Kubernetes 学习笔记

Kubernetes 概述

• k8s 官网：https://kubernetes.io/

Kubernetes 又被叫做 k8s，是一个用于自动化部署、自动扩容以及容器化应用管理的开源系统

kubernetes 搭建

准备工具

使用阿里云的镜像构建 k8s

sudo apt-get update && sudo apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

之后将阿里云的镜像地址写到 sources.list 当中

sudo vim /etc/apt/sources.list.d/kubernetes.list

# 写入下列内容
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

退出后更新软件包，下载 k8s

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl

如果需要安装特定版本的k8s，则

sudo apt-get install -y kubelet=1.27.0-00 kubeadm=1.27.0-00 kubectl=1.27.0-00

集群启动

搭建后可以通过

sudo kubeadm init

启动容器可能会遇到诸多问题，见问题kubeadm init

容器启动成功后，运行命令提示的三条命令

sudo mkdir -p .kube/config
sudo cp -i /etc/kubernetes/admin.conf .kube/config
sudo chown $(id -u):$(id -g) .kube/config

网络插件

启动容器后可以通过kubectl get pods -n kube-system观察到几个pods能够顺利运行，除了两个core-dns一直在pending，所以这个时候需要安装网络插件，以下选择calico

wget https://calico-v3-25.netlify.app/archive/v3.25/manifests/calico.yaml

下载后

kubectl apply -f calico.yaml

运行时配置

然后等一会儿，可以通过kubectl get pods -n kube-system看到pods的相关信息。等到插件成功变为running之后，通过

kubectl get nodes

可以看到控制节点应为ready状态，如果没有，多半是containerd的配置问题

sudo vim /etc/cni/net.d/10-containerd-net.conflist

# 写入以下内容
{
 "cniVersion": "1.0.0",
 "name": "containerd-net",
 "plugins": [
   {
     "type": "bridge",
     "bridge": "cni0",
     "isGateway": true,
     "ipMasq": true,
     "promiscMode": true,
     "ipam": {
       "type": "host-local",
       "ranges": [
         [{
           "subnet": "10.88.0.0/16"
         }],
         [{
           "subnet": "2001:db8:4860::/64"
         }]
       ],
       "routes": [
         { "dst": "0.0.0.0/0" },
         { "dst": "::/0" }
       ]
     }
   },
   {
     "type": "portmap",
     "capabilities": {"portMappings": true},
     "externalSetMarkChain": "KUBE-MARK-MASQ"
   }
 ]
}

然后重启一下containerd

sudo systemctl restart containerd

排除污点

获取配置中的污点信息并把污点排除掉

kubectl get nodes -o yaml | code -
kubectl taint nodes <node_name> <taint_name>-

Kind

在集群中加载镜像

在一个已经运行的集群中加载一个 docker-image，dockerfile 如下

FROM ubuntu:latest

COPY ${pwd}/code /code

RUN apt update && apt install -y python3-pip && apt-get clean

RUN pip install flask

CMD [ "sh", "-c", "python3 /code/app.py"]

code 里头运行了一个简单的 flask 应用

from flask import Flask

app = Flask(__name__)

@app.route("/")
def hello_world():
    return "<p>Hello World!</p>"

if __name__ == "__main__":
    app.run(host="0.0.0.0",port=8080,debug=True)

加载到集群中

kind load docker-image flask-image:latest

docker exec -it kind-control-plane crictl images

问题

kubeadm init

[WARNING Hostname]: hostname "dydy-pc" could not be reached
[WARNING Hostname]: hostname "dydy-pc": lookup dydy-pc on 210.28.129.251:53: no such host

修改 /etc/hosts，将 localhost 后面添加自己的电脑主机地址即可

---

[ERROR CRI]: container runtime is not running: output: time="2023-09-19T09:03:23+08:00" level=fatal msg="validace connection: CRI v1 runtime API is not implemented for endpoint \"unix:///var/run/containerd/containerd.sock\": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"

Kubernetes 环境搭建

---

• 问：启动后kubectl任何命令提示连不上kube-apiserver

• 答：代理问题。启动后可以unset http_proxy https_proxy或者将kube-apiserver的IP地址添加到no_proxy里头

---

kubeadm config images pull

failed to pull image "registry.k8s.io/kube-apiserver:v1.28.2": output: E0919 09:32:01.239971   35982 remote_image.go:171] "PullImage from image service failed" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial unix /var/run/containerd/containerd.sock: connect: permission denied\"" image="registry.k8s.io/kube-apiserver:v1.28.2"
time="2023-09-19T09:32:01+08:00" level=fatal msg="pulling image: rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial unix /var/run/containerd/containerd.sock: connect: permission denied\""
, error: exit status 1

生成默认配置文件

kubeadm config print init-defaults > init.default.yaml

修改默认配置文件