目录

安装部署k8s

上周末k8s刚刚发布了1.20.1版本,抢鲜安装体验下。

  • 由于网络原因,访问谷歌外网不是很方便,所以本文采用国内可访问的资源进行安装,资源包括:k8s二进制文件和镜像文件
  • 安装方式采用kubespray,项目地址

k8s版本包

k8s社区版本发布地址如下

https://storage.googleapis.com/kubernetes-release/release/ 分别有server、node、client三种版本包二进制文件。下载方式如下:

1
2
3
4
5
6
7
8
9
wget https://storage.googleapis.com/kubernetes-release/release/v1.20.1/kubernetes-server-linux-amd64.tar.gz


wget https://storage.googleapis.com/kubernetes-release/release/v1.20.1/kubernetes-node-linux-amd64.tar.gz


wget https://storage.googleapis.com/kubernetes-release/release/v1.20.1/kubernetes-client-linux-amd64.tar.gz


上面这些地址无法直接访问。可以改由下面方式下载:

通过 CHANGELOG-1.20里面的指定的位置,下载指定版本 如1.12.1

实际上,对于安装部署,只要node中的版本包即可。

1
wget https://storage.googleapis.com/kubernetes-release/release/v1.20.1/kubernetes-node-linux-amd64.tar.gz

kubespray 说明

安装脚本采用kubespray,本文使用了目前最新的release版本1.14.2

kubespray-1.14.2 只支持到了k8s1.19,所以后面我们需要修改kubespray。 首先看下kubespray关于离线安装的事项说明

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
如果采用离线方式安装
Configure Inventory

Once all artifacts are accessible from your internal network, adjust the following variables in your inventory to match your environment:

# Registry overrides
gcr_image_repo: "{{ registry_host }}"
docker_image_repo: "{{ registry_host }}"
quay_image_repo: "{{ registry_host }}"

kubeadm_download_url: "{{ files_repo }}/kubernetes/{{ kube_version }}/kubeadm"
kubectl_download_url: "{{ files_repo }}/kubernetes/{{ kube_version }}/kubectl"
kubelet_download_url: "{{ files_repo }}/kubernetes/{{ kube_version }}/kubelet"
# etcd is optional if you **DON'T** use etcd_deployment=host
etcd_download_url: "{{ files_repo }}/kubernetes/etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
cni_download_url: "{{ files_repo }}/kubernetes/cni/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
crictl_download_url: "{{ files_repo }}/kubernetes/cri-tools/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
# If using Calico
calicoctl_download_url: "{{ files_repo }}/kubernetes/calico/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"

# CentOS/Redhat
## Docker
docker_rh_repo_base_url: "{{ yum_repo }}/docker-ce/$releasever/$basearch"
docker_rh_repo_gpgkey: "{{ yum_repo }}/docker-ce/gpg"
## Containerd
extras_rh_repo_base_url: "{{ yum_repo }}/centos/$releasever/extras/$basearch"
extras_rh_repo_gpgkey: "{{ yum_repo }}/containerd/gpg"

# Fedora
## Docker
docker_fedora_repo_base_url: "{{ yum_repo }}/docker-ce/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}"
docker_fedora_repo_gpgkey: "{{ yum_repo }}/docker-ce/gpg"
## Containerd
containerd_fedora_repo_base_url: "{{ yum_repo }}/containerd"
containerd_fedora_repo_gpgkey: "{{ yum_repo }}/docker-ce/gpg"

# Debian
## Docker
docker_debian_repo_base_url: "{{ debian_repo }}/docker-ce"
docker_debian_repo_gpgkey: "{{ debian_repo }}/docker-ce/gpg"
## Containerd
containerd_debian_repo_base_url: "{{ ubuntu_repo }}/containerd"
containerd_debian_repo_gpgkey: "{{ ubuntu_repo }}/containerd/gpg"
containerd_debian_repo_repokey: 'YOURREPOKEY'

# Ubuntu
## Docker
docker_ubuntu_repo_base_url: "{{ ubuntu_repo }}/docker-ce"
docker_ubuntu_repo_gpgkey: "{{ ubuntu_repo }}/docker-ce/gpg"
## Containerd
containerd_ubuntu_repo_base_url: "{{ ubuntu_repo }}/containerd"
containerd_ubuntu_repo_gpgkey: "{{ ubuntu_repo }}/containerd/gpg"
containerd_ubuntu_repo_repokey: 'YOURREPOKEY'

