数据仓库与分析云原生Kubernetes: 云主机摆设K8S 1.30版本单Master架构

泉缘泉 发表于 2024-7-30 03:11:51

云原生Kubernetes: 云主机摆设K8S 1.30版本单Master架构

目录
一、实验
1.情况
2.Termius毗连云主机
3.网络连通性与安全机制
4.云主机摆设docker
5.云主机配置linux内核路由转发与网桥过滤
6.云主机摆设cri-dockerd
7.云主机摆设kubelet,kubeadm,kubectl
8.kubernetes集群初始化
9.容器网络（CNI）摆设
10.证书管理
二、标题
1.云主机如何摆设阿里云CLI
2.ECS实例如何内网通信
3. cri-dockerd 安装失败
4.kubelet kubeadm kubectl 安装报错
5.K8S 初始化报错

一、实验

1.情况

（1）主机
表1 云主机
主机系统架构版本IP备注masterCentOS Stream9K8S master节点1.30.1 172.17.59.254(私有)
8.219.188.219(公)
nodeCentOS Stream9K8S node节点1.30.1 172.17.1.22(私有)
8.219.58.157(公)

（2）查看轻量应用服务器
阿里云查看
https://img-blog.csdnimg.cn/direct/9ca1fee2854a4833bcff2bd4df9a3a9d.png

2.Termius毗连云主机

（1）毗连
master
https://img-blog.csdnimg.cn/direct/50fd804e3e424508b1b81024d31a07ff.png
node
https://img-blog.csdnimg.cn/direct/0986939a3f1a4e189612f387f3a787c7.png
(2) 查看系统
cat /etc/os-release master
https://img-blog.csdnimg.cn/direct/8d6633bfa8414b6db191b3eaa04f2eed.png
node
https://img-blog.csdnimg.cn/direct/a946bbd51a554365b14d1193c1084e85.png

3.网络连通性与安全机制

（1）查阅
https://www.alibabacloud.com/help/zh/simple-application-server/product-overview/regions-and-network-connectivity#:~:text=%E5%86%85%E7%BD%91%20%E5%90%8C%E4%B8%80%E8%B4%A6%E5%8F%B7%E5%90%8C%E4%B8%80%E5%9C%B0%E5%9F%9F%E4%B8%8B%EF%BC%8C%E5%A4%9A%E5%8F%B0%E8%BD%BB%E9%87%8F%E5%BA%94%E7%94%A8%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E5%AE%9E%E4%BE%8B%E9%BB%98%E8%AE%A4%E5%A4%84%E4%BA%8E%E5%90%8C%E4%B8%80%E4%B8%AAVPC%E5%86%85%E7%BD%91%E7%8E%AF%E5%A2%83%EF%BC%8C%E5%A4%9A%E5%AE%9E%E4%BE%8B%E9%97%B4%E7%9A%84%E4%BA%92%E8%81%94%E4%BA%92%E9%80%9A%E5%8F%AF%E4%BB%A5%E9%80%9A%E8%BF%87%E5%86%85%E7%BD%91%E5%AE%9E%E7%8E%B0%EF%BC%8C%E4%BD%86%E4%B8%8E%E5%85%B6%E4%BB%96%E4%BA%A7%E5%93%81%E7%9A%84%E5%86%85%E7%BD%91%E9%BB%98%E8%AE%A4%E4%BA%92%E4%B8%8D%E7%9B%B8%E9%80%9A%E3%80%82,%E4%B8%8D%E5%90%8C%E5%9C%B0%E5%9F%9F%E5%86%85%E7%9A%84%E8%BD%BB%E9%87%8F%E5%BA%94%E7%94%A8%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%86%85%E7%BD%91%E4%B9%9F%E4%B8%8D%E4%BA%92%E9%80%9A%E3%80%82%20%E5%A6%82%E6%9E%9C%E9%9C%80%E8%A6%81%E8%BD%BB%E9%87%8F%E5%BA%94%E7%94%A8%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%8E%E4%BA%91%E6%9C%8D%E5%8A%A1%E5%99%A8ECS%E3%80%81%E4%BA%91%E6%95%B0%E6%8D%AE%E5%BA%93%E7%AD%89%E5%85%B6%E4%BB%96%E5%A4%84%E4%BA%8E%E4%B8%93%E6%9C%89%E7%BD%91%E7%BB%9CVPC%E4%B8%AD%E7%9A%84%E9%98%BF%E9%87%8C%E4%BA%91%E4%BA%A7%E5%93%81%E5%86%85%E7%BD%91%E4%BA%92%E9%80%9A%EF%BC%8C%E6%82%A8%E5%8F%AF%E4%BB%A5%E9%80%9A%E8%BF%87%E8%AE%BE%E7%BD%AE%E5%86%85%E7%BD%91%E4%BA%92%E9%80%9A%E5%AE%9E%E7%8E%B0%E4%BA%92%E8%81%94%E4%BA%92%E9%80%9A%E3%80%82 https://img-blog.csdnimg.cn/direct/d966e434e89946b1b9a0ca79939e629b.png

