Ubuntu16.04安装K8s步骤和踩坑记录

https://www.jianshu.com/p/c94c59192ce4

环境信息

名称: 版本
Docker 18.06.1-ce
操作系统 Ubuntu16.04
K8s v1.13.2

机器信息
IP 作用 组件
10.2.14.78 Master
10.2.14.79 Node
10.2.14.80 Node

安装步骤

系统配置修改
禁用swap

swapoff -a

同时把/etc/fstab包含swap那行记录删掉。

关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

禁用Selinux

apt install selinux-utils
setenforce 0

各主机的主机名及ip配置。
本次实战中一共用到三台主机,一台用于Master的部署,领导两台分别为node1和node2。主机名和IP的对应关系如下:

wangcf-k8s-m 10.2.14.78
wangcf-k8s-n1 10.2.14.79
wangcf-k8s-n2 10.2.14.80

同事在每台机器的/etc/hosts配置如下

10.2.14.78 wangcf-k8s-m
10.2.14.79 wangcf-k8s-n1
10.2.14.80 wangcf-k8s-n2

安装docker

在Master和Node节点分别执行如下操作

先安装相关工具

apt-get update && apt-get install -y apt-transport-https curl

添加密钥

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

安转docker

apt-get install docker.io -y

查看docker版本

root@ubuntu:~# docker version
Client:
 Version:           18.06.1-ce
 API version:       1.38
 Go version:        go1.10.4
 Git commit:        e68fc7a
 Built:             Thu Nov 15 21:12:47 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.1-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       e68fc7a
  Built:            Sun Nov 11 21:53:22 2018
  OS/Arch:          linux/amd64
  Experimental:     false

启动docker service

systemctl enable docker
systemctl start docker
systemctl status docker

使用阿里云加速器

由于网络原因,我们在pull Image 的时候,从Docker Hub上下载会很慢。

修改文件

vim  /etc/docker/daemon.json
{
    "registry-mirrors": ["https://alzgoonw.mirror.aliyuncs.com"],
    "live-restore": true
}

重起docker服务

systemctl daemon-reload
systemctl restart docker

安装kubectl,kubelet,kubeadm

在Master和Node节点分别执行如下操作

接下来添加秘钥

 curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -

经测试这里可能报错: gpg:no valid OpenPGP data found

注意:需要通过下面两条命令来解决:curl -O https://packages.cloud.google.com/apt/doc/apt-key.gpg 先保存一个apt-key.gpg的文件,再通过apt-key add apt-key.gpg来加载。

添加Kubernetes软件源

cat </etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF

上面是官方的源,国内不通需要修改为如下

cat </etc/apt/sources.list.d/kubernetes.list
deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main
EOF

安装

# apt-get update && apt-get install -y kubelet kubeadm kubectl
# systemctl enable kubelet

– 修改源—

问题:apt-get update 错误超时,被墙了。需要修改apt-get的源,采用ustc源

vim /etc/apt/sources.list.d/kubernetes.list

增加内容如下,然后重新安装

class="markdown-heading">deb http://apt.kubernetes.io/ kubernetes-xenial main

deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main

注:ubuntu16.04 代号为xenial

配置Master

在/etc/profile 下面增加如下环境变量

export KUBECONFIG=/etc/kubernetes/admin.conf

# 重起kubelet
systemctl daemon-reload
systemctl restart kubelet

在master节点上执行

kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.2.14.78 --kubernetes-version=v1.13.2 --ignore-preflight-errors=Swap

–pod-network-cidr是指配置节点中的pod的可用IP地址,此为内部IP

–apiserver-advertise-address 为master的IP地址

–kubernetes-version 通过kubectl version 可以查看到

不幸的是报错, k8s.gcr.io 被墙了,镜像下载失败

[preflight] You can also perform this action in beforehand using ‘kubeadm config images pull’
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.13.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
……..

