k8s 叢集安裝

Sonui發表於2024-07-19

決定重新搭建一個 k8s 叢集,記錄一下過程。本次使用三臺主機,分別是 master 節點和兩個 worker 節點。

主機配置統一如下:

配置項 配置
OS Ubuntu 22.04.4 LTS x86_64
Kernel 5.15.0-102-generic
CPU AMD Ryzen 7 5700X (16) @ 3.399GHz
Memory 8G
Disk 100G

Cluster 節點資訊如下:

主機名 IP 地址 角色
k8s-master 192.168.2.216 master
k8s-worker-1 192.168.2.215 worker
k8s-worker-2 192.168.2.217 worker

安裝 CRI

這裡選擇使用 containerd 作為 CRI,安裝過程如下:

sonui@k8s-worker-2:~$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 36:3b:1e:33:1f:a4 brd ff:ff:ff:ff:ff:ff
sonui@k8s-worker-2:~$ sudo cat /sys/class/dmi/id/product_uuid
7247c410-2833-4bcf-9757-165f23dcbec4
sonui@k8s-worker-2:~$ sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gpg
sonui@k8s-worker-2:~$ curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
sonui@k8s-worker-2:~$ echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /
sonui@k8s-worker-2:~$ sudo apt-get update && sudo apt-get install -y kubelet kubeadm kubectl && sudo apt-mark hold kubelet kubeadm kubectl
Hit:2 https://cn.archive.ubuntu.com/ubuntu jammy InRelease                  
Get:1 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.29/deb  InRelease [1186 B]
Hit:3 https://cn.archive.ubuntu.com/ubuntu jammy-updates InRelease
Get:4 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.29/deb  Packages [7781 B]
Hit:5 https://cn.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:6 https://cn.archive.ubuntu.com/ubuntu jammy-security InRelease
Fetched 8967 B in 2s (4871 B/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  conntrack cri-tools ebtables ethtool iptables kubernetes-cni libip6tc2 libnetfilter-conntrack3 libnfnetlink0 libnftnl11 socat
Suggested packages:
  nftables firewalld
The following NEW packages will be installed:
  conntrack cri-tools ebtables ethtool iptables kubeadm kubectl kubelet kubernetes-cni libip6tc2 libnetfilter-conntrack3 libnfnetlink0 libnftnl11 socat
0 upgraded, 14 newly installed, 0 to remove and 18 not upgraded.
Need to get 93.3 MB of archives.
After this operation, 350 MB of additional disk space will be used.
Get:6 https://cn.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libip6tc2 amd64 1.8.7-1ubuntu5.2 [20.3 kB]
Get:1 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.29/deb  cri-tools 1.29.0-1.1 [20.1 MB]
Get:7 https://cn.archive.ubuntu.com/ubuntu jammy/main amd64 libnfnetlink0 amd64 1.0.1-3build3 [14.6 kB]
Get:8 https://cn.archive.ubuntu.com/ubuntu jammy/main amd64 libnetfilter-conntrack3 amd64 1.0.9-1 [45.3 kB]
Get:9 https://cn.archive.ubuntu.com/ubuntu jammy/main amd64 libnftnl11 amd64 1.2.1-1build1 [65.5 kB]
Get:10 https://cn.archive.ubuntu.com/ubuntu jammy-updates/main amd64 iptables amd64 1.8.7-1ubuntu5.2 [455 kB]
Get:11 https://cn.archive.ubuntu.com/ubuntu jammy/main amd64 conntrack amd64 1:1.4.6-2build2 [33.5 kB]
Get:12 https://cn.archive.ubuntu.com/ubuntu jammy/main amd64 ebtables amd64 2.0.11-4build2 [84.9 kB]
Get:13 https://cn.archive.ubuntu.com/ubuntu jammy-updates/main amd64 ethtool amd64 1:5.16-1ubuntu0.1 [207 kB]
Get:14 https://cn.archive.ubuntu.com/ubuntu jammy/main amd64 socat amd64 1.7.4.1-3ubuntu4 [349 kB]
Get:2 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.29/deb  kubernetes-cni 1.3.0-1.1 [31.4 MB]
Get:3 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.29/deb  kubelet 1.29.4-2.1 [19.9 MB]                                         
Get:4 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.29/deb  kubectl 1.29.4-2.1 [10.5 MB]                                         
Get:5 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.29/deb  kubeadm 1.29.4-2.1 [10.1 MB]                                         
Fetched 93.3 MB in 11s (8519 kB/s)                                                                                                                                 