（2）ping测试
master 毗连 node
ping 172.17.59.254 https://img-blog.csdnimg.cn/direct/3465da1c839545d984804f6e2aba6ea9.png

(3) 关闭防火墙
systemctl stop firewalld.service
systemctl disable firewalld.service
master
https://img-blog.csdnimg.cn/direct/b58f5aa7cb8e4dd88b8583ff48903df1.png
node
https://img-blog.csdnimg.cn/direct/a7b7322796b94618abc91f3359d6db49.png
(4) 关闭互换分区
sudo swapoff -a
free -h master
https://img-blog.csdnimg.cn/direct/79c351e4912540d9b709a7af212e8a96.png

node
https://img-blog.csdnimg.cn/direct/5374b5c0bf4247db8b1f644855207ab7.png
(5) 关闭安全机制
vim/etc/selinux/config
SELINUX=disabled master
https://img-blog.csdnimg.cn/direct/55c59f7921484d739fe5a889bfa66e0e.png
https://img-blog.csdnimg.cn/direct/84363ba063dc481d87c984c86a2fe59f.png
node
https://img-blog.csdnimg.cn/direct/a1579f2d83394ab998480624fdf89d70.png
https://img-blog.csdnimg.cn/direct/83eea14f38b247a291ce2a62f95bbf02.png
4.云主机摆设docker

(1) master摆设docker
获取官方源
wget -P /etc/yum.repos.d/ https://download.docker.com/linux/centos/docker-ce.repo https://img-blog.csdnimg.cn/direct/ebfaa53b93924005909147cacf24dd6f.png

安装
yum install -y docker-ce

https://img-blog.csdnimg.cn/direct/f73de6737cf24535b6c01230c05c89d6.pnghttps://img-blog.csdnimg.cn/direct/e664c43b16d9471db492abca8fbf1608.pnghttps://img-blog.csdnimg.cn/direct/1d2735744141420c8e8037821c5bbc73.pnghttps://img-blog.csdnimg.cn/direct/259485c4fc334c819148f2b9590464d3.png
配置国内镜像仓库
vim /etc/docker/daemon.json XXXXXXXX为个人的阿里云镜像加速
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://XXXXXXXX.mirror.aliyuncs.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"]
}
https://img-blog.csdnimg.cn/direct/91aa78b927e14f799f1c9fa03b6e7147.png
启动docker
systemctl start docker

https://img-blog.csdnimg.cn/direct/4ac2fb54030241f6b1ba3b801a81a2b0.png
查看
docker info https://img-blog.csdnimg.cn/direct/9df420044a324a47905a680eaffa8462.png
https://img-blog.csdnimg.cn/direct/e762d53b55f043b78b9ddbe57f779578.png

