kubernetes-cni >= 0.8.6,它被软件包 kubeadm-1.21.0-0.x86_64 需要
---> 软件包 kubectl.x86_64.0.1.21.0-0 将被 安装
---> 软件包 kubelet.x86_64.0.1.21.0-0 将被 安装
--> 正在检查事务
---> 软件包 kubernetes-cni.x86_64.0.1.2.0-0 将被 安装
--> 解决依赖关系完成

依赖关系解决

===============================================================================================================================
 Package                           架构                      版本                          源                             大小
===============================================================================================================================
正在安装:
 kubeadm                           x86_64                    1.21.0-0                      kubernetes                    9.1 M
 kubectl                           x86_64                    1.21.0-0                      kubernetes                    9.5 M
 kubelet                           x86_64                    1.21.0-0                      kubernetes                     20 M
为依赖而安装:
 kubernetes-cni                    x86_64                    1.2.0-0                       kubernetes                     17 M

事务概要
===============================================================================================================================
安装  3 软件包 (+1 依赖软件包)

总下载量:55 M
安装大小:248 M
Downloading packages:
(1/4): dc4816b13248589b85ee9f950593256d08a3e6d4e419239faf7a83fe686f641c-kubeadm-1.21.0-0.x86_64.rpm     | 9.1 MB  00:00:44
(2/4): d625f039f4a82eca35f6a86169446afb886ed9e0dfb167b38b706b411c131084-kubectl-1.21.0-0.x86_64.rpm     | 9.5 MB  00:00:46
(3/4): 0f2a2afd740d476ad77c508847bad1f559afc2425816c1f2ce4432a62dfe0b9d-kubernetes-cni-1.2.0-0.x86_64.r |  17 MB  00:01:21
(4/4): 13b4e820d82ad7143d786b9927adc414d3e270d3d26d844e93eff639f7142e50-kubelet-1.21.0-0.x86_64.rpm     |  20 MB  00:01:39
-------------------------------------------------------------------------------------------------------------------------------
总计                                                                                           395 kB/s |  55 MB  00:02:23
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
警告:RPM 数据库已被非 yum 程序修改。
  正在安装    : kubernetes-cni-1.2.0-0.x86_64                                                                              1/4
  正在安装    : kubelet-1.21.0-0.x86_64                                                                                    2/4
  正在安装    : kubectl-1.21.0-0.x86_64                                                                                    3/4
  正在安装    : kubeadm-1.21.0-0.x86_64                                                                                    4/4
  验证中      : kubelet-1.21.0-0.x86_64                                                                                    1/4
  验证中      : kubeadm-1.21.0-0.x86_64                                                                                    2/4
  验证中      : kubectl-1.21.0-0.x86_64                                                                                    3/4
  验证中      : kubernetes-cni-1.2.0-0.x86_64                                                                              4/4

已安装:
  kubeadm.x86_64 0:1.21.0-0                 kubectl.x86_64 0:1.21.0-0                 kubelet.x86_64 0:1.21.0-0

作为依赖被安装:
  kubernetes-cni.x86_64 0:1.2.0-0

完毕!

pre-9 注意:安装网络插件coredns,否则在第九步执行init会卡住

pre-9.1: 安装coredns

docker pull coredns/coredns
docker tag coredns/coredns:latest
docker tag coredns/coredns:latest registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0
[root@master kubernetes]# docker pull coredns/coredns
Using default tag: latest
latest: Pulling from coredns/coredns
d92bdee79785: Pull complete
6e1b7c06e42d: Pull complete
Digest: sha256:5b6ec0d6de9baaf3e92d0f66cd96a25b9edbce8716f5f15dcd1a616b3abd590e
Status: Downloaded newer image for coredns/coredns:latest
docker.io/coredns/coredns:latest
[root@master kubernetes]# docker tag coredns/coredns:latest
"docker tag" requires exactly 2 arguments.
See 'docker tag --help'.

