Ubuntu K8s

https://serious-lose.notion.site/Ubuntu-K8s-d8d6a978ad784c1baa2fc8c531fbce68?pvs=74

2 核 2G Ubuntu 20.4 IP 172.24.53.10

kubeadmkubeletkubectl
版本1.23.01.23.01.23.0

kubeadmkubelet 和 kubectl 是 Kubernetes 生态系统中的三个重要组件

kubeadm

  • 主要用于 Kubernetes 集群的安装与管理。它提供了一种简单而快速的方法来创建一个 Kubernetes 集群,包括初始化控制平面节点、添加工作节点,以及管理集群的生命周期。
  • 通过 kubeadm init 命令可以在主节点上初始化一个新的集群,而通过 kubeadm join 可以将工作节点加入到已有的集群中。

kubelet

  • 是 Kubernetes 中的核心组件之一,负责在每个工作节点上管理 Pods 的生命周期。
  • 它负责从 API 服务器获取 Pod 的配置,并确保它们在节点上运行。具体来说,kubelet 会监控容器的状态,并确保它们按照期望的状态运行。
  • kubelet 也负责执行健康检查,报告节点和容器的状态。

kubectl

  • 是 Kubernetes 的命令行工具,允许用户与 Kubernetes 集群进行交互。
  • 用户可以使用 kubectl 来部署应用、管理集群资源、排查故障等。例如,kubectl get pods 可以列出当前运行的 Pods,kubectl apply -f <file> 可以根据配置文件创建或更新资源。

Kubernetes(K8s)支持多种容器运行时(Container Runtime),这些运行时负责管理容器的生命周期,包括拉取镜像、创建、运行和停止容器。

以下是一些常见的 Kubernetes 容器运行时:

1. Docker

  • 描述:Docker 是最常用的容器运行时,它通过提供一个简单的方法来打包、分发和运行应用程序,以便在不同环境中保持一致的行为。
  • 状态:虽然 Docker 仍然被广泛使用,但自 Kubernetes 1.20 版本起,Kubernetes 将不再直接支持 Docker 作为容器运行时。Docker 通过其底层的容器运行时(如 containerd)被 Kubernetes 支持。

2. containerd

  • 描述:containerd 是一个高性能的容器运行时,负责管理容器生命周期的基本功能。它是 Docker 中的一个组件,后来被单独发展,以便可以独立使用。
  • 特点:它支持 OCI(Open Container Initiative)标准,因此与 Kubernetes 兼容性好。

3. CRI-O

  • 描述:CRI-O 是一个轻量级的容器运行时,专门为 Kubernetes 的 CRI(Container Runtime Interface)设计。它允许 Kubernetes 使用任何支持 OCI 标准的容器镜像,并提供与 K8s 的良好集成。
  • 特点:CRIo 旨在提供一个简化的环境,消除不必要的组件,从而优化 Kubernetes 的性能。

4. Podman

  • 描述:Podman 是一个无守护进程的容器工具,允许用户以非特权模式运行容器。它与 Docker 的 CLI 接口相似,因此容易上手。
  • 特点:Podman 支持管理 pods 以及单个容器,并具有与 Kubernetes 的集成能力,但它不是 Kubernetes 默认支持的运行时。

5. rkt

  • 描述:rkt(发音为 "rocket")是 CoreOS 开发的容器运行时,旨在提供更强的安全性和灵活性。尽管 rkt 曾与 Kubernetes 集成,但自 Kubernetes 1.20 版本起,主要得益于 containerd 和 CRI-O 的流行支持。
  • 状态:rkt 在社区中的使用有所减少。

修改主机名

hostnamectl set-hostname master

关闭swap

// 临时关闭
swapoff -a
//  永久关闭

关闭防火墙

ufw disable

查看防火墙状态

ufw status

Status: inactive

设置网桥参数

cat << EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

安装 kubelet kubeadm kubectl

// 最新版本
sudo apt install -y kubelet kubeadm kubectl

or

// 指定版本
sudo apt  install -y kubelet=1.23.0-00 kubeadm=1.23.0-00 kubectl=1.23.0-00

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  kubeadm kubectl kubelet
0 upgraded, 3 newly installed, 0 to remove and 85 not upgraded.
Need to get 37.0 MB of archives.
After this operation, 216 MB of additional disk space will be used.
Get:1 <https://mirrors.aliyun.com/kubernetes/apt> kubernetes-xenial/main amd64 kubelet amd64 1.23.0-00 [19.5 MB]
Get:2 <https://mirrors.aliyun.com/kubernetes/apt> kubernetes-xenial/main amd64 kubectl amd64 1.23.0-00 [8,932 kB]
Get:3 <https://mirrors.aliyun.com/kubernetes/apt> kubernetes-xenial/main amd64 kubeadm amd64 1.23.0-00 [8,588 kB]
Fetched 37.0 MB in 2s (17.8 MB/s)    
Selecting previously unselected package kubelet.
(Reading database ... 133517 files and directories currently installed.)
Preparing to unpack .../kubelet_1.23.0-00_amd64.deb ...
Unpacking kubelet (1.23.0-00) ...
Selecting previously unselected package kubectl.
Preparing to unpack .../kubectl_1.23.0-00_amd64.deb ...
Unpacking kubectl (1.23.0-00) ...
Selecting previously unselected package kubeadm.
Preparing to unpack .../kubeadm_1.23.0-00_amd64.deb ...
Unpacking kubeadm (1.23.0-00) ...
Setting up kubectl (1.23.0-00) ...
Setting up kubelet (1.23.0-00) ...
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /lib/systemd/system/kubelet.service.
Setting up kubeadm (1.23.0-00) ...