（2）node摆设docker
获取官方源
wget -P /etc/yum.repos.d/ https://download.docker.com/linux/centos/docker-ce.repo https://img-blog.csdnimg.cn/direct/d90d930dc90f486c8ad094f1f60b71d4.png
安装
yum install -y docker-ce

https://img-blog.csdnimg.cn/direct/b2bd118d5bfd4c948603ca6498ac7a43.pnghttps://img-blog.csdnimg.cn/direct/0a0da7a1971d4db0a89d5173baf66e82.pnghttps://img-blog.csdnimg.cn/direct/9bf3172d4a7549a8b70e6e51236a447c.pnghttps://img-blog.csdnimg.cn/direct/3cd51105512443a585e88153e57150a4.png
配置国内镜像仓库
vim /etc/docker/daemon.json https://img-blog.csdnimg.cn/direct/cfc2158047fc48e28817083f80dc9cd3.png
XXXXXXXX为个人的阿里云镜像加速
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://XXXXXXXX.mirror.aliyuncs.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"]
}

https://img-blog.csdnimg.cn/direct/91aa78b927e14f799f1c9fa03b6e7147.png
启动docker
systemctl start docker

https://img-blog.csdnimg.cn/direct/897560689c7049feb45a0e952b3333c5.png
查看
docker info https://img-blog.csdnimg.cn/direct/524653dd70fc441b860f5f76edb861b7.pnghttps://img-blog.csdnimg.cn/direct/68f0f8bf5abf414990871bec68ac9c94.png

5.云主机配置linux内核路由转发与网桥过滤

(1)修改配置文件并加载
master
vim /etc/sysctl.d/k8s.conf

https://img-blog.csdnimg.cn/direct/a5f8ff2619c54e8cb8dc1d8a5527ba32.png
https://img-blog.csdnimg.cn/direct/3048c59925134245bf31e2cb3ab0dc97.png
#加载
modprobebr_netfilter
#查看
lsmod |grepbr_netfilter
#配置加载
sysctl -p https://img-blog.csdnimg.cn/direct/83c2f41745f84afd8eab155e8dbe1d10.png
node
vim /etc/sysctl.d/k8s.conf

https://img-blog.csdnimg.cn/direct/a4e7dd37a640403ab83ca968932cdcbe.pnghttps://img-blog.csdnimg.cn/direct/3048c59925134245bf31e2cb3ab0dc97.png
#加载
modprobebr_netfilter
#查看
lsmod |grepbr_netfilter
#配置加载
sysctl -p
https://img-blog.csdnimg.cn/direct/cba31ed7516a4e3182d4144bbcabe2bd.png
(2)安装配置ipset,ipvsadm
yum install ipset ipvsadm
master
https://img-blog.csdnimg.cn/direct/5351337a1ca5416bb412b8336b3cb349.png
node
https://img-blog.csdnimg.cn/direct/022965f4ac974aafbffdbe3cdecca5c6.png
6.云主机摆设cri-dockerd

（1）查阅
https://github.com/Mirantis/cri-dockerd/releases 最新版为v0.3.14
https://img-blog.csdnimg.cn/direct/8684488946514c0094dee96ce202b89b.png
（2）下载
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14-3.el8.x86_64.rpm master
https://img-blog.csdnimg.cn/direct/c99ba00b27bc4fe3bcde17e24ccf1c5f.png
node
https://img-blog.csdnimg.cn/direct/b247393daeb94c03b652b866d6bb1ec5.png
（3）依赖情况安装
master
#下载依赖环境
wget http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/libcgroup-0.41-19.el8.x86_64.rpm

#安装
rpm-ivhlibcgroup-0.41-19.el8.x86_64.rpm

https://img-blog.csdnimg.cn/direct/2502df8684304f7092eb7e0dea775583.png
https://img-blog.csdnimg.cn/direct/9d3859bd5bca4b1eac3c59448690fad4.png
node
https://img-blog.csdnimg.cn/direct/5058885f52544f35932a099c4916744e.png
https://img-blog.csdnimg.cn/direct/cf8d707c29294ae09610e516f7321753.png
（4）摆设cri-dockerd
master
rpm-ivhcri-dockerd-0.3.14-3.el8.x86_64.rpm
https://img-blog.csdnimg.cn/direct/c01785a367bd45018d9f45603587074b.png
https://img-blog.csdnimg.cn/direct/ffa069f3daf045828defb5181ab5a429.png
(5) 启动
systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker
systemctl status cri-docker master
https://img-blog.csdnimg.cn/direct/3a96ec98592e4ea6a52a9099ed19d72a.png
node
https://img-blog.csdnimg.cn/direct/01559b8e96a6460b9f4c371f65c967da.png