# If using helm
helm_stable_repo_url: "{{ helm_registry }}"

一些k8s组件程序文件,如 kubelet 保存路径如下: {{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}

kubespray 安装

  1. 安装python3环境 参考脚本部署Python3

  2. 安装 ansible

1
2
3
4
5
6
pip3 install -r requirements.txt

# 或者
# 临时指定python的pip源,进行安装
pip3 install -i https://pypi.douban.com/simple  -r requirements.txt

  1. 自定义部署配置文件
1
2
3
4
# Copy ``inventory/sample`` as ``inventory/mycluster``
# cp -rfp inventory/sample inventory/mycluster

cp -rfp inventory/sample inventory/deploy_cluster

接着对deploy_cluster和源码脚本进行可修改,详见下文

  1. 执行kubespray安装或卸载
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 这里我修改了自定义部署配置目录为 deploy_cluster, 并修改其中的配置参数
ansible-playbook -i inventory/deploy_cluster/inventory.ini  --become --become-user=root cluster.yml -vvv

# 卸载命令
ansible-playbook -i inventory/deploy_cluster/inventory.ini  --become --become-user=root reset.yml -vvv

## 清理程序和文件目录
rm -rf /etc/kubernetes
rm -rf /var/lib/kubelet
rm -rf /etc/ssl/etcd
rm -rf /var/lib/etcd
rm -rf /usr/local/bin/kubectl
rm -rf /etc/systemd/system/calico-node.service
rm -rf /etc/systemd/system/kubelet.service

systemctl stop etcd.service
systemctl disable etcd.service
systemctl stop calico-node.service
systemctl disable calico-node.service
docker stop $(docker ps -q)
docker rm $(docker ps -a -q)
service docker restart



卸载时 并没有清理/tmp/release,另外reset后再执行安装,会发现/usr/local/bin/下没有kubeadm,需要从安装目录把kubeadm拷贝过去


示例

aist_cluster环境安装和卸载

ansible版本

确认使用ansible2.9.6

安装命令

1
/usr/local/python3/bin/ansible-playbook -i inventory/aist_cluster/inventory.ini  --become --become-user=root cluster.yml -vvvvv

卸载命令

1
2
3
4
5
/usr/local/python3/bin/ansible-playbook -i inventory/aist_cluster/inventory.ini  --become --become-user=root reset.yml -vvvvv
## 清理程序和文件目录
rm -rf /etc/kubernetes
rm -rf /var/lib/kubelet
rm -rf /etc/ssl/etcd

kubespray 修改

脚本修改

修改点说明

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
### 下载校验关闭
由于安装的是新版本1.20.原有kubespray并不支持,所以需要把其对二进制文件的下载校验关闭

把手动替换的几个程序文件的校验操作关闭

# kubeadm
#    sha256: "{{ kubeadm_binary_checksum }}"
#    sha256: "{{ kubelet_binary_checksum }}"
#    sha256: "{{ kubectl_binary_checksum }}"

