初始化k8s多结点集群

本文涉及的产品
服务治理 MSE Sentinel/OpenSergo,Agent数量 不受限
简介: 在Ubuntu22.04.3 LTS上设置k8s多节点集群,采用Docker v24.0.6、kubeadm v1.28和cir-dockerd v0.3.4。首先安装docker和cri-dockerd,更新k8s三件套至v1.28。然后,参照官方文档进行`kubeadm init`初始化集群,配置包括自定义镜像仓库、控制面端点等。成功初始化后,显示了相关证书和配置信息。最后,提供了一些额外的kubectl命令以管理节点。

初始化k8s多结点集群

本实践将在 Ubuntu 22.04.3LTS 系统上进行安装测试
docker版本 24.0.6
kubeadm版本 v1.28 次新版本
cir-docker 版本 v0.3.4 用来适配docker和k8s

基础软件安装


# docker 当前版本 Client: Docker Engine - Community
 Version:    24.0.6
# cri-dockerd 当前版本v0.3.4 https://github.com/Mirantis/cri-dockerd

wget ...../v0.3.4/cri-dockerd_0.3.4.3-0.ubuntu-jammy_amd64.deb
apt install ./cri-dockerd_0.3.4.3-0.ubuntu-jammy_amd64.deb
vim /lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9

#systemctl daemon-reload
#systemctl restart cri-docker

# 更新安装三件套
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

apt-mark unhold kubelet kubeadm kubectl
apt-get autoremove kubelet kubeadm kubectl
apt-get update
#apt-cache madison kubelet
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl

创建集群

官方资料参考 创建集群

# https://kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/ 
# 安装配置集群
# kubeadm init --help
kubeadm init \
    --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
    --control-plane-endpoint="home.local.com" \
    --apiserver-advertise-address= local_ip \
    --pod-network-cidr=10.10.0.0/16 \
    --service-cidr=10.20.0.0/16 \
    --token-ttl=0 \
    --cri-socket unix:///run/cri-dockerd.sock \
    --upload-certs

# kubeadm config images list --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
# kubeadm config images pull --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers

kubeadm reset --cri-socket unix:///run/cri-dockerd.sock
# unix:///var/run/containerd/containerd.sock
##################
kubectl taint nodes --all node-role.kubernetes.io/control-plane-

kubectl label node slave-node node-role.kubernetes.io/worker=worker
###################################  
vim /etc/kubernetes/manifests/kube-apiserver.yaml
- kube-apiserver
###################################

安装成功提示日志

[init] Using Kubernetes version: v1.28.2
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [aip-dev.jianke.com aip-master-node kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.20.0.1 172.17.240.83]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [aip-master-node localhost] and IPs [172.17.xxx.xxx 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [aip-master-node localhost] and IPs [172.17.xxx.xxx 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
W0927 11:49:39.433405   10590 endpoint.go:57] [endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[kubeconfig] Writing "admin.conf" kubeconfig file
W0927 11:49:39.570771   10590 endpoint.go:57] [endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[kubeconfig] Writing "kubelet.conf" kubeconfig file
W0927 11:49:39.880883   10590 endpoint.go:57] [endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
W0927 11:49:40.024566   10590 endpoint.go:57] [endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 8.587821 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
be68bf0d7c0b60c085ddccacb6604a5ec1574560d0070ebb863ebe0557e85335
[mark-control-plane] Marking the node aip-master-node as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node aip-master-node as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
[bootstrap-token] Using token: laq5s9.rsniw4r91yhh0d9d
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
W0927 11:49:51.443749   10590 endpoint.go:57] [endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join home.local.com:6448 --token laq5s9.rsniw4r91yhh0d9d \
    --discovery-token-ca-cert-hash sha256:c67fbcc90d026413c544e11171276f10dc6c2d441976f361cc96698cb1a8180fe4d \
    --control-plane --certificate-key be68bf0d7c0b60c085dd2ccacb6604a5e2c1574560d0070ebb863ebe0557e85335 \
        --cri-socket unix:///run/cri-dockerd.sock

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join home.local.com:6448 --token laq5s9.rsniw4r91yhh0d9d \
    --discovery-token-ca-cert-hash sha256:c67fbcc910d0643c544e11171276f210dc6cd441976f361cc96698cb1a8180fe4d \
        --cri-socket unix:///run/cri-dockerd.sock