7.云主机摆设kubelet,kubeadm,kubectl

(1) 查阅
https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/?spm=a2c6h.25603864.0.0.2d32281ci7ZyIM https://img-blog.csdnimg.cn/direct/72955301873a4bcfaf017fb6eff10613.png

（2）创建源文件
vim /etc/yum.repos.d/kubernetes.repo

#成阿里云的源

name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key
master
https://img-blog.csdnimg.cn/direct/f5fc937ff96b44689529dc9fa16a54c2.png
https://img-blog.csdnimg.cn/direct/53e6431265dc41bd8928bef00dfd7429.png
node
https://img-blog.csdnimg.cn/direct/6569da2f7233426dba412d137fba631e.png
https://img-blog.csdnimg.cn/direct/1b94925caba04c7f8412fdd96c0fc81d.png

(3)更新源
yum clean all && yum makecache master
https://img-blog.csdnimg.cn/direct/aaf5046678ac44969c0ee715481cd143.png
node
https://img-blog.csdnimg.cn/direct/a248e7302189488f8f00de29d94c4029.png

(3)安装
yum install kubelet kubeadm kubectl master
https://img-blog.csdnimg.cn/direct/d0a253bc11d44737b65019c71b4ec579.png
https://img-blog.csdnimg.cn/direct/a4557dfffe3844349bfd9c4729a76b0a.png
https://img-blog.csdnimg.cn/direct/0f05813a1bb64756bb29fef323de97d9.png
node
https://img-blog.csdnimg.cn/direct/863f91381682475f9b6ed8995361bb32.pnghttps://img-blog.csdnimg.cn/direct/64e59019f20d435ba9157d742e912f83.pnghttps://img-blog.csdnimg.cn/direct/89bdc9e259ca459e8142503514f0e6f9.png
（4）查看版本
kubectl version
kubeadm version
kubelet --version masterhttps://img-blog.csdnimg.cn/direct/4e79740e79d24a75af9bfba910b9ad26.png
node
https://img-blog.csdnimg.cn/direct/f08e80b512cd442ba18d75db8f7b748f.png
（5）修改配置文件
vim /etc/sysconfig/kubelet

#修改
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" master
https://img-blog.csdnimg.cn/direct/07ca0494d0e443b7bc52371608f15d0b.png
https://img-blog.csdnimg.cn/direct/56791182c5124f66af66012179a35036.png
node
https://img-blog.csdnimg.cn/direct/117a0228004e4632922d9f533e1a8f4b.png
（6）启动
systemctl enable kubelet
systemctl start kubelet master
https://img-blog.csdnimg.cn/direct/472f546130f24020a2896c81d5a59bbb.png
node
https://img-blog.csdnimg.cn/direct/04bc5f5b78ce41cfac76109d12b38665.png
(5)master下载K8S依赖的镜像
#阿里云下载
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.30.1
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.30.1
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.30.1
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.30.1
docker pull registry.aliyuncs.com/google_containers/coredns:v1.11.1
docker pull registry.aliyuncs.com/google_containers/pause:3.9
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.12-0