根据报错信息,在国内网站站上找到相关的镜像(docker需要配置阿里云的镜像仓库)

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.13.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.13.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.13.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.13.2

把这些images重新tag一下。

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.13.2 k8s.gcr.io/kube-controller-manager:v1.13.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.13.2 k8s.gcr.io/kube-scheduler:v1.13.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.13.2 k8s.gcr.io/kube-proxy:v1.13.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.13.2 k8s.gcr.io/kube-apiserver:v1.13.2

重新执行

kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.2.14.78 --kubernetes-version=v1.13.2 --ignore-preflight-errors=Swap

输出结果如下,其中最后一行是节点加入master集群需要的命令

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 10.2.14.78:6443 --token h7u22o.nk23ias5f1ft8hj9 --discovery-token-ca-cert-hash sha256:9f93785608c9a9de3e5d74e9ed30b8302691abfee7efd946a8c1b80d8582fe92

在安装完Master节点后,查看节点信息( kubectl get nodes)会发现节点的状态为noready。查看noready的原因发现是由于cni插件没有配置。其实这是由于还没有配置网络。可以配置多种网络,这里作者选用最长远的fannel网络进行配置。

 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

配置Node

在各个node节点执行如下命令(对应master配置返回的 kubeadm join命令),加入master集群

 kubeadm join 10.2.14.78:6443 --token h7u22o.nk23ias5f1ft8hj9 --discovery-token-ca-cert-hash sha256:9f93785608c9a9de3e5d74e9ed30b8302691abfee7efd946a8c1b80d8582fe92

在master查看nodes状态,Node的状态为NotReady

root@wangcf-k8s-m:~# kubectl get nodes
NAME            STATUS     ROLES    AGE     VERSION
wangcf-k8s-m    Ready      master   20m     v1.13.2
wangcf-k8s-n1   NotReady   <none>   8m21s   v1.13.2
wangcf-k8s-n2   NotReady   <none>   2m40s   v1.13.2

查看pod状态,部分服务没有正常启动,原因是各个node也缺少镜像,需要手动下载,按照在master手动下载镜像的方式下载即可

root@wangcf-k8s-m:~# kubectl get pod --all-namespaces
NAMESPACE     NAME                                   READY   STATUS              RESTARTS   AGE
kube-system   coredns-86c58d9df4-hpbbh               0/1     ContainerCreating   0          18m
kube-system   coredns-86c58d9df4-qj56q               0/1     ContainerCreating   0          18m
kube-system   etcd-wangcf-k8s-m                      1/1     Running             2          17m
kube-system   kube-apiserver-wangcf-k8s-m            1/1     Running             2          17m
kube-system   kube-controller-manager-wangcf-k8s-m   1/1     Running             2          17m
kube-system   kube-flannel-ds-amd64-bskks            0/1     Init:0/1            0          2m34s
kube-system   kube-flannel-ds-amd64-rdnw2            1/1     Running             0          2m34s
kube-system   kube-flannel-ds-amd64-sdbxj            0/1     Init:0/1            0          55s
kube-system   kube-proxy-6h6rv                       0/1     ContainerCreating   0          55s
kube-system   kube-proxy-fsfwq                       0/1     ContainerCreating   0          6m36s
kube-system   kube-proxy-z7dqx                       1/1     Running             2          18m
kube-system   kube-scheduler-wangcf-k8s-m            1/1     Running             2          17m

