小葵 一般般帅
登录

基于Multipass从零搭建k8s集群

2024-07-25 👁 1 ← 返回列表

笔者目前使用的Mac,但又很想从零搭建一整套较为完整的 kubernetes 集群(基于kubeadm),多番尝试后最终选定 multipass,且成功完成k8s集群搭建。

mac版本 Sonoma 14.5、multipass版本1.9.0+mac、Ubuntu 24.04 LTS、k8s v1.30.3。

一、安装multipass

1、下载安装

# 安装 multipass
brew install multipass

# 启动三台2c4g,磁盘20G机器
multipass launch -n k8s-master -c 2 -m 4G -d 20G
multipass launch -n k8s-worker1 -c 2 -m 4G -d 20G
multipass launch -n k8s-worker2 -c 2 -m 4G -d 20G

# 进入shell
multipass shell k8s-master
multipass shell k8s-worker1
multipass shell k8s-worker2

# 重启节点
multipass restart k8s-master
multipass restart k8s-worker1
multipass restart k8s-worker2

2、必备设置

# 挂载目录,避免文件与宿主机之间的来回复制
multipass mount /home/k8s k8s-master:/home/k8s

# 禁止交换分区,k8s硬性要求,为了确保容器的性能和稳定性
swapoff -a

# 
https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423

3、禁用AppArmor

在 Ubuntu 24.04 LTS,AppArmor存在bug,这一步bug会导致k8s组件无限重启,不能正常运行。详见(别问我为什么知道,卡了我好几天,这东西太底层了):

  • https://bugs.launchpad.net/ubuntu/+source/containerd-app/+bug/2065423
  • https://github.com/containerd/containerd/pull/10123
# 查看apparmor是否启用
cat /sys/module/apparmor/parameters/enabled

# https://wiki.debian.org/zh_CN/AppArmor/HowToUse#A.2BaMBn5V9TUk1ytmAB-
# AppArmor是一种安全机制,不建议禁用它。如果您确实需要在系统上禁用AppArmor,请执行以下操作:
mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' \
  | sudo tee /etc/default/grub.d/apparmor.cfg
sudo update-grub
sudo reboot

ubuntu@k8s-master:~$  apt list --upgradable
Listing... Done
apparmor/noble-updates 4.0.1really4.0.0-beta3-0ubuntu0.1 amd64 [upgradable from: 4.0.1-0ubuntu0.24.04.2]

如果不禁用,那么你可能看到如下报错日志

# vi /var/log/syslog
# 查看系统日志
2024-07-25T17:53:47.223203+08:00 k8s-master containerd[712]: time="2024-07-25T17:53:47.222954220+08:00" level=info msg="Skipping the sending of signal terminated to container \"411e1b77d209151937b61dccb652136d32cea930842b48628b663200959de121\" because a prior stop with timeout>0 request already sent the signal"
2024-07-25T17:53:56.247670+08:00 k8s-master kernel: audit: type=1400 audit(1721901236.246:756): apparmor="DENIED" operation="signal" class="signal" profile="cri-containerd.apparmor.d" pid=34609 comm="runc" requested_mask="receive" denied_mask="receive" signal=kill peer="runc"
2024-07-25T17:53:56.252118+08:00 k8s-master containerd[712]: time="2024-07-25T17:53:56.250606971+08:00" level=error msg="StopContainer for \"03e1f3ea88663a6570b71bd18f2f7277b2479f916d65293f72a8d2ba70d3eac2\" failed" error="failed to kill container \"03e1f3ea88663a6570b71bd18f2f7277b2479f916d65293f72a8d2ba70d3eac2\": unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied\n: unknown"
2024-07-25T17:53:56.252968+08:00 k8s-master kubelet[17203]: E0725 17:53:56.251069   17203 remote_runtime.go:366] "StopContainer from runtime service failed" err=<
2024-07-25T17:53:56.253206+08:00 k8s-master kubelet[17203]: #011rpc error: code = Unknown desc = failed to kill container "03e1f3ea88663a6570b71bd18f2f7277b2479f916d65293f72a8d2ba70d3eac2": unknown error after kill: runc did not terminate successfully: exit status 1: unable to signal init: permission denied
收藏本文