### 修改下载地址包括二进制文件和镜像

### 已有下载文件的下载关闭
把 download tasks/main.yaml

download | Get kubeadm binary and list of required images 注释掉

kubespray-2.14.2\roles\download\defaults\main.yaml

   1
   2
   3
   4
   5
   6
   7
   8
   9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47
  48
  49
  50
  51
  52
  53
  54
  55
  56
  57
  58
  59
  60
  61
  62
  63
  64
  65
  66
  67
  68
  69
  70
  71
  72
  73
  74
  75
  76
  77
  78
  79
  80
  81
  82
  83
  84
  85
  86
  87
  88
  89
  90
  91
  92
  93
  94
  95
  96
  97
  98
  99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
 242
 243
 244
 245
 246
 247
 248
 249
 250
 251
 252
 253
 254
 255
 256
 257
 258
 259
 260
 261
 262
 263
 264
 265
 266
 267
 268
 269
 270
 271
 272
 273
 274
 275
 276
 277
 278
 279
 280
 281
 282
 283
 284
 285
 286
 287
 288
 289
 290
 291
 292
 293
 294
 295
 296
 297
 298
 299
 300
 301
 302
 303
 304
 305
 306
 307
 308
 309
 310
 311
 312
 313
 314
 315
 316
 317
 318
 319
 320
 321
 322
 323
 324
 325
 326
 327
 328
 329
 330
 331
 332
 333
 334
 335
 336
 337
 338
 339
 340
 341
 342
 343
 344
 345
 346
 347
 348
 349
 350
 351
 352
 353
 354
 355
 356
 357
 358
 359
 360
 361
 362
 363
 364
 365
 366
 367
 368
 369
 370
 371
 372
 373
 374
 375
 376
 377
 378
 379
 380
 381
 382
 383
 384
 385
 386
 387
 388
 389
 390
 391
 392
 393
 394
 395
 396
 397
 398
 399
 400
 401
 402
 403
 404
 405
 406
 407
 408
 409
 410
 411
 412
 413
 414
 415
 416
 417
 418
 419
 420
 421
 422
 423
 424
 425
 426
 427
 428
 429
 430
 431
 432
 433
 434
 435
 436
 437
 438
 439
 440
 441
 442
 443
 444
 445
 446
 447
 448
 449
 450
 451
 452
 453
 454
 455
 456
 457
 458
 459
 460
 461
 462
 463
 464
 465
 466
 467
 468
 469
 470
 471
 472
 473
 474
 475
 476
 477
 478
 479
 480
 481
 482
 483
 484
 485
 486
 487
 488
 489
 490
 491
 492
 493
 494
 495
 496
 497
 498
 499
 500
 501
 502
 503
 504
 505
 506
 507
 508
 509
 510
 511
 512
 513
 514
 515
 516
 517
 518
 519
 520
 521
 522
 523
 524
 525
 526
 527
 528
 529
 530
 531
 532
 533
 534
 535
 536
 537
 538
 539
 540
 541
 542
 543
 544
 545
 546
 547
 548
 549
 550
 551
 552
 553
 554
 555
 556
 557
 558
 559
 560
 561
 562
 563
 564
 565
 566
 567
 568
 569
 570
 571
 572
 573
 574
 575
 576
 577
 578
 579
 580
 581
 582
 583
 584
 585
 586
 587
 588
 589
 590
 591
 592
 593
 594
 595
 596
 597
 598
 599
 600
 601
 602
 603
 604
 605
 606
 607
 608
 609
 610
 611
 612
 613
 614
 615
 616
 617
 618
 619
 620
 621
 622
 623
 624
 625
 626
 627
 628
 629
 630
 631
 632
 633
 634
 635
 636
 637
 638
 639
 640
 641
 642
 643
 644
 645
 646
 647
 648
 649
 650
 651
 652
 653
 654
 655
 656
 657
 658
 659
 660
 661
 662
 663
 664
 665
 666
 667
 668
 669
 670
 671
 672
 673
 674
 675
 676
 677
 678
 679
 680
 681
 682
 683
 684
 685
 686
 687
 688
 689
 690
 691
 692
 693
 694
 695
 696
 697
 698
 699
 700
 701
 702
 703
 704
 705
 706
 707
 708
 709
 710
 711
 712
 713
 714
 715
 716
 717
 718
 719
 720
 721
 722
 723
 724
 725
 726
 727
 728
 729
 730
 731
 732
 733
 734
 735
 736
 737
 738
 739
 740
 741
 742
 743
 744
 745
 746
 747
 748
 749
 750
 751
 752
 753
 754
 755
 756
 757
 758
 759
 760
 761
 762
 763
 764
 765
 766
 767
 768
 769
 770
 771
 772
 773
 774
 775
 776
 777
 778
 779
 780
 781
 782
 783
 784
 785
 786
 787
 788
 789
 790
 791
 792
 793
 794
 795
 796
 797
 798
 799
 800
 801
 802
 803
 804
 805
 806
 807
 808
 809
 810
 811
 812
 813
 814
 815
 816
 817
 818
 819
 820
 821
 822
 823
 824
 825
 826
 827
 828
 829
 830
 831
 832
 833
 834
 835
 836
 837
 838
 839
 840
 841
 842
 843
 844
 845
 846
 847
 848
 849
 850
 851
 852
 853
 854
 855
 856
 857
 858
 859
 860
 861
 862
 863
 864
 865
 866
 867
 868
 869
 870
 871
 872
 873
 874
 875
 876
 877
 878
 879
 880
 881
 882
 883
 884
 885
 886
 887
 888
 889
 890
 891
 892
 893
 894
 895
 896
 897
 898
 899
 900
 901
 902
 903
 904
 905
 906
 907
 908
 909
 910
 911
 912
 913
 914
 915
 916
 917
 918
 919
 920
 921
 922
 923
 924
 925
 926
 927
 928
 929
 930
 931
 932
 933
 934
 935
 936
 937
 938
 939
 940
 941
 942
 943
 944
 945
 946
 947
 948
 949
 950
 951
 952
 953
 954
 955
 956
 957
 958
 959
 960
 961
 962
 963
 964
 965
 966
 967
 968
 969
 970
 971
 972
 973
 974
 975
 976
 977
 978
 979
 980
 981
 982
 983
 984
 985
 986
 987
 988
 989
 990
 991
 992
 993
 994
 995
 996
 997
 998
 999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216

