Kubernates on 卡螺絲https://caloskao.org/categories/kubernates/Recent content in Kubernates on 卡螺絲Hugo -- gohugo.iozh-HantMon, 11 May 2026 11:53:21 +0800Kubernetes 安裝筆記(2020 年版):使用 Docker-CE 作為 CRIhttps://caloskao.org/k8s-installation/Fri, 13 Nov 2020 20:00:00 +0800https://caloskao.org/k8s-installation/<img src="https://caloskao.org/images/logo/docker.webp" alt="Featured image of post Kubernetes 安裝筆記(2020 年版):使用 Docker-CE 作為 CRI" /><blockquote> <p><strong>注意:</strong> 這份筆記是 2020 年的安裝記錄。Kubernetes 1.24 之後已移除 dockershim,Docker 不再作為 CRI 直接支援。現行安裝請考慮改用 containerd 或 CRI-O。</p> </blockquote> <h2 id="環境">環境 </h2><ul> <li>Ubuntu 18.04 / 20.04 LTS</li> <li>Docker(Container Runtime)</li> <li>Kubernetes 版本:1.17.x ~ 1.19.x</li> </ul> <hr> <h2 id="step1-安裝-docker">Step.1 安裝 Docker </h2><blockquote> <p>CRI(Container Runtime Interface)除了 Docker,還有 <a class="link" href="https://github.com/cri-o/cri-o#getting-started" target="_blank" rel="noopener" >CRI-O</a>、containerd、rkt、<a class="link" href="https://katacontainers.io/" target="_blank" rel="noopener" >Kata Containers</a> 等選擇。</p> </blockquote> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">apt update </span></span><span class="line"><span class="cl">apt install -y docker.io </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 設定 Docker daemon:cgroup driver 使用 systemd(Kubernetes 要求)</span> </span></span><span class="line"><span class="cl">cat &gt; /etc/docker/daemon.json <span class="s">&lt;&lt;EOF </span></span></span><span class="line"><span class="cl"><span class="s">{ </span></span></span><span class="line"><span class="cl"><span class="s"> &#34;exec-opts&#34;: [&#34;native.cgroupdriver=systemd&#34;], </span></span></span><span class="line"><span class="cl"><span class="s"> &#34;log-driver&#34;: &#34;json-file&#34;, </span></span></span><span class="line"><span class="cl"><span class="s"> &#34;log-opts&#34;: { </span></span></span><span class="line"><span class="cl"><span class="s"> &#34;max-size&#34;: &#34;100m&#34; </span></span></span><span class="line"><span class="cl"><span class="s"> }, </span></span></span><span class="line"><span class="cl"><span class="s"> &#34;storage-driver&#34;: &#34;overlay2&#34; </span></span></span><span class="line"><span class="cl"><span class="s">} </span></span></span><span class="line"><span class="cl"><span class="s">EOF</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">mkdir -p /etc/systemd/system/docker.service.d </span></span><span class="line"><span class="cl">systemctl <span class="nb">enable</span> docker.service </span></span><span class="line"><span class="cl">systemctl daemon-reload </span></span><span class="line"><span class="cl">systemctl restart docker </span></span></code></pre></td></tr></table> </div> </div><p>確認版本:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">docker version </span></span><span class="line"><span class="cl"><span class="c1"># Client: 19.03.8 / Server Engine: 19.03.8</span> </span></span></code></pre></td></tr></table> </div> </div><hr> <h2 id="step2-安裝-kubeadmkubeletkubectl">Step.2 安裝 kubeadm、kubelet、kubectl </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">apt update <span class="o">&amp;&amp;</span> apt install -y apt-transport-https curl </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg <span class="p">|</span> apt-key add - </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;deb https://apt.kubernetes.io/ kubernetes-xenial main&#34;</span> <span class="p">|</span> tee -a /etc/apt/sources.list.d/kubernetes.list </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">apt update </span></span><span class="line"><span class="cl">apt install -y kubelet kubeadm kubectl bash-completion </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 鎖定套件,避免自動更新</span> </span></span><span class="line"><span class="cl">apt-mark hold kubelet kubeadm kubectl </span></span></code></pre></td></tr></table> </div> </div><p>啟用 kubectl shell 自動補全:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl completion bash &gt; /etc/bash_completion.d/kubectl </span></span></code></pre></td></tr></table> </div> </div><p>確認版本:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubeadm version </span></span><span class="line"><span class="cl"><span class="c1"># kubeadm version: v1.19.2</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">kubectl version --client </span></span><span class="line"><span class="cl"><span class="c1"># Client Version: v1.19.2</span> </span></span></code></pre></td></tr></table> </div> </div><blockquote> <p>若還未設定連線叢集,<code>kubectl version</code> 會出現 <code>localhost:8080 was refused</code> 錯誤,可先忽略。