Kubernetes
:::info 前提条件:
- 访问主机CentOS8的和Docker的驱动不兼容,所以不能使用CentOS8以上系列的服务主机
- 2核CPU的服务主机(必要)
- 大于2G 内存的服务器主机[大于2G是为了防止其他硬件占用内存导致Kubernetes的使用内存不足的问题](必要)
- 这里的驱动是基于Docker,如果未安装则需要安装启动Docker,执行命令:
yum install -y docker
:::
1、先决条件
安装Docker
安装kubelet kubeadm kubectl
安装升级Kubernetes基础组件kubelet kubeadm kubectl
2、安装minikube
参考:https://minikube.sigs.k8s.io/docs/start/
rpm方式安装
rpm -Uvh minikube-latest.x86_64.rpm
命令安装
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64sudo install minikube-linux-amd64 /usr/local/bin/minikube
3、创建非root用户以及Docker组,并授权
useradd fcantpasswd fcantgroupadd dockerusermod -aG docker fcantusermod -s /bin/bash fcant
:::danger 注意:如果在创建非root用户时已经启动Docker,则需要在用户授权成功后重启Docker使授权生效。
执行命令:systemctl restart docker
避免的问题:在非root用户启动时,导致无法读取的权限错误。
:::
4、为非root用户授予root用户权限
:::tips 防止后面的操作中出现创建的非root用户没有权限的错误
:::
sudo visudo# 或者下面的命令、vim编辑时有高亮提示vim /etc/sudoers
5、切换非root用户,启动minikube
国内存在网络问题,所以启动时指定了镜像仓库地址
$ su fcant$ minikube start --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers😄 minikube v1.20.0 on Centos 7.6.1810 (amd64)✨ Using the docker driver based on existing profile👍 Starting control plane node minikube in cluster minikube🚜 Pulling base image ...> index.docker.io/kicbase/sta...: 358.10 MiB / 358.10 MiB 100.00% 2.78 MiB🤷 docker "minikube" container is missing, will recreate.🔥 Creating docker container (CPUs=2, Memory=2200MB) ...🐳 Preparing Kubernetes v1.20.2 on Docker 20.10.6 ...▪ Generating certificates and keys ...▪ Booting up control plane ...▪ Configuring RBAC rules ...🔎 Verifying Kubernetes components...▪ Using image registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6 (global image repository)▪ Using image registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-minikube/storage-provisioner:v5 (global image repository)▪ Using image registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/metrics-scraper:v1.0.4@sha256:555981a24f184420f3be0c79d4efb6c948a85cfce84034f85a563f4151a81cbf (global image repository)🌟 Enabled addons: default-storageclass, storage-provisioner, dashboard🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
出错1:failed to parse kernel config: unable to load kernel module: “configs”
错误内容
$ minikube start --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --driver=docker --extra-config=kubelet.cgroup-driver=systemd😄 minikube v1.26.1 on Ubuntu 22.04✨ Using the docker driver based on existing profile👍 Starting control plane node minikube in cluster minikube🚜 Pulling base image ...🏃 Updating the running docker "minikube" container ...🐳 Preparing Kubernetes v1.24.3 on Docker 20.10.17 ...▪ kubelet.cgroup-driver=systemd▪ Generating certificates and keys ...💢 initialization failed, will try again: wait: /bin/bash -c "sudo env PATH="/var/lib/minikube/binaries/v1.24.3:$PATH" kubeadm init --config /var/tmp/minikube/kubeadm.yaml --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests,DirAvailable--var-lib-minikube,DirAvailable--var-lib-minikube-etcd,FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml,FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml,FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml,FileAvailable--etc-kubernetes-manifests-etcd.yaml,Port-10250,Swap,Mem,SystemVerification,FileContent--proc-sys-net-bridge-bridge-nf-call-iptables": Process exited with status 1stdout:[init] Using Kubernetes version: v1.24.3[preflight] Running pre-flight checks[preflight] The system verification failed. Printing the output from the verification:KERNEL_VERSION: 5.15.0-46-genericOS: LinuxCGROUPS_CPU: enabledCGROUPS_CPUSET: enabledCGROUPS_DEVICES: enabledCGROUPS_FREEZER: enabledCGROUPS_MEMORY: enabledCGROUPS_PIDS: enabledCGROUPS_HUGETLB: enabledCGROUPS_BLKIO: missing[preflight] Pulling images required for setting up a Kubernetes cluster[preflight] This might take a minute or two, depending on the speed of your internet connection[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'[certs] Using certificateDir folder "/var/lib/minikube/certs"[certs] Using existing ca certificate authority[certs] Using existing apiserver certificate and key on diskstderr:W0901 15:17:29.597926 4076 initconfiguration.go:120] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "unix" to the "criSocket" with value "/var/run/cri-dockerd.sock". Please update your configuration![WARNING SystemVerification]: missing optional cgroups: blkio[WARNING SystemVerification]: failed to parse kernel config: unable to load kernel module: "configs", output: "modprobe: FATAL: Module configs not found in directory /lib/modules/5.15.0-46-generic\n", err: exit status 1[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'error execution phase certs/apiserver-kubelet-client: [certs] certificate apiserver-kubelet-client not signed by CA certificate ca: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "minikubeCA")To see the stack trace of this error execute with --v=5 or higher▪ Generating certificates and keys ...