---
local_release_dir: /tmp/releases
download_cache_dir: /tmp/kubespray_cache

# do not delete remote cache files after using them
# NOTE: Setting this parameter to TRUE is only really useful when developing kubespray
download_keep_remote_cache: false

# Only useful when download_run_once is false: Localy cached files and images are
# uploaded to kubernetes nodes. Also, images downloaded on those nodes are copied
# back to the ansible runner's cache, if they are not yet preset.
download_force_cache: false

# Used to only evaluate vars from download role
skip_downloads: false

# Optionally skip kubeadm images download
#skip_kubeadm_images: false
skip_kubeadm_images: true
kubeadm_images: {}

# if this is set to true will only download files once. Doesn't work
# on Flatcar Container Linux by Kinvolk unless the download_localhost is true and localhost
# is running another OS type. Default compress level is 1 (fastest).
download_run_once: false
download_compress: 1

# if this is set to true will download container
download_container: true

# if this is set to true, uses the localhost for download_run_once mode
# (requires docker and sudo to access docker). You may want this option for
# local caching of docker images or for Flatcar Container Linux by Kinvolk cluster nodes.
# Otherwise, uses the first node in the kube-master group to store images
# in the download_run_once mode.
download_localhost: false

# Always pull images if set to True. Otherwise check by the repo's tag/digest.
download_always_pull: false

# Some problems may occur when downloading files over https proxy due to ansible bug
# https://github.com/ansible/ansible/issues/32750. Set this variable to False to disable
# SSL validation of get_url module. Note that kubespray will still be performing checksum validation.
download_validate_certs: true

# Use the first kube-master if download_localhost is not set
download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kube-master'][0] }}{% endif %}"

# Arch of Docker images and needed packages
image_arch: "{{host_architecture | default('amd64')}}"

# Versions
# add by wangb
#kube_version: v1.18.10
kube_version: v1.20.1
kubeadm_version: "{{ kube_version }}"
# add by wangb
#etcd_version: v3.4.3
etcd_version: v3.4.13

# gcr and kubernetes image repo define
gcr_image_repo: "gcr.io"
kube_image_repo: "k8s.gcr.io"

# docker image repo define
docker_image_repo: "docker.io"

# quay image repo define
quay_image_repo: "quay.io"

# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
# after migration to container download
calico_version: "v3.15.2"
calico_ctl_version: "{{ calico_version }}"
calico_cni_version: "{{ calico_version }}"
calico_policy_version: "{{ calico_version }}"
calico_typha_version: "{{ calico_version }}"
typha_enabled: false

flannel_version: "v0.12.0"

cni_version: "v0.8.7"

weave_version: 2.7.0
pod_infra_version: "3.2"
contiv_version: 1.2.1
cilium_version: "v1.8.3"
kube_ovn_version: "v1.3.0"
kube_router_version: "v1.0.1"
multus_version: "v3.6"
ovn4nfv_ovn_image_version: "v1.0.0"
ovn4nfv_k8s_plugin_image_version: "v1.1.0"

# Get kubernetes major version (i.e. 1.17.4 => 1.17)
kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
crictl_supported_versions:
  # add by wangb
  v1.20: "v1.20.1"
  v1.19: "v1.19.0"
  v1.18: "v1.18.0"
  v1.17: "v1.17.0"
crictl_version: "{{ crictl_supported_versions[kube_major_version] }}"

# Download URLs
#kubelet_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubelet"
#kubectl_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kube_version }}/bin/linux/{{ image_arch }}/kubectl"
#kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubeadm_version }}/bin/linux/{{ image_arch }}/kubeadm"
#etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
#cni_download_url: "https://github.com/containernetworking/plugins/releases/download/{{ cni_version }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
#calicoctl_download_url: "https://github.com/projectcalico/calicoctl/releases/download/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
#crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"

