前期实验性的代码:
k8s安装命令(前期测试性)
############################################################################################################################################
############################docker 安装########################################################################
##############################################################################################################
yum update
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io
systemctl start docker
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://q2hy3fzi.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries":["43.138.217.116:8077","0.0.0.0:8077"]
}
EOF
systemctl daemon-reload && systemctl restart docker
systemctl enable docker
docker --version
yum list installed | grep docker
yum remove docker-buildx-plugin.x86_64 docker-compose-plugin.x86_64
yum install docker-ce-20.10.0-3.el7 docker-ce-cli-20.10.0-3.el7 containerd.io-20.10.0-3.el7
############################################################################################################################################
############################k8s 安装########################################################################
##############################################################################################################
# cat /sys/class/dmi/id/product_uuid
lsmod | grep br_netfilter
modprobe br_netfilter
#smod | grep br_netfilter
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
#开启桥接模式(不懂,官网说的,不需要配置什么host操蛋玩意)
##设置iptables不对bridge的数据进行处理,启用IP路由转发功能
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
#查询配置
sysctl --system
#配置防火墙允许所有数据包通过 #防火墙关闭了就不用执行
firewall-cmd --set-default-zone=trusted
firewall-cmd --get-default-zone
#systemctl status firewalld
#ls /run
swapoff -a
#selnux配置文件 cat /etc/selinux/config
setenforce 0
getenforce #查询命令
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=disable/' /etc/selinux/config
#########################和外网|或用http代理唯一的区别就在这里(外网能下载这些镜像而已)
#如果出现问题,不要找这些镜像的问题。请用 kubectl describe pod xxxxx 查看问题
#之前就是查看yaml文件,发现人家的镜像是这个样子的registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/metrics-scraper:v1.0.4@sha256:555981a24f184420f3be0c79d4efb6c948a85cfce84034f85a563f4151a81cbf
#然后拼命找 digest的问题。其实这是自带的一种唯一标记根本不用管
#配置yum源
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#配置完yum源设置
sysctl --system
#其他
#yum clean all
#yum makecache
#yum makecache fast
#其他
yum list kubeadm --showduplicates | sort -r
##--disableexcludes=kubernetes 禁掉除了这个之外的别的仓库
yum install -y kubelet-1.21.2-0 kubeadm-1.21.2-0 kubectl-1.21.2-0 --disableexcludes=kubernetes
yum remove -y kubelet-1.21.2-0 kubeadm-1.21.2-0 kubectl-1.21.2-0 --disableexcludes=kubernetes
systemctl enable --now kubelet
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
#kubectl get cm -n kube-system | grep kubelet-config
#要根据这个命令列出的镜像,用阿里云下载并tag为这些镜像
kubeadm config images list
yum list kubeadm --showduplicates | sort -r
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.14
docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.14 k8s.gcr.io/kube-apiserver:v1.21.14
docker rmi registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.14
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.14
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.14 k8s.gcr.io/kube-controller-manager:v1.21.14
docker rmi registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.14
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.14
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.14 k8s.gcr.io/kube-scheduler:v1.21.14
docker rmi registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.14
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.21.14
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.21.14 k8s.gcr.io/kube-proxy:v1.21.14
docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.21.14
docker pull registry.aliyuncs.com/google_containers/pause:3.4.1
docker tag registry.aliyuncs.com/google_containers/pause:3.4.1 k8s.gcr.io/pause:3.4.1
docker rmi registry.aliyuncs.com/google_containers/pause:3.4.1
