Ubuntu 22.04 LTS 基于 Docker 部署 K8S

已于 2023-08-05 16:41:41 修改
阅读量1.9k 收藏 8
点赞数 5
CC 4.0 BY-SA版权
分类专栏: K8S 文章标签: ubuntu kubernetes linux
于 2023-07-27 20:17:49 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_43461724/article/details/131813996

1、安装系统

安装 Ubuntu 22.04 LTS 系统到服务器并换源

2、配置网络连接以及hosts

确保机器可以访问互联网,并向/etc/hosts文件添加以下内容:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

使hosts配置生效:

sudo netplan apply

3、设置root密码、开启ssh服务、允许远程登录root

设置root密码:

sudo passwd root
sudo su

开启ssh服务:

apt install ssh
systemctl start ssh
systemctl enable ssh
systemctl is-enabled ssh

允许远程登录root:

apt install vim
vim /etc/ssh/sshd_config

修改其中PermitRootLogin属性为yes

PermitRootLogin yes

重启:

reboot

4、查看ip、检查是否可以远程登录

apt install net-tools
ifconfig

5、更新包

apt update && apt upgrade

6、安装 docker

安装docker:

sudo apt-get update
sudo apt-get install docker.io -y
sudo systemctl enable --now docker

配置docker使用systemd:
/etc/docker/daemon.json中添加如下内容:

{
"exec-opts":["native.cgroupdriver=systemd"]
}

7、关闭 swap

sudo swapoff -a

注释/etc/fstab文件中以/swap开头的那行

ps: 22.04 LTS 默认加载了 br_netfilter 模块

8、安装 cri-dockerd

检查github.com/Mirantis/cri-dockerd的最新发行版本:

cd ~
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.4/cri-dockerd_0.3.4.3-0.ubuntu-jammy_amd64.deb
dpkg -i cri-dockerd_0.3.4.3-0.ubuntu-jammy_amd64.deb

ps:连接不上可以找github加速站,如:

wget http://ghproxy.com/github.com/Mirantis/cri-dockerd/releases/download/v0.3.4/cri-dockerd_0.3.4.3-0.ubuntu-jammy_amd64.deb

启动并配置开机启动:

sudo systemctl enable --now cri-docker.service
sudo systemctl enable --now cri-docker.socket

9、安装 kubeadm、kubelet、kubectl

安装所需包:

sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl

配置密钥:

curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg

配置源:

echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] http://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

*ps:如果安装kubeadm、kubelet、kubectl很慢的话可以换别的源试试,比如清华源:

echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/apt kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

安装kubeadm、kubelet、kubectl:

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

10、Master节点 kubeadm 初始化前准备工作(重要)

测试 docker image 拉取,由于网络问题测试会失败:

sudo kubeadm config images pull --cri-socket unix:///run/cri-dockerd.sock

查看所需images:

sudo kubeadm config images list

(示例)需要以下镜像:

registry.k8s.io/kube-apiserver:v1.27.4
registry.k8s.io/kube-controller-manager:v1.27.4
registry.k8s.io/kube-scheduler:v1.27.4
registry.k8s.io/kube-proxy:v1.27.4
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.7-0
registry.k8s.io/coredns/coredns:v1.10.1

手动从国内镜像站 pull 下来:

sudo docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.4
sudo docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.4
sudo docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.4
sudo docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.27.4
sudo docker pull registry.aliyuncs.com/google_containers/pause:3.9
sudo docker pull registry.aliyuncs.com/google_containers/etcd:3.5.7-0
# coredns的url需要改变一下,具体随机应变吧
sudo docker pull registry.aliyuncs.com/google_containers/coredns:v1.10.1

查看docker images列表确认无误:

sudo docker images

给 pull 下来的镜像打上 kubeadm 需要的 tag:

sudo docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.4 registry.k8s.io/kube-apiserver:v1.27.4
sudo docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.4 registry.k8s.io/kube-controller-manager:v1.27.4
sudo docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.4 registry.k8s.io/kube-scheduler:v1.27.4
sudo docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.27.4 registry.k8s.io/kube-proxy:v1.27.4
sudo docker tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.9
sudo docker tag registry.aliyuncs.com/google_containers/etcd:3.5.7-0 registry.k8s.io/etcd:3.5.7-0
sudo docker tag registry.aliyuncs.com/google_containers/coredns:v1.10.1 registry.k8s.io/coredns/coredns:v1.10.1