# add by wangb start
#kubelet_download_url: "http://192.168.182.131:8989/files/kubernetes/v1.20.1/kubelet"
#kubectl_download_url: "http://192.168.182.131:8989/files/kubernetes/v1.20.1/kubectl"
#kubeadm_download_url: "http://192.168.182.131:8989/files/kubernetes/v1.20.1/kubeadm"

kubelet_download_url: "http://10.151.11.61:8989/files/kubernetes/v1.20.1/kubelet"
kubectl_download_url: "http://10.151.11.61:8989/files/kubernetes/v1.20.1/kubectl"
kubeadm_download_url: "http://10.151.11.61:8989/files/kubernetes/v1.20.1/kubeadm"

etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
#cni_download_url: "http://192.168.182.131:8989/files/kubernetes/v1.20.1/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
#calicoctl_download_url: "http://192.168.182.131:8989/files/kubernetes/v1.20.1/calicoctl-linux-{{ image_arch }}"
cni_download_url: "http://10.151.11.61:8989/files/kubernetes/v1.20.1/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
calicoctl_download_url: "http://10.151.11.61:8989/files/kubernetes/v1.20.1/calicoctl-linux-{{ image_arch }}"

crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
# add by wangb end

crictl_checksums:
  arm:
    v1.19.0: b72fd3c4b35f60f5db2cfcd8e932f6000cf9c2978b54adfcf60ee5e2d452e92f
    v1.18.0: d420925d10b47a234b7e51e9cf1039c3c09f2703945a99435549fcdd7487ae3a
    v1.17.0: 9700957218e8e7bdc02cbc8fda4c189f5b6223a93ba89d876bdfd77b6117e9b7
  arm64:
    v1.19.0: ec040d14ca03e8e4e504a85dae5353e04b5d9d8aea3df68699258992c0eb8d88
    v1.18.0: 95ba32c47ad690b1e3e24f60255273dd7d176e62b1a0b482e5b44a7c31639979
    v1.17.0: d89afd89c2852509fafeaff6534d456272360fcee732a8d0cb89476377387e12
  amd64:
    v1.19.0: 87d8ef70b61f2fe3d8b4a48f6f712fd798c6e293ed3723c1e4bbb5052098f0ae
    v1.18.0: 876dd2b3d0d1c2590371f940fb1bf1fbd5f15aebfbe456703ee465d959700f4a
    v1.17.0: 7b72073797f638f099ed19550d52e9b9067672523fc51b746e65d7aa0bafa414