Usage:  docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE

[root@master kubernetes]# docker tag coredns/coredns:latest registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0

pre-9.2: 注意:查看coredns pod状态Ready=0

pre-9.2.1: 执行 kubectl get pods -n kube-system查看日志输出

[root@master soft]# kubectl get pods -n kube-system
NAME                             READY   STATUS              RESTARTS   AGE
coredns-545d6fc579-fknqn         0/1     ContainerCreating   0          6m41s
coredns-545d6fc579-s22rb         0/1     ContainerCreating   0          6m41s
etcd-master                      1/1     Running             0          6m49s
kube-apiserver-master            1/1     Running             0          6m49s
kube-controller-manager-master   1/1     Running             0          6m49s
kube-proxy-56ppg                 1/1     Running             0          6m41s
kube-proxy-pp7d6                 1/1     Running             0          85s
kube-scheduler-master            1/1     Running             0          6m48s

pre-9.2.2: 查看pod错误日志输出 kubectl describe pod coredns-545d6fc579-fknqn -n kube-system

主要是:check that the calico/node container is running and has mounted /var/lib/calico/
说明colico网络插件没有配置,容器没有运行
[root@master soft]# kubectl describe pod coredns-545d6fc579-fknqn -n kube-system
Name:                 coredns-545d6fc579-fknqn
Namespace:            kube-system
Priority:             2000000000
Priority Class Name:  system-cluster-critical
Node:                 master/192.168.56.101
Start Time:           Thu, 04 May 2023 18:02:01 +0800
Labels:               k8s-app=kube-dns
                      pod-template-hash=545d6fc579
Annotations:          <none>
Status:               Pending
IP:
IPs:                  <none>
Controlled By:        ReplicaSet/coredns-545d6fc579
Containers:
  coredns:
    Container ID:
    Image:         registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0
    Image ID:
    Ports:         53/UDP, 53/TCP, 9153/TCP
    Host Ports:    0/UDP, 0/TCP, 0/TCP
    Args:
      -conf
      /etc/coredns/Corefile
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Limits:
      memory:  170Mi
    Requests:
      cpu:        100m
      memory:     70Mi
    Liveness:     http-get http://:8080/health delay=60s timeout=5s period=10s #success=1 #failure=5
    Readiness:    http-get http://:8181/ready delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:  <none>
    Mounts:
      /etc/coredns from config-volume (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-mzbf7 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  config-volume:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      coredns
    Optional:  false
  kube-api-access-mzbf7:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   Burstable
Node-Selectors:              kubernetes.io/os=linux
Tolerations:                 CriticalAddonsOnly op=Exists
                             node-role.kubernetes.io/control-plane:NoSchedule
                             node-role.kubernetes.io/master:NoSchedule
                             node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason                  Age                   From               Message
  ----     ------                  ----                  ----               -------
  Warning  FailedScheduling        13m                   default-scheduler  0/1 nodes are available: 1 node(s) had taint {node.kubernetes.io/not-ready: }, that the pod didn't tolerate.
  Normal   Scheduled               13m                   default-scheduler  Successfully assigned kube-system/coredns-545d6fc579-fknqn to master
  Warning  FailedScheduling        13m                   default-scheduler  0/1 nodes are available: 1 node(s) had taint {node.kubernetes.io/not-ready: }, that the pod didn't tolerate.
  Warning  FailedCreatePodSandBox  13m                   kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "4150bf828bb587a7f27efcd33b96e534f26951949779c572bedd09f57d6211ff" network for pod "coredns-545d6fc579-fknqn": networkPlugin cni failed to set up pod "coredns-545d6fc579-fknqn_kube-system" network: stat /var/lib/calico/nodename: no such file or directory: check that the calico/node container is running and has mounted /var/lib/calico/
  Warning  FailedCreatePodSandBox  13m                   kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "98ea203f10a10ac5398693a9702a130224ec23f30335e6d33212eb6af3289c4a" network for pod "coredns-545d6fc579-fknqn": networkPlugin cni failed to set up pod "coredns-545d6fc579-fknqn_kube-system" network: stat /var/lib/calico/nodename: no such file or directory: check that the calico/node container is running and has mounted /var/lib/calico/

pre-9.2.3: 安装Colico网络通信插件

9.2.3.1 - 执行: wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml

[root@master kubernetes]# wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml
--2023-05-03 02:23:02--  https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml
正在解析主机 projectcalico.docs.tigera.io (projectcalico.docs.tigera.io)... 13.228.199.255, 18.139.194.139, 2406:da18:880:3800::c8, ...
正在连接 projectcalico.docs.tigera.io (projectcalico.docs.tigera.io)|13.228.199.255|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:238089 (233K) [text/yaml]
正在保存至: “calico.yaml”