</p> </blockquote> <hr> <h2 id="step3-預先下載-image可選">Step.3 預先下載 Image(可選) </h2><p>初始化 Master Node 時需要 pull 多個 image,可提前下載:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubeadm config images pull </span></span><span class="line"><span class="cl"><span class="c1"># [config/images] Pulled k8s.gcr.io/kube-apiserver:v1.19.2</span> </span></span><span class="line"><span class="cl"><span class="c1"># [config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.19.2</span> </span></span><span class="line"><span class="cl"><span class="c1"># ...</span> </span></span></code></pre></td></tr></table> </div> </div><hr> <h2 id="step4-初始化-control-planemaster-node">Step.4 初始化 Control Plane(Master Node) </h2><p>先關閉 SWAP(Kubernetes 強制要求):</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">swapoff -a </span></span></code></pre></td></tr></table> </div> </div><p>執行初始化:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubeadm init --pod-network-cidr<span class="o">=</span>10.244.0.0/16 </span></span></code></pre></td></tr></table> </div> </div><p>順利的話約 2-3 分鐘完成,輸出末尾會出現:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">Your Kubernetes control-plane has initialized successfully! </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">To start using your cluster, you need to run the following as a regular user: </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> mkdir -p $HOME/.kube </span></span><span class="line"><span class="cl"> sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config </span></span><span class="line"><span class="cl"> sudo chown $(id -u):$(id -g) $HOME/.kube/config </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">Then you can join any number of worker nodes by running the following on each as root: </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">kubeadm join 172.16.1.20:6443 --token &lt;token&gt; \ </span></span><span class="line"><span class="cl"> --discovery-token-ca-cert-hash sha256:&lt;hash&gt; </span></span></code></pre></td></tr></table> </div> </div><p>設定 kubectl config:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">mkdir -p <span class="nv">$HOME</span>/.kube </span></span><span class="line"><span class="cl">sudo cp -i /etc/kubernetes/admin.conf <span class="nv">$HOME</span>/.kube/config </span></span><span class="line"><span class="cl">sudo chown <span class="k">$(</span>id -u<span class="k">)</span>:<span class="k">$(</span>id -g<span class="k">)</span> <span class="nv">$HOME</span>/.kube/config </span></span></code></pre></td></tr></table> </div> </div><hr> <h2 id="step5-佈署-cnicilium">Step.5 佈署 CNI(Cilium) </h2><p>初始化完成後 Master Node 狀態會是 <code>NotReady</code>,原因是 CNI 尚未安裝:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl get nodes </span></span><span class="line"><span class="cl"><span class="c1"># NAME STATUS ROLES AGE VERSION</span> </span></span><span class="line"><span class="cl"><span class="c1"># k8s-master NotReady master 26m v1.19.2</span> </span></span></code></pre></td></tr></table> </div> </div><p>安裝 Cilium CNI:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl create -f https://raw.githubusercontent.com/cilium/cilium/HEAD/install/kubernetes/quick-install.yaml </span></span></code></pre></td></tr></table> </div> </div><p>等待 pods 就緒:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl get pods -n kube-system --watch </span></span></code></pre></td></tr></table> </div> </div><p>Cilium 啟動後,<code>coredns</code> 也會一起帶起,Master Node 變為 <code>Ready</code>。