k8s环境搭建

1.安装前环境清理：

找到安装时的节点，进入kubeasz容器，进入/etc/ansible目录：

查看docker运行的项目：docker ps

使用名称或id进入kubeasz的容器：docker exec -it a5f466748bc6 bash

进入/etc/ansible目录：cd  /etc/ansible/

bash-4.4# ls

01.prepare.yml         04.kube-master.yml     11.harbor.yml          90.setup.yml           README.md              bin                    example                manifests              tools

02.etcd.yml            05.kube-node.yml       22.upgrade.yml         91.start.yml           a                      dockerfiles            gcluster-service.yaml  pics

03.containerd.yml      06.network.yml         23.backup.yml          92.stop.yml            ansible.cfg            docs                   hosts                  pssh

03.docker.yml          07.cluster-addon.yml   24.restore.yml         99.clean.yml           ansible.cfg.rpmnew     down                   hosts.rpmnew           roles

执行清理命令：

bash-4.4# ansible-playbook 99.clean.yml

卸载后检查：

检查各节点etcd.service、kube-apiserver、kubelet是否都卸载干净(例：systemctl status etcd)

卸载后建议重启一下节点。

###建议找几个环境比较干净的节点去搭建，能少解决非常多问题

#安装节点可以独立于k8s集群，也可以是k8s集群中的节点

2.安装前准备-->配置k8s集群各节点间互信、安装节点和k8s集群节点互信

配置互信命令：ssh-copy-id <ip>

遇到的问题：

①[root@songyanling-node-3 ~]# ssh-copy-id 10.10.11.16

/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': No such file or directory

        (to install the contents of '/root/.pub' anyway, look at the -f option)

解决方法：ssh-keygen -t dsa，回车回车回车，然后再次配置互信

②[root@jubin-node-1-0 ~]# ssh-copy-id 10.10.3.74

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

ERROR: @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!

ERROR: It is also possible that a host key has just been changed.

ERROR: The fingerprint for the ECDSA key sent by the remote host is

ERROR: SHA256:EQzIyLTcC1ZLWi+c9Kf+sLD7G9yQJhwiImwebLs6C28.

ERROR: Please contact your system administrator.

ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message.

ERROR: Offending ECDSA key in /root/.ssh/known_hosts:21

ERROR: ECDSA host key for 10.10.3.74 has changed and you have requested strict checking.

ERROR: Host key verification failed.

解决方法：在执行节点上删除/root/.ssh/known_hosts后，再次执行互信

3.安装-->在安装节点上安装docker、安装ansible并启动

①安装并启动docker：

在10.10.55.76节点上有docker安装包：/opt/docker-ce-1703（建议使用这个docker包，因为yum install docker安出来的可能有版本问题）

拷贝到自己的节点，然后执行安装，安装顺序如下：

rpm -ivh docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm

rpm -ivh docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm

（如果安装报错缺少包的话，百度一下把缺少的包安上就行）

启动docker：systemctl start docker

②安装并启动ansible

在10.10.11.2的/etc目录下有ansible.tar，拷贝到安装节点的/etc下解压：tar -xvf xxx.tar

启动ansible：进入 /etc/ansible/tools，执行：./easzup -S

进入kubeasz容器：docker exec -it kubeasz bash

然后到/etc/ansible目录下：先配置hosts

配置完成后依次执行以下.yml的安装，例如：ansible-playbook 01.prepare.yml

01.prepare.yml         04.kube-master.yml    

02.etcd.yml            05.kube-node.yml       

                               06.network.yml         

03.docker.yml          07.cluster-addon.yml   

4.安装后检查

kubectl get node查看所有node和master节点是否都是ready状态

如果有节点是not ready，到节点上看是否是kubelet服务有问题，如果有问题，查看free -g看swap是否都为0，如果不是执行swapoff -a

5.安装后推镜像

一般选取k8s的master节点推镜像就行

(1)解压集群安装包后，进入gcdw/image目录下，有8个镜像

①docker load -i <镜像.tar>

例：docker load -i server-9.9.0.7.4-202112161240.tar

20c8fba63ae3: Loading layer [==================================================>]  241.1MB/241.1MB

5c0b176700ce: Loading layer [==================================================>]  289.1M192.168.8.84/gcdw/gcdw-server:9.8.0B/289.1MB

Loaded image: 192.168.8.84/gcdw/gcdw-server:9.9.0.7.4

②docker tag  192.168.8.84/gcdw/gcdw-server:9.9.0.7.4  harbor.gbase.cn/gcdw/gcdw-server:9.9.0.7.4

③docker push harbor.gbase.cn/gcdw/gcdw-server:9.9.0.7.4

(2)推镜像可能遇到的报错

①报错一

docker push harbor.gbase.cn/gcdw/gcdw-operator:9.8.0.4.1

The push refers to a repository [harbor.gbase.cn/gcdw/gcdw-operator]

Get https://harbor.gbase.cn/v1/_ping: dial tcp: lookup harbor.gbase.cn on [2001:db8a:8620:9530::2]:53: dial udp [2001:db8a:8620:9530::2]:53: connect: network is unreachable

解决方法：echo '10.10.1.1    harbor.gbase.cn' >> /etc/hosts

②报错二

docker push harbor.gbase.cn/gcdw/gcdw-operator:9.8.0.4.1

The push refers to a repository [harbor.gbase.cn/gcdw/gcdw-operator]

Get https://harbor.gbase.cn/v1/_ping: dial tcp 10.10.1.1:443: getsockopt: connection refused

解决方法：

cat > /etc/docker/daemon.json << EOF

{

  "registry-mirrors": ["http://harbor.gbase.cn"],

  "insecure-registries": ["harbor.gbase.cn"]

}

EOF

修改后重新加载daemon，并重启docker: systemctl daemon-reload;systemctl restart docker

③报错三

docker push harbor.gbase.cn/gcdw/gcdw-operator:9.8.0.3.7

The push refers to a repository [harbor.gbase.cn/gcdw/gcdw-operator]

9cec9d938f49: Preparing

4bcb77274d4a: Preparing

071d8bd76517: Preparing

denied: requested access to the resource is denied

解决方法：需要docker login harbor.gbase.cn 用户名密码为admin/Harbor12345