部署结果检查

root@wangcf-k8s-m:~# kubectl get pod --all-namespaces
NAMESPACE     NAME                                   READY   STATUS     RESTARTS   AGE
kube-system   coredns-86c58d9df4-9ptww               1/1     Running    0          4m9s
kube-system   coredns-86c58d9df4-xg78d               1/1     Running    0          4m9s
kube-system   etcd-wangcf-k8s-m                      1/1     Running    2          24m
kube-system   kube-apiserver-wangcf-k8s-m            1/1     Running    2          24m
kube-system   kube-controller-manager-wangcf-k8s-m   1/1     Running    2          24m
kube-system   kube-flannel-ds-amd64-bskks            0/1     Init:0/1   0          9m42s
kube-system   kube-flannel-ds-amd64-rdnw2            1/1     Running    0          9m42s
kube-system   kube-flannel-ds-amd64-sdbxj            0/1     Init:0/1   0          8m3s
kube-system   kube-proxy-6h6rv                       1/1     Running    0          8m3s
kube-system   kube-proxy-fsfwq                       1/1     Running    0          13m
kube-system   kube-proxy-z7dqx                       1/1     Running    2          25m
kube-system   kube-scheduler-wangcf-k8s-m            1/1     Running    2          24m
root@wangcf-k8s-m:~# kubectl get nodes
NAME            STATUS     ROLES    AGE     VERSION
wangcf-k8s-m    Ready      master   26m     v1.13.2
wangcf-k8s-n1   NotReady   <none>   14m     v1.13.2
wangcf-k8s-n2   Ready      <none>   8m21s   v1.13.2
root@wangcf-k8s-m:~# kubectl get nodes
NAME            STATUS     ROLES    AGE     VERSION
wangcf-k8s-m    Ready      master   26m     v1.13.2
wangcf-k8s-n1   NotReady   <none>   14m     v1.13.2
wangcf-k8s-n2   Ready      <none>   8m24s   v1.13.2
root@wangcf-k8s-m:~# kubectl get nodes
NAME            STATUS     ROLES    AGE     VERSION
wangcf-k8s-m    Ready      master   26m     v1.13.2
wangcf-k8s-n1   NotReady   <none>   14m     v1.13.2
wangcf-k8s-n2   Ready      <none>   8m31s   v1.13.2
root@wangcf-k8s-m:~# kubectl get nodes
NAME            STATUS   ROLES    AGE    VERSION
wangcf-k8s-m    Ready    master   26m    v1.13.2
wangcf-k8s-n1   Ready    <none>   14m    v1.13.2
wangcf-k8s-n2   Ready    <none>   9m5s   v1.13.2
root@wangcf-k8s-m:~# kubectl get cs
NAME                 STATUS    MESSAGE              ERROR
scheduler            Healthy   ok                   
controller-manager   Healthy   ok                   
etcd-0               Healthy   {"health": "true"}   

K8S部署mysql学习

新建mysql-rc.yaml

apiVersion: v1
kind: ReplicationController
metadata:
  name: mysql-rc
  labels:
    name: mysql-rc
spec:
  replicas: 1
  selector:
    name: mysql-pod
  template:
    metadata:
      labels: 
        name: mysql-pod
    spec:
      containers:
      - name: mysql
        image: mysql
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "password"

创建mysql-svc.yaml

[root@k8s-master ~]# cat mysql-svc.yaml 
apiVersion: v1
kind: Service
metadata:
  name: mysql-svc
  labels: 
    name: mysql-svc
spec:
  type: NodePort
  ports:
  - port: 3306
    protocol: TCP
    targetPort: 3306
    name: http
    nodePort: 30000
  selector:
    name: mysql-pod

安装

k8s 执行文件,下载mysql镜像和运行mysqlr容器

[root@k8s-master ~]# kubectl create -f mysql-rc.yaml 
replicationcontroller "mysql-rc" created
[root@k8s-master ~]# kubectl create -f mysql-svc.yaml 
service "mysql-svc" created

在其中一台node节点上看到mysql容器实例已启动

root@wangcf-k8s-n1:~# docker ps
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS              PORTS               NAMES
338cd4b675ab        mysql                  "docker-entrypoint.s…"   15 hours ago        Up 15 hours                             k8s_mysql_mysql-rc-d5zht_default_f55914bc-1a49-

进入容器看到mysql的版本为 8.0.13

root@wangcf-k8s-n1:~# docker exec -it 338cd4b675ab bash
root@mysql-rc-d5zht:/# mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 23
Server version: 8.0.13 MySQL Community Server - GPL

设置root远程访问

$mysql -u root -p
Enter password:
mysql> use mysql;
mysql> GRANT ALL ON *.* TO 'root'@'%';
Query OK, 0 rows affected (0.04 sec)

mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
Query OK, 0 rows affected (0.01 sec)

最后在mysql客户端连接mysql容器实例

IP:(任意master或node节点IP)

用户名:root

密码:password 【设置的密码】

端口:30000 【设置的端口】

K8S部署JAVA应用

采用deployment方式部署java应用,应用的名称为demo。

通过docker pull wangchunfa/demo 可以下载改测试应用,是一个spring boot项目,对外暴露的端口是8771.