</p> <hr> <h2 id="step6-加入-worker-node">Step.6 加入 Worker Node </h2><h3 id="在-master-node取得-join-指令">在 Master Node:取得 join 指令 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubeadm token create --print-join-command </span></span><span class="line"><span class="cl"><span class="c1"># kubeadm join 172.16.1.20:6443 --token &lt;token&gt; --discovery-token-ca-cert-hash sha256:&lt;hash&gt;</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="在-worker-node執行前置安裝">在 Worker Node:執行前置安裝 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">swapoff -a </span></span><span class="line"><span class="cl">apt update </span></span><span class="line"><span class="cl">apt install -y docker.io </span></span><span class="line"><span class="cl">cat &gt; /etc/docker/daemon.json <span class="s">&lt;&lt;EOF </span></span></span><span class="line"><span class="cl"><span class="s">{ </span></span></span><span class="line"><span class="cl"><span class="s"> &#34;exec-opts&#34;: [&#34;native.cgroupdriver=systemd&#34;], </span></span></span><span class="line"><span class="cl"><span class="s"> &#34;log-driver&#34;: &#34;json-file&#34;, </span></span></span><span class="line"><span class="cl"><span class="s"> &#34;log-opts&#34;: {&#34;max-size&#34;: &#34;100m&#34;}, </span></span></span><span class="line"><span class="cl"><span class="s"> &#34;storage-driver&#34;: &#34;overlay2&#34; </span></span></span><span class="line"><span class="cl"><span class="s">} </span></span></span><span class="line"><span class="cl"><span class="s">EOF</span> </span></span><span class="line"><span class="cl">mkdir -p /etc/systemd/system/docker.service.d </span></span><span class="line"><span class="cl">systemctl <span class="nb">enable</span> docker.service </span></span><span class="line"><span class="cl">systemctl daemon-reload </span></span><span class="line"><span class="cl">systemctl restart docker </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">apt update <span class="o">&amp;&amp;</span> apt install -y apt-transport-https curl </span></span><span class="line"><span class="cl">curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg <span class="p">|</span> apt-key add - </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;deb https://apt.kubernetes.io/ kubernetes-xenial main&#34;</span> <span class="p">|</span> tee -a /etc/apt/sources.list.d/kubernetes.list </span></span><span class="line"><span class="cl">apt update </span></span><span class="line"><span class="cl">apt install -y kubelet kubeadm kubectl </span></span><span class="line"><span class="cl">apt-mark hold kubelet kubeadm kubectl </span></span></code></pre></td></tr></table> </div> </div><p>設定 hostname 並重啟:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">hostnamectl set-hostname k8s-node-1 </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;127.0.0.1\t</span><span class="k">$(</span>hostname<span class="k">)</span><span class="s2">&#34;</span> <span class="p">|</span> tee -a /etc/hosts </span></span><span class="line"><span class="cl">reboot </span></span></code></pre></td></tr></table> </div> </div><p>加入叢集:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubeadm join 172.16.1.20:6443 --token &lt;token&gt; <span class="se">\ </span></span></span><span class="line"><span class="cl"> --discovery-token-ca-cert-hash sha256:&lt;hash&gt; </span></span></code></pre></td></tr></table> </div> </div><h3 id="驗證">驗證 </h3><p>回到 Master Node 確認 node 已加入:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl get nodes </span></span><span class="line"><span class="cl"><span class="c1"># NAME STATUS ROLES AGE VERSION</span> </span></span><span class="line"><span class="cl"><span class="c1"># k8s-master Ready master 4h30m v1.19.2</span> </span></span><span class="line"><span class="cl"><span class="c1"># k8s-node-1 Ready &lt;none&gt; 4m54s v1.19.2</span> </span></span><span class="line"><span class="cl"><span class="c1"># k8s-node-2 Ready &lt;none&gt; 4m23s v1.19.2</span> </span></span></code></pre></td></tr></table> </div> </div><hr> <h2 