Kubernetes学习笔记 – 在线安装 kubenetes https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/ Recent content in 在线安装 kubenetes on Kubernetes学习笔记 Hugo -- gohugo.io zh-cn Thu, 13 Nov 2025 00:00:00 +0000 Docs: 准备工作 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/preparation/ Thu, 13 Nov 2025 00:00:00 +0000 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/preparation/ <h2 id="系统更新">系统更新</h2> <p>确保更新debian系统到最新,移除不再需要的软件,清理无用的安装包:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt update <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> sudo apt full-upgrade -y </span></span><span style="display:flex;"><span>sudo apt autoremove </span></span><span style="display:flex;"><span>sudo apt autoclean </span></span></code></pre></div><p>如果更新了内核,最好重启一下。</p> <h2 id="swap-分区">swap 分区</h2> <p>安装 Kubernetes 要求机器不能有 swap 分区。</p> <p>参考:</p> <p><a href="https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#swap-configuration">https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#swap-configuration</a></p> <h2 id="开启模块">开启模块</h2> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>cat <span style="color:#4e9a06">&lt;&lt;EOF | sudo tee /etc/modules-load.d/k8s.conf </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">overlay </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">br_netfilter </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">EOF</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>sudo modprobe overlay </span></span><span style="display:flex;"><span>sudo modprobe br_netfilter </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># sysctl params required by setup, params persist across reboots</span> </span></span><span style="display:flex;"><span>cat <span style="color:#4e9a06">&lt;&lt;EOF | sudo tee /etc/sysctl.d/k8s.conf </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">net.bridge.bridge-nf-call-iptables = 1 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">net.bridge.bridge-nf-call-ip6tables = 1 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">net.ipv4.ip_forward = 1 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">EOF</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Apply sysctl params without reboot</span> </span></span><span style="display:flex;"><span>sudo sysctl --system </span></span></code></pre></div><h2 id="container-runtime">container runtime</h2> <p>Kubernetes 支持多种 container runtime,这里暂时继续使用 docker engine + cri-dockerd。</p> <p>参考:</p> <p><a href="https://kubernetes.io/docs/setup/production-environment/container-runtimes/">https://kubernetes.io/docs/setup/production-environment/container-runtimes/</a></p> <h3 id="安装-docker">安装 docker</h3> <p>docker 的安装参考:</p> <p><a href="https://skyao.net/learning-docker/docs/installation/debian13/">https://skyao.net/learning-docker/docs/installation/debian13/</a></p> <p>最方便的方式就是使用离线安装包进行安装。</p> <h3 id="安装-containerd">安装 containerd</h3> <p>TODO:后面考虑换 containerd</p> <h2 id="安装-helm">安装 helm</h2> <p>参考:</p> <p><a href="https://helm.sh/docs/intro/install/#from-apt-debianubuntu">https://helm.sh/docs/intro/install/#from-apt-debianubuntu</a></p> <p>选择用官方脚本安装 Helm(以便绕过无法访问的 apt 仓库):</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 <span style="color:#000;font-weight:bold">|</span> bash </span></span></code></pre></div><p>输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> % Total % Received % Xferd Average Speed Time Time Time Current </span></span><span style="display:flex;"><span> Dload Upload Total Spent Left Speed </span></span><span style="display:flex;"><span><span style="color:#0000cf;font-weight:bold">100</span> <span style="color:#0000cf;font-weight:bold">11929</span> <span style="color:#0000cf;font-weight:bold">100</span> <span style="color:#0000cf;font-weight:bold">11929</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#0000cf;font-weight:bold">48738</span> <span style="color:#0000cf;font-weight:bold">0</span> --:--:-- --:--:-- --:--:-- <span style="color:#0000cf;font-weight:bold">48889</span> </span></span><span style="display:flex;"><span>Downloading https://get.helm.sh/helm-v3.20.2-linux-amd64.tar.gz </span></span><span style="display:flex;"><span>Verifying checksum... Done. </span></span><span style="display:flex;"><span>Preparing to install helm into /usr/local/bin </span></span><span style="display:flex;"><span>helm installed into /usr/local/bin/helm </span></span></code></pre></div><p>验证版本:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>helm version </span></span></code></pre></div><p>版本显示为 v3.20.2:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>version.BuildInfo<span style="color:#ce5c00;font-weight:bold">{</span>Version:<span style="color:#4e9a06">&#34;v3.20.2&#34;</span>, GitCommit:<span style="color:#4e9a06">&#34;8fb76d6ab555577e98e23b7500009537a471feee&#34;</span>, GitTreeState:<span style="color:#4e9a06">&#34;clean&#34;</span>, GoVersion:<span style="color:#4e9a06">&#34;go1.25.9&#34;</span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span></code></pre></div> Docs: 安装命令行 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/installation/ Mon, 24 Nov 2025 00:00:00 +0000 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/installation/ <p>参考: <a href="https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/">https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/</a></p> <h2 id="安装-kubeadm--kubelet--kubectl">安装 kubeadm / kubelet / kubectl</h2> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt-get update </span></span><span style="display:flex;"><span>sudo apt-get install -y apt-transport-https ca-certificates curl gpg </span></span></code></pre></div><p>假定要安装的 kubernetes 版本为 1.35:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#204a87">export</span> <span style="color:#000">K8S_VERSION</span><span style="color:#ce5c00;font-weight:bold">=</span>1.35 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># sudo mkdir -p -m 755 /etc/apt/keyrings</span> </span></span><span style="display:flex;"><span>curl -fsSL https://pkgs.k8s.io/core:/stable:/v<span style="color:#4e9a06">${</span><span style="color:#000">K8S_VERSION</span><span style="color:#4e9a06">}</span>/deb/Release.key <span style="color:#000;font-weight:bold">|</span> sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v</span><span style="color:#4e9a06">${</span><span style="color:#000">K8S_VERSION</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">/deb/ /&#34;</span> <span style="color:#000;font-weight:bold">|</span> sudo tee /etc/apt/sources.list.d/kubernetes.list </span></span></code></pre></div><p>开始安装 kubelet kubeadm kubectl:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt-get update </span></span><span style="display:flex;"><span>sudo apt-get install -y kubelet kubeadm kubectl </span></span></code></pre></div><p>禁止这三个程序的自动更新:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt-mark hold kubelet kubeadm kubectl </span></span></code></pre></div><p>验证安装:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl version --client <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> <span style="color:#204a87">echo</span> <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> kubeadm version </span></span></code></pre></div><p>输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>Client Version: v1.35.4 </span></span><span style="display:flex;"><span>Kustomize Version: v5.7.1 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>kubeadm version: <span style="color:#000;font-weight:bold">&amp;</span>version.Info<span style="color:#ce5c00;font-weight:bold">{</span>Major:<span style="color:#4e9a06">&#34;1&#34;</span>, Minor:<span style="color:#4e9a06">&#34;35&#34;</span>, EmulationMajor:<span style="color:#4e9a06">&#34;&#34;</span>, EmulationMinor:<span style="color:#4e9a06">&#34;&#34;</span>, MinCompatibilityMajor:<span style="color:#4e9a06">&#34;&#34;</span>, MinCompatibilityMinor:<span