# Checksums
kubelet_checksums:
  arm:
    v1.19.3: 3c0214d2d583440233b6bd0088614fe4fb5748e5b153f2ec96d72d3f8165e214
    v1.19.2: 631e686c34911a40a798817dcff89532c88bb649885f93ec66b339e227ebd974
    v1.19.1: 3985c8d02c1c2f2016fceccd9cc14865e2d047f32c8f0b42aeedcc8450de572e
    v1.19.0: bb433ef7981297bdee6ffc4e23376e8db24a0e47321ebe94bf9d4b9f7a2f0e3b
    v1.18.10: 716b8a1971d2f96b28f31a65e6769e2ce60979703d143a67d340c7ce16137db5
    v1.18.9: 24f7559fe5214b5f3b625ab035e29159441e6cfd248befbeb78b63e660fccd23
    v1.18.8: 831f50ea45384884c50395c288d493e75dd134a962dc95261ce122de5e6a17ec
    v1.18.6: 5f8367f9f5de77c022ec5d0cd86e897b7a33318185eaadb7736033d8dabcdbdb
    v1.18.5: 9f8ab727964c6f42f1c17089bf2f7b4b2f2a5c61ffab3bad16eb02d9feb05855
    v1.18.4: 796defe5f8b43a5316a487a377b4059df12b9b3c933f3fe4dff40e8144a11af6
    v1.18.3: 491344027cbec40bc867a79c7130c27c143648544b5dfe4a28929cf26427dc3b
    v1.18.2: b7b9c43851dde9cbaa2061828410c60ee63e53fbf3ebc5559b7f4387dae67bb9
    v1.18.1: 04d8e0a080dcb23d579c69e769e75bd5abaa1977d43550ec891560d76f1f7f37
    v1.18.0: 985c1a1b492ccc6e46e1cd454790dae539d5b93208efb05e35114f66a183de99
    v1.17.13: f98d4eaf65c65bce55479b1435baa032944856c098ccf8038a8aca318c530f24
    v1.17.12: 2b6160f5c15b1294573e37031ce0bcbbcd3ee3ea055f4f8fe4faf3ab74774f40
    v1.17.11: 53784f9bea1508b6d82f8be6f40af2e6aef86381021b500c1647f9d297af3efd
    v1.17.9: 37fc89360f4dcff4788032e60fe6388da4194a68503992868261ba840413e8d4
    v1.17.8: 82320569bc9deff33d148c759a105f1a32de3d83855165100261a4ad395d1845
    v1.17.7: 3b368039523357959e451a35867b5659701e135ca2069cb9487c7459084c46d9
    v1.17.6: e522cda9b86de29da72fd306968e1ba44cb85b61a743083f8fee39899a755210
    v1.17.5: d1eb5b7a3a88030490f1619f2e7d723926214ba941e2172112bccb71f41d9aab
    v1.17.4: c8c4d1b869c72b4203024615cafae1cca7df2fb89dd7f4a524d05ffa5edde559
    v1.17.3: 06fe53b9780e4fa17b5e14f588bbaaa09fc0924ef4040e26a484fa3235c9e110
    v1.17.2: 9a2ab021f8556fabcb00022052810b3d8136704141891439de1340ac9e439d6d
    v1.17.1: 0219c940bad3238dfbdf8e4518241d861bbdd8fc93d172cc632c225d7dd57094
    v1.17.0: 75ae6ad8f4a7f2ac3988b37a01c28093f240745d17c1781135d1844057c8ae94
  arm64:
    v1.19.3: 228695df98c5cb8a5f64d1235021f54a482a8e63f5b9b1b2addfc95df9b671ee
    v1.19.2: 86b9336aa7f6215e6f9b387bb82105657668aa8a38b0e0f7c2e647ef45c1b723
    v1.19.1: 143bed1f04cba4e6749a72abf9258d19f31e1a310f94bd041cd30ce62a1f73ff
    v1.19.0: d8fa5a9739ecc387dfcc55afa91ac6f4b0ccd01f1423c423dbd312d787bbb6bf
    v1.18.10: 1490550560b9afcb6e74d5bd69d61ae60dabe466e05e0408da48f17b4ccd91b4
    v1.18.9: 21b0fb4682deea19be3ac160403db9858dc9d02b101d60eb6fc22a86523ec434
    v1.18.8: d36e2d656bad232e8b48b19c948164ee3966669f4566cf5ea43ca22f6eed1aa5
    v1.18.6: 257fd42be375025fb93724bda9bef23b73eb40531f22bab9e19f6d6ff1ca57cf
    v1.18.5: c3815bc740755aa9fd3ec240ad808a13628a4deb6ec2b4338e772fd0cf77e1a2
    v1.18.4: ec4e18e7a2e94fb1ca83d739eadb8d81748cf6a48b87b8fe0d66131e9515e8c6
    v1.18.3: f88deee2052b4d1e3a15fd7352b93728c23d69497a4199a56e62fa871bdf7edb
    v1.18.2: 89b5066ae17df8488c76a83c70cbcac0771fa36803e31b826f2770b5efcdbfbf
    v1.18.1: 2181cde9e6b24055d262b78758b365363273896968df673eb13d4f17a4f69c4a