https://img-blog.csdnimg.cn/direct/0abef46e56594536b542ca60896da0dc.pnghttps://img-blog.csdnimg.cn/direct/6d3996ebd8464617b62d18f849cdf387.pnghttps://img-blog.csdnimg.cn/direct/a3339b114d9941ee8cf6adb81027b6e3.png
(5) 查看镜像
master
# docker images
REPOSITORY                                                    TAG    IMAGE ID    CREATED       SIZE
registry.aliyuncs.com/google_containers/kube-apiserver          v1.30.1 91be94080317 12 days ago 117MB
registry.aliyuncs.com/google_containers/kube-scheduler          v1.30.1 a52dc94f0a91 12 days ago 62MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.30.1 25a1387cdab8 12 days ago 111MB
registry.aliyuncs.com/google_containers/kube-proxy             v1.30.1 747097150317 12 days ago 84.7MB
registry.aliyuncs.com/google_containers/etcd                   3.5.12-0 3861cfcd7c04 3 months ago 149MB
registry.aliyuncs.com/google_containers/coredns                v1.11.1 cbb01a7bd410 9 months ago 59.8MB
registry.aliyuncs.com/google_containers/pause                   3.9    e6f181688397 19 months ago 744kB https://img-blog.csdnimg.cn/direct/5909f152392c431f9ee5dfa039aa6a6a.png
(7)master镜像重新打标签
#配置默认tag
docker tag 91be94080317 registry.k8s.io/kube-apiserver:v1.30.1
docker tag cbb01a7bd410 registry.k8s.io/coredns/coredns:v1.11.1
docker tag e6f181688397registry.k8s.io/pause:3.9
docker tag 3861cfcd7c04registry.k8s.io/etcd:3.5.12-0
docker tag 747097150317registry.k8s.io/kube-proxy:v1.30.1
docker tag 25a1387cdab8registry.k8s.io/kube-controller-manager:v1.30.1
docker tag a52dc94f0a91registry.k8s.io/kube-scheduler:v1.30.1 https://img-blog.csdnimg.cn/direct/ab4c4614271d48c6829b11302d6ae785.png
(8) master再次查看镜像
docker images https://img-blog.csdnimg.cn/direct/f93f768281d249d0b9c39db28842abb2.png

8.kubernetes集群初始化

(1) 安装iproute
yum install iproute-tc https://img-blog.csdnimg.cn/direct/65fbac57957c4b3e90c3f980cf70317c.png
(2)master初始化（如报错可以参考后续的标题集）
kubeadm init --kubernetes-version=v1.30.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.17.59.254--cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=Mem

https://img-blog.csdnimg.cn/direct/57b7f093c9934dc48907132a14face24.pnghttps://img-blog.csdnimg.cn/direct/d4254aedbdac4d4eb7bb6e11c986745b.png
完成初始化纪录如下：
# kubeadm init --kubernetes-version=v1.30.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.17.59.254--cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=Mem

Using Kubernetes version: v1.30.1 Running pre-flight checks    : the system RAM (1689 MB) is less than the minimum 1700 MB Pulling images required for setting up a Kubernetes cluster This might take a minute or two, depending on the speed of your internet connection You can also perform this action in beforehand using 'kubeadm config images pull' Using certificateDir folder "/etc/kubernetes/pki" Generating "ca" certificate and key Generating "apiserver" certificate and key apiserver serving cert is signed for DNS names and IPs Generating "apiserver-kubelet-client" certificate and key Generating "front-proxy-ca" certificate and key Generating "front-proxy-client" certificate and key Generating "etcd/ca" certificate and key Generating "etcd/server" certificate and key etcd/server serving cert is signed for DNS names and IPs Generating "etcd/peer" certificate and key etcd/peer serving cert is signed for DNS names and IPs Generating "etcd/healthcheck-client" certificate and key Generating "apiserver-etcd-client" certificate and key Generating "sa" key and public key Using kubeconfig folder "/etc/kubernetes" Writing "admin.conf" kubeconfig file Writing "super-admin.conf" kubeconfig file Writing "kubelet.conf" kubeconfig file Writing "controller-manager.conf" kubeconfig file Writing "scheduler.conf" kubeconfig file Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests" Using manifest folder "/etc/kubernetes/manifests" Creating static Pod manifest for "kube-apiserver" Creating static Pod manifest for "kube-controller-manager" Creating static Pod manifest for "kube-scheduler" Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" Starting the kubelet Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests" Waiting for a healthy kubelet. This can take up to 4m0s The kubelet is healthy after 503.8172ms Waiting for a healthy API server. This can take up to 4m0s The API server is healthy after 8.001714086s Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster Skipping phase. Please see --upload-certs Marking the node izt4nczjliu7lp3kun6m9jz as control-plane by adding the labels: Marking the node izt4nczjliu7lp3kun6m9jz as control-plane by adding the taints Using token: m926rd.ejaz92v7hhmgt7p0 Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles Configured RBAC rules to allow Node Bootstrap tokens to get nodes Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster Creating the "cluster-info" ConfigMap in the "kube-public" namespace Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key Applied essential addon: CoreDNS Applied essential addon: kube-proxyYour Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.Run "kubectl apply -f .yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 172.17.59.254:6443 --token m926rd.ejaz92v7hhmgt7p0 \    --discovery-token-ca-cert-hash sha256:e108c1809c7e4e0316ff25407d06fed0f60241dc3767524672977d9042312c92 （3）创建配置目录
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