锁定版本

sudo apt-mark hold kubelet kubeadm kubectl

预检查,确保您的环境适合 Kubernetes 集群的运行。

sudo kubeadm init phase preflight

I1210 22:20:42.740114  277592 version.go:255] remote version is much newer: v1.31.3; falling back to: stable-1.23
W1210 22:20:52.741562  277592 version.go:103] could not fetch a Kubernetes version from the internet: unable to get URL "<https://dl.k8s.io/release/stable-1.23.txt>": Get "<https://cdn.dl.k8s.io/release/stable-1.23.txt>": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
W1210 22:20:52.741591  277592 version.go:104] falling back to the local client version: v1.23.0
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 27.3.1. Latest validated version: 20.10
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR Port-6443]: Port 6443 is in use  // 端口号被占用
        [ERROR Port-10259]: Port 10259 is in use // 端口号被占用
        [ERROR Port-10257]: Port 10257 is in use // 端口号被占用
        [ERROR FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already exists // 文件已存在
        [ERROR FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml]: /etc/kubernetes/manifests/kube-controller-manager.yaml already exists // 文件已存在
        [ERROR FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml]: /etc/kubernetes/manifests/kube-scheduler.yaml already exists // 文件已存在
        [ERROR FileAvailable--etc-kubernetes-manifests-etcd.yaml]: /etc/kubernetes/manifests/etcd.yaml already exists // 文件已存在
        [ERROR Port-10250]: Port 10250 is in use // 端口号被占用
        [ERROR Port-2379]: Port 2379 is in use // 端口号被占用
        [ERROR Port-2380]: Port 2380 is in use // 端口号被占用
        [ERROR DirAvailable--var-lib-etcd]: /var/lib/etcd is not empty
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

kubeadm init 注意 apiserver-advertise-address 改为自己 IP, kubernetes-version 版本改为自己版本

sudo kubeadm init \\
--apiserver-advertise-address=172.24.53.10 \\
--apiserver-bind-port=6443 \\
--image-repository=registry.aliyuncs.com/google_containers \\
--kubernetes-version=v1.23.0 \\
--service-cidr=10.96.0.0/12 \\
--pod-network-cidr=10.244.0.0/16 \\
--ignore-preflight-errors=all

[init] Using Kubernetes version: v1.23.0
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 27.3.1. Latest validated version: 20.10
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.24.53.10]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz localhost] and IPs [172.24.53.10 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz localhost] and IPs [172.24.53.10 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 10.012070 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.23" in namespace kube-system with the configuration for the kubelets in the cluster
NOTE: The "kubelet-config-1.23" naming of the kubelet ConfigMap is deprecated. Once the UnversionedKubeletConfigMap feature gate graduates to Beta the default name will become just "kubelet-config". Kubeadm upgrade will handle this transition transparently.
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node izuf6dy59yl2x7ri2b5dmqz as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node izuf6dy59yl2x7ri2b5dmqz as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: j1fth4.uofits58xvvkcfmm
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  <https://kubernetes.io/docs/concepts/cluster-administration/addons/>

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.24.53.10:6443 --token j1fth4.uofits58xvvkcfmm \\
        --discovery-token-ca-cert-hash sha256:a2cf513f8205220c3a912467550cf607ac281716b7c0109a96db203898fe58f8

复制配置文件到 .kube 下

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Kubernetes 集群中所有命名空间(namespaces)下的 Pods

kubectl get pods --all-namespaces

NAMESPACE     NAME                                              READY   STATUS    RESTARTS   AGE
kube-system   coredns-6d8c4cb4d-hrfqc                           0/1     Pending   0          24h
kube-system   coredns-6d8c4cb4d-xkvwn                           0/1     Pending   0          24h
kube-system   etcd-izuf6dy59yl2x7ri2b5dmqz                      1/1     Running   1          24h
kube-system   kube-apiserver-izuf6dy59yl2x7ri2b5dmqz            1/1     Running   1          24h
kube-system   kube-controller-manager-izuf6dy59yl2x7ri2b5dmqz   1/1     Running   1          24h
kube-system   kube-proxy-666qb                                  1/1     Running   0          24h
kube-system   kube-scheduler-izuf6dy59yl2x7ri2b5dmqz            1/1     Running   1          24h

