ubuntu16 安装 docker 和K8S指导

2023-05-16

docker安装包
https://download.csdn.net/download/van_peak/10590104

安装docker软件

root@ubuntu-129:/opt/docker# dpkg -i docker-ce_18.06.0_ce_3-0_ubuntu_amd64.deb

查看docker 安装版本

root@ubuntu-129:/opt/docker# docker version
Client:
 Version:           18.06.0-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        0ffa825
 Built:             Wed Jul 18 19:11:02 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.0-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       0ffa825
  Built:            Wed Jul 18 19:09:05 2018
  OS/Arch:          linux/amd64
  Experimental:     false

docker开机启动设置

root@ubuntu-129:/opt/docker# systemctl enable docker
Synchronizing state of docker.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable docker
root@ubuntu-129:/opt/docker# systemctl start docker

2.下载alpine 操作系统镜像

如果本地没有，会从docker远端仓库下载docker镜像

root@ubuntu-129:/opt/docker# docker run -it --rm alpine:latest sh
Unable to find image 'alpine:latest' locally
^C
root@ubuntu-129:/opt/docker# docker run -it --rm alpine:latest sh
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
050382585609: Pull complete
Digest: sha256:6a92cd1fcdc8d8cdec60f33dda4db2cb1fcdcacf3410a8e05b3741f44a9b5998
Status: Downloaded newer image for alpine:latest

配置阿里云docker远端仓库地址

vim /etc/docker/daemon.json

{
"registry-mirror":["https://ozcouvlb.mirror.aliyuncs.com"]
}

使得文件生效，并重启docker：

root@ubuntu-129:~# systemctl  daemon-reload
root@ubuntu-129:~# systemctl  restart docker

以nginx 镜像为例测试新配置的远程仓库下载速度（还是很快的）：

root@ubuntu-129:/opt/docker# docker run -it --rm nginx:latest sh
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
f5d23c7fed46: Pull complete
918b255d86e5: Pull complete
8c0120a6f561: Pull complete
Digest: sha256:eb3320e2f9ca409b7c0aa71aea3cf7ce7d018f03a372564dbdb023646958770b
Status: Downloaded newer image for nginx:latest
root@ubuntu-129:~# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              e445ab08b2be        2 weeks ago         126MB
alpine              latest              b7b28af77ffe        4 weeks ago         5.58MB
root@ubuntu-129:~# vim  /etc/docker/daemon.json
root@ubuntu-129:~# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
bf5f906e9868        nginx:latest        "sh"                3 minutes ago       Up 3 minutes        80/tcp              happy_tereshkova
root@ubuntu-129:~#

安装K8S

配置k8s下载源

vim /etc/apt/sources.list.d/kubernetes.list

deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main

但是更新源后报错调试证书错误：

root@ubuntu-129:~# apt update
命中:1 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial InRelease
获取:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-updates InRelease [109 kB]
获取:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-backports InRelease [107 kB]
获取:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-security InRelease [109 kB]
获取:5 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease [8,993 B]
错误:5 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease
  由于没有公钥，无法验证下列签名： NO_PUBKEY 6A030B21BA07F4FB
命中:6 http://nginx.org/packages/ubuntu xenial InRelease
正在读取软件包列表... 完成
W: GPG 错误：http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease: 由于没有公钥，无法验证下列签名： NO_PUBKEY 6A030B21BA07F4
E: 仓库 “http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease” 没有数字签名。
N: 无法安全地用该源进行更新，所以默认禁用该源。
N: 参见 apt-secure(8) 手册以了解仓库创建和用户配置方面的细节。

解决方案：

添加认证key

运行如下命令

其中recv-keys 是你之前6A030B21BA07F4FB的后8位

gpg --keyserver keyserver.ubuntu.com --recv-keys BA07F4FB

导出你的key

gpg --export --armor BA07F4FB | apt-key add -

再次更新解决

root@ubuntu-129:~# apt update
获取:1 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease [8,993 B]
忽略:2 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial/main amd64 Packages
获取:2 http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial/main amd64 Packages [28.4 kB]
命中:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial InRelease
命中:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-updates InRelease
命中:5 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-backports InRelease
命中:6 https://mirrors.tuna.tsinghua.edu.cn/ubuntu xenial-security InRelease
命中:7 http://nginx.org/packages/ubuntu xenial InRelease
已下载 28.4 kB，耗时 2秒 (11.9 kB/s)
正在读取软件包列表... 完成
正在分析软件包的依赖关系树
正在读取状态信息... 完成
有 413 个软件包可以升级。请执行 ‘apt list --upgradable’ 来查看它们。

禁止基础设施

4.2 K8S系统网络配置

安装K8S

安装k8s

apt update && apt-get install -y kubelet=1.13.1-00 kubernetes-cni=0.6.0-00 kubeadm=1.13.1-00 kubectl=1.13.1-00

设置开机启动

systemctl enable kubelet && systemctl start kubelet

5.2master 和node基础配置

vim /etc/hostname

master ----> node1--->node2

下面这个是ubutu18配置的地址，

因为ubuntu从17.10开始，已放弃在/etc/network/interfaces里固定IP的配置，而是改成netplan方式了。所以这里不会动

network:
  version: 2
  ethernets:
    ens33:   #配置的网卡名称
      dhcp4: false    #dhcp4关闭
      addresses: [192.168.236.177/24]   #设置本机IP及掩码
      gateway4: 192.168.236.2   #设置网关
      nameservers:
          addresses: [192.168.236.2]   #设置DNS
      optional: true

启动master节点（ubuntu-128）

root@ubuntu-128:/home/itcast/working# kubeadm init --config ./kubeadm.conf
[init] Using Kubernetes version: v1.13.1
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [ubuntu-128 localhost] and IPs [192.168.13.128 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [ubuntu-128 localhost] and IPs [192.168.13.128 127.0.0.1 ::1]
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [ubuntu-128 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.13.128]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 33.010980 seconds
[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.13" in namespace kube-system with the configuration for the kubelets in the cluster
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "ubuntu-128" as an annotation
[mark-control-plane] Marking the node ubuntu-128 as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node ubuntu-128 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: abcdef.0123456789abcdef
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 192.168.13.128:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:341f71f586d22b71da8bf5fb9dfb5b72fbc3dbc8377a4752bcb5b1a6a04e84b8

按照提醒执行下面三条指令

root@ubuntu-128:~# mkdir -p $HOME/.kube
root@ubuntu-128:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@ubuntu-128:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config

测试k8s master节点情况

root@ubuntu-128:~# systemctl  enable kubelet
root@ubuntu-128:~# systemctl  start kubelet
root@ubuntu-128:~# kubectl get nodes
NAME         STATUS     ROLES    AGE     VERSION
ubuntu-128   NotReady   master   2m26s   v1.13.1
root@ubuntu-128:~# kubectl get cs
NAME                 STATUS    MESSAGE              ERROR
controller-manager   Healthy   ok
scheduler            Healthy   ok
etcd-0               Healthy   {"health": "true"}

其他node节点想要进入master节点，需要按照以下方式加入到集群中


To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 192.168.13.128:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:341f71f586d22b71da8bf5fb9dfb5b72fbc3dbc8377a4752bcb5b1a6a04e84b8

本文内容由网友自发贡献，版权归原作者所有，本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容，请联系:hwhale#tublm.com(使用前将#替换为@)

Ubuntu16

Docker

k8s