k8s环境安装

# 先决条件

以下是一些基本的安装要求：

每个集群节点应该有不同的主机名。主机名不要带下划线。
所有节点的时间同步。
在 k8s 集群的第一个节点上运行sealos run命令，目前集群外的节点不支持集群安装。
建议使用干净的操作系统来创建集群。不要自己装 Docker。
支持大多数 Linux 发行版，例如：Ubuntu CentOS Rocky linux。
支持 DockerHub 中支持的 Kubernetes 版本。
支持使用 containerd 作为容器运行时。
在公有云上请使用私有 IP。

说明

本文以 CentOS7、k8s 1.25.3（文章首次发布于2022-10-30，是当时的最新版）为例
本文固定了 k8s 的版本，防止不同版本存在差异，当你了解了某一版本的安装与使用，自己就可以尝试其他版本的安装了
2022-11-18，经过测试，当前时间的最新版：1.25.4，同样适用于本文章
由于 k8s 1.24 及之后的版本使用的是 containerd，之前的版本是 docker，故此文都安装并配置了，可以修改 k8s 的版本号进行学习、测试。

linux 服务器 2台

服务器信息	主节点	node
主机名	master	node1
IP	192.168.115.135	192.168.115.136

# 安装

# 安装所需工具

sudo yum -y install vim
sudo yum -y install wget

1
2

# 将主机名指向本机IP，主机名只能包含：字母、数字、-（横杠）、.（点）

a. 获取主机名

hostname

b. 永久设置主机名

sudo echo 'master' > /etc/hostname

c. 编辑 hosts

sudo vim /etc/hosts

主节点：设置IP

192.168.115.135  master

node 节点：设置IP

192.168.115.136  node1

# 安装并配置 ntpdate，同步时间

sudo yum -y install ntpdate
sudo ntpdate ntp1.aliyun.com
sudo systemctl status ntpdate
sudo systemctl start ntpdate
sudo systemctl status ntpdate
sudo systemctl enable ntpdate

1
2
3
4
5
6

# 安装并配置 bash-completion，添加命令自动补充

sudo yum -y install bash-completion
source /etc/profile

1
2

# 关闭防火墙、或者开通指定端口

sudo systemctl stop firewalld.service 
sudo systemctl disable firewalld.service

1
2

# 主节点master (生产环境放开指定端口)
firewall-cmd --zone=public --add-port=6443/tcp --permanent # Kubernetes API server	所有
firewall-cmd --zone=public --add-port=2379/tcp --permanent # etcd server client API	kube-apiserver, etcd
firewall-cmd --zone=public --add-port=2380/tcp --permanent # etcd server client API	kube-apiserver, etcd
firewall-cmd --zone=public --add-port=10250/tcp --permanent # Kubelet API	自身, 控制面
firewall-cmd --zone=public --add-port=10259/tcp --permanent # kube-scheduler	自身
firewall-cmd --zone=public --add-port=10257/tcp --permanent # kube-controller-manager	自身
firewall-cmd --zone=trusted --add-source=192.168.80.60 --permanent # 信任集群中各个节点的IP
firewall-cmd --zone=trusted --add-source=192.168.80.16 --permanent # 信任集群中各个节点的IP
firewall-cmd --add-masquerade --permanent # 端口转发
firewall-cmd --reload
firewall-cmd --list-all
firewall-cmd --list-all --zone=trusted

# 工作节点node1
firewall-cmd --zone=public --add-port=10250/tcp --permanent # Kubelet API	自身, 控制面
firewall-cmd --zone=public --add-port=30000-32767/tcp --permanent # NodePort Services†	所有
firewall-cmd --zone=trusted --add-source=192.168.80.60 --permanent # 信任集群中各个节点的IP
firewall-cmd --zone=trusted --add-source=192.168.80.16 --permanent # 信任集群中各个节点的IP
firewall-cmd --add-masquerade --permanent # 端口转发
firewall-cmd --reload
firewall-cmd --list-all
firewall-cmd --list-all --zone=trusted

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

# 关闭交换空间

sudo swapoff -a
sudo sed -i 's/.*swap.*/#&/' /etc/fstab

1
2

# 关闭 selinux

getenforce
cat /etc/selinux/config
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config

1
2
3
4
5

# 安装 Containerd、Docker

Docker 不是必须的，k8s 1.24.0 开始使用 Containerd 替代 Docker，但还是推荐安装 Docker，原因：在k8s中构建Docker镜像时使用，需要在GitLab Runner 中配置如下，详情参见：