其他命令参考

kubectl drain aip-slave-node --ignore-daemonsets --delete-emptydir-data
kubectl delete node aip-slave-node
相关实践学习
容器服务Serverless版ACK Serverless 快速入门:在线魔方应用部署和监控
通过本实验,您将了解到容器服务Serverless版ACK Serverless 的基本产品能力,即可以实现快速部署一个在线魔方应用,并借助阿里云容器服务成熟的产品生态,实现在线应用的企业级监控,提升应用稳定性。
云原生实践公开课
课程大纲 开篇:如何学习并实践云原生技术 基础篇: 5 步上手 Kubernetes 进阶篇:生产环境下的 K8s 实践 相关的阿里云产品:容器服务 ACK 容器服务 Kubernetes 版(简称 ACK)提供高性能可伸缩的容器应用管理能力,支持企业级容器化应用的全生命周期管理。整合阿里云虚拟化、存储、网络和安全能力,打造云端最佳容器化应用运行环境。 了解产品详情: https://www.aliyun.com/product/kubernetes
目录
相关文章
|
14天前
|
Kubernetes 微服务 容器
Aspire项目发布到远程k8s集群
Aspire项目发布到远程k8s集群
48 2
Aspire项目发布到远程k8s集群
|
2天前
|
Kubernetes Cloud Native 微服务
微服务实践之使用 kube-vip 搭建高可用 Kubernetes 集群
微服务实践之使用 kube-vip 搭建高可用 Kubernetes 集群
12 3
|
4天前
|
Kubernetes 数据处理 调度
天呐!部署 Kubernetes 模式的 Havenask 集群太震撼了!
【6月更文挑战第11天】Kubernetes 与 Havenask 集群结合,打造高效智能的数据处理解决方案。Kubernetes 如指挥家精准调度资源,Havenask 快速响应查询,简化复杂任务,优化资源管理。通过搭建 Kubernetes 环境并配置 Havenask,实现高可扩展性和容错性,保障服务连续性。开发者因此能专注业务逻辑,享受自动化基础设施管理带来的便利。这项创新技术组合引领未来,开启数据处理新篇章。拥抱技术新时代!
|
4天前
|
Kubernetes 前端开发 Serverless
Serverless 应用引擎产品使用合集之如何调用Kubernetes集群内服务
阿里云Serverless 应用引擎(SAE)提供了完整的微服务应用生命周期管理能力,包括应用部署、服务治理、开发运维、资源管理等功能,并通过扩展功能支持多环境管理、API Gateway、事件驱动等高级应用场景,帮助企业快速构建、部署、运维和扩展微服务架构,实现Serverless化的应用部署与运维模式。以下是对SAE产品使用合集的概述,包括应用管理、服务治理、开发运维、资源管理等方面。
|
15天前
|
运维 Kubernetes 调度
【kubernetes】关于k8s集群的污点、容忍、驱逐以及k8s集群故障排查思路
【kubernetes】关于k8s集群的污点、容忍、驱逐以及k8s集群故障排查思路
|
15天前
|
Kubernetes 微服务 容器
Aspire项目发布到win11本地k8s集群
Aspire项目发布到win11本地k8s集群
19 0
Aspire项目发布到win11本地k8s集群
|
16天前
|
运维 Prometheus 监控
Kubernetes 集群的监控与维护策略
【5月更文挑战第30天】 在微服务架构日益普及的背景下,容器编排工具如Kubernetes成为确保服务高效运行的关键。本文聚焦于Kubernetes集群的监控和维护,首先探讨了监控系统的重要性及其对集群健康的影响,随后详细介绍了一套综合监控策略,包括节点性能监控、应用服务质量跟踪以及日志管理等方面。此外,文章还提出了一系列实用的集群维护技巧和最佳实践,旨在帮助运维人员预防故障发生,快速定位问题,并确保集群长期稳定运行。
|
16天前
|
Prometheus 监控 Kubernetes
Kubernetes 集群的监控与日志管理实践深入理解PHP的命名空间与自动加载机制
【5月更文挑战第30天】 在容器化和微服务架构日益普及的背景下,Kubernetes 已成为众多企业的首选容器编排工具。然而,随之而来的挑战是集群的监控与日志管理。本文将深入探讨 Kubernetes 集群监控的最佳实践,包括节点资源使用情况、Pods 健康状态以及网络流量分析等关键指标的监控方法。同时,我们也将讨论日志聚合、存储和查询策略,以确保快速定位问题并优化系统性能。文中将介绍常用的开源工具如 Prometheus 和 Fluentd,并分享如何结合这些工具构建高效、可靠的监控和日志管理系统。
|
16天前
|
Prometheus 监控 Kubernetes
Kubernetes 集群的监控与维护最佳实践
【5月更文挑战第30天】 在现代云计算环境中,容器编排工具如Kubernetes已成为部署和管理微服务的关键。随着其日益广泛的应用,对集群进行有效的监控和维护显得尤为重要。本文将深入探讨Kubernetes集群监控的策略,并分享维护的最佳实践,以确保系统的稳定性和性能优化。我们将从监控工具的选择、关键指标的跟踪到故障排除流程等方面进行详细阐述,并提供实用的操作建议。
|
16天前
|
存储 运维 Kubernetes
Kubernetes 集群的持续性能优化策略
【5月更文挑战第30天】 在动态且日益复杂的云计算环境中,保持 Kubernetes 集群的高性能和稳定性是一个持续的挑战。本文将探讨一系列实用的性能优化策略,旨在帮助运维专家识别并解决可能影响集群性能的问题。我们将从节点资源配置、网络优化、存储管理以及集群监控等方面入手,提供一系列经过实践检验的调优技巧,并分享最佳实践案例。这些策略不仅有助于提升现有集群的性能,也为规划新的 Kubernetes 部署提供了参考依据。