docker pull registry.aliyuncs.com/google_containers/etcd:3.4.13-0
docker tag registry.aliyuncs.com/google_containers/etcd:3.4.13-0 k8s.gcr.io/etcd:3.4.13-0
docker rmi registry.aliyuncs.com/google_containers/etcd:3.4.13-0
docker pull coredns/coredns:1.8.0
docker tag docker.io/coredns/coredns:1.8.0 k8s.gcr.io/coredns/coredns:v1.8.0
docker rmi docker.io/coredns/coredns:1.8.0
#########################和外网|或用http代理唯一的区别就在这里(外网能下载这些镜像而已)
##########毛参数都不用带,,,有默认值放心。默认address使用的是内网地址,
####重点:k8s要部署在阿里云的同一地域且同一区
kubeadm init
kubeadm init --pod-network-cidr=192.168.0.0/16 #配置网络插件的时候用到
rm -f $HOME/.kube/config
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
#docker images
#docker ps
# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml
kubectl get po -A
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
# 然后静待花开,如果花儿迟迟不开,那恭喜你,服务所需的镜像可能被墙了,你可以选择寻找对应版本的镜像,使用tag这种形式来重新命名,或者你继续等待,查看正在进行的详情
# 我们使用 describe:显示一个指定 resource 或者 group 的 resources 详情
# 指定pods名称和命名空间,查看到详情,会看到目前正卡在 “quay.io/coreos/flannel:v0.12.0-amd64” 这个镜像的拉取上
kubectl describe pod kube-flannel-ds-zwz99 -n kube-flannel
kubectl logs kube-flannel-ds-zwz99 -n kube-flannel
#可以使用 docker image ls 或 docker images 查看本地镜像列表。 如需查看远程镜像仓库中的镜像,可以使用 docker search [仓库名] 查询。
docker search flannel-cni-plugin
#卡在下面两个
docker pull flannelcni/flannel-cni-plugin:v1.1.2
docker pull flannel/flannel:v0.22.0
# docker.io/flannel/flannel-cni-plugin:v1.1.2
# docker pull flannelcni/flannel-cni-plugin:v1.1.2
# docker tag registry.cn-shenzhen.aliyuncs.com/myownmirrors/quay.io_coreos_flannel:v0.12.0-amd64 quay.io/coreos/flannel:v0.12.0-amd64
# docker rmi registry.cn-shenzhen.aliyuncs.com/myownmirrors/quay.io_coreos_flannel:v0.12.0-amd64
#查看tocken指令
kubeadm token create --print-join-command
kubeadm join 172.19.1.193:6443 --token vg3uyn.37zies0xxm3bgm9r --discovery-token-ca-cert-hash sha256:109645b4faaae35e16b68a448ef69d7bb9cdb03a832adfb4e04875d0f071cef8
kubectl reset
echo 1 > /proc/sys/net/ipv4/ip_forward
############################################################################################################################################
############################################################################################################################################
############################################################################################################################################
###########问题:用下面的命令
# Events:
# Type Reason Age From Message
# ---- ------ ---- ---- -------
# Warning FailedScheduling 65s (x2 over 66s) default-scheduler 0/1 nodes are available: 1 node(s) had taint {node.kubernetes.io/disk-pressure: }, that the pod didn't tolerate.
#直译意思是节点有了污点无法容忍,执行 kubectl get no -o yaml | grep taint -A 5 之后发现该节点是不可调度的。这是因为kubernetes出于安全考虑默认情况下无法在master节点上部署pod,于是用下面方法解决:
kubectl taint nodes --all node-role.kubernetes.io/master-
##########还是不行,必须配置了 node才能安装dashboard##############
####没用命令:不停操作dashboard,是没用的。
kubectl delete deploy xxxxxxx
kubectl delete svc xxxxxxx
########################
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
#kubectl proxy --address='0.0.0.0' --accept-hosts='^*$'
#对比下面的命令这个命令显得没什么用,不仅麻烦还要结合nginx代理。 下面的命令就有nginx的功能
kubectl port-forward --namespace kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 443:443
#浏览器打开
https://47.102.187.234
#查看/使用默认的token
kubectl get secret -n=kube-system
kubectl describe secret -n=kube-system default-xxxx-xxxxxxxxxxx
#添加用户,使用超级权限的token
cat > dashboard-admin.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
kubectl apply -f dashboard-admin.yaml
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
kubectl port-forward --namespace kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 443:443
kubectl port-forward --namespace kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 443:443
kubectl port-forward --namespace kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 443:443
##########问题1:
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn·t running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.