导出kubeadm默认配置文件:

cd ~
sudo kubeadm config print init-defaults > kubeadm-init-config.yaml

内容如下:

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 1.2.3.4
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: node
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}

需要修改的属性:advertiseAddress criSocket name imageRepository

advertiseAddress: 为master的ip
criSocket: unix:///run/cri-dockerd.sock
name: xa-C92-00 #这里使用host name
imageRepository: registry.aliyuncs.com/google_containers

需要增加的属性:

podSubnet: 10.244.0.0/16

修改后:

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.31.9
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///run/cri-dockerd.sock
  imagePullPolicy: IfNotPresent
  name: C92-00-Master
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16
scheduler: {}

11、Master节点 kubeadm 初始化及排错

尝试初始化

# 替换为配置文件具体路径
sudo kubeadm init --config /root/kubeadm-init-config.yaml

报错1:timed out waiting for condition

[init] Using Kubernetes version: v1.27.0
[preflight] Running pre-flight checks
	[WARNING Hostname]: hostname "node" could not be reached
	[WARNING Hostname]: hostname "node": lookup node on 127.0.0.53:53: server misbehaving
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
W0723 02:07:59.688150    9181 checks.go:835] detected that the sandbox image "registry.k8s.io/pause:3.6" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.aliyuncs.com/google_containers/pause:3.9" as the CRI sandbox image.
······
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.

Unfortunately, an error has occurred:
	timed out waiting for the condition

This error is likely caused by:
	- The kubelet is not running
	- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
	- 'systemctl status kubelet'
	- 'journalctl -xeu kubelet'

Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI.
Here is one example how you may list all running Kubernetes containers by using crictl:
	- 'crictl --runtime-endpoint unix:///run/cri-dockerd.sock ps -a | grep kube | grep -v pause'
	Once you have found the failing container, you can inspect its logs with:
	- 'crictl --runtime-endpoint unix:///run/cri-dockerd.sock logs CONTAINERID'
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher

大概率是pull所需镜像超时导致的,把需要的镜像手动pull下来打tag即可

排错1:

首先查看日志:

sudo journalctl -xeu kubelet

关键内容如下:

7月 23 02:15:33 xa-C92-00 kubelet[9329]: E0723 02:15:33.493930    9329 kuberuntime_sandbox.go:72] "Failed to create sandbox for pod" err="rpc error: code = Unknown desc = failed pulling image \"registry.k8s.io/pause:3.6\": Error response from daemon: Head \"https://europe-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\": dial tcp 142.250.157.82:443: i/o timeout" pod="kube-system/kube-apiserver-node"
7月 23 02:15:33 xa-C92-00 kubelet[9329]: E0723 02:15:33.493995    9329 kuberuntime_manager.go:1122] "CreatePodSandbox for pod failed" err="rpc error: code = Unknown desc = failed pulling image \"registry.k8s.io/pause:3.6\": Error response from daemon: Head \"https://europe-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\": dial tcp 142.250.157.82:443: i/o timeout" pod="kube-system/kube-apiserver-node"
7月 23 02:15:33 xa-C92-00 kubelet[9329]: E0723 02:15:33.494130    9329 pod_workers.go:1294] "Error syncing pod, skipping" err="failed to \"CreatePodSandbox\" for \"kube-apiserver-node_kube-system(14e1efb20b920f675a7fa970063ebe82)\" with CreatePodSandboxError: \"Failed to create sandbox for pod \\\"kube-apiserver-node_kube-system(14e1efb20b920f675a7fa970063ebe82)\\\": rpc error: code = Unknown desc = failed pulling image \\\"registry.k8s.io/pause:3.6\\\": Error response from daemon: Head \\\"https://europe-west2-docker.pkg.dev/v2/k8s-artifacts-prod/images/pause/manifests/3.6\\\": dial tcp 142.250.157.82:443: i/o timeout\"" pod="kube-system/kube-apiserver-node" podUID=14e1efb20b920f675a7fa970063ebe82
7月 23 02:15:34 xa-C92-00 kubelet[9329]: W0723 02:15:34.624010    9329 reflector.go:533] vendor/k8s.io/client-go/informers/factory.go:150: failed to list *v1.RuntimeClass: Get "https://192.168.31.9:6443/apis/node.k8s.io/v1/runtimeclasses?limit=500&resourceVersion=0": dial tcp 192.168.31.9:6443: connect: connection refused
7月 23 02:15:34 xa-C92-00 kubelet[9329]: E0723 02:15:34.624195    9329 reflector.go:148] vendor/k8s.io/client-go/informers/factory.go:150: Failed to watch *v1.RuntimeClass: failed to list *v1.RuntimeClass: Get "https://192.168.31.9:6443/apis/node.k8s.io/v1/runtimeclasses?limit=500&resourceVersion=0": dial tcp 192.168.31.9:6443: connect: connection refused
7月 23 02:15:35 xa-C92-00 kubelet[9329]: W0723 02:15:35.027372    9329 reflector.go:533] vendor/k8s.io/client-go/informers/factory.go:150: failed to list *v1.CSIDriver: Get "https://192.168.31.9:6443/apis/storage.k8s.io/v1/csidrivers?limit=500&resourceVersion=0": dial tcp 192.168.31.9:6443: connect: connection refused