style="color:#4e9a06">&#34;&#34;</span>, GitVersion:<span style="color:#4e9a06">&#34;v1.35.4&#34;</span>, GitCommit:<span style="color:#4e9a06">&#34;7b8c6cf0edd376b3d7c2f255142977c7f93db258&#34;</span>, GitTreeState:<span style="color:#4e9a06">&#34;clean&#34;</span>, BuildDate:<span style="color:#4e9a06">&#34;2026-04-15T18:03:27Z&#34;</span>, GoVersion:<span style="color:#4e9a06">&#34;go1.25.9&#34;</span>, Compiler:<span style="color:#4e9a06">&#34;gc&#34;</span>, Platform:<span style="color:#4e9a06">&#34;linux/amd64&#34;</span><span style="color:#ce5c00;font-weight:bold">}</span> </span></span></code></pre></div><p>在运行 kubeadm 之前,先启动 kubelet 服务:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo systemctl <span style="color:#204a87">enable</span> --now kubelet </span></span></code></pre></div><h2 id="安装后配置">安装后配置</h2> <h3 id="优化-zsh">优化 zsh</h3> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>vi ~/.zshrc </span></span></code></pre></div><p>增加以下内容:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># k8s auto complete</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">alias</span> <span style="color:#000">k</span><span style="color:#ce5c00;font-weight:bold">=</span>kubectl </span></span><span style="display:flex;"><span><span style="color:#204a87">complete</span> -F __start_kubectl k </span></span></code></pre></div><p>执行:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#204a87">source</span> ~/.zshrc </span></span></code></pre></div><p>之后即可使用,此时用 k 这个别名来执行 kubectl 命令时也可以实现自动完成,非常的方便。</p> <h3 id="取消更新">取消更新</h3> <p>kubeadm / kubelet / kubectl 的版本没有必要升级到最新,因此可以取消他们的自动更新。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo vi /etc/apt/sources.list.d/kubernetes.list </span></span></code></pre></div><p>注释掉里面的内容。</p> <blockquote> <p>备注:前面执行 apt-mark hold 后已经不会再更新了,但依然会拖慢 apt update 的速度,因此还是需要手动注释。</p> </blockquote> <h2 id="常见问题">常见问题</h2> <h3 id="prod-cdnpackagesk8sio-无法访问">prod-cdn.packages.k8s.io 无法访问</h3> <p>偶然会遇到 prod-cdn.packages.k8s.io 无法访问的问题,此时的报错如下:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt-get update </span></span><span style="display:flex;"><span>Hit:1 http://mirrors.ustc.edu.cn/debian bookworm InRelease </span></span><span style="display:flex;"><span>Hit:2 http://mirrors.ustc.edu.cn/debian bookworm-updates InRelease </span></span><span style="display:flex;"><span>Hit:3 http://security.debian.org/debian-security bookworm-security InRelease </span></span><span style="display:flex;"><span>Ign:4 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.32/deb InRelease </span></span><span style="display:flex;"><span>Ign:4 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.32/deb InRelease </span></span><span style="display:flex;"><span>Ign:4 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.32/deb InRelease </span></span><span style="display:flex;"><span>Err:4 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.32/deb InRelease </span></span><span style="display:flex;"><span> Could not connect to prod-cdn.packages.k8s.io:443 <span style="color:#ce5c00;font-weight:bold">(</span>221.228.32.13<span style="color:#ce5c00;font-weight:bold">)</span>, connection timed out </span></span><span style="display:flex;"><span>Reading package lists... Done </span></span><span style="display:flex;"><span>W: Failed to fetch https://pkgs.k8s.io/core:/stable:/v1.32/deb/InRelease Could not connect to prod-cdn.packages.k8s.io:443 <span style="color:#ce5c00;font-weight:bold">(</span>221.228.32.13<span style="color:#ce5c00;font-weight:bold">)</span>, connection timed out </span></span><span style="display:flex;"><span>W: Some index files failed to download. They have been ignored, or old ones used instead. </span></span></code></pre></div><p>首先排除是网络问题,因为实际配好网络代理,也依然无法访问。</p> <p>后来发现,在不同地区的机器上 ping prod-cdn.packages.k8s.io 的 ip 地址是不一样的,</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ ping prod-cdn.packages.k8s.io </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Pinging dkhzw6k7x6ord.cloudfront.net <span style="color:#ce5c00;font-weight:bold">[</span>108.139.10.84<span style="color:#ce5c00;font-weight:bold">]</span> with <span style="color:#0000cf;font-weight:bold">32</span> bytes of data: </span></span><span style="display:flex;"><span>Reply from 108.139.10.84: <span style="color:#000">bytes</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">32</span> <span style="color:#000">time</span><span style="color:#ce5c00;font-weight:bold">=</span>164ms <span style="color:#000">TTL</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">242</span> </span></span><span style="display:flex;"><span>Reply from 108.139.10.84: <span style="color:#000">bytes</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">32</span> <span style="color:#000">time</span><span style="color:#ce5c00;font-weight:bold">=</span>166ms <span style="color:#000">TTL</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">242</span> </span></span><span style="display:flex;"><span>...... </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># 这个地址无法访问</span> </span></span><span style="display:flex;"><span>$ ping prod-cdn.packages.k8s.io </span></span><span style="display:flex;"><span>PING dkhzw6k7x6ord.cloudfront.net <span style="color:#ce5c00;font-weight:bold">(</span>221.228.32.13<span style="color:#ce5c00;font-weight:bold">)</span> 56<span style="color:#ce5c00;font-weight:bold">(</span>84<span style="color:#ce5c00;font-weight:bold">)</span> bytes of data. </span></span><span style="display:flex;"><span><span style="color:#0000cf;font-weight:bold">64</span> bytes from 221.228.32.13 <span style="color:#ce5c00;font-weight:bold">(</span>221.228.32.13<span style="color:#ce5c00;font-weight:bold">)</span>: <span style="color:#000">icmp_seq</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#000">ttl</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">57</span> <span style="color:#000">time</span><span style="color:#ce5c00;font-weight:bold">=</span>9.90 ms </span></span><span style="display:flex;"><span><span style="color:#0000cf;font-weight:bold">64</span> bytes from 221.228.32.13 <span style="color:#ce5c00;font-weight:bold">(</span>221.228.32.13<span style="color:#ce5c00;font-weight:bold">)</span>: <span style="color:#000">icmp_seq</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">2</span> <span style="color:#000">ttl</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">57</span> <span style="color:#000">time</span><span style="color:#ce5c00;font-weight:bold">=</span>11.4 ms </span></span><span style="display:flex;"><span>...... </span></span></code></pre></div><p>因此考虑通过修改 /etc/hosts 文件来避开 dns 解析的问题:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo vi /etc/hosts </span></span></code></pre></div><p>添加如下内容:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>108.139.10.84 prod-cdn.packages.k8s.io </span></span></code></pre></div><p>这样在出现问题的这台机器上,强制将 prod-cdn.packages.k8s.io 解析到 108.139.10.84 这个 ip 地址,这样就可以访问了。</p> Docs: 初始化集群 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/init/ Mon, 24 Nov 2025 00:00:00 +0000 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/init/ <p>参考官方文档:</p> <p><a href="https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/">https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/</a></p> <h2 id="需要注意的问题">需要注意的问题</h2> <h3 id="coredns-的版本问题">coredns 的版本问题</h3> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>sudo<span style="color:#ce5c00;font-weight:bold">]</span> password <span style="color:#204a87;font-weight:bold">for</span> sky: </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>init<span style="color:#ce5c00;font-weight:bold">]</span> Using Kubernetes version: v1.34.2 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> Running pre-flight checks </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> Pulling images required <span style="color:#204a87;font-weight:bold">for</span> setting up a Kubernetes cluster </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> This might take a minute or two, depending on the speed of your internet connection </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> You can also perform this action beforehand using <span style="color:#4e9a06">&#39;kubeadm config images pull&#39;</span> </span></span><span style="display:flex;"><span>W1127 11:14:12.643662 <span style="color:#0000cf;font-weight:bold">17241</span> checks.go:827<span style="color:#ce5c00;font-weight:bold">]</span> detected that the sandbox image <span style="color:#4e9a06">&#34;registry.k8s.io/pause:3.10&#34;</span> of the container runtime is inconsistent with that used by kubeadm. It is recommended to use <span style="color:#4e9a06">&#34;192.168.3.193:5000/k8s-proxy/pause:3.10.1&#34;</span> as the CRI sandbox image. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> Some fatal errors occurred: </span></span><span style="display:flex;"><span> <span style="color:#ce5c00;font-weight:bold">[</span>ERROR ImagePull<span style="color:#ce5c00;font-weight:bold">]</span>: failed to pull image 192.168.3.193:5000/k8s-proxy/coredns:v1.12.1: failed to pull image 192.168.3.193:5000/k8s-proxy/coredns:v1.12.1: Error response from daemon: failed to resolve reference <span style="color:#4e9a06">&#34;192.168.3.193:5000/k8s-proxy/coredns:v1.12.1&#34;</span>: 192.168.3.193:5000/k8s-proxy/coredns:v1.12.1: not found </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> If you know what you are doing, you can make a check non-fatal with <span style="color:#4e9a06">`</span>--ignore-preflight-errors<span style="color:#ce5c00;font-weight:bold">=</span>...<span style="color:#4e9a06">`</span> </span></span><span style="display:flex;"><span>error: error execution phase preflight: preflight checks failed </span></span><span style="display:flex;"><span>To see the stack trace of this error execute with --v<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">5</span> or higher </span></span></code></pre></div><p>这里 coredns 报错, 我们用 <code>kubeadm config images pull</code> 可以看到需要用到的镜像:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ kubeadm config images pull </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled registry.k8s.io/kube-apiserver:v1.35.4 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled registry.k8s.io/kube-controller-manager:v1.35.4 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled registry.k8s.io/kube-scheduler:v1.35.4 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled registry.k8s.io/kube-proxy:v1.35.4 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled registry.k8s.io/coredns/coredns:v1.13.1 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled registry.k8s.io/pause:3.10.1 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled registry.k8s.io/etcd:3.6.6-0 </span></span></code></pre></div><p>Kubernetes 大多数核心组件镜像(kube-apiserver、kube-scheduler、etcd、pause 等)都是单层路径,而 CoreDNS 特别用了两层路径 coredns/coredns。这会导致在使用代理仓库时出错:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ kubeadm config images pull --image-repository<span style="color:#ce5c00;font-weight:bold">=</span>192.168.3.193:5000/k8s-proxy </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled 192.168.3.193:5000/k8s-proxy/kube-apiserver:v1.34.2 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled 192.168.3.193:5000/k8s-proxy/kube-controller-manager:v1.34.2 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled 192.168.3.193:5000/k8s-proxy/kube-scheduler:v1.34.2 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>config/images<span style="color:#ce5c00;font-weight:bold">]</span> Pulled 192.168.3.193:5000/k8s-proxy/kube-proxy:v1.34.2 </span></span><span style="display:flex;"><span>error: failed to pull image <span style="color:#4e9a06">&#34;192.168.3.193:5000/k8s-proxy/coredns:v1.12.1&#34;</span>: failed to pull image 192.168.3.193:5000/k8s-proxy/coredns:v1.12.1: Error response from daemon: failed to resolve reference <span style="color:#4e9a06">&#34;192.168.3.193:5000/k8s-proxy/coredns:v1.12.1&#34;</span>: 192.168.3.193:5000/k8s-proxy/coredns:v1.12.1: not found </span></span><span style="display:flex;"><span>To see the stack trace of this error execute with --v<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">5</span> or higher </span></span></code></pre></div><p>要修订这个问题,就需要告知 kubeadm coredns 的代理仓库</p> <h2 id="初始化集群">初始化集群</h2> <h3 id="准备-kubeadmyaml">准备 kubeadm.yaml</h3> <p>pod-network-cidr 尽量用 10.244.0.0/16 这个范围,不然有些网络插件会需要额外的配置。</p> <p>cri-socket 的配置参考:</p> <p><a href="https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-runtime">https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-runtime</a></p> <p>因为前面用的 Docker Engine 和 cri-dockerd ,因此这里的 cri-socket 需要指定为 &ldquo;unix:///var/run/cri-dockerd.sock&rdquo;。</p> <p>apiserver-advertise-address 需要指定为当前节点的 IP 地址,因为当前节点是单节点,因此这里指定为当前机器的 IP 地址如 192.168.3.100。</p> <p>新建一个 kubeadm.yaml 文件:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>mkdir -p ~/work/soft/k8s/ </span></span><span style="display:flex;"><span><span style="color:#204a87">cd</span> ~/work/soft/k8s/ </span></span><span style="display:flex;"><span>vi kubeadm.yaml </span></span></code></pre></div><p>内容为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>apiVersion: kubeadm.k8s.io/v1beta4 </span></span><span style="display:flex;"><span>kind: InitConfiguration </span></span><span style="display:flex;"><span>nodeRegistration: </span></span><span style="display:flex;"><span> criSocket: unix:///var/run/cri-dockerd.sock </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>--- </span></span><span style="display:flex;"><span>apiVersion: kubeadm.k8s.io/v1beta4 </span></span><span style="display:flex;"><span>kind: ClusterConfiguration </span></span><span style="display:flex;"><span>kubernetesVersion: v1.35.4 </span></span><span style="display:flex;"><span>imageRepository: 192.168.3.193:5000/k8s-proxy </span></span><span style="display:flex;"><span>networking: </span></span><span style="display:flex;"><span> podSubnet: 10.244.0.0/16 </span></span><span style="display:flex;"><span>dns: </span></span><span style="display:flex;"><span> imageRepository: 192.168.3.193:5000/k8s-proxy/coredns </span></span><span style="display:flex;"><span> imageTag: v1.13.1 </span></span><span style="display:flex;"><span>etcd: </span></span><span style="display:flex;"><span> local: </span></span><span style="display:flex;"><span> imageRepository: 192.168.3.193:5000/k8s-proxy </span></span><span style="display:flex;"><span> imageTag: 3.6.6-0 </span></span></code></pre></div><h3 id="执行-init">执行 init</h3> <p>执行:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo kubeadm init --config<span style="color:#ce5c00;font-weight:bold">=</span>kubeadm.yaml </span></span></code></pre></div><p>输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>init<span style="color:#ce5c00;font-weight:bold">]</span> Using Kubernetes version: v1.35.4 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> Running pre-flight checks </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> Pulling images required <span style="color:#204a87;font-weight:bold">for</span> setting up a Kubernetes cluster </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> This might take a minute or two, depending on the speed of your internet connection </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>preflight<span style="color:#ce5c00;font-weight:bold">]</span> You can also perform this action beforehand using <span style="color:#4e9a06">&#39;kubeadm config images pull&#39;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Using certificateDir folder <span style="color:#4e9a06">&#34;/etc/kubernetes/pki&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;ca&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;apiserver&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> apiserver serving cert is signed <span style="color:#204a87;font-weight:bold">for</span> DNS names <span style="color:#ce5c00;font-weight:bold">[</span>debian13 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local<span style="color:#ce5c00;font-weight:bold">]</span> and IPs <span style="color:#ce5c00;font-weight:bold">[</span>10.96.0.1 192.168.3.232<span style="color:#ce5c00;font-weight:bold">]</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;apiserver-kubelet-client&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;front-proxy-ca&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;front-proxy-client&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;etcd/ca&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;etcd/server&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> etcd/server serving cert is signed <span style="color:#204a87;font-weight:bold">for</span> DNS names <span style="color:#ce5c00;font-weight:bold">[</span>debian13 localhost<span style="color:#ce5c00;font-weight:bold">]</span> and IPs <span style="color:#ce5c00;font-weight:bold">[</span>192.168.3.232 127.0.0.1 ::1<span style="color:#ce5c00;font-weight:bold">]</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;etcd/peer&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> etcd/peer serving cert is signed <span style="color:#204a87;font-weight:bold">for</span> DNS names <span style="color:#ce5c00;font-weight:bold">[</span>debian13 localhost<span style="color:#ce5c00;font-weight:bold">]</span> and IPs <span style="color:#ce5c00;font-weight:bold">[</span>192.168.3.232 127.0.0.1 ::1<span style="color:#ce5c00;font-weight:bold">]</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;etcd/healthcheck-client&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;apiserver-etcd-client&#34;</span> certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>certs<span style="color:#ce5c00;font-weight:bold">]</span> Generating <span style="color:#4e9a06">&#34;sa&#34;</span> key and public key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubeconfig<span style="color:#ce5c00;font-weight:bold">]</span> Using kubeconfig folder <span style="color:#4e9a06">&#34;/etc/kubernetes&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubeconfig<span style="color:#ce5c00;font-weight:bold">]</span> Writing <span style="color:#4e9a06">&#34;admin.conf&#34;</span> kubeconfig file </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubeconfig<span style="color:#ce5c00;font-weight:bold">]</span> Writing <span style="color:#4e9a06">&#34;super-admin.conf&#34;</span> kubeconfig file </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubeconfig<span style="color:#ce5c00;font-weight:bold">]</span> Writing <span style="color:#4e9a06">&#34;kubelet.conf&#34;</span> kubeconfig file </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubeconfig<span style="color:#ce5c00;font-weight:bold">]</span> Writing <span style="color:#4e9a06">&#34;controller-manager.conf&#34;</span> kubeconfig file </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubeconfig<span style="color:#ce5c00;font-weight:bold">]</span> Writing <span style="color:#4e9a06">&#34;scheduler.conf&#34;</span> kubeconfig file </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>etcd<span style="color:#ce5c00;font-weight:bold">]</span> Creating static Pod manifest <span style="color:#204a87;font-weight:bold">for</span> <span style="color:#204a87">local</span> etcd in <span style="color:#4e9a06">&#34;/etc/kubernetes/manifests&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane<span style="color:#ce5c00;font-weight:bold">]</span> Using manifest folder <span style="color:#4e9a06">&#34;/etc/kubernetes/manifests&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane<span style="color:#ce5c00;font-weight:bold">]</span> Creating static Pod manifest <span style="color:#204a87;font-weight:bold">for</span> <span style="color:#4e9a06">&#34;kube-apiserver&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane<span style="color:#ce5c00;font-weight:bold">]</span> Creating static Pod manifest <span style="color:#204a87;font-weight:bold">for</span> <span style="color:#4e9a06">&#34;kube-controller-manager&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane<span style="color:#ce5c00;font-weight:bold">]</span> Creating static Pod manifest <span style="color:#204a87;font-weight:bold">for</span> <span style="color:#4e9a06">&#34;kube-scheduler&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubelet-start<span style="color:#ce5c00;font-weight:bold">]</span> Writing kubelet environment file with flags to file <span style="color:#4e9a06">&#34;/var/lib/kubelet/kubeadm-flags.env&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubelet-start<span style="color:#ce5c00;font-weight:bold">]</span> Writing kubelet configuration to file <span style="color:#4e9a06">&#34;/var/lib/kubelet/instance-config.yaml&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>patches<span style="color:#ce5c00;font-weight:bold">]</span> Applied patch of <span style="color:#204a87">type</span> <span style="color:#4e9a06">&#34;application/strategic-merge-patch+json&#34;</span> to target <span style="color:#4e9a06">&#34;kubeletconfiguration&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubelet-start<span style="color:#ce5c00;font-weight:bold">]</span> Writing kubelet configuration to file <span style="color:#4e9a06">&#34;/var/lib/kubelet/config.yaml&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubelet-start<span style="color:#ce5c00;font-weight:bold">]</span> Starting the kubelet </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>wait-control-plane<span style="color:#ce5c00;font-weight:bold">]</span> Waiting <span style="color:#204a87;font-weight:bold">for</span> the kubelet to boot up the control plane as static Pods from directory <span style="color:#4e9a06">&#34;/etc/kubernetes/manifests&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubelet-check<span style="color:#ce5c00;font-weight:bold">]</span> Waiting <span style="color:#204a87;font-weight:bold">for</span> a healthy kubelet at http://127.0.0.1:10248/healthz. This can take up to 4m0s </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubelet-check<span style="color:#ce5c00;font-weight:bold">]</span> The kubelet is healthy after 500.416007ms </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane-check<span style="color:#ce5c00;font-weight:bold">]</span> Waiting <span style="color:#204a87;font-weight:bold">for</span> healthy control plane components. This can take up to 4m0s </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane-check<span style="color:#ce5c00;font-weight:bold">]</span> Checking kube-apiserver at https://192.168.3.232:6443/livez </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane-check<span style="color:#ce5c00;font-weight:bold">]</span> Checking kube-controller-manager at https://127.0.0.1:10257/healthz </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane-check<span style="color:#ce5c00;font-weight:bold">]</span> Checking kube-scheduler at https://127.0.0.1:10259/livez </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane-check<span style="color:#ce5c00;font-weight:bold">]</span> kube-controller-manager is healthy after 1.001317452s </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane-check<span style="color:#ce5c00;font-weight:bold">]</span> kube-scheduler is healthy after 1.502089525s </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>control-plane-check<span style="color:#ce5c00;font-weight:bold">]</span> kube-apiserver is healthy after 3.000477876s </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>upload-config<span style="color:#ce5c00;font-weight:bold">]</span> Storing the configuration used in ConfigMap <span style="color:#4e9a06">&#34;kubeadm-config&#34;</span> in the <span style="color:#4e9a06">&#34;kube-system&#34;</span> Namespace </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubelet<span style="color:#ce5c00;font-weight:bold">]</span> Creating a ConfigMap <span style="color:#4e9a06">&#34;kubelet-config&#34;</span> in namespace kube-system with the configuration <span style="color:#204a87;font-weight:bold">for</span> the kubelets in the cluster </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>upload-certs<span style="color:#ce5c00;font-weight:bold">]</span> Skipping phase. Please see --upload-certs </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>mark-control-plane<span style="color:#ce5c00;font-weight:bold">]</span> Marking the node debian13 as control-plane by adding the labels: <span style="color:#ce5c00;font-weight:bold">[</span>node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers<span style="color:#ce5c00;font-weight:bold">]</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>mark-control-plane<span style="color:#ce5c00;font-weight:bold">]</span> Marking the node debian13 as control-plane by adding the taints <span style="color:#ce5c00;font-weight:bold">[</span>node-role.kubernetes.io/control-plane:NoSchedule<span style="color:#ce5c00;font-weight:bold">]</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>bootstrap-token<span style="color:#ce5c00;font-weight:bold">]</span> Using token: ki33kg.5vpalsrlaa9bjvn2 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>bootstrap-token<span style="color:#ce5c00;font-weight:bold">]</span> Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>bootstrap-token<span style="color:#ce5c00;font-weight:bold">]</span> Configured RBAC rules to allow Node Bootstrap tokens to get nodes </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>bootstrap-token<span style="color:#ce5c00;font-weight:bold">]</span> Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order <span style="color:#204a87;font-weight:bold">for</span> nodes to get long term certificate credentials </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>bootstrap-token<span style="color:#ce5c00;font-weight:bold">]</span> Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>bootstrap-token<span style="color:#ce5c00;font-weight:bold">]</span> Configured RBAC rules to allow certificate rotation <span style="color:#204a87;font-weight:bold">for</span> all node client certificates in the cluster </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>bootstrap-token<span style="color:#ce5c00;font-weight:bold">]</span> Creating the <span style="color:#4e9a06">&#34;cluster-info&#34;</span> ConfigMap in the <span style="color:#4e9a06">&#34;kube-public&#34;</span> namespace </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>kubelet-finalize<span style="color:#ce5c00;font-weight:bold">]</span> Updating <span style="color:#4e9a06">&#34;/etc/kubernetes/kubelet.conf&#34;</span> to point to a rotatable kubelet client certificate and key </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>addons<span style="color:#ce5c00;font-weight:bold">]</span> Applied essential addon: CoreDNS </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>addons<span style="color:#ce5c00;font-weight:bold">]</span> Applied essential addon: kube-proxy </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Your Kubernetes control-plane has initialized successfully! </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>To start using your cluster, you need to run the following as a regular user: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> mkdir -p <span style="color:#000">$HOME</span>/.kube </span></span><span style="display:flex;"><span> sudo cp -i /etc/kubernetes/admin.conf <span style="color:#000">$HOME</span>/.kube/config </span></span><span style="display:flex;"><span> sudo chown <span style="color:#204a87;font-weight:bold">$(</span>id -u<span style="color:#204a87;font-weight:bold">)</span>:<span style="color:#204a87;font-weight:bold">$(</span>id -g<span style="color:#204a87;font-weight:bold">)</span> <span style="color:#000">$HOME</span>/.kube/config </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Alternatively, <span style="color:#204a87;font-weight:bold">if</span> you are the root user, you can run: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#204a87">export</span> <span style="color:#000">KUBECONFIG</span><span style="color:#ce5c00;font-weight:bold">=</span>/etc/kubernetes/admin.conf </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>You should now deploy a pod network to the cluster. </span></span><span style="display:flex;"><span>Run <span style="color:#4e9a06">&#34;kubectl apply -f [podnetwork].yaml&#34;</span> with one of the options listed at: </span></span><span style="display:flex;"><span> https://kubernetes.io/docs/concepts/cluster-administration/addons/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Then you can join any number of worker nodes by running the following on each as root: </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>kubeadm join 192.168.3.232:6443 --token ki33kg.5vpalsrlaa9bjvn2 <span style="color:#4e9a06">\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> --discovery-token-ca-cert-hash sha256:dba4e956a1e678da2319e29ce1b880bc4b21771cd5635dfa3117b7c2f409af29 </span></span></code></pre></div><p>根据提示操作:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>mkdir -p <span style="color:#000">$HOME</span>/.kube </span></span><span style="display:flex;"><span>sudo cp -i /etc/kubernetes/admin.conf <span style="color:#000">$HOME</span>/.kube/config </span></span><span style="display:flex;"><span>sudo chown <span style="color:#204a87;font-weight:bold">$(</span>id -u<span style="color:#204a87;font-weight:bold">)</span>:<span style="color:#204a87;font-weight:bold">$(</span>id -g<span style="color:#204a87;font-weight:bold">)</span> <span style="color:#000">$HOME</span>/.kube/config </span></span></code></pre></div><p>对于测试用的单节点,去除 master/control-plane 的污点:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl taint nodes --all node-role.kubernetes.io/control-plane- </span></span></code></pre></div><p>执行:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl get node </span></span></code></pre></div><p>能看到此时节点的状态会是 NotReady:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>NAME STATUS ROLES AGE VERSION </span></span><span style="display:flex;"><span>debian13 NotReady control-plane 53s v1.35.4 </span></span></code></pre></div><p>执行:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl describe node debian13 </span></span></code></pre></div><p>能看到节点的错误信息:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>Conditions: </span></span><span style="display:flex;"><span> Type Status LastHeartbeatTime LastTransitionTime Reason Message </span></span><span style="display:flex;"><span> ---- ------ ----------------- ------------------ ------ ------- </span></span><span style="display:flex;"><span> MemoryPressure False Wed, <span style="color:#0000cf;font-weight:bold">22</span> Apr <span style="color:#0000cf;font-weight:bold">2026</span> 15:24:55 +0800 Wed, <span style="color:#0000cf;font-weight:bold">22</span> Apr <span style="color:#0000cf;font-weight:bold">2026</span> 15:24:53 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available </span></span><span style="display:flex;"><span> DiskPressure False Wed, <span style="color:#0000cf;font-weight:bold">22</span> Apr <span style="color:#0000cf;font-weight:bold">2026</span> 15:24:55 +0800 Wed, <span style="color:#0000cf;font-weight:bold">22</span> Apr <span style="color:#0000cf;font-weight:bold">2026</span> 15:24:53 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure </span></span><span style="display:flex;"><span> PIDPressure False Wed, <span style="color:#0000cf;font-weight:bold">22</span> Apr <span style="color:#0000cf;font-weight:bold">2026</span> 15:24:55 +0800 Wed, <span style="color:#0000cf;font-weight:bold">22</span> Apr <span style="color:#0000cf;font-weight:bold">2026</span> 15:24:53 +0800 KubeletHasSufficientPID kubelet has sufficient PID available </span></span><span style="display:flex;"><span> Ready False Wed, <span style="color:#0000cf;font-weight:bold">22</span> Apr <span style="color:#0000cf;font-weight:bold">2026</span> 15:24:55 +0800 Wed, <span style="color:#0000cf;font-weight:bold">22</span> Apr <span style="color:#0000cf;font-weight:bold">2026</span> 15:24:53 +0800 KubeletNotReady container runtime network not ready: <span style="color:#000">NetworkReady</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#204a87">false</span> reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized </span></span></code></pre></div><p>需要继续安装网络插件。