100%[=====================================================================================>] 238,089      392KB/s 用时 0.6s

2023-05-03 02:23:03 (392 KB/s) - 已保存 “calico.yaml” [238089/238089])

9.2.3.2 - 修改calico.yaml

[root@master kubernetes]# vi calico.yaml
# CLUSTER_TYPE 下方添加信息
- name: CLUSTER_TYPE
  value: "k8s,bgp"
  # 下方为新增内容
- name: IP_AUTODETECTION_METHOD
  value: "interface=网卡名称[如 ens33]

9.2.3.3 - 执行 kubectl apply -f calico.yaml

注意异常:error converting YAML

查看yaml文件内容发现刚刚改的缩进不对

执行成功
[root@master soft]# kubectl apply -f calico.yaml
poddisruptionbudget.policy/calico-kube-controllers configured
serviceaccount/calico-kube-controllers unchanged
serviceaccount/calico-node unchanged
configmap/calico-config unchanged
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org configured
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers unchanged
clusterrole.rbac.authorization.k8s.io/calico-node unchanged
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers unchanged
clusterrolebinding.rbac.authorization.k8s.io/calico-node unchanged
daemonset.apps/calico-node created
deployment.apps/calico-kube-controllers created
查看coredns pod节点状态

九:kubeadm init生成Node

9.1: 注意主从节点分别执行,address不一样

9.1.1:master节点操作address=192.168.56.101

kubeadm init --kubernetes-version=v1.21.0 --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.56.101

9.1.2:node节点操作address=192.168.56.102

kubeadm init --kubernetes-version=v1.21.0 --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.56.102

9.2: 上述会生成如下日志说明成功

9.2.1: 注意主从从节点分别在尾部生成token

主节点生成:

kubeadm join 192.168.56.101:6443 --token ofgeif.siy6c7i3bkwd8zhe \
         --discovery-token-ca-cert-hash sha256:153569126910a8000fc13dab0ef9123f3c798d392965b3555415951d20d7fcf9

从节点生成:

kubeadm join 192.168.56.102:6443 --token hyixs7.p3qz6w2lglxv5p5o \
        --discovery-token-ca-cert-hash sha256:1ffcb2d4d8acd6da8c5dc1abbb8b3035d5fb53705660b9275fe8972e6e08cbd0
        
[root@node local]# kubeadm init --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.16                         8.56.102
I0503 02:13:29.368712   19886 version.go:254] remote version is much newer: v1.27.1; falling back to: stable-1.21
[init] Using Kubernetes version: v1.21.14
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 23.0.5. Latest validated ve                         rsion: 20.10
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default                         .svc.cluster.local node] and IPs [10.96.0.1 192.168.56.102]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost node] and IPs [192.168.56.102 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost node] and IPs [192.168.56.102 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] WARNING: unable to stop the kubelet service momentarily: [exit status 5]
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manife                         sts". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 60.507892 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.21" in namespace kube-system with the configuration for the kubelets in the cl                         uster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node node as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) n                         ode-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node node as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: hyixs7.p3qz6w2lglxv5p5o
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certifi                         cate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap To                         ken
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.56.102:6443 --token hyixs7.p3qz6w2lglxv5p5o \
        --discovery-token-ca-cert-hash sha256:1ffcb2d4d8acd6da8c5dc1abbb8b3035d5fb53705660b9275fe8972e6e08cbd0