可以定位到问题是failed pulling image \"registry.k8s.io/pause:3.6\",所以重新手动下载该镜像并tag:

sudo docker pull registry.aliyuncs.com/google_containers/pause:3.6
sudo docker tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6

重置kubeadm:

sudo kubeadm reset -f --cri-socket unix:///run/cri-dockerd.sock

ps:如此会残留CNI配置、iptables配置、IPVS配置、etcd状态,如果reset后还有问题的话可以手动清理(参考):

# 清理iptables
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
# 清理CNI配置
rm -rf /etc/cni/*
# 清理iptables配置
rm -rf /var/lib/etcd/*
# 清理其他杂项
rm -rf /etc/ceph \
    /etc/cni \
    /opt/cni \
    /run/secrets/kubernetes.io \
    /run/calico \
    /run/flannel \
    /var/lib/calico \
    /var/lib/cni \
    /var/lib/kubelet \
    /var/log/containers \
    /var/log/kube-audit \
    /var/log/pods \
    /var/run/calico \
    /usr/libexec/kubernetes

继续重试kubeadm 初始化

# 替换为配置文件具体路径
sudo kubeadm init --config /root/kubeadm-init-config.yaml

如果看到以下内容就成功了:

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.31.9:6443 --token abcdef.0123456789abcdef \
	--discovery-token-ca-cert-hash sha256:d35887853c98044495f91251a878376333870dd7b622161d18b172ebb2284e8d

最后根据上述提示执行命令(实例为root用户):

# 临时生效 如需永久生效可以修改/etc/environment文件添加环境变量
export KUBECONFIG=/etc/kubernetes/admin.conf

12、检查 Master 节点上 Pod 运行状况

查看所有pod:

kubectl get pod -A

可以看到coredns组件一直处于pending状态:

NAMESPACE     NAME                           READY   STATUS    RESTARTS   AGE
kube-system   coredns-7bdc4cb885-5jqgk       0/1     Pending   0          12m
kube-system   coredns-7bdc4cb885-n6smf       0/1     Pending   0          12m
kube-system   etcd-node                      1/1     Running   0          12m
kube-system   kube-apiserver-node            1/1     Running   0          12m
kube-system   kube-controller-manager-node   1/1     Running   0          12m
kube-system   kube-proxy-nbn2r               1/1     Running   0          12m
kube-system   kube-scheduler-node            1/1     Running   0          12m

先查看 kubelet 日志:

sudo journalctl -u kubelet -f

kubelet 日志内容如下:

723 02:59:33 xa-C92-00 kubelet[10755]: E0723 02:59:33.780224   10755 kubelet.go:2760] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"

再查看该 Pod 日志:

# 替换具体pod name; 记得指定namespace;
sudo kubectl logs coredns-7bdc4cb885-5jqgk --namespace=kube-system

Pod 日志内容如下:

E0723 02:57:34.887767   11558 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused

根据network plugin is not ready: cni config uninitialized可以知道是尚未安装网络插件的问题(参照步骤14安装Calico后会解决)