    v1.18.0: db91a26f8baa2bce017172305e717e77be5cfc4272592be8cb0155e1cfa7719e
    v1.17.13: e9396034d079d3574370faf47eba78055cf8fb897093929e796f571cf2f91cd6
    v1.17.12: bfd5ff97040a2f1017bc14991757ba62ad8c8218d75a5f646690c1e76f93bf22
    v1.17.11: 0d9705c284054b2fdb7627d4867edd0863f67a2fbf64a2e1710d928936539c89
    v1.17.9: d57c25a3d67c937a9d6778de07295478185f73938937868525030a01d15c372f
    v1.17.8: 673355f62aa422915682ae595e4e53813e4656f2c272eb032f97492211cfced5
    v1.17.7: eb1715a745281f6aee34644653f73787acdd9f3904e3d58e1319ded4a16be013
    v1.17.6: 6ded412f13e5d8bd0368372150334580a05cd4dc7629f437c789a5aa6008e8e5
    v1.17.5: 9220a7390d9c5cb5c770d947babdec288d044126b9982bbd5d5c8785354a6701
    v1.17.4: 77ca08cd3d03edda8d628e39a8cb45afe794582a9619d381ec5a70585999721a
    v1.17.3: eeefd2f966dfb75ab4ab58829118f9bb314b75799a94d21c2ce8d083cc330dbc
    v1.17.2: 133b69346da8e34daaf20f421657625a06630ec1e11f06961523836383cea72c
    v1.17.1: c773512ade5da3188ed4c312d5ba01bfbf3f376f6e580e5b074827a5b25450aa
    v1.17.0: b1a4a2325383854a69ec768e7dc00f69378d3ccbc554859d910bf5b582264ea2
  amd64:
    v1.19.3: daa02a34efd936bf9940d9c52fe24c299fc36ba4b31a051968efb3652f289fa9
    v1.19.2: 7ff6d3663e8de0c654909e7a279e386286aa7ed3fc262d021bed77c92d62780f
    v1.19.1: 2ca2a3104d4cce26db128e3a0b7a042385df4f2c51bdbe740e067fdfaa2fcdd1
    v1.19.0: 3f03e5c160a8b658d30b34824a1c00abadbac96e62c4d01bf5c9271a2debc3ab
    v1.18.10: 8daecd339993342c0693b6cb8a8e053d4a21d2d829389cc7ab823f52ea0589a1
    v1.18.9: 5028b6548e8838e1e0851f10e8bd8d9a6ef1693e3f1dac09f7d50c4c2873f20b
    v1.18.8: a4116675ac52bf80e224fba8ff6db6f2d7aed192bf6fffd5f8e4d5efb4368f31
    v1.18.6: 2eb9baf5a65a7b94c653dbd7af03a768a520961eb27ef369e43ef12711e22d4a
    v1.18.5: 8c328f65d30f0edd0fd4f529b09d6fc588cfb7b524d5c9f181e36de6e494e19c
    v1.18.4: 42bcd6a8fe1abeab12cbe9be0f16d4a7b15017937a5de66eb67a38073de7eb72
    v1.18.3: 6aac8853028a4f185de5ccb5b41b3fbd87726161445dee56f351e3e51442d669
    v1.18.2: bc13d29b58300c328f0078c7f72e37e1254c4303277348862af1e7f2b356b9e3
    v1.18.1: 4c5737235e62a5bb0b5d3f51939ccd255ebda376d75941222b25241251b67fbc
    v1.18.0: 3a90e7abf9910aebf9ef5845918c665afd4136a8832604ccfabca2defb35ce0f
    v1.17.13: e71c3ce50f93abc2735ba601781355d86a49aec992e8cb235a369254c304fa7d
    v1.17.12: 196263deb2605507ff137b3edea39a914e7047f4c4de0a681c4a6f8dcfa5fe65
    v1.17.11: 71bcc8443a6e6f226727ea007fdc4b96327e302d1724a15ce2bffc2d94a3dac6
    v1.17.9: 3b6cdfcd38a646c7b553821ef9bb67e93541da658305c00705e6ab2ba15e73af
    v1.17.8: b39081fb40332ae12d262b04dc81630e5c6550fb196f09b60f3d726283dff17f
    v1.17.7: a6b66c94a37dd6ae830a9af5b9200884a2c0af868096a3c2553b2e876723c2a2
    v1.17.6: 4b7fd5123bfafe2249bf91ed83469c2655a8d3295966e5fbd952f89b64b75f57
    v1.17.5: c5fbfa83444bdeefb51934c29f0b4b7ffc43ce5a98d7f957d8a11e3440055383
    v1.17.4: f3a427ddf610b568db60c8d47565041901220e1bbe257614b61bb4c76801d765
    v1.17.3: a5c2349c61771f8bf9f80feb174f7e9d9a6c9e79559758ea538ed3dead07bdcb
    v1.17.2: 33c6befab43ace4c4e89eab9c45d0cea5432f3cea4beaa956c786fe521f844bb
    v1.17.1: ffd04d1934c193fa63b3fc7d285d3646ed215f07f726390eefb0913b810716c3
