deepin 安装 microk8s 1.17

安装

sudo apt update
sudo apt install snapd snap
export $PATH=PATH:/snap/bin >> ~/.zshrc && source ~/.zshrc
sudo snap install microk8s --classic
sudo microk8s.status --wait-ready

## status 输出
microk8s is running
addons:
cilium: disabled
dashboard: enabled
dns: enabled
fluentd: disabled
gpu: disabled
helm: disabled
ingress: disabled
istio: disabled
jaeger: disabled
juju: disabled
knative: disabled
kubeflow: disabled
linkerd: disabled
metallb: disabled
metrics-server: disabled
prometheus: disabled
rbac: disabled
registry: disabled
storage: disabled

监控 pods 状态

watch microk8s.kubectl get all --all-namespaces

修改 .zshrc

.bashrc 教程一大把

如果本地没有安装 kubectl 可以使用 alias; 否则请不要全部复制粘贴;

以下仅限于 zsh 用户; bash 用户百度下即可

vim ~/.zshrc

export PATH=$PATH:/usr/local/go/bin:/snap/bin
alias kubectl='microk8s.kubectl'
# 命令补全
if [ $commands[microk8s.kubectl] ]; then
    source <(microk8s.kubectl completion zsh |
    sed "s/complete -o default -F __start_kubectl kubectl/complete -o default -F __start_kubectl microk8s.kubectl/g" |
    sed "s/complete -o default -o nospace -F __start_kubectl kubectl/complete -o default -o nospace -F __start_kubectl microk8s.kubectl/g");
fi

添加ctr proxy

sudo vim /var/snap/microk8s/current/args/containerd-env

HTTPS_PROXY=http://127.0.0.1:1082

重启 containerd 服务

sudo systemctl restart snap.microk8s.daemon-containerd.service

没有proxy 的也可以参照开篇链接教程, 条条大路通罗马, 不是非要proxy才能完成这个事情

修改内存/硬盘空间限制

sudo vim /var/snap/microk8s/current/args/kubelet

# 酌情复制
--eviction-hard="memory.available<10240Mi,nodefs.available<100Gi,imagefs.available<100Gi"

防火墙 ufw

关于 CrashLoopBackOff 问题

sudo iptables -P FORWARD ACCEPT
# 1.17版本是 cni0; 之前版本是 cnr0, 参照官网 TroubleShooting
sudo ufw allow in on cni0 && sudo ufw allow out on cni0
sudo ufw default allow routed

重启 microk8s

microk8s.stop && microk8s.start

开启 add-on

sudo microk8s.enable dns dashboard
# 安装输出备忘部分
# enable dashbord后的输出部分, RBAC 未开启状态下需要依赖 token开头的两个命令 获取 token
If RBAC is not enabled access the dashboard using the default token retrieved with:

token=$(microk8s.kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
microk8s.kubectl -n kube-system describe secret $token

In an RBAC enabled setup (microk8s.enable RBAC) you need to create a user with restricted
permissions as shown in:
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

coredns 不启动 - deepin

snap 的安装 触发了 apparmor 的启动;

pod错误: CrashLoopBackOff

coredns日志:

kubectl logs -f coredns-xxxxxxx-xxxxx -n kube-system

:: socket permission denied; listen tcp port failed

暂行解决办法:

option#1. 关闭 apparmor https://wiki.debian.org/AppArmor/HowToUse#Disable_AppArmor

$ sudo mkdir -p /etc/default/grub.d
$ echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' \
  | sudo tee /etc/default/grub.d/apparmor.cfg
$ sudo update-grub
$ sudo reboot

option#2. 参考链接 https://blog.csdn.net/u014062332/article/details/100099196