13、Node 节点加入集群

参照上面步骤为 Node 节点安装 kubelet kubeadm kubectl
之后 Master 节点执行以下命令以查看 Node 节点加入集群的命令:

sudo kubeadm token create --print-join-command

在 Node 节点执行上面显示的命令(记得指定cri-socket):

sudo kubeadm join 192.168.31.9:6443 --token pm4bmp.5qu7nqswvav4kd6s --discovery-token-ca-cert-hash sha256:d35887853c98044495f91251a878376333870dd7b622161d18b172ebb2284e8d --cri-socket unix:///run/cri-dockerd.sock

看到以下内容表示 Node 节点成功加入集群:

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

之后在 Master 节点上查看加入集群的节点:

kubectl get nodes

ps:如果报couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused的话,大概率是终端断连导致之前export的环境变量失效了,可以在/etc/environment文件中加入KUBECONFIG="/etc/kubernetes/admin.conf"以使环境变量永久生效

14、Master 节点安装 Calico 网络插件(踩坑比较多建议看完再动手)

现在跟随Calico官网安装教程的指引,为集群安装Calico网络插件:

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml

报错2:

The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port?

由于网络问题域名解析出错

排错2:

我们直接手动下载tigera-operator.yaml后ftp到 Master 节点的/root目录下,重试:

kubectl create -f /root/tigera-operator.yaml

继续,将custom-resources.yamlhttps://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml手动下载,内容如下:

# This section includes base Calico installation configuration.
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  name: default
spec:
  # Configures Calico networking.
  calicoNetwork:
    # Note: The ipPools section cannot be modified post-install.
    ipPools:
    - blockSize: 26
      cidr: 192.168.0.0/16
      encapsulation: VXLANCrossSubnet
      natOutgoing: Enabled
      nodeSelector: all()

---

# This section configures the Calico API server.
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
  name: default
spec: {}

其中应修改cidr: 192.168.0.0/16属性为kubeadm配置文件中podSubnet: 10.244.0.0/16属性指定的ip段(10.244.0.0/16
之后继续部署pod:

kubectl create -f /root/custom-resources.yaml

查看所有 Pod:

kubectl get pod -A

NAMESPACE         NAME                                       READY   STATUS                  RESTARTS   AGE
calico-system     calico-kube-controllers-67cb4686c7-dllhw   0/1     Pending                 0          8m38s
calico-system     calico-node-24zzc                          0/1     Init:ImagePullBackOff   0          8m39s
calico-system     calico-node-2s6gl                          0/1     Init:0/2                0          8m39s
calico-system     calico-typha-5d9d547f8-f4w48               0/1     ContainerCreating       0          8m40s
calico-system     csi-node-driver-f8r58                      0/2     ContainerCreating       0          8m38s
calico-system     csi-node-driver-szt4w                      0/2     ContainerCreating       0          8m39s
kube-system       coredns-7bdc4cb885-mtpq4                   0/1     Pending                 0          64m
kube-system       coredns-7bdc4cb885-pxwbc                   0/1     Pending                 0          64m
kube-system       etcd-c92-00-master                         1/1     Running                 0          64m
kube-system       kube-apiserver-c92-00-master               1/1     Running                 0          64m
kube-system       kube-controller-manager-c92-00-master      1/1     Running                 0          64m
kube-system       kube-proxy-6nzkm                           1/1     Running                 0          64m
kube-system       kube-proxy-thdjg                           1/1     Running                 0          61m
kube-system       kube-scheduler-c92-00-master               1/1     Running                 0          64m
tigera-operator   tigera-operator-5f4668786-pv8cw            1/1     Running                 0          34m

报错3:Init:ImagePullBackOff

查看报错:

kubectl describe pod calico-node-24zzc --namespace calico-system

Events:
  Type     Reason     Age                    From               Message
  ----     ------     ----                   ----               -------
  Normal   Scheduled  7m32s                  default-scheduler  Successfully assigned calico-system/calico-node-24zzc to c92-00-master
  Normal   BackOff    3m52s                  kubelet            Back-off pulling image "docker.io/calico/pod2daemon-flexvol:v3.26.1"
  Warning  Failed     3m52s                  kubelet            Error: ImagePullBackOff
  Normal   Pulling    3m39s (x2 over 7m27s)  kubelet            Pulling image "docker.io/calico/pod2daemon-flexvol:v3.26.1"
  Warning  Failed     6s (x2 over 3m53s)     kubelet            Failed to pull image "docker.io/calico/pod2daemon-flexvol:v3.26.1": rpc error: code = Canceled desc = context canceled
  Warning  Failed     6s (x2 over 3m53s)     kubelet            Error: ErrImagePull