Kubernetes 集群中的所有节点(nodes)

kubectl get nodes

NAME                      STATUS     ROLES                  AGE   VERSION
izuf6dy59yl2x7ri2b5dmqz   NotReady   control-plane,master   24h   v1.23.0

安装calico

kubectl apply -f calico.yaml

kubectl get pods --all-namespaces

NAMESPACE     NAME                                              READY   STATUS    RESTARTS      AGE
kube-system   calico-kube-controllers-6d768559b-dpcmf           1/1     Running   0             85s
kube-system   calico-node-w8vlc                                 1/1     Running   0             85s
kube-system   coredns-6d8c4cb4d-hrfqc                           1/1     Running   0             25h
kube-system   coredns-6d8c4cb4d-xkvwn                           1/1     Running   0             25h
kube-system   etcd-izuf6dy59yl2x7ri2b5dmqz                      1/1     Running   1             25h
kube-system   kube-apiserver-izuf6dy59yl2x7ri2b5dmqz            1/1     Running   1             25h
kube-system   kube-controller-manager-izuf6dy59yl2x7ri2b5dmqz   1/1     Running   2 (43s ago)   25h
kube-system   kube-proxy-666qb                                  1/1     Running   0             25h
kube-system   kube-scheduler-izuf6dy59yl2x7ri2b5dmqz            1/1     Running   2 (42s ago)   25h

重新安装 kubelet

卸载 kubelet kubeadm kubectl

sudo apt-get remove --purge kubelet kubeadm kubectl

停止kubelet服务

sudo systemctl stop kubelet

重置kubeadm

sudo kubeadm reset

[reset] Reading configuration from the cluster...
[reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
W1209 23:08:52.957867  100146 reset.go:101] [reset] Unable to fetch the kubeadm-config ConfigMap from cluster: failed to get config map: configmaps "kubeadm-config" not found
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W1209 23:08:56.665154  100146 removeetcdmember.go:80] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/etcd /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.

删除/var/lib/kubelet目录下的数据:kubeadm reset命令虽然会删除很多数据,但是/var/lib/kubelet目录下的数据并不会被删除,为了完全恢复到初始状态,需要手动删除这个目录下的数据。

sudo rm -rf /var/lib/kubelet

删除 ~/.kube

sudo rm -rf ~/.kube

master初始化

sudo kubeadm init \\
--apiserver-advertise-address=172.24.53.10 \\
--apiserver-bind-port=6443 \\
--image-repository=registry.aliyuncs.com/google_containers \\
--kubernetes-version=v1.23.0 \\
--service-cidr=10.96.0.0/12 \\
--pod-network-cidr=10.244.0.0/16 \\
--ignore-preflight-errors=all

[init] Using Kubernetes version: v1.23.0
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 27.3.1. Latest validated version: 20.10
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.24.53.10]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz localhost] and IPs [172.24.53.10 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz localhost] and IPs [172.24.53.10 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 10.012070 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.23" in namespace kube-system with the configuration for the kubelets in the cluster
NOTE: The "kubelet-config-1.23" naming of the kubelet ConfigMap is deprecated. Once the UnversionedKubeletConfigMap feature gate graduates to Beta the default name will become just "kubelet-config". Kubeadm upgrade will handle this transition transparently.
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node izuf6dy59yl2x7ri2b5dmqz as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node izuf6dy59yl2x7ri2b5dmqz as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: j1fth4.uofits58xvvkcfmm
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  <https://kubernetes.io/docs/concepts/cluster-administration/addons/>

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.24.53.10:6443 --token j1fth4.uofits58xvvkcfmm \\
        --discovery-token-ca-cert-hash sha256:a2cf513f8205220c3a912467550cf607ac281716b7c0109a96db203898fe58f8

ERROR

[init] Using Kubernetes version: v1.23.0
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 27.3.1. Latest validated version: 20.10
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.24.53.10]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz localhost] and IPs [172.24.53.10 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz localhost] and IPs [172.24.53.10 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.

        Unfortunately, an error has occurred:
                timed out waiting for the condition

        This error is likely caused by:
                - The kubelet is not running
                - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

        If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
                - 'systemctl status kubelet'
                - 'journalctl -xeu kubelet'

        Additionally, a control plane component may have crashed or exited when started by the container runtime.
        To troubleshoot, list all containers using your preferred container runtimes CLI.

        Here is one example how you may list all Kubernetes containers running in docker:
                - 'docker ps -a | grep kube | grep -v pause'
                Once you have found the failing container, you can inspect its logs with:
                - 'docker logs CONTAINERID'

error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher

[init] Using Kubernetes version: v1.23.0
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 27.3.1. Latest validated version: 20.10
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.24.53.10]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz localhost] and IPs [172.24.53.10 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [izuf6dy59yl2x7ri2b5dmqz localhost] and IPs [172.24.53.10 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL <http://localhost:10248/healthz>' failed with error: Get "<http://localhost:10248/healthz>": dial tcp [::1]:10248: connect: connection refused.