构建docker镜像请参考另一篇博文 《Spring boot项目部署到Docker环境》

创建deployment

新建文件demo_deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo
  template:
    metadata:
      labels:
        app: demo
    spec:
      containers:
      - name: wangcf-demo
        image: wangchunfa/demo:latest
        ports:
        - containerPort: 8771

注意:apiVersion写apps/v1

1.6版本之前 apiVsersion:extensions/v1beta1
1.6版本到1.9版本之间:apps/v1beta1
1.9版本之后:apps/v1

创建一个deployment部署和查看状态, 最终可以看到我们的应用程序被部署上去了

root@wangcf-k8s-m:~/demo_deployment# kubectl create -f demo_deployment.yaml --record
deployment.apps/demo-deployment created
root@wangcf-k8s-m:~/demo_deployment# kubectl get deployment
NAME              READY   UP-TO-DATE   AVAILABLE   AGE
demo-deployment   1/1     1            1           10s
root@wangcf-k8s-m:~/demo_deployment# kubectl get rs
NAME                        DESIRED   CURRENT   READY   AGE
demo-deployment-9c754c4d9   1         1         1       10s

执行命令kubectl get pods -o wide,注意IP列,显示是内部POD网络的IP地址,而不是Node的IP地址

root@wangcf-k8s-m:~/demo_deployment# kubectl get pods -o wide
NAME                              READY   STATUS    RESTARTS   AGE   IP           NODE            NOMINATED NODE   READINESS GATES
demo-deployment-9c754c4d9-zp8wl   1/1     Running   0          69s   10.244.1.7   wangcf-k8s-n1   <none>           <none>
mysql-rc-d5zht                    1/1     Running   0          10d   10.244.1.2   wangcf-k8s-n1   <none>           <none>

测试应用,正常返回。其中

root@wangcf-k8s-n1:~# curl http://10.244.1.7:8771/api/v1/product/find?id=2
{"id":2,"name":"冰箱 data from port=8771","price":5342,"store":19}

创建service

采用expose 快捷部署

kubectl expose deployment demo-deployment –type=NodePort –name=demo-svc

service/demo-svc exposed
root@wangcf-k8s-m:~/demo_deployment# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
demo-svc     NodePort    10.107.171.26   <none>        8771:31538/TCP   6s

–port=8771 容器暴露的端口

–target-port=30002 service提供对外访问的端口,目前看不能指定端口

–name=demo-svc 指定service名称

–protocol=TCP 容器内应用对外服务暴露的访问协议

测试应用访问,成功!

root@wangcf-k8s-m:~/demo_deployment# curl http://10.2.14.78:30272/api/v1/product/find?id=2
{"id":2,"name":"冰箱 data from port=8771","price":5342,"store":19}root@wangcf-k8s-m:~/demo_deployment#

更新deployment

将rs的副本增大为2

root@wangcf-k8s-m:~# kubectl scale deployment demo-deployment --replicas 2 
deployment.extensions/demo-deployment scaled
root@wangcf-k8s-m:~/demo_deployment# kubectl get deployment
NAME              READY   UP-TO-DATE   AVAILABLE   AGE
demo-deployment   2/2     2            2           23m

其他命令
删除deployment

 # kubectl delete deployment demo-deployment

查看deployment

 # kubectl describe deployment demo-deployment

查看历史记录

root@wangcf-k8s-m:~/demo_deployment# kubectl rollout history deployment/demo-deployment
deployment.extensions/demo-deployment 
REVISION  CHANGE-CAUSE
1         kubectl create --filename=demo_deployment.yaml --record=true

查看单个revision 的详细信息:

root@wangcf-k8s-m:~/demo_deployment# kubectl rollout history deployment demo-deployment  --revision=1
deployment.extensions/demo-deployment with revision #1
Pod Template:
  Labels:   app=demo
    pod-template-hash=9c754c4d9
  Annotations:  kubernetes.io/change-cause: kubectl create --filename=demo_deployment.yaml --record=true
  Containers:
   wangcf-demo:
    Image:  wangchunfa/demo:latest
    Port:   8771/TCP
    Host Port:  0/TCP
    Environment:    <none>
    Mounts: <none>
  Volumes:  <none>

参考

国内环境Kubernetes v1.12.1的安装与配置

文档更新时间: 2019-10-11 03:19   作者:月影鹏鹏