ubuntu 18.04安装microk8s教程

Microk8s是一个集成化的容器管理平台，与Kubernetes完全兼容，主要面向工作站、边缘计算和IoT等领域建立容器计算平台。

安装 microk8s

snap install microk8s --classic --channel=1.15/stable

设置别名

sudo snap alias microk8s.kubectl kubectl

config配置

sudo microk8s.kubectl config view --raw > $HOME/.kube/config

启用k8s组件

microk8s.enable dashboard dns ingress istio registry storage

如果有GPU

microk8s.enable gpu

执行 microk8s.enable 顺利的话，你将看到类似下面的日志

logentry.config.istio.io/accesslog created
logentry.config.istio.io/tcpaccesslog created
rule.config.istio.io/stdio created
rule.config.istio.io/stdiotcp created
...
...
Istio is starting
Enabling the private registry
Enabling default storage class
deployment.extensions/hostpath-provisioner created
storageclass.storage.k8s.io/microk8s-hostpath created
Storage will be available soon
Applying registry manifest
namespace/container-registry created
persistentvolumeclaim/registry-claim created
deployment.extensions/registry created
service/registry created
The registry is enabled
Enabling default storage class
deployment.extensions/hostpath-provisioner unchanged
storageclass.storage.k8s.io/microk8s-hostpath unchanged
Storage will be available soon

使用 microk8s.status 检查各个组件的状态

microk8s is running
addons:
knative: disabled
jaeger: disabled
fluentd: disabled
gpu: enabled
cilium: disabled
storage: enabled
registry: enabled
rbac: disabled
ingress: enabled
dns: enabled
metrics-server: disabled
linkerd: disabled
prometheus: disabled
istio: enabled
dashboard: enabled

使用 microk8s.inspect 排查下安装部署结果

Inspecting services
  Service snap.microk8s.daemon-containerd is running
  Service snap.microk8s.daemon-docker is running
  Service snap.microk8s.daemon-apiserver is running
  Service snap.microk8s.daemon-proxy is running
  Service snap.microk8s.daemon-kubelet is running
  Service snap.microk8s.daemon-scheduler is running
  Service snap.microk8s.daemon-controller-manager is running
  Service snap.microk8s.daemon-etcd is running
  Copy service arguments to the final report tarball
Inspecting AppArmor configuration
Gathering system info
  Copy network configuration to the final report tarball
  Copy processes list to the final report tarball
  Copy snap list to the final report tarball
  Inspect kubernetes cluster

 WARNING:  IPtables FORWARD policy is DROP. Consider enabling traffic forwarding with: sudo iptables -P FORWARD ACCEPT

执行如下命令

sudo ufw default allow routed
sudo iptables -P FORWARD ACCEPT

再次使用 microk8s.inspect 命令检查，会发现 WARNING消失了

使用 microk8s.kubectl get pods --all-namespaces 查看当前 Kubernetes pods 状态

NAMESPACE            NAME                                              READY   STATUS              RESTARTS   AGE
container-registry   registry-7fc4594d64-rrgs9                         0/1     Pending             0          15m
default              default-http-backend-855bc7bc45-t4st8             0/1     ContainerCreating   0          16m
default              nginx-ingress-microk8s-controller-kgjtl           0/1     ContainerCreating   0          16m
...
...

大部分pod都没有启动起来，什么原因呢？

使用 describe 命令查看 pod

kubectl describe pod default-http-backend -n container-registry

日志如下

Events:
  Type     Reason                  Age                   From                              Message
  ----     ------                  ----                  ----                              -------
  Warning  FailedCreatePodSandBox  22m (x33 over 69m)    kubelet, izwz9h8m2chowowqckbcy0z  Failed create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "k8s.gcr.io/pause:3.1": failed to pull image "k8s.gcr.io/pause:3.1": failed to resolve image "k8s.gcr.io/pause:3.1": no available registry endpoint: failed to do request: Head https://k8s.gcr.io/v2/pause/manifests/3.1: dial tcp 108.177.97.82:443: i/o timeout

这是 pod 的 sandbox 镜像拉取失败。

网上查资料，k8s.gcr.io/pause:3.1 是存放在 google cloud 上的镜像，由于众所周知的原因，访问失败了。

解决的方法有：

1. 科学上网
2. 手动下载镜像

方法1操作流程

编辑 MicroK8s 使用的 docker 环境变量配置文件，vim /var/snap/microk8s/current/args/containerd-env在其中添加代理配置

HTTPS_PROXY=https://127.0.0.1:8123

重启 docker

sudo systemctl restart snap.microk8s.daemon-docker.service

重置 MicroK8s 并再次尝试安装各种组件

microk8s.reset
microk8s.enable dashboard dns ingress istio registry storage

方法2操作流程

安装 docker

sudo apt install docker-ce

感谢微软 azure 提供 gcr 镜像下载：地址

docker pull gcr.azk8s.cn/google_containers/pause:3.1
docker tag gcr.azk8s.cn/google_containers/pause:3.1 k8s.gcr.io/pause:3.1

v1.14 之后 microk8s 使用 containerd 代替 dockerd，具体可见这个issue

Indeed in the 1.14 release contanerd replaced dockerd.