https://img-blog.csdnimg.cn/direct/14fab41f634a49dc99c458c89a89b36b.png
（4）天生token
#默认初始化生成token有效期是24小时，所以用自己的生成不过期的token，node节点加入需要用到
kubeadm token create --ttl 0--print-join-command
https://img-blog.csdnimg.cn/direct/8932a9e853cf4a6bade28140d859e44d.png
(5) node节点参加
1）添加节点需要指定cri-dockerd接口–cri-socket ，这里是使用cri-dockerd
kubeadm join 172.17.59.254:6443 --token 9jvebb.vtuw3utmxfkhrpwf --discovery-token-ca-cert-hash sha256:e108c1809c7e4e0316ff25407d06fed0f60241dc3767524672977d9042312c92 --cri-socket=unix:///var/run/cri-dockerd.sock

2）如果是containerd则使用–cri-socket unix:///run/containerd/containerd.sock https://img-blog.csdnimg.cn/direct/aa28aab9950a4a89a2f17ec85e8b2f63.png
（6）K8S master节点查看集群
1）查看node
kubectl get node

2)查看node详细信息
kubectl get node -o wide 状态为NotReady，由于网络插件没有安装。
https://img-blog.csdnimg.cn/direct/e5d34899527b47b28e7f31cb25e2c292.png
https://img-blog.csdnimg.cn/direct/711f728452c94e7cbf6fa42de24c3df5.png

9.容器网络（CNI）摆设

（1）下载Calico配置文件
https://github.com/projectcalico/calico/blob/v3.27.3/manifests/calico.yaml
（2）修改里面界说Pod网络（CALICO_IPV4POOL_CIDR）
vim calico.yaml https://img-blog.csdnimg.cn/direct/ad7aeff6e9b148e3a3daf13590815e44.png

① 修改前：
https://img-blog.csdnimg.cn/direct/1601757524784d13adcf5d4ae206a13f.png
②修改后：
与前面kubeadm init的 --pod-network-cidr指定的一样
https://img-blog.csdnimg.cn/direct/ea1d2fe81d734957b451efeb4c2df9c9.png

（3）摆设
kubectl apply -f calico.yaml
https://img-blog.csdnimg.cn/direct/f2b91f0cc35547138655001fbbbfd1e3.png
（4）查看
kubectl get pods -n kube-system https://img-blog.csdnimg.cn/direct/d82e7f29832b41d9a4b208c263eb1d2a.png
(5) 查看pod（状态已变动为Ready）
kubectl get node https://img-blog.csdnimg.cn/direct/fad5491afdf744f595774a28342f036e.png

10.证书管理

（1）查看
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text | grep Not https://img-blog.csdnimg.cn/direct/98f16b400d2043e3b6815a7cfb7af2a5.png
kubeadm certs check-expiration

https://img-blog.csdnimg.cn/direct/f4d306dfadeb4bddb4c43d52c2921907.png
（2）查阅工具
https://github.com/yuyicai/update-kube-cert （3）下载
wget https://github.com/yuyicai/update-kube-cert/archive/refs/tags/v1.1.0.tar.gz https://img-blog.csdnimg.cn/direct/f82c19a2db364dc7af349b474d3468ed.png
(4) 解压
tar zxvf v1.1.0.tar.gz https://img-blog.csdnimg.cn/direct/624e30aaddbf4a13ac7fd34d698ad6de.png
（5）执行（延伸证书利用时间）
cd update-kube-cert-1.1.0/
./update-kubeadm-cert.sh all https://img-blog.csdnimg.cn/direct/4654fdc2827143139bd478e8cc7f7661.png
（6）再次查看
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text | grep Not
https://img-blog.csdnimg.cn/direct/17749877e49044c6a4268c522a032c8f.png
kubeadm certs check-expiration

https://img-blog.csdnimg.cn/direct/ada9875ce48848aebde91e8a7532bfe8.png
（7）最后查看pod
kubectl get pod -o wide https://img-blog.csdnimg.cn/direct/a665ed56531640ee86f6ec912d364cd0.png
(8)查看内存利用情况
master
https://img-blog.csdnimg.cn/direct/9bdd1b3e0522404b8aaf465236e7639e.png
node
https://img-blog.csdnimg.cn/direct/c60cb95fbea24f4badf457832abe911d.png