9.3: 注意:在从节点执行主节点init对应生成的join命令

[root@node local]# kubeadm join 192.168.56.101:6443 --token ofgeif.siy6c7i3bkwd8zhe \
         --discovery-token-ca-cert-hash sha256:153569126910a8000fc13dab0ef9123f3c798d392965b3555415951d20d7fcf9
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 23.0.5. Latest validated ve                         rsion: 20.10
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR DirAvailable--etc-kubernetes-manifests]: /etc/kubernetes/manifests is not empty
        [ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
        [ERROR Port-10250]: Port 10250 is in use
        [ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
[root@node local]# kubeadm reset
[reset] Reading configuration from the cluster...
[reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
[reset] Removing info for node "node" from the ConfigMap "kubeadm-config" in the "kube-system" Namespace
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/ku                         bernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/etcd /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var                         /lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
[root@node local]# kubeadm join 192.168.56.101:6443 --token ofgeif.siy6c7i3bkwd8zhe         --discovery-token-ca-cert-hash sha2                         56:153569126910a8000fc13dab0ef9123f3c798d392965b3555415951d20d7fcf9
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 23.0.5. Latest validated ve                         rsion: 20.10
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@node local]#  kubectl get nodes
NAME     STATUS     ROLES                  AGE    VERSION
master   NotReady   control-plane,master   39m    v1.21.0
node     NotReady   <none>                 101s   v1.21.0
[root@node local]# kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                             READY   STATUS    RESTARTS      AGE    IP               NODE     NOMINATED NODE                            READINESS GATES
kube-system   coredns-545d6fc579-p4pj4         0/1     Pending   0             39m    <none>           <none>   <none>                                    <none>
kube-system   coredns-545d6fc579-r8cnv         0/1     Pending   0             39m    <none>           <none>   <none>                                    <none>
kube-system   etcd-master                      1/1     Running   0             40m    192.168.56.101   master   <none>                                    <none>
kube-system   kube-apiserver-master            1/1     Running   1 (40m ago)   40m    192.168.56.101   master   <none>                                    <none>
kube-system   kube-controller-manager-master   1/1     Running   0             40m    192.168.56.101   master   <none>                                    <none>
kube-system   kube-proxy-72w98                 1/1     Running   0             2m5s   192.168.56.102   node     <none>                                    <none>
kube-system   kube-proxy-zc2f7                 1/1     Running   0             39m    192.168.56.101   master   <none>                                    <none>
kube-system   kube-scheduler-master            1/1     Running   0             40m    192.168.56.101   master   <none>                                    <none>
[root@node local]# systemctl start kubelet

十:配置K8S主从节点的网络通信

10.1 查看node和pod 对应status 状态 发现master和node状态为 [NotReady]

[root@master kubernetes]# kubectl get nodes -o wide
NAME     STATUS     ROLES                  AGE     VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION                CONTAINER-RUNTIME
master   NotReady   control-plane,master   40m     v1.21.0   192.168.56.101   <none>        CentOS Linux 7 (Core)   3.10.0-1160.88.1.el7.x86_64   docker://23.0.5
node     NotReady   <none>                 2m30s   v1.21.0   192.168.56.102   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64        docker://23.0.5

10.2 查看K8S异常信息命令 journalctl -f -u kubelet

[root@master kubernetes]# journalctl -f -u kubelet

[root@master kubernetes]# journalctl -f -u kubelet
-- Logs begin at 三 2023-05-03 01:04:05 CST. --
5月 03 02:30:24 master kubelet[5376]: E0503 02:30:24.876889    5376 kubelet.go:2218] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
5月 03 02:30:26 master kubelet[5376]: I0503 02:30:26.182120    5376 cni.go:239] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 03 02:30:29 master kubelet[5376]: E0503 02:30:29.896174    5376 kubelet.go:2218] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"

10.3 配置calico网络

wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml

[root@master kubernetes]# wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml
--2023-05-03 02:23:02--  https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml
正在解析主机 projectcalico.docs.tigera.io (projectcalico.docs.tigera.io)... 13.228.199.255, 18.139.194.139, 2406:da18:880:3800::c8, ...
正在连接 projectcalico.docs.tigera.io (projectcalico.docs.tigera.io)|13.228.199.255|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:238089 (233K) [text/yaml]
正在保存至: “calico.yaml”

100%[=====================================================================================>] 238,089      392KB/s 用时 0.6s

2023-05-03 02:23:03 (392 KB/s) - 已保存 “calico.yaml” [238089/238089])


10.4 修改calico.yaml

[root@master kubernetes]# vi calico.yaml
# CLUSTER_TYPE 下方添加信息
- name: CLUSTER_TYPE
  value: "k8s,bgp"
  # 下方为新增内容
- name: IP_AUTODETECTION_METHOD
  value: "interface=网卡名称

在这里插入图片描述

10.5 K8S部署calico容器

kubectl apply -f calico.yaml

10.6 再次查看节点状态 kubectl get nodes -o wide [ status状态为Ready ]

[root@node local]# kubectl get nodes -o wide
NAME     STATUS   ROLES                  AGE   VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION                                         CONTAINER-RUNTIME
master   Ready    control-plane,master   58m   v1.21.0   192.168.56.101   <none>        CentOS Linux 7 (Core)   3.10.0-1160.88.                         1.el7.x86_64   docker://23.0.5
node     Ready    <none>                 20m   v1.21.0   192.168.56.102   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7                         .x86_64        docker://23.0.5