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libip6tc2:amd64.
(Reading database ... 66219 files and directories currently installed.)
Preparing to unpack .../00-libip6tc2_1.8.7-1ubuntu5.2_amd64.deb ...
Unpacking libip6tc2:amd64 (1.8.7-1ubuntu5.2) ...
Selecting previously unselected package libnfnetlink0:amd64.
Preparing to unpack .../01-libnfnetlink0_1.0.1-3build3_amd64.deb ...
Unpacking libnfnetlink0:amd64 (1.0.1-3build3) ...
Selecting previously unselected package libnetfilter-conntrack3:amd64.
Preparing to unpack .../02-libnetfilter-conntrack3_1.0.9-1_amd64.deb ...
Unpacking libnetfilter-conntrack3:amd64 (1.0.9-1) ...
Selecting previously unselected package libnftnl11:amd64.
Preparing to unpack .../03-libnftnl11_1.2.1-1build1_amd64.deb ...
Unpacking libnftnl11:amd64 (1.2.1-1build1) ...
Selecting previously unselected package iptables.
Preparing to unpack .../04-iptables_1.8.7-1ubuntu5.2_amd64.deb ...
Unpacking iptables (1.8.7-1ubuntu5.2) ...
Selecting previously unselected package conntrack.
Preparing to unpack .../05-conntrack_1%3a1.4.6-2build2_amd64.deb ...
Unpacking conntrack (1:1.4.6-2build2) ...
Selecting previously unselected package cri-tools.
Preparing to unpack .../06-cri-tools_1.29.0-1.1_amd64.deb ...
Unpacking cri-tools (1.29.0-1.1) ...
Selecting previously unselected package ebtables.
Preparing to unpack .../07-ebtables_2.0.11-4build2_amd64.deb ...
Unpacking ebtables (2.0.11-4build2) ...
Selecting previously unselected package ethtool.
Preparing to unpack .../08-ethtool_1%3a5.16-1ubuntu0.1_amd64.deb ...
Unpacking ethtool (1:5.16-1ubuntu0.1) ...
Selecting previously unselected package kubernetes-cni.
Preparing to unpack .../09-kubernetes-cni_1.3.0-1.1_amd64.deb ...
Unpacking kubernetes-cni (1.3.0-1.1) ...
Selecting previously unselected package socat.
Preparing to unpack .../10-socat_1.7.4.1-3ubuntu4_amd64.deb ...
Unpacking socat (1.7.4.1-3ubuntu4) ...
Selecting previously unselected package kubelet.
Preparing to unpack .../11-kubelet_1.29.4-2.1_amd64.deb ...
Unpacking kubelet (1.29.4-2.1) ...
Selecting previously unselected package kubectl.
Preparing to unpack .../12-kubectl_1.29.4-2.1_amd64.deb ...
Unpacking kubectl (1.29.4-2.1) ...
Selecting previously unselected package kubeadm.
Preparing to unpack .../13-kubeadm_1.29.4-2.1_amd64.deb ...
Unpacking kubeadm (1.29.4-2.1) ...
Setting up libip6tc2:amd64 (1.8.7-1ubuntu5.2) ...
Setting up libnftnl11:amd64 (1.2.1-1build1) ...
Setting up kubectl (1.29.4-2.1) ...
Setting up ebtables (2.0.11-4build2) ...
update-alternatives: using /usr/sbin/ebtables-legacy to provide /usr/sbin/ebtables (ebtables) in auto mode
Setting up socat (1.7.4.1-3ubuntu4) ...
Setting up libnfnetlink0:amd64 (1.0.1-3build3) ...
Setting up cri-tools (1.29.0-1.1) ...
Setting up kubernetes-cni (1.3.0-1.1) ...
Setting up ethtool (1:5.16-1ubuntu0.1) ...
Setting up libnetfilter-conntrack3:amd64 (1.0.9-1) ...
Setting up iptables (1.8.7-1ubuntu5.2) ...
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode
update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode
Setting up conntrack (1:1.4.6-2build2) ...
Setting up kubelet (1.29.4-2.1) ...
Setting up kubeadm (1.29.4-2.1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.6) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.)
debconf: falling back to frontend: Readline
Scanning processes...                                                                                                                                               
Scanning linux images...                                                                                                                                            

