安装Docker

使用阿里云的镜像一键安装就可以

  1. curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

安装kubelet kubeadm kubectl

因为国内的网络问题,所以我们使用阿里云的镜像

Debain Ubuntu

  1. apt-get update && apt-get install -y apt-transport-https
  2. curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
  4. cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
  5. deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
  6. EOF
  8. apt-get update
  9. apt-get install -y kubelet kubeadm kubectl
  11. ## 另外,你也可以指定版本安装
  12. ## apt-get install kubectl=1.21.3-00 kubelet=1.21.3-00 kubeadm=1.21.3-00

CentOS/RHEL/Fedora

  1. cat <<EOF > /etc/yum.repos.d/kubernetes.repo
  2. [kubernetes]
  3. name=Kubernetes
  4. baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
  5. enabled=1
  6. gpgcheck=1
  7. repo_gpgcheck=1
  8. gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  9. EOF
  10. setenforce 0
  11. yum install -y kubelet kubeadm kubectl
  12. systemctl enable kubelet && systemctl start kubelet
  14. ## 另外,你也可以指定版本安装
  15. ## yum install kubectl-1.21.3-0.x86_64 kubeadm-1.21.3-0.x86_64 kubelet-1.21.3-0.x86_64

Kubeadm初始化

禁用SWAP

  1. sudo swapoff -a

使用阿里云源进行初始化

--pod-network-cidr=10.244.0.0/16会指定网段,否则会导致flannel地址段不同报错

  1. kubeadm init  --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16

疑难解答

通过journalctl -xe查看系统日志

Node NotReady

cgroupfs

如果 kubectl describe node xxx出现

  1. The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

那么执行sudo vi /etc/docker/daemon.json

然后在文件中加入

{
  "exec-opts": ["native.cgroupdriver=systemd"]
}

然后重启docker systemctl restart docker

NetworkPluginNotReady

如果出现

runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized

可以选择执行

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml

然后重新初始化kubeadm即可

kubeadm reset -y
kubeadm init  --image-repository registry.aliyuncs.com/google_containers

The connection to the server localhost:8080 was refused - did you specify the right host or port

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile

kubectl权限不足

在root情况下执行chmod 666 /etc/kubernetes/admin.conf

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

指定Master节点可以运行POD

kubectl taint nodes --all node-role.kubernetes.io/master-

The connection to server x.x.x.x:6443 was refused

sudo swapoff -a
strace -eopenat kubectl version

加入K8S Master

命令

kubeadm join --token <token> <control-plane-host>:<control-plane-port> --discovery-token-ca-cert-hash sha256:<hash>

—token

在Master节点上执行kubeadm token list

—discovery-token-ca-cert-hash

在Master节点上执行

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
   openssl dgst -sha256 -hex | sed 's/^.* //'