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/17064.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

进程地址空间与页表方面知识点(缺页中断及写时拷贝部分原理)

谢谢阅读&#xff0c;如有错误请大佬留言&#xff01;&#xff01; 目录 谢谢阅读&#xff0c;如有错误请大佬留言&#xff01;&#xff01; 抛出总结 开始介绍 发现问题 进程地址空间&#xff08;虚拟地址&#xff09; 页表 物理内存与进程地址空间映射 缺页中断基本…

Spring--AOP详细介绍--和详细代码演示证明理解

目录 Spring--AOP详细介绍 基本介绍 代码演示—入门 需求说明 定义一个接口类Vehicle 定义一个实现接口类的Car类 定义一个实现接口类的Ship类 创建测试类Test.java 来思考一下&#xff0c; 解决方案-动态代理方式-2 修改 Car类 修改 Ship类 创建VehicleProxyProvid…

Stable Diffusion使用方法

SD的本地安装教程有很多我就不重复了&#xff0c;这里主要是记录我在使用SD Webui的过程中遇到的问题&#xff0c;总结的一些提升出图效率&#xff0c;出好图概率的经验。 先搞几张看看效果 二次元妹妹 高达 &#xff1f; Ok&#xff0c;以上只是一小部分成品 &#xff0c;属…

PyQt5桌面应用开发(6):文件对话框

本文目录 PyQt5桌面应用系列介绍QFileDialog的静态接口QFileDialog的对象接口 示例结论后记 PyQt5桌面应用系列 PyQt5桌面应用开发&#xff08;1&#xff09;&#xff1a;需求分析 PyQt5桌面应用开发&#xff08;2&#xff09;&#xff1a;事件循环 PyQt5桌面应用开发&#xff…

MRI k空间概念整理

以下内容为MRI期末复习笔记&#xff0c;仅供复习参考使用。 K空间概念 K空间为包含MR数据的阵列&#xff0c;也可定义为原始数据阵列相位编码轴和频率编码轴的交叉点 MR扫描得到的数据为谱空间数据&#xff0c;谱空间数据与空间数据位置无直接对应关系 k空间每一数据点或数据…

不能使用chatGPT?这3个平替甚至比chatGPT更强

不能使用chatGPT&#xff1f;这3个平替甚至比chatGPT更强 chatGPT&#xff0c;一款由OpenAI开发的新型AI聊天机器人&#xff0c;正在势如破竹地改变着许多人的工作和生活方式。作为一款基于大语言模型的聊天机器人&#xff0c;chatGPT能够理解自然语言并进行人机对话。与传统的…

用于scATAC-seq有监督分类的Cellcano

细胞类型识别是单细胞数据分析的基本步骤。由于高质量参考数据集的可用性&#xff0c;有监督细胞分类方法在scRNA-seq数据中很受欢迎。染色质可及性分析&#xff08;scATAC-seq&#xff09;的最新技术进步为理解表观遗传异质性带来了新的见解。随着scATAC-seq数据集的不断积累&…

html5地理位置信息介绍, 百度地图使用

文章目录 1. HTML5中地理信息API1.1 Geolocation 接口 2. 在vue中使用百度地图3. 在react中使用百度地图 1. HTML5中地理信息API HTML5 的地理位置 API 可以让你获取用户的地理位置信息&#xff0c;并将其用于许多不同的应用场景&#xff0c;例如&#xff1a; 在地图上显示用…

钴基双金属氧化物储能材料的高效制备和电化学应用

一、引言 钴金属氧化物作为一类典型的储能材料&#xff0c;既可以用于锂离子电池负极材料&#xff0c;又可以用于超级电容器电极材料&#xff0c;因而备受关注 。在作为锂离子电池负极材料时&#xff0c;具有较高的理论比容量&#xff0c;但充放电体积变化较大、材料导电性较差…

爬虫为什么需要ip

爬虫需要使用爬虫ip主要是为了解决以下问题&#xff1a; 1、反爬虫机制&#xff1a;许多网站会设置反爬虫机制来防止爬虫程序的访问&#xff0c;例如限制IP地址的访问频率、检测访问来源等。使用爬虫ip可以绕过这些限制&#xff0c;使得爬虫程序更难被检测到。 2、访问限制&a…