        Unfortunately, an error has occurred:
                timed out waiting for the condition

        This error is likely caused by:
                - The kubelet is not running
                - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

        If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
                - 'systemctl status kubelet'
                - 'journalctl -xeu kubelet'

        Additionally, a control plane component may have crashed or exited when started by the container runtime.
        To troubleshoot, list all containers using your preferred container runtimes CLI.

        Here is one example how you may list all Kubernetes containers running in docker:
                - 'docker ps -a | grep kube | grep -v pause'
                Once you have found the failing container, you can inspect its logs with:
                - 'docker logs CONTAINERID'

error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher

查看详细日志

journalctl -xeu kubelet or init  命令后增加 --v=5 再次执行,查看详细日志

ERROR

“Failed to run kubelet” err=“failed to run Kubelet: misconfiguration: kubelet cgroup driver: “systemd” is different from docker cgroup driver: “cgroupfs”

kubeletcgroup 驱动 默认是systemd 修改docker配置文件

vim /etc/docker/daemon.json

增加 "exec-opts": ["native.cgroupdriver=systemd"] 配置 native.cgroupdriver=systemdsystemd

{
	"exec-opts": ["native.cgroupdriver=systemd"]
}

重新加载服务配置文件 和 重启 docker 服务

systemctl daemon-reload && systemctl restart docker

查看docker配置是否修改成功

docker info 

Client: Docker Engine - Community
 Version:    27.3.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.17.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.7
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 13
  Running: 10
  Paused: 0
  Stopped: 3
 Images: 44
 Server Version: 27.3.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 57f17b0a6295a39009d861b89e3b3b87b005ca27
 runc version: v1.1.14-0-g2c9f560
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
 Kernel Version: 5.4.0-182-generic
 Operating System: Ubuntu 20.04.6 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.846GiB
 Name: iZuf6dy59yl2x7ri2b5dmqZ
 ID: b3e06c55-1127-4727-b716-ace762d5ba1b
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: true
 Insecure Registries:
  106.15.127.43
  172.24.53.10
  harbor.net.com
  127.0.0.0/8
 Registry Mirrors:
  <https://lbccmm6e.mirror.aliyuncs.com/>
  <https://docker.registry.cyou/>
  <https://docker-cf.registry.cyou/>
  <https://dockercf.jsdelivr.fyi/>
  <https://docker.jsdelivr.fyi/>
  <https://dockertest.jsdelivr.fyi/>
  <https://mirror.aliyuncs.com/>
  <https://dockerproxy.com/>
  <https://mirror.baidubce.com/>
  <https://docker.m.daocloud.io/>
  <https://docker.nju.edu.cn/>
  <https://docker.mirrors.sjtug.sjtu.edu.cn/>
  <https://docker.mirrors.ustc.edu.cn/>
  <https://mirror.iscas.ac.cn/>
  <https://docker.rainbond.cc/>
 Live Restore Enabled: false

停止Kubernetes

sudo systemctl stop kubelet

重置和清理由 kubeadm 创建的集群状态

sudo kubeadm reset 是 Kubernetes 中的一个命令,用于重置和清理由 kubeadm 创建的集群状态。这个命令非常有用,尤其是在需要删除现有的 Kubernetes 集群或重新初始化集群时。以下是该命令的详细解释:

功能和作用

  1. 清除集群状态
    • kubeadm reset 会删除集群中的所有 Kubernetes 配置和状态信息,包括所有通过 kubeadm 安装的组件(如 API server、controller manager、scheduler 等)。
  2. 恢复到初始状态
    • 该命令的执行将 Kubernetes 节点恢复到未初始化状态,允许用户重新开始集群的安装或升级过程。
  3. 删除 Kubelet 和 CNI 组件
    • Kubelet 的配置文件及其他由 kubeadm 提供的组件(如网络插件)都将被删除。这意味着如果您在节点上安装了网络附加组件(如 Flannel、Calico 等),这些组件也会被移除。
  4. 清除 iptables 和网络设置
    • 该命令会清理所有与 Kubernetes 相关的iptables规则,确保从头开始没有多余的网络干扰。

使用场景

  • 重新初始化集群:在测试或开发环境中,您可能需要频繁重置集群以尝试不同的设置或配置。
  • 修复问题:当集群出现无法修复的故障或问题时,可能需要重置集群并重新开始设置。
  • 拆除多余的配置:如果您尝试过多个配置和参数并想开始一个干净的环境,该命令将帮助您实现这一点。

注意事项

  • 数据丢失:使用 kubeadm reset 将删除 Kubernetes 相关的信息和设置,这可能导致丢失所有的 Pod、ReplicaSet、Deployments、Services 等。
  • 持久存储:虽然 kubeadm reset 删除的是集群状态和配置,但如果存储卷是以持久化的方式挂载的,它们可能需要手动清理。
  • 依赖于 Kubelet:在执行此命令之前,请确保 Kubelet 是正在运行的状态。如果 Kubelet 停止工作,可能会导致重置失败。
sudo kubeadm reset

[reset] Reading configuration from the cluster...
[reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
W1209 23:08:52.957867  100146 reset.go:101] [reset] Unable to fetch the kubeadm-config ConfigMap from cluster: failed to get config map: configmaps "kubeadm-config" not found
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W1209 23:08:56.665154  100146 removeetcdmember.go:80] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/etcd /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.

