使用kubeadm安装kuberneters

k8s安装

kubeadm/kubectl/kubelet安装

1、更新apt包索引并安装使用Kubernetes apt仓库所需要的包

sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl

2、下载Google Cloud公开签名秘钥：
```
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
```
如果执行失败了，可以手动下载https://packages.cloud.google.com/apt/doc/apt-key.gpg，然后将下载后的apt-key.gpg复制到/usr/share/keyrings/kubernetes-archive-keyring.gpg

3、添加Kubernetes apt仓库：

echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

这一步如果不能科学上网的话，就换成下面这个

echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

4、更新apt包索引，安装kubelet、kubeadm、kubectl，并锁定其版本

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

使用kubeadm安装Kubernetes集群

初始化master节点

kubeadm init

因为使用要使用 canal，因此需要在初始化时加上网络配置参数，设置 kubernetes 的子网为 10.244.0.0/16，注意此处不要修改为其他地址，因为这个值与后续的 canal 的 yaml 值要一致，如果修改，请一并修改。

使用了阿里云的镜像，不然外网的镜像拉不下来

kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers

init会遇到的问题

Q1：kubelet isn’t running

It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.

解决方法：修改/etc/docker/daemon.json，添加如下：

{"exec-opts": ["native.cgroupdriver=systemd"]
}

然后在执行

 sudo systemctl daemon-reloadsudo systemctl restart dockersudo systemctl restart kubelet

Q2：error execution phase preflight: [preflight] Some fatal errors occurred

[init] Using Kubernetes version: v1.23.2
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:[ERROR Port-6443]: Port 6443 is in use[ERROR Port-10259]: Port 10259 is in use[ERROR Port-10257]: Port 10257 is in use[ERROR FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already exists[ERROR FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml]: /etc/kubernetes/manifests/kube-controller-manager.yaml already exists[ERROR FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml]: /etc/kubernetes/manifests/kube-scheduler.yaml already exists[ERROR FileAvailable--etc-kubernetes-manifests-etcd.yaml]: /etc/kubernetes/manifests/etcd.yaml already exists[ERROR Port-10250]: Port 10250 is in use[ERROR Port-2379]: Port 2379 is in use[ERROR Port-2380]: Port 2380 is in use[ERROR DirAvailable--var-lib-etcd]: /var/lib/etcd is not empty
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

解决方法：你需要执行如下命令

kubeadm reset
#后面相关的输入y即可

reset后再重新执行kubeadm init

kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers

init成功后的提示：

Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 10.0.16.4:6443 --token e14627.cbl6ghqr2wdi6vt3 \--discovery-token-ca-cert-hash sha256:929611f9888cff770c02888f9d02d7e8a4cf121641885a3a78219567127f9593

配置kubectl

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

现在你就可以执行kubectl命令了

root@VM-16-4-ubuntu:~# kubectl get node
NAME             STATUS     ROLES                  AGE    VERSION
vm-16-4-ubuntu   NotReady   control-plane,master   125m   v1.23.2

Slave节点加入集群

kubeadm join

安装init成功的提示，将节点加入集群

kubeadm join 10.0.16.4:6443 --token e14627.cbl6ghqr2wdi6vt3 \--discovery-token-ca-cert-hash sha256:929611f9888cff770c02888f9d02d7e8a4cf121641885a3a78219567127f9593

join会遇到的问题

[preflight] Some fatal errors occurred

[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:[ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists[ERROR Port-10250]: Port 10250 is in use[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

这个是由于之前已经join过一次集群或者init过了，如果想要再次join，就执行

kubeadm reset

然后在join一次即可

让master也运行pod

kubectl taint nodes --all node-role.kubernetes.io/master-

安装网络插件

当集群安装好后，发现master的node并没有ready，发现core-dns处于pending状态。这是因为kubedns 组件需要在网络插件完成安装以后会自动安装完成

root@VM-16-4-ubuntu:/usr/local/bin# kubectl get pod -A
NAMESPACE     NAME                                     READY   STATUS    RESTARTS   AGE
kube-system   coredns-65c54cc984-9x9zs                 0/1     Pending   0          139m
kube-system   coredns-65c54cc984-gj9c7                 0/1     Pending   0          139m
kube-system   etcd-vm-16-4-ubuntu                      1/1     Running   0          139m
kube-system   kube-apiserver-vm-16-4-ubuntu            1/1     Running   0          139m
kube-system   kube-controller-manager-vm-16-4-ubuntu   1/1     Running   0          139m
kube-system   kube-proxy-m4jlm                         1/1     Running   0          139m
kube-system   kube-scheduler-vm-16-4-ubuntu            1/1     Running   0          139m

网络插件目前有以下可用：

Flannel：是一个可用于Kuberneters的overlay网络提供者
Calico：是一个安全的L3网络和网络策略驱动
Canal：结合Flannel和Calico，提供网络和网络策略
Weave：提供在网络分组两端参与工作的网络和网络策略，并且不需要额外的数据库

更多请访问官网文档：https://kubernetes.io/zh/docs/concepts/cluster-administration/addons/

安装Flannel

kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

可以看到如下反馈：

root@VM-16-4-ubuntu:~# kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created

然后在查看node的状态，发现master节点已经变成Ready的状态

root@VM-16-4-ubuntu:~# kubectl get node
NAME             STATUS   ROLES                  AGE    VERSION
vm-16-4-ubuntu   Ready    control-plane,master   3d1h   v1.23.2