二、标题

1.云主机如何摆设阿里云CLI

（1）查阅
https://help.aliyun.com/zh/cli/install-cli-on-linux?spm=0.0.0.i2#task-592837 最新版为v3.0.207
https://img-blog.csdnimg.cn/direct/2585710ae1724abda9b9f6da10784eba.png
下载
1）官网
https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz

2） GitHub
https://github.com/aliyun/aliyun-cli/releases （2）master摆设阿里云CLI
创建目录
mkdir -p $HOME/aliyun
cd$HOME/aliyun https://img-blog.csdnimg.cn/direct/b4486e5969f1408dafc0547d7de29b51.png
下载
wget https://github.com/aliyun/aliyun-cli/releases/download/v3.0.207/aliyun-cli-linux-3.0.207-amd64.tgz https://img-blog.csdnimg.cn/direct/8478f176703a4b96a3e2e8976b631234.png
解压
tar xzvf aliyun-cli-linux-3.0.207-amd64.tgz https://img-blog.csdnimg.cn/direct/e5e486dae7a74d22aaed0fe70b3ab87a.png
将aliyun程序复制到/usr/local/bin目录中
sudo cp aliyun /usr/local/bin

https://img-blog.csdnimg.cn/direct/4aced5a9324148b48e9df8e610a68405.png
（3）node摆设阿里云CLI
创建目录
mkdir -p $HOME/aliyun
cd$HOME/aliyun
https://img-blog.csdnimg.cn/direct/2d7f650a6bc3448ea66241538d962f25.png
下载
wget https://github.com/aliyun/aliyun-cli/releases/download/v3.0.207/aliyun-cli-linux-3.0.207-amd64.tgz
https://img-blog.csdnimg.cn/direct/1b8a25ee66f246dc95123c3f39ccf5f6.png
解压
tar xzvf aliyun-cli-linux-3.0.207-amd64.tgz
https://img-blog.csdnimg.cn/direct/ff4f109cee804117a60e75fbba15871d.png
将aliyun程序复制到/usr/local/bin目录中
sudo cp aliyun /usr/local/bin

https://img-blog.csdnimg.cn/direct/bd686318b06042a4aa7053f745cf55e0.png

2.ECS实例如何内网通信

（1）查阅
https://help.aliyun.com/zh/ecs/authorize-internal-network-communication-between-ecs-instances-in-different-accounts-by-using-the-api （2）策略
通过CLI调用API增参加方向安全组规则实实际例内网通信。

3. cri-dockerd 安装失败

（1）报错
https://img-blog.csdnimg.cn/direct/51994f3f5a4545a8b6a61eaca1ef2e86.png
（2）缘故原由分析
缺少依赖。
（3）解决方法
查阅
https://centos.pkgs.org/8-stream/centos-baseos-x86_64/libcgroup-0.41-19.el8.x86_64.rpm.html https://img-blog.csdnimg.cn/direct/f3cf3adcb7024d5cbcac59f38f0c35c9.png
下载依赖
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14-3.el8.x86_64.rpm https://img-blog.csdnimg.cn/direct/2502df8684304f7092eb7e0dea775583.png

安装依赖
rpm-ivhlibcgroup-0.41-19.el8.x86_64.rpm
https://img-blog.csdnimg.cn/direct/9d3859bd5bca4b1eac3c59448690fad4.png
成功安装cri-dockerd：
https://img-blog.csdnimg.cn/direct/111f2f30e68d4a0fbd023d1165030a48.png