重新init

sudo kubeadm init \\
--apiserver-advertise-address=172.24.53.10 \\
--apiserver-bind-port=6443 \\
--image-repository=registry.aliyuncs.com/google_containers \\
--kubernetes-version=v1.23.0 \\
--service-cidr=10.96.0.0/12 \\
--pod-network-cidr=10.244.0.0/16 \\
--ignore-preflight-errors=all \\
--v=5

确认/etc/systemd/system/ 下是否存在 kubelet.service 文件

复制文件到kubelet.service /etc/systemd/system/,注意 /root/kubelet.service 这个是之前备份的路径,或者新建也行 kubelet.service

cp /root/kubelet.service /etc/systemd/system/

vim /etc/systemd/system/kubelet.service

[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=http://kubernetes.io/docs/

[Service]
ExecStart=/usr/bin/kubelet
#ExecStartPre=/usr/bin/kubelet-pre-start.sh
Restart=always
StartLimitInterval=0
RestartSec=10

[Install]
WantedBy=multi-user.target

安装 kubectl dashboard

下载配置文件并修改名称

wget <https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml>
mv recommended.yaml dashboard.yaml

# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     <http://www.apache.org/licenses/LICENSE-2.0>
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001  // 增加
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort // 增加
---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: ""

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque

---

kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kubernetes-dashboard

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # Allow Dashboard to get metrics.
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    verbs: ["get"]

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  # Allow Metrics Scraper to get metrics from the Metrics server
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
        - name: kubernetes-dashboard
          image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/kubernetesui/dashboard:v2.7.0
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: dashboard-metrics-scraper
          image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/kubernetesui/metrics-scraper:v1.0.8
          ports:
            - containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}

检查镜像

grep "image:" dashboard.yaml

          image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/kubernetesui/dashboard:v2.7.0
          image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/kubernetesui/metrics-scraper:v1.0.8

配置为国内镜像

sed -i 's#kubernetesui/dashboard:v2.4.0#swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/kubernetesui/dashboard:v2.7.0#' dashboard.yaml
sed -i 's#kubernetesui/metrics-scraper:v1.0.7#swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/kubernetesui/metrics-scraper:v1.0.8#' dashboard.yaml

部署dashboard

kubectl apply -f dashboard.yaml

namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

检查服务状态

kubectl get pods -n kubernetes-dashboard

NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-5b6f6c8f45-wp9dq   1/1     Running   0          13m
kubernetes-dashboard-6c685b564c-gqrf2        1/1     Running   0          13m

网址为

<https://106.15.127.43:30001/#/login>

image.png

获取 token

# 创建用户
kubectl create serviceaccount dashboard-admin -n kube-system

serviceaccount/dashboard-admin created


# 用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created

# 获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

Name:         dashboard-admin-token-m2hps
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 3802d503-3f30-439b-82c8-1a875e115f6c

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ind4R0daN0Rla3lFSEdzaWRMS3JpRl9vRWpkT1lieGtXeDVrbS1FdkhyYVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbTJocHMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMzgwMmQ1MDMtM2YzMC00MzliLTgyYzgtMWE4NzVlMTE1ZjZjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.MB85CeNXsLW1vNH_mKwSFxFcl57RzRc9Ou9CoqrTEVSNC42B4O0qLPdzx6_WD5KLR3jWSB3ynmSgkMHV1uzuve7CeHDK6UeoyR4v4o0Sldk8PGGVaHykacVzKg14kX0qoBHHSXBLJZp8s_-dzzIBNeexUEZiIjoUVKgOJUjp2k-_LGzH4GN8d6oKfo5M37XsDZ5cFQvfedGRNAho-GQkVCssVXt1SJlDwCdefhlmJa_D-awLlE3khrYimt_1CmFIibBoSfHI2Q55CgNveAagCvBM0c6HvmtZDHwdRfT96XwTyN1hJDZwVGFHq3uv-QtLhEAPia1CMWxOvvBQQZQUA

image.png

部署应用测试 部署一个nginx应用,并以 NodePort 形式暴露此nginx。创建一个 nginx-deploy.yaml 文件

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-deploy
  name: nginx-deploy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-deploy
  template:
    metadata:
      labels:
        app: nginx-deploy
    spec:
      containers:
      - image: registry.cn-shenzhen.aliyuncs.com/xiaohh-docker/nginx:1.25.4
        name: nginx
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx-deploy
  name: nginx-svc
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30080
  selector:
    app: nginx-deploy
  type: NodePort