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
kubelet set on hold.
kubeadm set on hold.
kubectl set on hold.
sonui@k8s-worker-2:~$ sudo tar Cxzvf /usr/local containerd-1.7.16-linux-amd64.tar.gz 
bin/
bin/containerd-shim-runc-v2
bin/containerd-stress
bin/containerd
bin/containerd-shim-runc-v1
bin/ctr
bin/containerd-shim
sonui@k8s-worker-2:~$ wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service && \
> sudo mv containerd.service /lib/systemd/system/ && \
> sudo systemctl daemon-reload && \
> sudo systemctl enable --now containerd 
--2024-05-09 15:35:50--  https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 198.18.0.23
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|198.18.0.23|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1251 (1.2K) [text/plain]
Saving to: ‘containerd.service’

containerd.service                                100%[==========================================================================================================>]   1.22K  --.-KB/s    in 0s      

2024-05-09 15:35:50 (103 MB/s) - ‘containerd.service’ saved [1251/1251]

mv: cannot move 'containerd.service' to '/lib/systemd/system/containerd.service': Permission denied
sonui@k8s-worker-2:~$ wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service && > sudo mv containerd.service /lib/systemd/system/ && > sudo systemctl daemon-reload && sudo systemctl enable --now containerd
--2024-05-09 15:36:05--  https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 198.18.0.23
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|198.18.0.23|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1251 (1.2K) [text/plain]
Saving to: ‘containerd.service.1’

containerd.service.1                              100%[==========================================================================================================>]   1.22K  --.-KB/s    in 0s      

2024-05-09 15:36:06 (104 MB/s) - ‘containerd.service.1’ saved [1251/1251]

mv: cannot move 'containerd.service' to '/lib/systemd/system/containerd.service': Permission denied
sonui@k8s-worker-2:~$ sudo systemctl daemon-reload
sonui@k8s-worker-2:~$ sudo systemctl enable --now containerd
Failed to enable unit: Unit file containerd.service does not exist.
sonui@k8s-worker-2:~$ ll
total 46836
drwxr-x--- 4 sonui sonui     4096 May  9 15:36 ./
drwxr-xr-x 3 root  root      4096 Apr 17 12:25 ../
-rw------- 1 sonui sonui      259 May  9 12:42 .bash_history
-rw-r--r-- 1 sonui sonui      220 Jan  6  2022 .bash_logout
-rw-r--r-- 1 sonui sonui     3771 Jan  6  2022 .bashrc
drwx------ 2 sonui sonui     4096 Apr 17 12:26 .cache/
-rw-r--r-- 1 sonui sonui      807 Jan  6  2022 .profile
drwx------ 2 sonui sonui     4096 Apr 17 12:25 .ssh/
-rw-r--r-- 1 sonui sonui        0 Apr 17 12:26 .sudo_as_admin_successful
-rw-rw-r-- 1 sonui sonui      180 May  9 15:36 .wget-hsts
-rw-r--r-- 1 sonui sonui 47913222 May  9 15:28 containerd-1.7.16-linux-amd64.tar.gz
-rw-rw-r-- 1 sonui sonui     1251 May  9 15:35 containerd.service
-rw-rw-r-- 1 sonui sonui     1251 May  9 15:36 containerd.service.1
-rw-rw-r-- 1 sonui sonui        0 May  9 15:36 sudo
sonui@k8s-worker-2:~$ rm containerd.service*
sonui@k8s-worker-2:~$ wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
--2024-05-09 15:36:37--  https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 198.18.0.23
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|198.18.0.23|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1251 (1.2K) [text/plain]
Saving to: ‘containerd.service’

containerd.service                                100%[==========================================================================================================>]   1.22K  --.-KB/s    in 0s      