######### 原因:驱动不一致,都使用默认的cgroupfs就可以了,百度破教程乱搞 修改了docker的默认驱动
docker info | grep Cgroup #查看使用的驱动
#修改文件(默认没有这个文件,这是根据网上抄的)
vim /etc/docker/daemon.json
cat > /etc/docker/daemon.json <<EOF
EOF
kubeadm reset
kubeadm init
报错内容:node notReady
命令查看: kubectl describe nodes xxx 没有任何问题
回头看 pod: kubectl get po -A 发现了很多pod都有问题,挨个describe
<<EOF
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 22m default-scheduler Successfully assigned kube-system/kube-proxy-wkdkp to ceshi1
Warning FailedCreatePodSandBox 7m24s (x28 over 22m) kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed pulling image "k8s.gcr.io/pause:3.4.1": Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Normal BackOff 2m31s (x6 over 5m15s) kubelet Back-off pulling image "k8s.gcr.io/kube-proxy:v1.21.2"
EOF
################过户到 node ceshi1 下面,,,,,,这个概念重要了,,造成原来因为科学上网已经下载的镜像要在node上重新下载,因为这个pod已经在node上运行
######################istio示例
#常用这两个命令排错
kubectl get nodes
kubectl get po -A
curl -L https://istio.io/downloadIstio | sh -
ls
cd istio-1.10.1
export PATH=$PWD/bin:$PATH
istioctl install --set profile=demo -y
kubectl label namespace default istio-injection=enabled
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
kubectl get pods
####查看所有的镜像,重点:在只有一个node的时候,在master node上还是有istio的镜像的,两个node干脆就都在node上运行了,,,起多个服务的的也会平摊下去,比如istio/examples-bookinfo-reviews-v3 起两个服务,非别在两台机器上运行
docker images -a #在node节点上运行
#kubectl get pods
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -s productpage:9080/productpage | grep -o "<title>.*</title>"
kubectl get svc istio-ingressgateway -n istio-system
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
echo "$GATEWAY_URL"
echo "http://$GATEWAY_URL/productpage"
#http://172.19.186.77:31500/productpage
#这个某个node节点的内网IP,之前Minikube和主从双节点结构都显示的是master节点的内网IP
ubectl get svc
#在外网的浏览器上运行(仅仅需要下面一条命令,之前因为这点花了很长时间【1 用expore 2用nginx正向代理 好多方式)
kubectl port-forward --address 0.0.0.0 service/productpage 7080:9080
172.16.0.8
docker run -d \
--restart=unless-stopped \
--name=kuboard \
-p 18080:80/tcp \
-p 10081:10081/tcp \
-e KUBOARD_ENDPOINT="http://172.16.0.8:80" \
-e KUBOARD_AGENT_SERVER_TCP_PORT="10081" \
-v /root/kuboard-data:/data \
swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3
#查看k8s的apiserver-config
cat /etc/kubernetes/manifests/kube-apiserver.yaml
172.16.0.8:6443
cat $HOME/.kube/config
#部署flannel网络插件时发现flannel一直处于CrashLoopBackOff状态,查看日志提示没有分配cidr
# 解决
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
# 增加参数:
--allocate-node-cidrs=true
--cluster-cidr=10.244.0.0/16
systemctl restart kubelet
#内网不在一个网段的两台云服务器搭建K8S 遇到的坑及解决方案
https://blog.youkuaiyun.com/qq_33996921/article/details/103529312
### join失败
telnet 172.16.0.8 6443
iptables -t nat -A OUTPUT -d 172.16.0.8 -j DNAT --to-destination 159.75.245.187
#
docker pull calico/cni:v3.14.2
docker pull calico/cni:v3.14.2
docker pull calico/pod2daemon-flexvol:v3.14.2
docker pull calico/node:v3.14.2
docker pull calico/kube-controllers:v3.14.2
wget https://docs.projectcalico.org/v3.14/manifests/calico.yaml --no-check-certificate
把两个#及#后面的空格去掉,并把192.168.0.0/16改成10.244.0.0/16
# no effect. This should fall within `--cluster-cidr`.
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16"
grep image calico.yaml
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