部署

kubectl apply -f nginx-deploy.yaml

deployment.apps/nginx-deploy created
service/nginx-svc created

查看 pod

kubectl get pods --all-namespaces

NAMESPACE     NAME                                              READY   STATUS    RESTARTS         AGE
default       nginx-deploy-69d69b77bb-gqm6s                     1/1     Running   0                10m // 成功
kube-system   calico-kube-controllers-6d768559b-dpcmf           1/1     Running   3 (30m ago)      22h
kube-system   calico-node-w8vlc                                 1/1     Running   6 (15m ago)      22h
kube-system   coredns-6d8c4cb4d-hrfqc                           1/1     Running   0                2d
kube-system   coredns-6d8c4cb4d-xkvwn                           1/1     Running   0                2d
kube-system   etcd-izuf6dy59yl2x7ri2b5dmqz                      1/1     Running   1                2d
kube-system   kube-apiserver-izuf6dy59yl2x7ri2b5dmqz            1/1     Running   4 (30m ago)      2d
kube-system   kube-controller-manager-izuf6dy59yl2x7ri2b5dmqz   1/1     Running   14 (8m47s ago)   2d
kube-system   kube-proxy-666qb                                  1/1     Running   0                2d
kube-system   kube-scheduler-izuf6dy59yl2x7ri2b5dmqz            1/1     Running   16 (8m49s ago)   2d

image.png

删除 Deployment

kubectl delete deployment nginx-deploy --namespace=default

deployment.apps "nginx-deploy" deleted

删除 pod

kubectl delete pod nginx-deploy-69d69b77bb-gqm6s --namespace=default

pod "nginx-deploy-69d69b77bb-gqm6s" deleted

查看 pod

kubectl get pods --all-namespaces

NAMESPACE     NAME                                              READY   STATUS    RESTARTS         AGE
kube-system   calico-kube-controllers-6d768559b-dpcmf           1/1     Running   3 (30m ago)      22h
kube-system   calico-node-w8vlc                                 1/1     Running   6 (15m ago)      22h
kube-system   coredns-6d8c4cb4d-hrfqc                           1/1     Running   0                2d
kube-system   coredns-6d8c4cb4d-xkvwn                           1/1     Running   0                2d
kube-system   etcd-izuf6dy59yl2x7ri2b5dmqz                      1/1     Running   1                2d
kube-system   kube-apiserver-izuf6dy59yl2x7ri2b5dmqz            1/1     Running   4 (30m ago)      2d
kube-system   kube-controller-manager-izuf6dy59yl2x7ri2b5dmqz   1/1     Running   14 (8m47s ago)   2d
kube-system   kube-proxy-666qb                                  1/1     Running   0                2d
kube-system   kube-scheduler-izuf6dy59yl2x7ri2b5dmqz            1/1     Running   16 (8m49s ago)   2d

master

查看当前污点

kubectl describe node <master-node-name>

在输出中查找“Taints”部分,通常 master 节点上会有类似以下的污点:

node-role.kubernetes.io/master:NoSchedule

移除污点

kubectl taint nodes <master-node-name> node-role.kubernetes.io/master:NoSchedule-

kubectl taint nodes izuf6dy59yl2x7ri2b5dmqz node-role.kubernetes.io/master:NoSchedule-

node/izuf6dy59yl2x7ri2b5dmqz untainted

重启Kubernetes

sudo systemctl restart kubelet

Linux虚拟机搭建K8S环境_linux 部署k8环境-CSDN博客

在Ubuntu22.04 LTS上搭建Kubernetes集群-阿里云开发者社区

Ubuntu22安装K8S实战-CSDN博客

Ubuntu下Kubernetes(k8s)集群搭建_ubuntu安装kubernetes-CSDN博客

https://zhuanlan.zhihu.com/p/709347673?utm_campaign=shareopn&utm_medium=social&utm_psn=1849349834034769920&utm_source=wechat_session

https://y2k38.github.io/use-kubeadm-to-deploy-k8s-cluster/#部署k8s

Linux下minikube启动失败(It seems like the kubelet isn‘t running or healthy)(1)-阿里云开发者社区

解决k8s kubeadm init初始化报 - The kubelet is not running - The kubelet is unhealthy due_kubernetes_Long long ago.-K8S/Kubernetes

kuberuntime_sandbox.go:70] “Failed to create sandbox for pod“ err=“rpc error_golang_喝醉酒的小白-K8S/Kubernetes

Ubuntu安装K8S(1.28版本,基于containrd) - 自学精灵

Ubuntu20.04安装/卸载K8S 1.23.17版本_ubuntu 2204 删除kubernetes-CSDN博客

K8S服务搭建过程中出现的憨批错误_failed to load kubelet config file" err="failed to-CSDN博客

Kubernetes集群重置与初始化:kubeadm reset命令-CSDN博客

Kubernetes K8s 解决 This error is likely caused by: - The kubelet is not running-CSDN博客

ubuntu系统安装k8s1.28精简步骤_unbuntu 精简-CSDN博客

Kubernetes因限制内存配置引发的错误 - 墨天轮

pod sandbox rpc error 这个错误通常是由于 Kubernetes 网络配置出现问题导致_mob64ca12df277e的技术博客_51CTO博客

kubeasz/docs/guide/dashboard.md at master · easzlab/kubeasz · GitHub

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/937087.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