2024-05-09 15:36:37 (108 MB/s) - ‘containerd.service’ saved [1251/1251]

sonui@k8s-worker-2:~$ sudo mv containerd.service /lib/systemd/system/
sonui@k8s-worker-2:~$ sudo systemctl daemon-reload
sonui@k8s-worker-2:~$ sudo systemctl enable --now containerd
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
sonui@k8s-worker-2:~$ wget https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64
--2024-05-09 15:37:44--  https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64
Resolving github.com (github.com)... 198.18.0.74
Connecting to github.com (github.com)|198.18.0.74|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/36960321/d0ba447a-440a-43bd-a9eb-a8a2b071c200?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240509%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240509T153739Z&X-Amz-Expires=300&X-Amz-Signature=7aec0ec31ec98dbd606dd01d5ac35f78865af07746d8c6f73974cfed6a70059b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=36960321&response-content-disposition=attachment%3B%20filename%3Drunc.amd64&response-content-type=application%2Foctet-stream [following]
--2024-05-09 15:37:44--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/36960321/d0ba447a-440a-43bd-a9eb-a8a2b071c200?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240509%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240509T153739Z&X-Amz-Expires=300&X-Amz-Signature=7aec0ec31ec98dbd606dd01d5ac35f78865af07746d8c6f73974cfed6a70059b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=36960321&response-content-disposition=attachment%3B%20filename%3Drunc.amd64&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 198.18.6.233
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|198.18.6.233|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10709696 (10M) [application/octet-stream]
Saving to: ‘runc.amd64’

runc.amd64                                        100%[==========================================================================================================>]  10.21M  9.02MB/s    in 1.1s    

2024-05-09 15:37:46 (9.02 MB/s) - ‘runc.amd64’ saved [10709696/10709696]

sonui@k8s-worker-2:~$ sudo install -m 755 runc.amd64 /usr/local/sbin/runc
sonui@k8s-worker-2:~$ wget https://github.com/containernetworking/plugins/releases/download/v1.4.1/cni-plugins-linux-amd64-v1.4.1.tgz
--2024-05-09 15:38:40--  https://github.com/containernetworking/plugins/releases/download/v1.4.1/cni-plugins-linux-amd64-v1.4.1.tgz
Resolving github.com (github.com)... 198.18.0.74
Connecting to github.com (github.com)|198.18.0.74|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/84575398/856f0a89-6331-497a-86af-60b02836794d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240509%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240509T153841Z&X-Amz-Expires=300&X-Amz-Signature=f1d20ade075f1f5bcdc0a3c215e5bb6cfec76df5bf7887c6a738b6800a62fa32&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=84575398&response-content-disposition=attachment%3B%20filename%3Dcni-plugins-linux-amd64-v1.4.1.tgz&response-content-type=application%2Foctet-stream [following]
--2024-05-09 15:38:41--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/84575398/856f0a89-6331-497a-86af-60b02836794d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240509%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240509T153841Z&X-Amz-Expires=300&X-Amz-Signature=f1d20ade075f1f5bcdc0a3c215e5bb6cfec76df5bf7887c6a738b6800a62fa32&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=84575398&response-content-disposition=attachment%3B%20filename%3Dcni-plugins-linux-amd64-v1.4.1.tgz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 198.18.6.233
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|198.18.6.233|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 46991561 (45M) [application/octet-stream]
Saving to: ‘cni-plugins-linux-amd64-v1.4.1.tgz’

cni-plugins-linux-amd64-v1.4.1.tgz                100%[==========================================================================================================>]  44.81M  18.7MB/s    in 2.4s    

2024-05-09 15:38:44 (18.7 MB/s) - ‘cni-plugins-linux-amd64-v1.4.1.tgz’ saved [46991561/46991561]

sonui@k8s-worker-2:~$ sudo mkdir -p /opt/cni/bin && sudo  tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.4.1.tgz
./
./LICENSE
./host-device
./dummy
./README.md
./firewall
./macvlan
./bridge
./dhcp
./bandwidth
./tuning
./vlan
./ipvlan
./ptp
./static
./loopback
./tap
./host-local
./sbr
./portmap
./vrf
sonui@k8s-worker-2:~$ ctr version
Client:
  Version:  v1.7.16
  Revision: 83031836b2cf55637d7abf847b17134c51b38e53
  Go version: go1.21.9

ctr: failed to dial "/run/containerd/containerd.sock": connection error: desc = "transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
sonui@k8s-worker-2:~$ sudo ctr version
[sudo] password for sonui: 
Client:
  Version:  v1.7.16
  Revision: 83031836b2cf55637d7abf847b17134c51b38e53
  Go version: go1.21.9