4.kubelet kubeadm kubectl 安装报错

(1) 报错
https://img-blog.csdnimg.cn/direct/fdae440018b64edf8ccdd679a3dd0ba7.png
（2）缘故原由分析
repo源中的 gpgkey地址错误。
（3）解决方法
修改配置文件
https://img-blog.csdnimg.cn/direct/1b94925caba04c7f8412fdd96c0fc81d.png
更新源
yum clean all && yum makecache https://img-blog.csdnimg.cn/direct/aaf5046678ac44969c0ee715481cd143.png
成功：
https://img-blog.csdnimg.cn/direct/b5bb680cad90456b9283378bc63c9d01.png

5.K8S 初始化报错

（1）报错
https://img-blog.csdnimg.cn/direct/9099539c89e7453994d705d1136fd36c.png
（2）缘故原由分析
cpu cgroups由于某些缘故原由被禁用了,需要手动启用它。
（3）解决方法
1）修改 GRUB 配置
如果发现 CPU cgroups 没有启用，你可以通过编辑 GRUB 的启动参数来启用它。执行以下命令来编辑 GRUB 配置文件：
sudo vim /etc/default/grub

在文件中找到 GRUB_CMDLINE_LINUX 这一行，确保包含以下参数：
cgroup_enable=cpu

2)更新
sudo grub2-mkconfig -o /boot/grub2/grub.cfg

3）重启
reboot
https://img-blog.csdnimg.cn/direct/825b9369342d44de86f3073f787a8040.pnghttps://img-blog.csdnimg.cn/direct/8d89e105efd74036a9720acae8626bf3.png
停止中：
https://img-blog.csdnimg.cn/direct/ed5f7a59aa924b308447f9d990514930.png
运行
https://img-blog.csdnimg.cn/direct/0abb7e126c154f0d8e0ea39949a4848f.png、
继承报错
https://img-blog.csdnimg.cn/direct/0691b21b19e6420681d177498663afd4.png
卸载cri-docker
rpm -qa | grep -i cri-docker
rpm -e cri-dockerd-0.3.14-3.el8.x86_64 https://img-blog.csdnimg.cn/direct/e0dea8e841ce4277a2609167e2b5c118.png
下载并重新安装（master与node节点都要操作）
1）下载安装最新版的cri-dockerd
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14.amd64.tgz
tar xf cri-dockerd-0.3.14.amd64.tgz
mv cri-dockerd/cri-dockerd/usr/bin/
rm -rfcri-dockerdcri-dockerd-0.3.8.amd64.tgz

2）配置启动项
cat > /etc/systemd/system/cri-docker.service<<EOF

Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

Type=notify
# ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://
# 指定用作 Pod 的基础容器的容器镜像（“pause 镜像”）
ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.k8s.io/pause:3.9 --container-runtime-endpoint fd://
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process

WantedBy=multi-user.target
EOF

cat > /etc/systemd/system/cri-docker.socket <<EOF

Description=CRI Docker Socket for the API
PartOf=cri-docker.service

ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

WantedBy=sockets.target
EOF

3）重新加载并设置自启动
systemctl daemon-reload
systemctl enable cri-docker && systemctl start cri-docker && systemctl status cri-docker https://img-blog.csdnimg.cn/direct/9aa970ad484f47ad9579bc713a6a7803.pnghttps://img-blog.csdnimg.cn/direct/9d7d3cb3cb964c43b865b6e7b0531e77.pnghttps://img-blog.csdnimg.cn/direct/5bc0c5e6847b4e9d8cb1034279c8f515.png
目前另有1个报错
https://img-blog.csdnimg.cn/direct/35f9cd3000e448b8bc5c686681051963.png
忽略Mem
kubeadm init --kubernetes-version=v1.30.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.17.59.254--cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=Mem

https://img-blog.csdnimg.cn/direct/7634322b81e94833b5e861faff1df49f.png
成功：
https://img-blog.csdnimg.cn/direct/04bdb046cc304cef83ac582f74fc09ed.png

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。

页: [1]

ToB企服应用市场:ToB评测及商务社交产业平台's Archiver

云原生Kubernetes: 云主机摆设K8S 1.30版本 单Master架构

云原生Kubernetes: 云主机摆设K8S 1.30版本单Master架构