/etc/containerd/config.toml 中的 SystemdCgroup = true 的优先级高于 /etc/docker/daemon.json 中的 cgroupdriver

# https://docs.docker.com/engine/install/centos/
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 
# yum --showduplicates list docker-ce
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo yum install -y containerd

# 启动 docker 时，会启动 containerd
# sudo systemctl status containerd.service
sudo systemctl stop containerd.service

sudo cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
sudo containerd config default > $HOME/config.toml
sudo cp $HOME/config.toml /etc/containerd/config.toml
# 修改 /etc/containerd/config.toml 文件后，要将 docker、containerd 停止后，再启动
sudo sed -i "s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
# https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#containerd-systemd
# 确保 /etc/containerd/config.toml 中的 disabled_plugins 内不存在 cri
sudo sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml

# containerd 忽略证书验证的配置
#      [plugins."io.containerd.grpc.v1.cri".registry.configs]
#        [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.0.12:8001".tls]
#          insecure_skip_verify = true


sudo systemctl enable --now containerd.service
# sudo systemctl status containerd.service

# sudo systemctl status docker.service
sudo systemctl start docker.service
# sudo systemctl status docker.service
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep docker

sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://hnkfbj7x.mirror.aliyuncs.com"],
    "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

sudo systemctl daemon-reload
sudo systemctl restart docker
sudo docker info

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

sudo systemctl status docker.service

sudo systemctl status containerd.service

# 添加阿里云 k8s 镜像仓库

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
# 是否开启本仓库
enabled=1
# 是否检查 gpg 签名文件
gpgcheck=0
# 是否检查 gpg 签名文件
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

1
2
3
4
5
6
7
8
9
10
11
12

# 安装 k8s 1.25.3 所需依赖

# 设置所需的 sysctl 参数，参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

1
2
3
4
5
6

# 应用 sysctl 参数而不重新启动
sudo sysctl --system

1
2

# yum --showduplicates list kubelet --nogpgcheck
# yum --showduplicates list kubeadm --nogpgcheck
# yum --showduplicates list kubectl --nogpgcheck

# 2023-02-07，经过测试，版本号：1.24.0，同样适用于本文章
# sudo yum install -y kubelet-1.24.0-0 kubeadm-1.24.0-0 kubectl-1.24.0-0 --disableexcludes=kubernetes --nogpgcheck

# 如果你看到有人说 node 节点不需要安装 kubectl，其实这种说法是错的，kubectl 会被当做依赖安装，如果安装过程没有指定 kubectl 的版本，则会安装最新版的 kubectl，可能会导致程序运行异常
sudo yum install -y kubelet-1.25.3-0 kubeadm-1.25.3-0 kubectl-1.25.3-0 --disableexcludes=kubernetes --nogpgcheck

# 2022-11-18，经过测试，版本号：1.25.4，同样适用于本文章
# sudo yum install -y kubelet-1.25.4-0 kubeadm-1.25.4-0 kubectl-1.25.4-0 --disableexcludes=kubernetes --nogpgcheck

# 2023-02-07，经过测试，版本号：1.25.5，同样适用于本文章
# sudo yum install -y kubelet-1.25.5-0 kubeadm-1.25.5-0 kubectl-1.25.5-0 --disableexcludes=kubernetes --nogpgcheck

# 2023-02-07，经过测试，版本号：1.25.6，同样适用于本文章
# sudo yum install -y kubelet-1.25.6-0 kubeadm-1.25.6-0 kubectl-1.25.6-0 --disableexcludes=kubernetes --nogpgcheck

# 2023-02-07，经过测试，版本号：1.26.0，同样适用于本文章
# sudo yum install -y kubelet-1.26.0-0 kubeadm-1.26.0-0 kubectl-1.26.0-0 --disableexcludes=kubernetes --nogpgcheck

# 2023-02-07，经过测试，版本号：1.26.1，同样适用于本文章
# sudo yum install -y kubelet-1.26.1-0 kubeadm-1.26.1-0 kubectl-1.26.1-0 --disableexcludes=kubernetes --nogpgcheck

# 2023-03-02，经过测试，版本号：1.26.2，同样适用于本文章
# sudo yum install -y kubelet-1.26.2-0 kubeadm-1.26.2-0 kubectl-1.26.2-0 --disableexcludes=kubernetes --nogpgcheck

# 安装最新版，生产时不建议
# sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes --nogpgcheck

systemctl daemon-reload
sudo systemctl restart kubelet
sudo systemctl enable kubelet