【ARM】ARM架构麒麟V10安装jdk1.8

【ARM】ARM架构麒麟V10安装jdk1.8

ARM架构麒麟V10安装jdk1.8&#xff0c;就一句话安装 yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel 关注我&#xff0c;继续【ARM】安装mysql 简单快捷。
阅读更多...
Redis--高并发分布式结构

Redis--高并发分布式结构

目录 一、引言 二、redis 1.什么是redis&#xff1f; 三、基础概念 1.什么是分布式&#xff1f; 2.应用服务和数据库服务分离 3.负载均衡 4.分库分表 5.微服务架构 四、总结 一、引言 本篇文章就简单介绍一下什么是redis&#xff0c;以及一些关于高并发和分布式结构的…
阅读更多...
Repo管理

Repo管理

文章目录 前言Repo介绍清单仓库清单仓库的组成 初始化Repo同步远程仓库Repo实际应用 前言 我们知道&#xff0c;Git是用来管理某一个仓库&#xff0c;那当一个项目用到了多个仓库时&#xff0c;怎么来同步管理这些仓库呢&#xff1f;这个时候就可以引入Repo管理。 Repo介绍 …
阅读更多...
python 数据分析之地图数据绘制

python 数据分析之地图数据绘制

python 数据分析之地图数据绘制 1、根据历史的2023年GDP数据做地图分析 import numpy as np import matplotlib import matplotlib.pyplot as plt matplotlib.rcParams[font.family] SimHei import pandas as pd import folium from folium import Map import geopandas as…
阅读更多...
分治算法(单选题)

分治算法(单选题)

2-1 分数 2 下列多少种排序算法用了分治法&#xff1f; 堆排序插入排序归并排序快速排序选择排序希尔排序 A.2 B.3 C.4 D.5 正确答案 A 2-2 分数 2 分治法的设计思想是将一个难以直接解决的大问题分割成规模较小的子问题&#xff0c;分别解决问题&#xff0c;最后将子…
阅读更多...
探索 HTTP 请求头中的 “Host” 字段及其安全风险

探索 HTTP 请求头中的 “Host” 字段及其安全风险

探索 HTTP 请求头中的 “Host” 字段及其安全风险 大家好&#xff0c;今天我们来聊聊 HTTP 请求头中的“Host”字段&#xff0c;以及它的使用方法和安全风险。 什么是Host字段 在 HTTP 请求头中&#xff0c;“Host”字段是一个至关重要的部分。它告诉服务器&#xff0c;我们…
阅读更多...
将 Ubuntu 22.04 LTS 升级到 24.04 LTS

将 Ubuntu 22.04 LTS 升级到 24.04 LTS

Ubuntu 24.04 LTS 将支持 Ubuntu 桌面、Ubuntu 服务器和 Ubuntu Core 5 年&#xff0c;直到 2029 年 4 月。 本文将介绍如何将当前 Ubuntu 22.04 系统升级到最新 Ubuntu 24.04 LTS版本。 备份个人数据 以防万一&#xff0c;把系统中的重要数据自己备份一下~ 安装配置SSH访问…
阅读更多...
渗透测试-前端验签绕过之SHA256

渗透测试-前端验签绕过之SHA256

本文是高级前端加解密与验签实战的第1篇文章&#xff0c;本系列文章实验靶场为Yakit里自带的Vulinbox靶场&#xff0c;本文讲述的是绕过SHA256签名来爆破登录。 绕过 通过查看源代码可以看到key为 1234123412341234通过查看源代码可以看到是通过SHA256来进行签名的&#xff0…
阅读更多...
解锁医学数据分析新姿势:堆叠图的奇妙世界

解锁医学数据分析新姿势:堆叠图的奇妙世界

在医学数据分析中&#xff0c;数据的可视化是一个非常重要的环节。通过图形展示&#xff0c;我们可以更直观地理解数据之间的关系和趋势。今天&#xff0c;我们将介绍一种非常有用的图形——堆叠图&#xff08;Stacked Bar Chart&#xff09;&#xff0c;并展示如何在Python中使…
阅读更多...
接口测试Day01-HTTP请求

接口测试Day01-HTTP请求

概念 接口&#xff1a;系统之间&#xff08;外部系统与内部系统&#xff0c;内部系统与内部系统&#xff09;数据交通的通道。 接口测试&#xff1a;校验 接口回发的 响应数据 与 预期结果 是否一致。 接口测试&#xff0c;可以绕过前端界面。直接对 服务器进行测试&#xff01…
阅读更多...
04、GC基础知识