id="step7-安裝-kubernetes-dashboard">Step.7 安裝 Kubernetes Dashboard </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml </span></span></code></pre></td></tr></table> </div> </div><p>建立 admin-user ServiceAccount:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">cat <span class="s">&lt;&lt;EOF | kubectl apply -f - </span></span></span><span class="line"><span class="cl"><span class="s">apiVersion: v1 </span></span></span><span class="line"><span class="cl"><span class="s">kind: ServiceAccount </span></span></span><span class="line"><span class="cl"><span class="s">metadata: </span></span></span><span class="line"><span class="cl"><span class="s"> name: admin-user </span></span></span><span class="line"><span class="cl"><span class="s"> namespace: kubernetes-dashboard </span></span></span><span class="line"><span class="cl"><span class="s">EOF</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">cat <span class="s">&lt;&lt;EOF | kubectl apply -f - </span></span></span><span class="line"><span class="cl"><span class="s">apiVersion: rbac.authorization.k8s.io/v1 </span></span></span><span class="line"><span class="cl"><span class="s">kind: ClusterRoleBinding </span></span></span><span class="line"><span class="cl"><span class="s">metadata: </span></span></span><span class="line"><span class="cl"><span class="s"> name: admin-user </span></span></span><span class="line"><span class="cl"><span class="s">roleRef: </span></span></span><span class="line"><span class="cl"><span class="s"> apiGroup: rbac.authorization.k8s.io </span></span></span><span class="line"><span class="cl"><span class="s"> kind: ClusterRole </span></span></span><span class="line"><span class="cl"><span class="s"> name: cluster-admin </span></span></span><span class="line"><span class="cl"><span class="s">subjects: </span></span></span><span class="line"><span class="cl"><span class="s">- kind: ServiceAccount </span></span></span><span class="line"><span class="cl"><span class="s"> name: admin-user </span></span></span><span class="line"><span class="cl"><span class="s"> namespace: kubernetes-dashboard </span></span></span><span class="line"><span class="cl"><span class="s">EOF</span> </span></span></code></pre></td></tr></table> </div> </div><p>取得登入 token:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl -n kubernetes-dashboard describe secret <span class="se">\ </span></span></span><span class="line"><span class="cl"> <span class="k">$(</span>kubectl -n kubernetes-dashboard get secret <span class="p">|</span> grep admin-user <span class="p">|</span> awk <span class="s1">&#39;{print $1}&#39;</span><span class="k">)</span> </span></span></code></pre></td></tr></table> </div> </div><p>開啟 proxy:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl proxy </span></span></code></pre></td></tr></table> </div> </div><p>瀏覽器連到:<code>http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/</code></p> <blockquote> <p>若透過 SSH 連到 Master Node,建立 SSH tunnel:<code>ssh username@&lt;master-ip&gt; -NfL 8001:localhost:8001</code></p> </blockquote> <hr> <h2 id="step8-安裝-rookceph-儲存">Step.8 安裝 Rook(Ceph 儲存) </h2><blockquote> <p>⚠️ 以下記錄未完成:OSD 無法建立,僅作參考。</p> </blockquote> <h3 id="安裝-rook-operator">安裝 Rook Operator </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl"><span class="c1"># 安裝 common.yaml(處理 RBAC 版本相容問題)</span> </span></span><span class="line"><span class="cl">curl https://raw.githubusercontent.com/rook/rook/release-1.4/cluster/examples/kubernetes/ceph/common.yaml <span class="se">\ </span></span></span><span class="line"><span class="cl"> <span class="p">|</span> sed <span class="s1">&#39;s/rbac.authorization.k8s.io\/v1beta1/rbac.authorization.k8s.io\/v1/g&#39;</span> <span class="se">\ </span></span></span><span class="line"><span class="cl"> <span class="p">|</span> kubectl apply -f - </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 安裝 operator</span> </span></span><span class="line"><span class="cl">kubectl apply -f https://raw.githubusercontent.com/rook/rook/release-1.4/cluster/examples/kubernetes/ceph/operator.yaml </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 等待 operator 就緒後,安裝 Ceph cluster</span> </span></span><span class="line"><span class="cl">kubectl apply -f https://github.com/rook/rook/raw/release-1.4/cluster/examples/kubernetes/ceph/cluster.yaml </span></span></code></pre></td></tr></table> </div> </div><h3 id="安裝-toolbox-並查看狀態">安裝 Toolbox 並查看狀態 </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl apply -f https://github.com/rook/rook/raw/release-1.4/cluster/examples/kubernetes/ceph/toolbox.yaml </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">kubectl -n rook-ceph <span class="nb">exec</span> -it <span class="se">\ </span></span></span><span class="line"><span class="cl"> <span class="k">$(</span>kubectl -n rook-ceph get pod -l <span class="s2">&#34;app=rook-ceph-tools&#34;</span> -o <span class="nv">jsonpath</span><span class="o">=</span><span class="s1">&#39;{.items[0].metadata.name}&#39;</span><span class="k">)</span> <span class="se">\ </span></span></span><span class="line"><span class="cl"> -- bash </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1"># 常用指令:ceph status / ceph osd status / ceph df / rados df</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="若遇到-failedscheduling">若遇到 FailedScheduling </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl taint nodes --all node-role.kubernetes.io/master- </span></span></code></pre></td></tr></table> </div> </div><hr> <h2 id="故障排除">故障排除 </h2><h3 id="swap-未關閉">Swap 未關閉 </h3><p>錯誤訊息:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">[ERROR Swap]: running with swap on is not supported. Please disable swap </span></span></code></pre></td></tr></table> </div> </div><p>解法 (臨時性):</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">swapoff -a </span></span></code></pre></td></tr></table> </div> </div><blockquote> <p>開機後需再次執行,或編輯 <code>/etc/fstab</code> 永久停用。</p> </blockquote> <h3 id="docker-service-未啟用">Docker service 未啟用 </h3><p>錯誤訊息:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-text" data-lang="text"><span class="line"><span class="cl">[WARNING Service-Docker]: docker service is not enabled </span></span></code></pre></td></tr></table> </div> </div><p>解法:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">systemctl <span class="nb">enable</span> docker.service </span></span></code></pre></td></tr></table> </div> </div><hr> <blockquote> <p><strong>References</strong></p> <ul> <li><strong>CNI 選擇:</strong> <ul> <li><a class="link" href="https://github.com/projectcalico/calico" target="_blank" rel="noopener" >Calico</a></li> <li><a class="link" href="https://github.com/cilium/cilium" target="_blank" rel="noopener" >Cilium</a></li> <li><a class="link" href="https://github.com/cloudnativelabs/kube-router" target="_blank" rel="noopener" >kube-router</a></li> <li><a class="link" href="https://github.com/weaveworks/weave" target="_blank" rel="noopener" >Weave</a></li> <li><a class="link" href="https://itnext.io/benchmark-results-of-kubernetes-network-plugins-cni-over-10gbit-s-network-updated-august-2020-6e1b757b9e49" target="_blank" rel="noopener" >CNI 效能比較</a></li> </ul> </li> <li><strong>安裝參考:</strong> <ul> <li><a class="link" href="https://kubernetes.io/docs/setup/production-environment/container-runtimes/" target="_blank" rel="noopener" >Container Runtimes - Kubernetes Documentation</a></li> <li><a class="link" href="https://rickhw.github.io/2019/03/17/Container/Install-K8s-with-Kubeadm/" target="_blank" rel="noopener" >K8s 學習筆記 - kubeadm 手動安裝 | Complete Think</a></li> <li><a class="link" href="https://docs.cilium.io/en/latest/gettingstarted/k8s-install-default/" target="_blank" rel="noopener" >Quick Installation — Cilium Documentation</a></li> <li><a class="link" href="https://rook.io/docs/rook/v1.4/ceph-quickstart.html" target="_blank" rel="noopener" >Ceph Storage Quickstart - Rook Docs</a></li> <li><a class="link" href="https://tachingchen.com/tw/blog/kubernetes-installation-with-kubeadm/" target="_blank" rel="noopener" >Kubernetes 兩步安裝一次上手</a></li> </ul> </li> </ul> </blockquote>