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

# 查看kubelet日志

# k8s 未初始化时，kubelet 可能无法启动
journalctl -xefu kubelet

1
2

# 查看kubelet状态

# k8s 未初始化时，kubelet 可能无法启动
sudo systemctl status kubelet

1
2

警告

已上命令需要在控制面板与node节点执行，并确保没有错误与警告

# 主节点：初始化

kubeadm init --image-repository=registry.aliyuncs.com/google_containers
# 指定集群的IP
# kubeadm init --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.80.60

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubectl cluster-info

# 初始化失败后，可进行重置，重置命令：kubeadm reset

# 执行成功后，会出现类似下列内容：
# kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
# --discovery-token-ca-cert-hash sha256:4e23156e2f71c5df52dfd2b9b198cce5db27c47707564684ea74986836900107 	

#
# kubeadm token create --print-join-command

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

# node 节点：加入集群

# 运行的内容来自上方执行结果
kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
--discovery-token-ca-cert-hash sha256:4e23156e2f71c5df52dfd2b9b198cce5db27c47707564684ea74986836900107 

#
# kubeadm token create --print-join-command

# kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
# --discovery-token-unsafe-skip-ca-verification

1
2
3
4
5
6
7
8
9

# 控制面板：

kubectl get pods --all-namespaces -o wide

可以查看到 coredns-* 的状态是 Pending，nodes 为 NotReady，原因是网络还未配置

[root@k8s ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                          READY   STATUS    RESTARTS   AGE     IP              NODE            NOMINATED NODE   READINESS GATES
kube-system   coredns-c676cc86f-4lncg       0/1     Pending   0          3m19s   <none>          <none>          <none>           <none>
kube-system   coredns-c676cc86f-7n9wv       0/1     Pending   0          3m19s   <none>          <none>          <none>           <none>
kube-system   etcd-k8s                      1/1     Running   0          3m26s   192.168.80.60   k8s             <none>           <none>
kube-system   kube-apiserver-k8s            1/1     Running   0          3m23s   192.168.80.60   k8s             <none>           <none>
kube-system   kube-controller-manager-k8s   1/1     Running   0          3m23s   192.168.80.60   k8s             <none>           <none>
kube-system   kube-proxy-87lx5              1/1     Running   0          81s     192.168.0.18    centos-7-9-16   <none>           <none>
kube-system   kube-proxy-rctn6              1/1     Running   0          3m19s   192.168.80.60   k8s             <none>           <none>
kube-system   kube-scheduler-k8s            1/1     Running   0          3m23s   192.168.80.60   k8s             <none>           <none>
[root@k8s ~]#

1
2
3
4
5
6
7
8
9
10
11

kubectl get nodes -o wide

[root@k8s ~]# kubectl get nodes -o wide
NAME            STATUS     ROLES           AGE     VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION           CONTAINER-RUNTIME
centos-7-9-16   NotReady   <none>          7m58s   v1.25.3   192.168.0.18    <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   containerd://1.6.9
k8s             NotReady   control-plane   10m     v1.25.3   192.168.80.60   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   containerd://1.6.9
[root@k8s ~]#

1
2
3
4
5

# 控制面板：配置网络，选择 Calico 配置

Kubernetes 版本	Calico 版本	Calico 文档	地址
1.22、1.23、1.24	3.24	https://projectcalico.docs.tigera.io/archive/v3.24/getting-started/kubernetes/requirements	https://projectcalico.docs.tigera.io/archive/v3.24/manifests/calico.yaml
1.22、1.23、1.24	3.25	https://projectcalico.docs.tigera.io/archive/v3.25/getting-started/kubernetes/requirements	https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml

# 下载
wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml

1
2

# 修改 calico.yaml 文件
vim calico.yaml

1
2

# 在 - name: CLUSTER_TYPE 下方添加如下内容
- name: CLUSTER_TYPE
  value: "k8s,bgp"
  # 下方为新增内容
- name: IP_AUTODETECTION_METHOD
  value: "interface=网卡名称"

1
2
3
4
5
6

ip addr
#找到如下网卡ens33 默认为ens开头的。

1
2

 ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:93:58:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.115.135/24 brd 192.168.115.255 scope global noprefixroute dynamic ens33
valid_lft 1620sec preferred_lft 1620sec
inet6 fe80::49d7:da5b:d794:d60e/64 scope link noprefixroute
valid_lft forever preferred_lft forever