04、GC基础知识

JVM程序在跑起来之后&#xff0c;在数据的交互过程中&#xff0c;就会有一些数据是过期不用的&#xff0c;这些数据可以看做是垃圾&#xff0c;JVM中&#xff0c;这些垃圾是不用开发者管的&#xff0c;它自己会有一套垃圾回收系统自动回收这些内存垃圾&#xff0c;以备后面继续…
阅读更多...
一、STM32MP257开发板初体验

一、STM32MP257开发板初体验

文章目录 STM32MP257开发板初体验1. 硬件介绍2. 下载编译源码3. 烧录4. 启动 STM32MP257开发板初体验 从本篇文章开始本专栏将详细记录学习STM32MP257过程中的学习心得&#xff0c;旨在详细掌握嵌入式LINUX中的全流程内容&#xff0c;主要包括启动流程分析、驱动分析、Yocto系…
阅读更多...
分析M0G突破后急剧下跌内因,x.game阐述不利面延续多久

分析M0G突破后急剧下跌内因,x.game阐述不利面延续多久

MOG最新消息显示&#xff0c;美国唐纳德-的一则声明公开表示支持一种基于以太坊网络ERC-20代币标准的病毒式meme代币——Mog Coin&#xff08;MOG&#xff09;&#xff0c;这一消息迅速发酵。然而&#xff0c;令人意想不到的是&#xff0c;在这位全球知名政治人物的背书之后&am…
阅读更多...
P8772 求和 P8716 回文日期

P8772 求和 P8716 回文日期

文章目录 [蓝桥杯 2022 省 A] 求和[蓝桥杯 2020 省 AB2] 回文日期 [蓝桥杯 2022 省 A] 求和 题目描述 给定 n n n 个整数 a 1 , a 2 , ⋯ , a n a_{1}, a_{2}, \cdots, a_{n} a1​,a2​,⋯,an​, 求它们两两相乘再相加的和&#xff0c;即 S a 1 ⋅ a 2 a 1 ⋅ a 3 ⋯ a…
阅读更多...
【优选算法】二分算法(在排序数组中查找元素的第一个和最后一个位置,寻找峰值,寻找排序数组中的最小值)

【优选算法】二分算法(在排序数组中查找元素的第一个和最后一个位置,寻找峰值,寻找排序数组中的最小值)

二分算法简介&#xff1a; 提到二分我们可能都会想起二分查找&#xff0c;二分查找要求待查找的数组是有序的&#xff0c;与我们今天讲的二分算法不同&#xff0c;并不是数组元素严格按照有序排列才可以使用二分算法&#xff0c;只要数组中有一个点可以将数组分为两个部分&…
阅读更多...
升级Ubuntu 24.04 LTS报错“Oh no! Something has gone wrong.”

升级Ubuntu 24.04 LTS报错“Oh no! Something has gone wrong.”

强烈建议&#xff1a;升级Ubuntu系统之前先配置好SSH远程访问 最近升级Ubuntu系统&#xff08;18->24&#xff09;&#xff0c;经历了一些惊魂时刻&#xff0c;复盘下来没有重装系统的最得益于SSH访问。 在升级到24.04版本时&#xff0c;一切似乎表现得很正常&#xff0c;…
阅读更多...
大模型底座 Transformer 的核心技术解析

大模型底座 Transformer 的核心技术解析

1. 引言 说明目标 在深度学习领域&#xff0c;Transformer架构已成为近年来最重要的技术突破之一。它最早由Vaswani等人在2017年的论文《Attention is All You Need》中提出&#xff0c;迅速成为自然语言处理&#xff08;NLP&#xff09;和其他序列建模任务的核心工具。传统方法…
阅读更多...
2.生成Transformation

2.生成Transformation

目录 前言 Source FlatMap KeyBy sum print 总结 前言 以下面的WordCount为例 package com.wlh.p1;import org.apache.flink.api.common.functions.FlatMapFunction; import org.apache.flink.api.java.functions.KeySelector; import org.apache.flink.api.java.tuple…
阅读更多...
1. 机器学习基本知识(3)——机器学习的主要挑战

1. 机器学习基本知识(3)——机器学习的主要挑战

1.5 机器学习的主要挑战 1.5.1 训练数据不足 对于复杂问题而言&#xff0c;数据比算法更重要但中小型数据集仍然很普遍&#xff0c;获得额外的训练数据并不总是一件轻而易举或物美价廉的事情&#xff0c;所以暂时不要抛弃算法。 1.5.2 训练数据不具有代表性 采样偏差&#…
阅读更多...
TypeScript学习路线图

TypeScript学习路线图

‌ TypeScript 是由微软开发和维护的一种静态类型编程语言&#xff0c;它是 JavaScript 的超集。TypeScript 的创建是为了解决构建大规模 JavaScript 应用程序所面临的挑战&#xff0c;并向该语言添加了可选的类型注解、类、接口和其他特性。 使用 TypeScript 的主要好处包括&a…
阅读更多...
最新文章

Copyright @ 2022~2023