可以看到是由于网络问题 pull 不下来 image docker.io/calico/pod2daemon-flexvol:v3.26.1
之后同上查看其他calico-system命名空间下的Pods,其中calico-typha-5d9d547f8-f4w48提示无法拉取docker.io/calico/typha:v3.26.1

排错3:

可以看到calico版本为V3.26.1,前往https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml查看所有image:属性后的内容;查看tigera-operator.yaml文件image:属性后的内容;
综上可以得知需要以下image:

docker.io/calico/cni:v3.26.1
docker.io/calico/node:v3.26.1
docker.io/calico/kube-controllers:v3.26.1
docker.io/calico/pod2daemon-flexvol:v3.26.1
docker.io/calico/typha:v3.26.1
docker.io/calico/apiserver:v3.26.1
quay.io/tigera/operator:v1.30.4

修改docker配置文件/etc/docker/daemon.json配置docker镜像站:

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": ["https://ynye4lmg.mirror.aliyuncs.com","https://hub-mirror.c.163.com","https://mirror.baidubce.com"]
}

systemctl restart docker

分别在 Master 和 Node 节点上手动pull镜像:

docker pull docker.io/calico/cni:v3.26.1
docker pull docker.io/calico/node:v3.26.1
docker pull docker.io/calico/kube-controllers:v3.26.1
docker pull docker.io/calico/pod2daemon-flexvol:v3.26.1
docker pull docker.io/calico/typha:v3.26.1
docker pull docker.io/calico/apiserver:v3.26.1
docker pull quay.io/tigera/operator:v1.30.4

回退部署:

kubectl delete -f customer-resources.yaml --grace-period=0
kubectl delete -f tigera-operator.yaml --grace-period=0

重试部署:

kubectl create -f /root/tigera-operator.yaml
kubectl create -f /root/custom-resources.yaml

ps:如果回退部署有问题,可以重置一下K8S,再用kubeadm重新初始化

sudo kubeadm reset -f --cri-socket unix:///run/cri-dockerd.sock
# 记得根据之前重置k8s的内容清理残余项

最后查看一下所有 pod 和 node:

kubectl get pods -A
kubectl get nodes

status
可以看到全部正常运行了

Ubuntu 22.04 LTS安装 Docker
bp_xy123的博客
03-19 858
2.安装 Docker Engine、containerd 和 Docker Compose。此命令下载测试镜像并在容器中运行它。当 容器运行,它会打印确认消息并退出。2.更新软件包索引并安装软件包以允许使用 基于 HTTPS 的存储库。1.先卸载旧版,如果没有的话,就不用执行了。安装 Docker 引擎。
Ubuntu22.04.1 LTS系统下安装K8S1.28.2
weixin_39761731的博客
12-06 1399
方式一:原则上安装系统时,直接禁止swap分区。方式二:关闭swap关闭系统的Swap方法如下:swapoff -a同时还需要修改/etc/fstab文件,注释掉SWAP的自动挂载,防止服务器重启后swap启用。注释swap这一行后保存退出重启后通过sudo swapon --show检查,输入空为关闭成功k8s的swappiness参数调整,修改配置文件,添加下面一行:执行以下命令使修改生效:sysctl -p /etc/sysctl.d/k8s.conf。
Docker安装Ubuntu22.04LTS
Jerwy_Suy的博客
01-17 961
补充一下对docker的了解,参考书《深入浅出Docker
ubuntu 22.04 换源
最新发布
zxw的博客
05-08 1074
参考:清华大学开源软件镜像站ubuntu | 镜像站使用帮助 | 清华大学开源软件镜像站 | Tsinghua Open Source Mirror
Ubuntu22安装K8S实战
codemaster1024的博客
04-15 2172
现在k8s基本上是每一个后端开发人员必学的技术了,为了能够花费最小的成本学习k8s技术,我用自己的电脑跑了三个虚拟机节点,并希望在这三个节点上安装k8s 1.26版本,部署成一个master两个node的架构来满足最基本的学习;下面我们就来逐步讲解整个安装过程。
Ubuntu 22-04 LTS 安装docker
weixin_46179393的博客
02-15 598
ubuntu安装docker
Ubuntu 22.04 LTS安装 Docker
风之飘渺
09-14 1663
单台机器安装docker环境,是为了后面安装open-webui,环境安装比较简单,没有难点,但一定要按步骤走,否则还是会遇到一些问题的。
Ubuntu 22.04 LTS K8S 基于 NFS 创建 StorageClass
weixin_43461724的博客
08-05 647
Ubuntu 22.04 LTS K8S 基于 NFS 创建 StorageClass
Ubuntu 22.04.05 Ceph Reef (v18.2.4) 集群部署指南
yoritian的博客
04-12 2088
虽然 OpenShift 4.17 基于 Kubernetes 较新版本(通常与 OCP 版本号接近,但需查阅具体 OCP 4.17 文档确认其 K8s 版本),但 Ceph CSI v3.12.3 与 OpenShift 4.17 的兼容性依赖于 CSI 规范的实现和 Kubernetes API 的兼容性。总结而言,虽然 OpenShift 4.17、Ceph Reef v18.2.4 和 Ceph CSI v3.12.3 在技术上可以集成,但这属于社区支持范畴,而非 Red Hat 官方支持的配置。
Ubuntu22.04 CI/CD jenkins+harbor+gitlab+docker 搭建
take_a_six_alone的博客
06-01 1007
整合了一下三件套的安装步骤当个笔记了
Ubuntu 22.04系统安装部署Kubernetes v1.29.13集群
weixin_50471413的博客
02-02 1376
Kubernetes(简称 K8s)是一个开源的容器编排平台,它能够自动化地部署、扩展和管理容器化应用。Kubernetes 支持的容器运行时包括 Docker 和 containerd 等。它通过提供集群管理、服务发现、负载均衡、自动扩展等功能,极大地简化了容器化应用的管理。Master 节点(控制平面)API Server:Kubernetes 控制平面的入口,所有的 API 请求都会经过它,它负责协调集群中的各项操作。Scheduler:负责监控集群中的资源情况,并将 Pod 调度到合适的节点上。
最详细的ubuntu 安装 docker教程,文末获取实用干货大礼包!
热门推荐
Tester_muller的博客
06-28 8万+
Docker是一种流行的容器化平台,它能够简化应用程序的部署和管理。本文将介绍在Ubuntu操作系统上安装Docker的步骤,以便我们可以开始使用Docker来构建和运行容器化应用程序。
ubuntu22安装k8s-1.24.17
make_progress的博客
08-01 1251
⚠️ 注意:此处的集群环境⚠️ 注意:docker版本:20.10.24,为了兼容k8s版本,此版本自带docker compose。
ubuntu22.04使用kubeadm部署k8s集群
BY_xiaopeng的博客
08-22 1559
ubuntu22.04使用kubeadm部署一个k8s集群,1个master+2个worker节点。
Ubuntu 22.04 LTS安装docker以及docker-compose
qq_52231465的博客
07-30 1689
此网址是docker-compose的github网址。
Ubuntu 22.04安装Docker
hanshiqin的专栏
06-06 708
您可以按照以下步骤在Ubuntu 22.04安装Docker: 更新系统软件包: sudo apt update 安装依赖包: sudo apt install -y apt-transport-https ca-certificates curl software-properties-common 添加Docker官方GPG密钥: curl -fsSL https://down...
Ubuntu22.04 安装 docker
烁的博客
09-20 1036
并且你使用 Ubuntu 桌面或服务器版本,亦或者其他 Ubuntu 变种如 Lubuntu 、Kubuntu 、Xubuntu ,都不重要。只要你的系统内核版本不低于 3.10 ,并且是 64 位系统,Docker 都会正常运行。正如上面你看到的那样,我的 Ubuntu 系统内核版本是 6.2.0-33-generic 并且系统架构是 64 位(x86_64 x86_64 x86_64 GNU/Linux)。当然你也可以安装其他版本 Docker。运行下列命令检查可以安装Docker 版本。
树莓派 Ubuntu 22.04.1 LTS 安装docker、青龙面板记录
