基于KubeAdm搭建多节点K8S集群

1、基本流程（注意 docker 版本和kubeadm、kubelet、kubectl的关系）

k8s 搭建 流程 ： CentOs => utils依赖 => docker =>kubeadm, kubelet , kubectl => master init => node join => 调配网络

2、安装utils依赖（安装范围：主节点+工作节点）

yum install -y yum-utils device-mapper-persistent-data lvm2
1

3、安装docker （安装范围：主节点+工作节点）

1、设置阿里云镜像
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

2、安装docker
yum -y install docker-ce-24.0.6

3、查看docker版本
docker -v

4、配置开机自启动
systemctl enable docker.service

5、启动docker
systemctl start docker

6、查看docker 启动状态
systemctl status docker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

4、配置阿里云镜像源（主节点+工作节点）

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
1
2
3
4
5
6
7
8
9

5、安装kubelet kubeadm kubectl（主节点+工作节点）

yum install -y kubelet-1.23.6 kubeadm-1.23.6 kubectl-1.23.6
systemctl enable kubelet
1
2

6、主节点初始化（主节点）

kubeadm init \
--apiserver-advertise-address=172.31.149.123 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.6 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
1
2
3
4
5
6
7

–apiserver-advertise-address 主节点的内网ip地址
–image-repository 由于默认拉取镜像地址k8s.gcr.io国内无法访问，这里指定阿里云镜像仓库地址
–kubernetes-version K8s版本，与上面安装的一致
–service-cidr 集群内部虚拟网络，Pod统一访问入口
–pod-network-cidr Pod网络，与下面部署的CNI网络组件yaml中保持一致

a、初始化之后，会输出一个join命令，先复制出来，node节点加入master会使用。

b、拷贝k8s认证文件

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
1
2
3

c、查看工作节点：

kubectl get nodes
1

注：由于网络插件还没有部署，还没有准备就绪 NotReady，继续操作。

d、配置k8s的node节点【node节点操作】

向集群添加新节点，执行在kubeadm init输出的kubeadm join命令

默认token有效期为24小时，当过期之后，该token就不可用了。这时就需要重新创建token，可以直接使用命令快捷生成：

kubeadm token create --print-join-command
1

7、安装网络插件

kubectl apply -f  https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
1

8、查看节点状态

kubectl get node
1

9、查看系统pod状态

kubectl get pods -n kube-system
1

遇到的坑

[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.

        Unfortunately, an error has occurred:
                timed out waiting for the condition

        This error is likely caused by:
                - The kubelet is not running
                - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

        If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
                - 'systemctl status kubelet'
                - 'journalctl -xeu kubelet'

        Additionally, a control plane component may have crashed or exited when started by the container runtime.
        To troubleshoot, list all containers using your preferred container runtimes CLI.

        Here is one example how you may list all Kubernetes containers running in docker:
                - 'docker ps -a | grep kube | grep -v pause'
                Once you have found the failing container, you can inspect its logs with:
                - 'docker logs CONTAINERID'

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

解决方式

vim  /etc/docker/daemon.json
docker 默认驱动为 cgroupfs ,只需要添加
 "exec-opts": [
    "native.cgroupdriver=systemd"
  ],
1
2
3
4
5