💣 Error starting cluster: wait: /bin/bash -c "sudo env PATH="/var/lib/minikube/binaries/v1.24.3:$PATH" kubeadm init --config /var/tmp/minikube/kubeadm.yaml --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests,DirAvailable--var-lib-minikube,DirAvailable--var-lib-minikube-etcd,FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml,FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml,FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml,FileAvailable--etc-kubernetes-manifests-etcd.yaml,Port-10250,Swap,Mem,SystemVerification,FileContent--proc-sys-net-bridge-bridge-nf-call-iptables": Process exited with status 1
解决方案
参考https://github.com/kubernetes/minikube/issues/14477,通过指定参数--kubernetes-version=v1.23.8降低Kubernetes版本成功启动,注意在重启前需要删除原来的旧版本的Kubernetes集群
$ minikube start --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --driver=docker --kubernetes-version=v1.23.8😄 minikube v1.26.1 on Ubuntu 22.04🙈 Exiting due to K8S_DOWNGRADE_UNSUPPORTED: Unable to safely downgrade existing Kubernetes v1.24.3 cluster to v1.23.8💡 Suggestion:1) Recreate the cluster with Kubernetes 1.23.8, by running:minikube deleteminikube start --kubernetes-version=v1.23.82) Create a second cluster with Kubernetes 1.23.8, by running:minikube start -p minikube2 --kubernetes-version=v1.23.83) Use the existing cluster at version Kubernetes 1.24.3, by running:minikube start --kubernetes-version=v1.24.3$ minikube delete🔥 Deleting "minikube" in docker ...🔥 Deleting container "minikube" ...🔥 Removing /home/fcant/.minikube/machines/minikube ...💀 Removed all traces of the "minikube" cluster.
旧集群删除完成后,再启动指定Kubernetes版本的集群
$ minikube start --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --driver=docker --kubernetes-version=v1.23.8😄 minikube v1.26.1 on Ubuntu 22.04✨ Using the docker driver based on user configuration✅ Using image repository registry.cn-hangzhou.aliyuncs.com/google_containers📌 Using Docker driver with root privileges👍 Starting control plane node minikube in cluster minikube🚜 Pulling base image ...🔥 Creating docker container (CPUs=2, Memory=2200MB) ...> kubeadm.sha256: 64 B / 64 B [-------------------------] 100.00% ? p/s 0s> kubelet.sha256: 64 B / 64 B [-------------------------] 100.00% ? p/s 0s> kubectl.sha256: 64 B / 64 B [-------------------------] 100.00% ? p/s 0s> kubeadm: 43.12 MiB / 43.12 MiB [-------------] 100.00% 5.73 MiB p/s 7.7s> kubectl: 44.44 MiB / 44.44 MiB [--------------] 100.00% 3.71 MiB p/s 12s> kubelet: 118.78 MiB / 118.78 MiB [------------] 100.00% 6.27 MiB p/s 19s▪ Generating certificates and keys ...▪ Booting up control plane ...▪ Configuring RBAC rules ...🔎 Verifying Kubernetes components...▪ Using image registry.cn-hangzhou.aliyuncs.com/google_containers/storage-provisioner:v5🌟 Enabled addons: storage-provisioner, default-storageclass❗ /usr/local/bin/kubectl is version 1.25.0, which may have incompatibilites with Kubernetes 1.23.8.▪ Want kubectl v1.23.8? Try 'minikube kubectl -- get pods -A'🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
6、启动可视化管理界面Dashboard
$ minikube dashboard --url🤔 Verifying dashboard health ...🚀 Launching proxy ...🤔 Verifying proxy health ...http://127.0.0.1:44581/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
启动kube proxy
$ kubectl proxy --port=8888 --address='0.0.0.0' --accept-hosts='^.*'Starting to serve on [::]:8888
然后使用minikube dashboard --url命令给出的URL(将端口修改为上面的代理端口8888,如果使用的是虚拟机则需要将IP修改为虚拟机的IP),然后在浏览器中访问即可看到如下管理界面:
7、配置tunnel外网访问服务
如果未配置tunnel,EXTERNAL-IP列显示的是pending状态
由于应用部署在集群内部,集群有自己对应的IP,所以外网无法访问,需要用到tunnel。
$ minikube tunnel[sudo] password for fcant:Status:machine: minikubepid: 76873route: 10.96.0.0/12 -> 192.168.49.2minikube: Runningservices: [ingress-nginx]errors:minikube: no errorsrouter: no errorsloadbalancer emulator: no errorsStatus:machine: minikubepid: 76873route: 10.96.0.0/12 -> 192.168.49.2minikube: Runningservices: [ingress-nginx]errors:minikube: no errorsrouter: no errorsloadbalancer emulator: no errors
注意该命令执行需要输入当前用户的登录密码,命令执行示例如下:
然后再检查EXTERNAL-IP,可以发现已经有正确的IP了,并且使用curl去访问能得到正确的响应。
若有收获,就点个赞吧
0 人点赞