sinat_35272898的博客
03-02 2426
树莓派 Ubuntu 22.04.1 LTS ,ssh登录,安装docker安装青龙面板
Ubuntu22.04安装docker
钟言的博客
01-29 2万+
本篇为Ubuntu22.04版本操作系统下安装Docker的教程,详细内容包含了认识docker 查看Docker的依赖 在Ubuntu22.04安装Docker步骤 1、更新Ubuntu 2、添加Docker3安装Docker 4、Docker测试等内容。
ubuntu22.04安装部署k8s podman
03-27
### 在 Ubuntu 22.04 上通过 Podman 部署 Kubernetes (k8s) 环境 尽管传统的 Kubernetes 集群通常依赖于 Docker 或 Containerd 作为容器运行时,但也可以使用 **Podman** 来替代这些工具。以下是详细的安装和配置指南。 --- #### 一、环境准备 在开始之前,请确保已经完成以下操作: 1. 下载并安装 Ubuntu Server 22.04 LTS 操作系统[^1]。 - 可以从官方下载地址或阿里云镜像站点获取 ISO 文件。 2. 关闭防火墙和服务冲突设置: ```bash sudo systemctl disable --now ufw ``` 3. 设置服务器时区为亚洲/上海,并重启时间同步服务: ```bash sudo timedatectl set-timezone Asia/Shanghai sudo systemctl restart systemd-timesyncd.service ``` 使用 `timedatectl status` 查看当前状态[^3]。 4. 禁用 Swap 分区: 编辑 `/etc/fstab` 文件,注释掉与 Swap 相关的行,然后执行以下命令禁用 Swap: ```bash sudo swapoff -a ``` --- #### 二、安装必要的软件包 为了支持 Kubernetes部署,需要先安装一些基础组件。 1. 更新系统包管理器索引: ```bash sudo apt update && sudo apt upgrade -y ``` 2. 安装必备工具: ```bash sudo apt install -y curl wget net-tools git jq ``` 3. 添加 Kubernetes 软件源: ```bash sudo sh -c &#39;echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list&#39; curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt-get update ``` 4. 安装 kubelet、kubeadm 和 kubectl: ```bash sudo apt install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl ``` --- #### 三、安装 Podman 并将其设为默认容器运行时 1. 安装 Podman: ```bash sudo apt install -y podman ``` 2. 创建 CRI-O 插件所需的目录结构(如果尚未存在): ```bash sudo mkdir -p /etc/systemd/system/containerd.service.d/ ``` 3. 修改 Kubelet 配置以指定 Podman 作为运行时: 编辑 `/etc/default/kubelet` 文件,添加以下内容: ```bash KUBELET_EXTRA_ARGS="--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/podman/podman.sock" ``` 4. 启动并启用 Podman Socket: ```bash sudo systemctl enable --now podman.socket ``` --- #### 四、初始化 Kubernetes 主节点 1. 初始化主节点: 执行以下命令来启动 Kubernetes 控制平面: ```bash sudo kubeadm init \ --kubernetes-version=v1.28.2 \ --apiserver-advertise-address=<MASTER_IP> \ --image-repository registry.aliyuncs.com/google_containers \ --upload-certs \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16 ``` 替换 `<MASTER_IP>` 为主节点的实际 IP 地址[^2]。 2. 配置 kubeconfig 文件: 将管理员权限授予当前用户: ```bash mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config ``` 3. 验证集群状态: ```bash kubectl get nodes ``` --- #### 五、安装网络插件 Kubernetes 需要一个网络插件才能使 Pods 正常通信。推荐使用 Flannel 或 Calico。 1. 应用 Calico 网络插件: ```bash kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.1/manifests/tigera-operator.yaml kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.1/manifests/custom-resources.yaml ``` 2. 验证网络插件是否已生效: ```bash kubectl get pods -n kube-system ``` --- #### 六、加入工作节点 在其他工作节点上执行以下命令以加入到主节点中: ```bash sudo kubeadm join <MASTER_IP>:<PORT> --token <TOKEN> --discovery-token-ca-cert-hash sha256:<HASH> ``` 此命令会在主节点初始化完成后显示出来。 --- ### 总结 上述步骤展示了如何在 Ubuntu 22.04 上利用 Podman 构建 Kubernetes 集群的过程。需要注意的是,虽然 Podman 是一种强大的容器引擎,但在某些场景下可能不如传统方案成熟,因此建议测试其兼容性和稳定性后再投入生产环境。 ---
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值