</p> <h2 id="安装网络插件">安装网络插件</h2> <h3 id="安装-flannel">安装 flannel</h3> <p>参考官方文档: <a href="https://github.com/flannel-io/flannel#deploying-flannel-with-kubectl">https://github.com/flannel-io/flannel#deploying-flannel-with-kubectl</a></p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml </span></span></code></pre></div><p>如果一切正常,就能看到 k8s 集群内的 pod 都启动完成状态为 Running:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ k get pods -A </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>NAMESPACE NAME READY STATUS RESTARTS AGE </span></span><span style="display:flex;"><span>kube-flannel kube-flannel-ds-mdzgj 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 39s </span></span><span style="display:flex;"><span>kube-system coredns-7f58b9688b-9rdzj 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 2m44s </span></span><span style="display:flex;"><span>kube-system coredns-7f58b9688b-lv4jr 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 2m44s </span></span><span style="display:flex;"><span>kube-system etcd-debian13 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 2m51s </span></span><span style="display:flex;"><span>kube-system kube-apiserver-debian13 1/1 Running <span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#ce5c00;font-weight:bold">(</span>5m8s ago<span style="color:#ce5c00;font-weight:bold">)</span> 2m52s </span></span><span style="display:flex;"><span>kube-system kube-controller-manager-debian13 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 2m51s </span></span><span style="display:flex;"><span>kube-system kube-proxy-qzhkw 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 2m44s </span></span><span style="display:flex;"><span>kube-system kube-scheduler-debian13 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 2m51s </span></span></code></pre></div><p>如果发现 kube-flannel-ds pod 的状态总是 CrashLoopBackOff:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> k get pods -A </span></span><span style="display:flex;"><span>NAMESPACE NAME READY STATUS RESTARTS AGE </span></span><span style="display:flex;"><span>kube-flannel kube-flannel-ds-ts6n8 0/1 CrashLoopBackOff <span style="color:#0000cf;font-weight:bold">2</span> <span style="color:#ce5c00;font-weight:bold">(</span>22s ago<span style="color:#ce5c00;font-weight:bold">)</span> 42s </span></span></code></pre></div><p>继续查看 pod 的具体错误信息:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>k describe pods -n kube-flannel kube-flannel-ds-ts6n8 </span></span></code></pre></div><p>发现报错 &ldquo;Back-off restarting failed container kube-flannel in pod kube-flannel&rdquo;:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>Events: </span></span><span style="display:flex;"><span> Type Reason Age From Message </span></span><span style="display:flex;"><span> ---- ------ ---- ---- ------- </span></span><span style="display:flex;"><span> Normal Scheduled 117s default-scheduler Successfully assigned kube-flannel/kube-flannel-ds-ts6n8 to debian12 </span></span><span style="display:flex;"><span> Normal Pulled 116s kubelet Container image <span style="color:#4e9a06">&#34;ghcr.io/flannel-io/flannel-cni-plugin:v1.6.2-flannel1&#34;</span> already present on machine </span></span><span style="display:flex;"><span> Normal Created 116s kubelet Created container: install-cni-plugin </span></span><span style="display:flex;"><span> Normal Started 116s kubelet Started container install-cni-plugin </span></span><span style="display:flex;"><span> Normal Pulled 115s kubelet Container image <span style="color:#4e9a06">&#34;ghcr.io/flannel-io/flannel:v0.26.4&#34;</span> already present on machine </span></span><span style="display:flex;"><span> Normal Created 115s kubelet Created container: install-cni </span></span><span style="display:flex;"><span> Normal Started 115s kubelet Started container install-cni </span></span><span style="display:flex;"><span> Normal Pulled 28s <span style="color:#ce5c00;font-weight:bold">(</span>x5 over 114s<span style="color:#ce5c00;font-weight:bold">)</span> kubelet Container image <span style="color:#4e9a06">&#34;ghcr.io/flannel-io/flannel:v0.26.4&#34;</span> already present on machine </span></span><span style="display:flex;"><span> Normal Created 28s <span style="color:#ce5c00;font-weight:bold">(</span>x5 over 114s<span style="color:#ce5c00;font-weight:bold">)</span> kubelet Created container: kube-flannel </span></span><span style="display:flex;"><span> Normal Started 28s <span style="color:#ce5c00;font-weight:bold">(</span>x5 over 114s<span style="color:#ce5c00;font-weight:bold">)</span> kubelet Started container kube-flannel </span></span><span style="display:flex;"><span> Warning BackOff 2s <span style="color:#ce5c00;font-weight:bold">(</span>x10 over 110s<span style="color:#ce5c00;font-weight:bold">)</span> kubelet Back-off restarting failed container kube-flannel in pod kube-flannel-ds-ts6n8_kube-flannel<span style="color:#ce5c00;font-weight:bold">(</span>1e03c200-2062-4838 </span></span></code></pre></div><p>此时应该去检查准备工作中 &ldquo;开启模块&rdquo; 一节的内容是不是有疏漏。</p> <p>补救之后,就能看到 kube-flannel-ds 这个 pod 正常运行了:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>k get pods -A </span></span><span style="display:flex;"><span>NAMESPACE NAME READY STATUS RESTARTS AGE </span></span><span style="display:flex;"><span>kube-flannel kube-flannel-ds-ts6n8 1/1 Running <span style="color:#0000cf;font-weight:bold">7</span> <span style="color:#ce5c00;font-weight:bold">(</span>9m27s ago<span style="color:#ce5c00;font-weight:bold">)</span> 15m </span></span></code></pre></div> Docs: 安装 dashboard https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/dashboard/ Tue, 04 Mar 2025 00:00:00 +0000 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/dashboard/ <p>This project is now archived and no longer maintained due to lack of active maintainers and contributors.</p> <hr> <h2 id="安装-dashboard">安装 dashboard</h2> <p>参考:</p> <p><a href="https://github.com/kubernetes/dashboard/#installation">https://github.com/kubernetes/dashboard/#installation</a></p> <p>在下面地址上查看当前 dashboard 的版本:</p> <p><a href="https://github.com/kubernetes/dashboard/releases">https://github.com/kubernetes/dashboard/releases</a></p> <p>根据对 kubernetes 版本的兼容情况选择对应的 dashboard 的版本:</p> <ul> <li>kubernetes-dashboard-7.14.0 ,没看到兼容说明, 但应该支持最新的 k8s 1.34 吧</li> </ul> <p>最新版本需要用 helm 进行安装:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ </span></span><span style="display:flex;"><span>helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard </span></span></code></pre></div><p>输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#4e9a06">&#34;kubernetes-dashboard&#34;</span> has been added to your repositories </span></span><span style="display:flex;"><span>Release <span style="color:#4e9a06">&#34;kubernetes-dashboard&#34;</span> does not exist. Installing it now. </span></span><span style="display:flex;"><span>NAME: kubernetes-dashboard </span></span><span style="display:flex;"><span>LAST DEPLOYED: Thu Nov <span style="color:#0000cf;font-weight:bold">27</span> 14:09:11 <span style="color:#0000cf;font-weight:bold">2025</span> </span></span><span style="display:flex;"><span>NAMESPACE: kubernetes-dashboard </span></span><span style="display:flex;"><span>STATUS: deployed </span></span><span style="display:flex;"><span>REVISION: <span style="color:#0000cf;font-weight:bold">1</span> </span></span><span style="display:flex;"><span>TEST SUITE: None </span></span><span style="display:flex;"><span>NOTES: </span></span><span style="display:flex;"><span>************************************************************************************************* </span></span><span style="display:flex;"><span>*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready *** </span></span><span style="display:flex;"><span>************************************************************************************************* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Congratulations! You have just installed Kubernetes Dashboard in your cluster. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>To access Dashboard run: </span></span><span style="display:flex;"><span> kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443 </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>NOTE: In <span style="color:#204a87;font-weight:bold">case</span> port-forward <span style="color:#204a87">command</span> does not work, make sure that kong service name is correct. </span></span><span style="display:flex;"><span> Check the services in Kubernetes Dashboard namespace using: </span></span><span style="display:flex;"><span> kubectl -n kubernetes-dashboard get svc </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Dashboard will be available at: </span></span><span style="display:flex;"><span> https://localhost:8443 </span></span></code></pre></div><p>此时 dashboard 的 service 和 pod 情况:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl -n kubernetes-dashboard get services </span></span></code></pre></div><p>输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span style="color:#ce5c00;font-weight:bold">(</span>S<span style="color:#ce5c00;font-weight:bold">)</span> AGE </span></span><span style="display:flex;"><span>kubernetes-dashboard-api ClusterIP 10.102.87.32 &lt;none&gt; 8000/TCP 108s </span></span><span style="display:flex;"><span>kubernetes-dashboard-auth ClusterIP 10.108.108.108 &lt;none&gt; 8000/TCP 108s </span></span><span style="display:flex;"><span>kubernetes-dashboard-kong-proxy ClusterIP 10.111.46.43 &lt;none&gt; 443/TCP 108s </span></span><span style="display:flex;"><span>kubernetes-dashboard-metrics-scraper ClusterIP 10.98.190.255 &lt;none&gt; 8000/TCP 107s </span></span><span style="display:flex;"><span>kubernetes-dashboard-web ClusterIP 10.103.159.121 &lt;none&gt; 8000/TCP 108s </span></span></code></pre></div><p>查看 pod 的情况:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl -n kubernetes-dashboard get pods </span></span></code></pre></div><p>等待两三分钟之后,pod 启动完成,输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>NAME READY STATUS RESTARTS AGE </span></span><span style="display:flex;"><span>kubernetes-dashboard-api-7994c5cb69-bhdnj 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 16s </span></span><span style="display:flex;"><span>kubernetes-dashboard-auth-764494db59-fqt88 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 16s </span></span><span style="display:flex;"><span>kubernetes-dashboard-kong-9849c64bd-jvwv2 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 16s </span></span><span style="display:flex;"><span>kubernetes-dashboard-metrics-scraper-7685fd8b77-gcq8c 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 16s </span></span><span style="display:flex;"><span>kubernetes-dashboard-web-5c9f966b98-nbjxv 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 16s </span></span></code></pre></div><p>为了方便,使用 node port 来访问 dashboard,需要执行:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl -n kubernetes-dashboard edit service kubernetes-dashboard-kong-proxy </span></span></code></pre></div><p>然后修改 <code>type: ClusterIP</code> 为 <code>type: NodePort</code>。然后看一下具体分配的 node port 是哪个:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl -n kubernetes-dashboard get service kubernetes-dashboard-kong-proxy </span></span></code></pre></div><p>输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span style="color:#ce5c00;font-weight:bold">(</span>S<span style="color:#ce5c00;font-weight:bold">)</span> AGE </span></span><span style="display:flex;"><span>kubernetes-dashboard-kong-proxy NodePort 10.107.131.211 &lt;none&gt; 443:30652/TCP 95s </span></span></code></pre></div><p>现在可以用浏览器直接访问:</p> <p>https://192.168.3.100:30652/</p> <p><img src="images/dashboard.png" alt=""></p> <h3 id="创建用户并登录-dashboard">创建用户并登录 dashboard</h3> <p>参考:<a href="https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md">Creating sample user</a></p> <p>创建 admin-user 用户:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>mkdir -p ~/work/soft/k8s </span></span><span style="display:flex;"><span><span style="color:#204a87">cd</span> ~/work/soft/k8s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>vi dashboard-adminuser.yaml </span></span></code></pre></div><p>内容为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ServiceAccount</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">admin-user</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">kubernetes-dashboard</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><p>执行:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>k create -f dashboard-adminuser.yaml </span></span></code></pre></div><p>然后绑定角色:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>vi dashboard-adminuser-binding.yaml </span></span></code></pre></div><p>内容为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">rbac.authorization.k8s.io/v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ClusterRoleBinding</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">admin-user</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">roleRef</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">apiGroup</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">rbac.authorization.k8s.io</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ClusterRole</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">cluster-admin</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">subjects</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">ServiceAccount</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">admin-user</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">kubernetes-dashboard</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><p>执行:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>k create -f dashboard-adminuser-binding.yaml </span></span></code></pre></div><p>然后创建 token :</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl -n kubernetes-dashboard create token admin-user </span></span></code></pre></div><p>输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>eyJhbGciOiJSUzI1NiIsImtpZCI6Ik9sWnJsTk5UNE9JVlVmRFMxMUpwNC1tUlVndTl5Zi1WQWtmMjIzd2hDNmcifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzQxMTEyNDg4LCJpYXQiOjE3NDExMDg4ODgsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiNDU5ZGQxNjctNWI5OS00MWIzLTgzZWEtNGIxMGY3MTc5ZjEyIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiZjMxN2VhZTItNTNiNi00MGZhLWI3MWYtMzZiNDI1YmY4YWQ0In19LCJuYmYiOjE3NDExMDg4ODgsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.TYzOdrMFXcSEeVMbc1ewIA13JVi4FUYoRN7rSH5OstbVfKIF48X_o1RWxOGM_AurhgLxuKZHzmns3K_pX_OR3u1URfK6-gGos4iAQY-H1yntfRmzzsip_FbZh95EYFGTN43gw21jTyfem3OKBXXLgzsnVT_29uMnJzSnCDnrAciVKMoCEUP6x2RSHQhp6PrxrIrx_NMB3vojEZYq3AysQoNqYYjRDd4MnDRClm03dNvW5lvKSgNCVmZFje_EEa2EhI2X6d3X8zx6tHwT5M4-T3hMmyIpzHUwf3ixeZR85rhorMbskNVvRpH6VLH6BXP31c3NMeSgYk3BG8d7UjCYxQ </span></span></code></pre></div><p>这个 token 就可以用在 kubernetes-dashboard 的登录页面上了。