这是本节的多页打印视图。点击此处打印.

Kubernetes 运维笔记

1: 手动安装 Kubernetes

1.1: 节点环境准备
1.2: 安装容器运行时 - Containerd
1.3: Kubeadm 引导集群
1.4: 高可用集群
1.5: 常用下载镜像

2: Kubespray 安装 Kubernetes

3: 实战任务集合

3.1: 更换节点容器运行时(CRI)
3.2: 升级集群组件
3.3: 定时备份集群
3.4: Another Task
3.5: NFS 子目录外部配置器
3.6: 快速搭建镜像注册中心

4: 常见问题排查

请在此处填充内容

1 - 手动安装 Kubernetes

记录如何安装单主节点及高可用(HA)Kubernetes集群

本目录记录手动安装 Kubernetes 的基本过程.

请填充内容

1.1 - 节点环境准备

防火墙规则(TCP 入站)

控制面节点 (Master Nodes)

2379-2380,6443,10250,10251,10252

工作节点 (Worker Nodes)

10250,30000-32767

禁用交换分区 | 桥接流量

swapoff -a
sed -i.bak -r 's/(.+ swap .+)/#\1/' /etc/fstab

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

# 设置所需的 sysctl 参数，参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# 应用 sysctl 参数而不重新启动
sudo sysctl --system

1.2 - 安装容器运行时 - Containerd

方法一：从二进制安装包安装

安装 runc 和 cni 插件

从 Github 下载 Release 安装包

安装 runc

sudo install runc.amd64 /usr/local/sbin/runc

安装 cni 插件

$ mkdir -p /opt/cni/bin
$ tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz
./
./macvlan
./static
./vlan
./portmap
./host-local
./vrf
./bridge
./tuning
./firewall
./host-device
./sbr
./loopback
./dhcp
./ptp
./ipvlan
./bandwidth

安装 Containerd

官方文档

$ tar Cxzvf /usr/local containerd-1.6.2-linux-amd64.tar.gz
bin/
bin/containerd-shim-runc-v2
bin/containerd-shim
bin/ctr
bin/containerd-shim-runc-v1
bin/containerd
bin/containerd-stress

创建 config.toml 配置文件

containerd config default > /etc/containerd/config.toml

配置 systemd cgroup 驱动结合 runc 使用 systemd cgroup 驱动，在 /etc/containerd/config.toml 中设置:

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  ...
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true

配置 Systemd

下载 https://raw.githubusercontent.com/containerd/containerd/main/containerd.service 到 /usr/local/lib/systemd/system/containerd.service

systemctl daemon-reload
systemctl enable --now containerd

方法二：从 APT 源安装

# 安装依赖
apt-get update
apt-get install ca-certificates curl gnupg

# 信任 Docker 的 GPG 公钥并添加仓库：
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null

# 安装
apt-get update
apt-get install containerd.io

1.3 - Kubeadm 引导集群

初始化控制面节点


kubeadm init

安装网络插件

网络插件列表

Weave

kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml

1.4 - 高可用集群

kube-apiserver 创建负载均衡器

针对非云环境，使用软件负载平衡选项，这里以 haproxy 为例子

在负载平衡机器节点安装 haproxy

# 配置安装源
curl https://haproxy.debian.net/bernat.debian.org.gpg \
      | gpg --dearmor > /usr/share/keyrings/haproxy.debian.net.gpg
echo deb "[signed-by=/usr/share/keyrings/haproxy.debian.net.gpg]" \
      http://haproxy.debian.net bullseye-backports-2.4 main \
      > /etc/apt/sources.list.d/haproxy.list

# 安装
apt-get update
apt-get install haproxy=2.4.\*

创建 haproxy 配置文件

# Global settings
#---------------------------------------------------------------------
global
    log /dev/log local0
    log /dev/log local1 notice
    daemon

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 1
    timeout http-request    10s
    timeout queue           20s
    timeout connect         5s
    timeout client          20s
    timeout server          20s
    timeout http-keep-alive 10s
    timeout check           10s

#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------
frontend apiserver
    bind *:8443
    mode tcp
    option tcplog
    default_backend apiserverbackend

#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend apiserverbackend
    option httpchk GET /healthz
    http-check expect status 200
    mode tcp
    option ssl-hello-chk
    balance     roundrobin
        server k8s-api1 10.206.0.13:6443 check
        server k8s-api2 10.206.0.14:6443 check
        server k8s-api3 10.206.0.15:6443 check

参考【软件负载平衡选项指南】

重启 haproxy

systemctl restart haproxy

运行结果如下

1.5 - 常用下载镜像

组件	地址
Kubernetes	https://mirrors.tuna.tsinghua.edu.cn/kubernetes/
Kubernetes	https://mirrors.ustc.edu.cn/kubernetes/
Kubernetes二进制	https://www.downloadkubernetes.com/

kubernetes APT 源配置

apt-get update && \
    apt-get install -y apt-transport-https ca-certificates curl && \
    curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg && \
    echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/apt kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list && \
    apt-get update

apt-get update && \
    apt-get install -y apt-transport-https ca-certificates curl && \
    curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg && \
    echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list && \
    apt-get update

常用脚本

kubeadm reset
sudo apt-get purge kubeadm kubectl kubelet kubernetes-cni kube*   
sudo apt-get autoremove  
sudo rm -rf ~/.kube

apt-mark unhold kubeadm kubelet kubectl && \
apt-get update && apt-get install -y kubeadm=1.27.6-00 kubelet=1.27.6-00 kubectl=1.27.6-00 && \
apt-mark hold kubelet kubectl

2 - Kubespray 安装 Kubernetes

Kubespray 安装 Kubernetes

本目录记录Kubespray 安装 Kubernetes 的基本过程.

请填充内容

3 - 实战任务集合

实战任务集合

请在此处填充内容

3.1 - 更换节点容器运行时(CRI)

请填充内容

3.2 - 升级集群组件

请填充内容

3.3 - 定时备份集群

请填充内容

3.4 - Another Task

A short lead description about this content page. It can be bold or italic and can be split over multiple paragraphs.

请在此处填充内容

3.5 - NFS 子目录外部配置器

请填充内容

3.6 - 快速搭建镜像注册中心

请填充内容

4 - 常见问题排查

Kubernetes 集群常见问题排查