要么使用私有仓库 registry，要么手动把 docker 镜像导入到 containerd。microk8s 官网提供了例子：Working with locally built images without a registry。 这里先使用手动操作，以后再建立私有仓库

docker save k8s.gcr.io/pause:3.1 > pause.tar
microk8s.ctr -n k8s.io image import pause.tar

-n 是指定 namespace。microk8s.ctr -n k8s.io image ls，看到导入的镜像了：

k8s.gcr.io/pause:3.1                                                                             application/vnd.oci.image.manifest.v1+json                sha256:3efe4ff64c93123e1217b0ad6d23b4c87a1fc2109afeff55d2f27d70c55d8f73 728.9 KiB linux/amd64 io.cri-containerd.image=managed

其他组件如果遇到gcr.io无法访问的情况也可使用如上的方法，这里特别写了个脚本来自动下载并导入这些镜像

#!/usr/bin/env bash

echo ""
echo "=========================================================="
echo "pull microk8s v1.15.11 images from dockerhub ..."
echo "=========================================================="
echo ""

# registry.cn-hangzhou.aliyuncs.com/smartliby

gcr_imgs=(
    "smartliby/pause:3.1,k8s.gcr.io/pause:3.1"
    "smartliby/heapster-influxdb-amd64:v1.3.3,k8s.gcr.io/heapster-influxdb-amd64:v1.3.3"
    "smartliby/heapster-grafana-amd64:v4.4.3,k8s.gcr.io/heapster-grafana-amd64:v4.4.3"
    "smartliby/kubernetes-dashboard-amd64:v1.10.1,k8s.gcr.io/google_containers/kubernetes-dashboard-amd64:v1.10.1"
    "smartliby/heapster-amd64:v1.5.2,k8s.gcr.io/heapster-amd64:v1.5.2"
    "smartliby/defaultbackend-amd64:1.4,gcr.io/google_containers/defaultbackend-amd64:1.4"
    "smartliby/nginx-ingress-controller-amd64:0.24.1,quay.io/kubernetes-ingress-controller/nginx-ingress-controller-amd64:0.24.1"
    "smartliby/grafana:6.1.6,grafana/grafana:6.1.6"
    "smartliby/addon-resizer-amd64:1.8.1,cdkbot/addon-resizer-amd64:1.8.1"
    "smartliby/hostpath-provisioner-amd64:1.0.0,cdkbot/hostpath-provisioner-amd64:1.0.0"
    "smartliby/dashboard:v2.0.0-rc5,kubernetesui/dashboard:v2.0.0-rc5"
    "smartliby/k8s-device-plugin:1.11,nvidia/k8s-device-plugin:1.11"
    "smartliby/controller:v0.8.2,metallb/controller:v0.8.2"
    "smartliby/speaker:v0.8.2,metallb/speaker:v0.8.2"
    "smartliby/citadel:1.3.4,docker.io/istio/citadel:1.3.4"
    "smartliby/jujud-operator:2.7.3,jujusolutions/jujud-operator:2.7.3"
    "smartliby/kicbase:v0.0.8,gcr.io/k8s-minikube/kicbase:v0.0.8"
    "smartliby/k8s-dns-dnsmasq-nanny-amd64:1.14.7,gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.7"
    "smartliby/k8s-dns-kube-dns-amd64:1.14.7,gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.7"
    "smartliby/k8s-dns-sidecar-amd64:1.14.7,gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.7"
    "smartliby/kubernetes-dashboard-amd64:v1.8.3,k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3"
    "smartliby/cert-manager-controller:v0.11.0,quay.io/jetstack/cert-manager-controller:v0.11.0"
    "smartliby/sidecar_injector:1.1.6,docker.io/istio/sidecar_injector:1.1.6"
    "smartliby/prometheus:v2.3.1,docker.io/prom/prometheus:v2.3.1"
    "smartliby/galley:1.1.6,docker.io/istio/galley:1.1.6"
    "smartliby/cert-manager-cainjector:v0.11.0,quay.io/jetstack/cert-manager-cainjector:v0.11.0"
    "smartliby/cert-manager-webhook:v0.11.0,quay.io/jetstack/cert-manager-webhook:v0.11.0"
    "smartliby/application:1.0-beta,gcr.io/kubeflow-images-public/kubernetes-sigs/application:1.0-beta"
    "smartliby/kiali:v0.16,docker.io/kiali/kiali:v0.16"
)