1
2
3
4
5
6

# 配置网络
kubectl apply -f calico.yaml

1
2

# 控制面板：等待几分钟后，再次查看 pods、nodes

kubectl get nodes -o wide

[root@k8s ~]# kubectl get nodes -o wide
NAME            STATUS   ROLES           AGE   VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION           CONTAINER-RUNTIME
centos-7-9-16   Ready    <none>          23m   v1.25.3   192.168.80.16   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   containerd://1.6.9
k8s             Ready    control-plane   25m   v1.25.3   192.168.80.60   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   containerd://1.6.9
[root@k8s ~]#

1
2
3
4
5

kubectl get pods --all-namespaces -o wide

[root@k8s ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                                      READY   STATUS    RESTARTS            AGE   IP              NODE            NOMINATED NODE   READINESS GATES
kube-system   calico-kube-controllers-f79f7749d-rkqgw   1/1     Running   2 (52s ago)         17m   172.16.77.9     k8s             <none>           <none>
kube-system   calico-node-7698p                         0/1     Running   2 (52s ago)         17m   192.168.80.60   k8s             <none>           <none>
kube-system   calico-node-tvhnb                         0/1     Running   0                   17m   192.168.80.16   centos-7-9-16   <none>           <none>
kube-system   coredns-c676cc86f-4lncg                   1/1     Running   2 (52s ago)         25m   172.16.77.8     k8s             <none>           <none>
kube-system   coredns-c676cc86f-7n9wv                   1/1     Running   2 (52s ago)         25m   172.16.77.7     k8s             <none>           <none>
kube-system   etcd-k8s                                  1/1     Running   2 (52s ago)         25m   192.168.80.60   k8s             <none>           <none>
kube-system   kube-apiserver-k8s                        1/1     Running   2 (52s ago)         25m   192.168.80.60   k8s             <none>           <none>
kube-system   kube-controller-manager-k8s               1/1     Running   2 (52s ago)         25m   192.168.80.60   k8s             <none>           <none>
kube-system   kube-proxy-87lx5                          1/1     Running   1 (<invalid> ago)   23m   192.168.80.16   centos-7-9-16   <none>           <none>
kube-system   kube-proxy-rctn6                          1/1     Running   2 (52s ago)         25m   192.168.80.60   k8s             <none>           <none>
kube-system   kube-scheduler-k8s                        1/1     Running   2 (52s ago)         25m   192.168.80.60   k8s             <none>           <none>
[root@k8s ~]#

1
2
3
4
5
6
7
8
9
10
11
12
13
14

# 至此，k8s安装与配置已完成，下面内容是测试。

控制面板：创建 nginx 服务
vim nginx.yaml

1
2

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.23.2
        ports:
        - containerPort: 80

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

kubectl apply -f nginx.yaml

# 如要编辑则：
# kubectl edit deployment nginx-deployment

1
2
3
4

#等待几分钟后查看
kubectl get pods --all-namespaces -o wide

1
2

[root@k8s ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                                      READY   STATUS    RESTARTS            AGE     IP               NODE            NOMINATED NODE   READINESS GATES
default       nginx-deployment-86956f97b8-nfv2l         1/1     Running   0                   3m30s   172.16.132.193   centos-7-9-16   <none>           <none>
default       nginx-deployment-86956f97b8-x26kx         1/1     Running   0                   3m30s   172.16.132.194   centos-7-9-16   <none>           <none>
kube-system   calico-kube-controllers-f79f7749d-rkqgw   1/1     Running   2 (9m37s ago)       26m     172.16.77.9      k8s             <none>           <none>
kube-system   calico-node-7698p                         0/1     Running   2 (9m37s ago)       26m     192.168.80.60    k8s             <none>           <none>
kube-system   calico-node-tvhnb                         0/1     Running   0                   26m     192.168.80.16    centos-7-9-16   <none>           <none>
kube-system   coredns-c676cc86f-4lncg                   1/1     Running   2 (9m37s ago)       34m     172.16.77.8      k8s             <none>           <none>
kube-system   coredns-c676cc86f-7n9wv                   1/1     Running   2 (9m37s ago)       34m     172.16.77.7      k8s             <none>           <none>
kube-system   etcd-k8s                                  1/1     Running   2 (9m37s ago)       34m     192.168.80.60    k8s             <none>           <none>
kube-system   kube-apiserver-k8s                        1/1     Running   2 (9m37s ago)       34m     192.168.80.60    k8s             <none>           <none>
kube-system   kube-controller-manager-k8s               1/1     Running   2 (9m37s ago)       34m     192.168.80.60    k8s             <none>           <none>
kube-system   kube-proxy-87lx5                          1/1     Running   1 (<invalid> ago)   32m     192.168.80.16    centos-7-9-16   <none>           <none>
kube-system   kube-proxy-rctn6                          1/1     Running   2 (9m37s ago)       34m     192.168.80.60    k8s             <none>           <none>
kube-system   kube-scheduler-k8s                        1/1     Running   2 (9m37s ago)       34m     192.168.80.60    k8s             <none>           <none>
[root@k8s ~]#