浅拷贝和深拷贝

浅拷贝&#xff1a; 定义&#xff1a;浅拷贝&#xff08;Shallow Copy&#xff09;是一种简单的对象复制方式&#xff0c;将一个对象的数据成员直接复制给另一个对象&#xff08;通常是通过默认的复制构造函数或赋值运算符实现&#xff09;&#xff0c;这些数据成员可以是基本…

JavaScript:字符串

文章目录 字符串344. 反转字符串reverse() 方法&#xff08;打基础的时候&#xff0c;不要太迷恋库函数&#xff09;代码及思路 541. 反转字符串 IIJavaScript String split() 方法JavaScript Array join() 方法代码分析见注释 剑指 Offer 05. 替换空格思路注意&#xff1a;上面…

网络基础学习:什么是网络与网络发展史

什么是网络与网络发展史 什么是网络&#xff1f;什么是网络发展史&#xff1f;分组交换技术TCP/IP技术Web技术ARPANET&#xff08;1969年&#xff09;Internet&#xff08;1983年&#xff09;万维网&#xff08;1990年&#xff09;移动互联网&#xff08;2007年&#xff09;物联…

KDGK-F断路器机械特性测试仪

一、产品概述 KDGK-F 断路器机械特性测试仪可用于各电压等级的真空、六氟化硫、少油、多油等电力系统高压开关的机械特性参数测试与测量。测量数据稳定&#xff0c;抗干扰性强&#xff0c;可在500KV等级及以下电站做实验&#xff0c;接线方便&#xff0c;操作简单&#xff0c;是…

第14章 项目采购管理

文章目录 采购管理包括如下几个过程14.2 编制采购计划 462编制采购计划的输出1&#xff09;采购管理计划2&#xff09;采购工作说明书3&#xff09;采购文件 14.2.3 工作说明书&#xff08;SOW&#xff09; 14.3 实施采购 47414.3.2 实施采购的方法和技术 476&#xff08;1&…

No.054<软考>《(高项)备考大全》【冲刺8】《软考之 119个工具 (6)》

《软考之 119个工具 &#xff08;6&#xff09;》 99.应急应对策略:100.风险在评估:101.风险审计:102.偏差和趋势分析:103.技术绩效测量:104.自制或外购分析:105.市场调研:106.投标人会议:107.建议书评价技术:108.独立核算:109.广告:110.采购谈判:111.合同变更控制系统:112.采购…

ArduPilot之GPS Glitch问题M8N模块配置

ArduPilot之GPS Glitch问题&M8N模块配置 1. 源由2. 现象3. 视频分析3.1 配置&#xff08;不理想&#xff09;3.2 配置优化3.3 优化配置短时间3D LockGlitch3.4 优化配置长时间3D DGPS Lock3.5 使用尽量多的卫星系统3.5.1 配置一3.5.2 配置二 3.6 同一时间段&#xff08;M8N…

3.3 泰勒公式例题分析

例1 写出函数f(x)带有拉格朗日余项的n阶麦克劳林公式 我的答案&#xff1a; 一、信息 1.f(x)的表达式 2.目标求这个f(x)的n阶麦克劳林公式 二、分析 条件1&#xff1a;告诉我f(x)的表达式为我后续带入公式做准备 条件2&#xff1a;告诉我用什么公式和此次求解的方向 三…

平面设计师都在用的设计素材网站,免费下载~

很多新手设计师不知道去哪里找高清、免费的设计素材&#xff0c;今天我就给大家推荐5个设计素材网站&#xff0c;免费下载&#xff0c;赶紧收藏起来把&#xff01; 1、菜鸟图库 https://www.sucai999.com/?vNTYwNDUx 菜鸟图库是我推荐过很多次的网站&#xff0c;主要是站内素…

普通2本,去过字节外包,到现在年薪25W+的测试开发,我的2年转行心酸经历...

个人简介 我是一个普通二本大学机械专业毕业&#xff0c;17年毕业&#xff0c;19年转行&#xff0c;目前做IT行业的软件测试已经有3年多&#xff0c;职位是高级测试工程师&#xff0c;坐标上海… 我想现在我也有一点资格谈论关于转行这个话题&#xff1b;希望你在决定转行之前…