for img in ${gcr_imgs[@]}
do
    img_array=(${img//,/ })
    # 拉取镜像
    docker pull ${img_array[0]}
    # 添加Tag
    image_name=${img_array[1]}
    image_name=${image_name%@*}
    docker tag ${img_array[0]} ${image_name}
    # 输出
    docker save ${image_name} > /data/k8s_img/k8s/${image_name##*/}.tar
    # 输入
    microk8s.ctr --namespace k8s.io image import /data/k8s_img/k8s/${image_name##*/}.tar
    # 删除Tag
    docker rmi ${img_array[0]} ${image_name}
done

echo ""
echo "=========================================================="
echo "pull microk8s  v1.15.11 images from dockerhub finished."
echo "=========================================================="
echo ""

使用 microk8s.kubectl get pods --all-namespaces 继续进行验证

NAMESPACE            NAME                                                           READY   STATUS             RESTARTS   AGE
cert-manager         cert-manager-5d849b9888-8nh9j                                  1/1     Running            12         3d18h
cert-manager         cert-manager-cainjector-dccb4d7f-7rrkf                         1/1     Running            15         3d
cert-manager         cert-manager-webhook-695df7dbb-gpsqs                           1/1     Running            12         3d18h
container-registry   registry-6c99589dc-gttcq                                       1/1     Running            15         4d4h
default              default-http-backend-5d5ff5d4f5-g9h8h                          1/1     Running            15         4d4h
default              nginx-ingress-microk8s-controller-td2mz                        1/1     Running   59         3h26m
istio-system         cluster-local-gateway-7bf56777fb-rbjjn                         1/1     Running            12         3d18h
istio-system         grafana-6575997f54-j77rc                                       1/1     Running            6          3d
istio-system         istio-citadel-894d98c85-xr8qm                                  1/1     Running            12         3d19h
istio-system         istio-cleanup-secrets-1.2.2-l4djr                              0/1     Completed          0          3d19h
istio-system         istio-egressgateway-9b7866bf5-h8ltc                            1/1     Running            10         3d
istio-system         istio-galley-5b984f89b-w26n9                                   1/1     Running            0          6h43m
istio-system         istio-grafana-post-install-1.2.2-v5sfg                         0/1     Completed          0          3d19h
istio-system         istio-ingressgateway-75ddf64567-glfkm                          1/1     Running            12         3d19h
istio-system         istio-pilot-5d77c559d4-nhc7d                                   2/2     Running            14         3d
istio-system         istio-policy-86478df5d4-w2lgb                                  2/2     Running            46         3d
istio-system         istio-security-post-install-1.2.2-sczrc                        0/1     Completed          0          3d19h
istio-system         istio-sidecar-injector-7b98dd6bcc-g597g                        1/1     Running            8          3d
istio-system         istio-telemetry-786747687f-t8k6k                               2/2     Running            35         3d
istio-system         istio-tracing-555cf644d-4d9f4                                  1/1     Running            13         3d19h
istio-system         kfserving-ingressgateway-64c7bd9b76-2rcxt                      1/1     Running            12         3d18h
istio-system         kiali-6cd6f9dfb5-tlwzq                                         1/1     Running            13         3d19h
istio-system         prometheus-7d7b9f7844-swqf8                                    1/1     Running            19         3d19h
kube-system          coredns-f7867546d-wkv76                                        1/1     Running            15         4d4h
kube-system          heapster-v1.5.2-844b564688-kr9t8                               4/4     Running            60         4d4h
kube-system          hostpath-provisioner-65cfd8595b-rjlhz                          1/1     Running            5          3d
kube-system          kubernetes-dashboard-7d75c474bb-s7n2t                          1/1     Running            15         4d4h
kube-system          monitoring-influxdb-grafana-v4-6b6954958c-spcqb                2/2     Running            32         4d4h
kube-system          nvidia-device-plugin-daemonset-jv96f                           1/1     Running            14         3d23h

如果你看到的结果类似上面这样，说明 Kubernetes 是真的就绪了。

查看 Dashboard

microk8s.kubectl describe service kubernetes-dashboard -n kube-system获取访问ip和端口

Name:              kubernetes-dashboard
Namespace:         kube-system
Labels:            k8s-app=kubernetes-dashboard
Annotations:       kubectl.kubernetes.io/last-applied-configuration:
                     {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard"...
Selector:          k8s-app=kubernetes-dashboard
Type:              ClusterIP
IP:                10.152.183.151
Port:              <unset>  443/TCP

接着访问下面的地址，就能看到我们熟悉的 Dashboard

https://10.152.183.151/

使用令牌登录

获取token

token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
 echo $token
microk8s kubectl -n kube-system describe secret $token

输入token后就进入管理页面了