Server:
  Version:  v1.7.16
  Revision: 83031836b2cf55637d7abf847b17134c51b38e53
  UUID: 95166d03-6fc0-4748-8165-4a1ffb9a5e0a

sonui@k8s-worker-2:~$ sudo curl -o /etc/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1251  100  1251    0     0   2596      0 --:--:-- --:--:-- --:--:--  2600
sonui@k8s-worker-2:~$ sudo systemctl daemon-reload
sonui@k8s-worker-2:~$ sudo systemctl enable --now containerd
Removed /etc/systemd/system/multi-user.target.wants/containerd.service.
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /etc/systemd/system/containerd.service.
sonui@k8s-worker-2:~$ wget https://github.com/opencontainers/runc/releases/download/v1.1.13/libseccomp-2.5.5.tar.gz
--2024-07-12 16:17:49--  https://github.com/opencontainers/runc/releases/download/v1.1.13/libseccomp-2.5.5.tar.gz
Resolving github.com (github.com)... 198.18.0.19
Connecting to github.com (github.com)|198.18.0.19|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/36960321/4218e064-d5e7-4b91-9312-30b5325ec9b6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240712%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240712T161751Z&X-Amz-Expires=300&X-Amz-Signature=ef50a778c5f266afac04e05cc9a3ca00efffbcfac7225cb1896388e6be6eda81&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=36960321&response-content-disposition=attachment%3B%20filename%3Dlibseccomp-2.5.5.tar.gz&response-content-type=application%2Foctet-stream [following]
--2024-07-12 16:17:50--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/36960321/4218e064-d5e7-4b91-9312-30b5325ec9b6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240712%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240712T161751Z&X-Amz-Expires=300&X-Amz-Signature=ef50a778c5f266afac04e05cc9a3ca00efffbcfac7225cb1896388e6be6eda81&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=36960321&response-content-disposition=attachment%3B%20filename%3Dlibseccomp-2.5.5.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 198.18.1.22
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|198.18.1.22|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 642445 (627K) [application/octet-stream]
Saving to: ‘libseccomp-2.5.5.tar.gz’

libseccomp-2.5.5.tar.gz                                         100%[======================================================================================================================================================>] 627.39K  1.08MB/s    in 0.6s    

2024-07-12 16:17:51 (1.08 MB/s) - ‘libseccomp-2.5.5.tar.gz’ saved [642445/642445]
sonui@k8s-worker-2:~$ tar -zxf libseccomp-2.5.5.tar.gz 
sonui@k8s-worker-2:~$ sudo install -m 755 runc.amd64 /usr/local/sbin/runc
sonui@k8s-worker-2:~$ containerd config default > /etc/containerd/config.toml
-bash: /etc/containerd/config.toml: No such file or directory
sonui@k8s-worker-2:~$ mkdir /etc/containerd/
mkdir: cannot create directory ‘/etc/containerd/’: Permission denied
sonui@k8s-worker-2:~$ sudo mkdir /etc/containerd/
sonui@k8s-worker-2:~$ sudo sh -c 'containerd config default > /etc/containerd/config.toml'
sonui@k8s-worker-2:~$ sudo nano /etc/containerd/config.toml # 搜尋SystemdCgroup 改為true
sonui@k8s-worker-2:~$ sudo systemctl restart containerd



root@k8s-master:/home/sonui# containerd config default > /etc/containerd/config.toml
root@k8s-master:/home/sonui# nano /etc/con
console-setup/ containerd/    
root@k8s-master:/home/sonui# nano /etc/containerd/config.toml 
root@k8s-master:/home/sonui# sudo systemctl restart containerd

執行下面的命令,確保 br_netfilter 模組已載入:

modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/ipv4/ip_forward

執行 kubeadm init 初始化 master 節點:

kubeadm init --pod-network-cidr=192.168.2.0/24 --apiserver-advertise-address=192.168.2.216

安裝發生錯誤,檢視 kubelet 日誌,發現一條錯誤

Jul 12 15:29:34 k8s-master kubelet[8988]: E0712 15:29:34.379885    8988 run.go:74] "command failed" err="failed to run Kubelet: running with swap on is not supported, please disable swap! or set --fail-swap-on flag to false. /proc/swaps contained: [Filename\t\t\t\tType\t\tSize\t\tUsed\t\tPriority /swap.img                               file\t\t4194300\t\t0\t\t-2]"

解決方法是永久關閉 swap 分割槽:

sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

相關文章