</p> <p>为了方便,将这个 token 存储在 Secret :</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>vi dashboard-adminuser-secret.yaml </span></span></code></pre></div><p>内容为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kind</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">Secret</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">admin-user</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">namespace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">kubernetes-dashboard</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">annotations</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubernetes.io/service-account.name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#4e9a06">&#34;admin-user&#34;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">kubernetes.io/service-account-token</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><p>执行:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>k create -f dashboard-adminuser-secret.yaml </span></span></code></pre></div><p>之后就可以用命令随时获取这个 token 了:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl get secret admin-user -n kubernetes-dashboard -o <span style="color:#000">jsonpath</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#4e9a06">&#34;{.data.token}&#34;</span> <span style="color:#000;font-weight:bold">|</span> base64 -d </span></span></code></pre></div><p>备注:复制 token 的时候,不要复制最后的那个 % 字符,否则会报错。</p> <p><img src="images/token.png" alt=""></p> Docs: 安装 metrics server https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/metrics-server/ Tue, 04 Mar 2025 00:00:00 +0000 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/metrics-server/ <p>参考:https://github.com/kubernetes-sigs/metrics-server/#installation</p> <h2 id="安装-metrics-server">安装 metrics server</h2> <p>下载:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>mkdir -p ~/work/soft/k8s </span></span><span style="display:flex;"><span><span style="color:#204a87">cd</span> ~/work/soft/k8s </span></span><span style="display:flex;"><span>wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml </span></span></code></pre></div><p>修改下载下来的 components.yaml, 增加 <code>--kubelet-insecure-tls</code> 并修改 <code>--kubelet-preferred-address-types</code>:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">template</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">metadata</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">labels</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">k8s-app</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">metrics-server</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">containers</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">args</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">cert-dir=/tmp</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">secure-port=4443</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">kubelet-preferred-address-types=InternalIP </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 修改这行,默认是InternalIP,ExternalIP,Hostname</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">kubelet-use-node-status-port</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">metric-resolution=15s</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- --<span style="color:#000">kubelet-insecure-tls </span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># 增加这行</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><p>然后安装:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>k apply -f components.yaml </span></span></code></pre></div><p>稍等片刻看是否启动:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ kubectl get pod -n kube-system <span style="color:#000;font-weight:bold">|</span> grep metrics-server </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>metrics-server-7c9977449d-h4psq 1/1 Running <span style="color:#0000cf;font-weight:bold">0</span> 34s </span></span></code></pre></div><p>验证一下,查看 service 信息</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ kubectl describe svc metrics-server -n kube-system </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>Name: metrics-server </span></span><span style="display:flex;"><span>Namespace: kube-system </span></span><span style="display:flex;"><span>Labels: k8s-app<span style="color:#ce5c00;font-weight:bold">=</span>metrics-server </span></span><span style="display:flex;"><span>Annotations: &lt;none&gt; </span></span><span style="display:flex;"><span>Selector: k8s-app<span style="color:#ce5c00;font-weight:bold">=</span>metrics-server </span></span><span style="display:flex;"><span>Type: ClusterIP </span></span><span style="display:flex;"><span>IP Family Policy: SingleStack </span></span><span style="display:flex;"><span>IP Families: IPv4 </span></span><span style="display:flex;"><span>IP: 10.97.226.236 </span></span><span style="display:flex;"><span>IPs: 10.97.226.236 </span></span><span style="display:flex;"><span>Port: https 443/TCP </span></span><span style="display:flex;"><span>TargetPort: https/TCP </span></span><span style="display:flex;"><span>Endpoints: 10.244.0.9:10250 </span></span><span style="display:flex;"><span>Session Affinity: None </span></span><span style="display:flex;"><span>Internal Traffic Policy: Cluster </span></span><span style="display:flex;"><span>Events: &lt;none&gt; </span></span></code></pre></div><p>简单验证一下基本使用:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl top nodes </span></span><span style="display:flex;"><span>kubectl top pods -n kube-system </span></span></code></pre></div><p>正常能看到类似如下的输出:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ kubectl top nodes </span></span><span style="display:flex;"><span>NAME CPU<span style="color:#ce5c00;font-weight:bold">(</span>cores<span style="color:#ce5c00;font-weight:bold">)</span> CPU<span style="color:#ce5c00;font-weight:bold">(</span>%<span style="color:#ce5c00;font-weight:bold">)</span> MEMORY<span style="color:#ce5c00;font-weight:bold">(</span>bytes<span style="color:#ce5c00;font-weight:bold">)</span> MEMORY<span style="color:#ce5c00;font-weight:bold">(</span>%<span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span>debian13 161m 4% 1040Mi 13% </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>$ kubectl top pods -n kube-system </span></span><span style="display:flex;"><span>NAME CPU<span style="color:#ce5c00;font-weight:bold">(</span>cores<span style="color:#ce5c00;font-weight:bold">)</span> MEMORY<span style="color:#ce5c00;font-weight:bold">(</span>bytes<span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span>coredns-848fbff4f8-2lx6w 1m 15Mi </span></span><span style="display:flex;"><span>coredns-848fbff4f8-lgr6d 1m 16Mi </span></span><span style="display:flex;"><span>etcd-debian13 7m 47Mi </span></span><span style="display:flex;"><span>kube-apiserver-debian13 13m 241Mi </span></span><span style="display:flex;"><span>kube-controller-manager-debian13 6m 53Mi </span></span><span style="display:flex;"><span>kube-proxy-xc4mn 1m 17Mi </span></span><span style="display:flex;"><span>kube-scheduler-debian13 3m 23Mi </span></span><span style="display:flex;"><span>metrics-server-7c9977449d-h4psq 1m 18Mi </span></span></code></pre></div><p>如果出现下面的错误:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>error: Metrics API not available </span></span></code></pre></div><p>可以稍等片刻,等 metrics-server 启动后,再尝试查看。</p> <h2 id="参考资料">参考资料</h2> <ul> <li> <p><a href="https://acytoo.com/ladder/debian12-kubernetes-installation-and-config-master-worker/">Debian 12 安装 Kubernetes(k8s) + docker ,配置主从节点</a></p> </li> <li> <p><a href="https://computingforgeeks.com/install-kubernetes-cluster-on-debian-12-bookworm/">Install Kubernetes Cluster on Debian 12 (Bookworm) servers</a></p> </li> </ul> Docs: 安装监控 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/monitoring/ Tue, 04 Mar 2025 00:00:00 +0000 https://skyao.net/learning-kubernetes/docs/installation/kubeadm/debian13/online/monitoring/ <p>参考:https://github.com/prometheus-operator/prometheus-operator</p> <p><a href="https://computingforgeeks.com/setup-prometheus-and-grafana-on-kubernetes/">https://computingforgeeks.com/setup-prometheus-and-grafana-on-kubernetes/</a></p>