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

# 控制面板：查看pod,svc
kubectl get pod,svc -o wide

1
2

[root@k8s ~]# kubectl get pods -o wide
NAME                                READY   STATUS    RESTARTS   AGE     IP               NODE            NOMINATED NODE   READINESS GATES
nginx-deployment-86956f97b8-nfv2l   1/1     Running   0          4m31s   172.16.132.193   centos-7-9-16   <none>           <none>
nginx-deployment-86956f97b8-x26kx   1/1     Running   0          4m31s   172.16.132.194   centos-7-9-16   <none>           <none>
[root@k8s ~]#

1
2
3
4
5

# 控制面板：设置服务

kubectl expose deployment nginx-deployment --type=NodePort --name=nginx-service

# 控制面板：查看pod,svc
kubectl get pod,svc -o wide

1
2

[root@localhost ~]# kubectl get pod,svc -o wide
NAME                                    READY   STATUS    RESTARTS   AGE     IP       NODE     NOMINATED NODE   READINESS GATES
pod/nginx-deployment-86956f97b8-c94nd   0/1     Pending   0          7m52s   <none>   <none>   <none>           <none>
pod/nginx-deployment-86956f97b8-cbr9r   0/1     Pending   0          7m52s   <none>   <none>   <none>           <none>

NAME                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE   SELECTOR
service/kubernetes      ClusterIP   10.96.0.1       <none>        443/TCP        32m   <none>
service/nginx-service   NodePort    10.104.191.36   <none>        80:30347/TCP   11s   app=nginx

1
2
3
4
5
6
7
8
9

curl -v http://192.168.115.135:30347

[root@localhost ~]# curl -v http://192.168.115.135:30347/
* About to connect() to 192.168.115.135 port 30347 (#0)
*   Trying 192.168.115.135...
* Connected to 192.168.115.135 (192.168.115.135) port 30347 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.115.135:30347
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.23.2
< Date: Sat, 11 Mar 2023 10:04:39 GMT
< Content-Type: text/html
< Content-Length: 615
< Last-Modified: Wed, 19 Oct 2022 07:56:21 GMT
< Connection: keep-alive
< ETag: "634fada5-267"
< Accept-Ranges: bytes
< 
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
* Connection #0 to host 192.168.115.135 left intact

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

提示

可以看到：重启前后 pod/nginx-deployment-* IP 发生了变化，service/nginx-service 的 IP 与端口没有发生变化，可在后面使用 service/nginx-service 的端口

# Token 相关命令

# 控制平面节点上运行以下命令来获取令牌

kubeadm token list

# 默认情况下，令牌会在 24 小时后过期，可以通过在控制平面节点上运行以下命令来创建新令牌


kubeadm token create

1
2

# 错误说明

# 提示：/proc/sys/net/bridge/bridge-nf-call-iptables

error execution phase preflight: [preflight] Some fatal errors occurred:
	[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

1
2
3
4

# 执行命令
# 如果报错 sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory，可以先执行 modprobe br_netfilter
sysctl -w net.bridge.bridge-nf-call-iptables=1

1
2
3

# 提示：/proc/sys/net/ipv4/ip_forward

# 执行命令
sysctl -w net.ipv4.ip_forward=1

1
2

# 控制面板（master）作为node使用（去污）

注意：此处的命令可能和你在网上看到去污命令不同，原因是k8s的版本不同

# https://kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#control-plane-node-isolation
kubectl taint nodes --all node-role.kubernetes.io/control-plane-

# 1.24.0 版本需要使用下列命令去污
# kubectl taint nodes --all node-role.kubernetes.io/master-

1
2
3
4
5

# 可使用下列命令查看当前软件的去污的命令参数

kubectl get no -o yaml | grep taint -A 10

# 文档

#k8s

Last Updated: 2024/11/16, 10:54:20

← php环境部署 golang微服务部署→