    v1.17.0: c2af77f501c3164e80171903028d35c632366f53dec0c8419828d4e55d86146f
kubectl_checksums:
  arm:
    v1.19.3: fb611ff64139bc8712fe93497f2419c236d62c5f689e1cb4cc68037fda698f82
    v1.19.2: c8cad74a586dfee41436ce866c91d79c9d2053468eccde9fed976cdf32b7849f
    v1.19.1: e63bbf3161c49d60e46ffaf7d3cfd689834516205be1be881d2e652115535e93
    v1.19.0: 5885bb723a55ab95e8687e0ad52620ce4c08f76fd20c0973f5cd19c753b513c8
    v1.18.10: 3d5b7cb1c54d5e9dec157a512d2d21dddc6b9fd5b9a0b8df9493553871d21668
    v1.18.9: 8f49ade7875aaca82f7471901963796815b786d5437e6af0ae4d6d784dc92c08
    v1.18.8: 21769e01e17f3809d0e9188a88a71fb1f479dfeeb22590e56006d5dbb3689605
    v1.18.6: 1b6668bae432a3c6034f2fe83e72b2db5ea794a02121cf0a22be7f4bd8f460bf
    v1.18.5: 5fc8dc6e3d09ceaf900dd06b9af3a7abb291293cea5219aea577bad852aa84b1
    v1.18.4: 9617b1a929aad7e3bf9f1151f83548e5e3f89175f5d3f961733b8b0ec2e376c4
    v1.18.3: 1816364467b98e7ae52731f593780f392d6835d33db5b12a671abfffb72a4eac
    v1.18.2: 353d61297cfbf01ed3f72b7df1658110c065355d670556ea3bdbf0d1b2824aea
    v1.18.1: 896c90b1b9d88e121876d93718591f3ecbab880b304767806c6c9fcb3b145805
    v1.18.0: 34fc6d16c2f535ed381b5fd3a4d40b642fff4f9ff95f8250b8043a29b8c062b9
    v1.17.13: 1053624c88881d1fe9d8f2adbb07831fc23c829127b8466da9b15cc122004344
    v1.17.12: e3bfbb4a82183c094a6538ffe4e837856cb3849ed1348d23830f0945852a81e4
    v1.17.11: e8178745c3010a57de068138e63bf19087ca4f83acfdc1df82f7844ce73cf3be
    v1.17.9: 4bcad42cb8721bcb636f88e02f143fa9e2ad8141a37025f7622bd04516dab391
    v1.17.8: e1a75ee55e1270583143422cc611547623aeef2c69689354c69b0b8f445cf6ba
    v1.17.7: 1b862c79333b7edee64f0317f8c5de8699f99b00709734e3341d41cca3b8f29b
    v1.17.6: 2ad9897b84dd503c963ff790ce092aeb4c8e78ac64b7986a6c6ed1c601255419
    v1.17.5: 470139a2ca98a85ab89210d07dc733d457d48a8419bbf038ee7e55276e2b5c35
    v1.17.4: bec3f4163231d4df62ef75b1e435f646b576bfeff08a5e635a033c8223fb4c52
    v1.17.3: 740e17e7fa2b6aed243e690cdb939f040aefe644a485429ed42b2b1fa7eac813
    v1.17.2: 152e5b5e1a744ad8e4860bef212462750e0a38856990d6a4d0b3418bedb5346f
    v1.17.1: a1e580e9140536c4a370c207ee66481cfe8d8876dc9021755a9d20232a97033d
    v1.17.0: 594b3e2f89dca09d82b176b51bf6c8c0fa524ed209c14ec915c9b36fa876601d
  arm64:
    v1.19.3: a4f2e2dbdcead30eed5aa47468e669b9574fd99457b860679eba84e1cb9cf863
    v1.19.2: a460f918c03e5cd916f4ac28da137596232e344cc0755d4ceb222fc4cd203e09
    v1.19.1: 332bbdb4560f9b7fcbb96c8f2cebbc4996e409384ca07510e5c5990998158c20
    v1.19.0: d4adf1b6b97252025cb2f7febf55daa3f42dc305822e3da133f77fd33071ec2f
    v1.18.10: 394fa475f7688778eeeecb31e01acfae4cc37a72926d9bf33290c968e6dc037a
    v1.18.9: 9f466ff8d40097914a1ded0288ef8b9eb6f4ad39a9990cb2c0f8d1a710013a4f
    v1.18.8: 9046c4086528427462544e1a6dcbe709de4d7ae44d1a155375de330fecd067b1
    v1.18.6: 7b3d6cc019747a7ee5f6cc2b187423daaac4e153140cb290e60d316c3f456430
    v1.18.5: 28c1edb2d76f80e70e10fa8cd2a30b9fccc5f003d8b3e853535d8317db7f424a
    v1.18.4: 61c5004f6e9040163bc09459a11fd17b0f9ff55d7ba8f9b1e89368b5f2cdf072
    v1.18.3: fc4479d1f7e58e6c8f40430a35f6b09b6f582909f69968e424fc20640ac45daf
    v1.18.2: 8d4bd6a716e32187e03c5998b4d9570f3b2eb9fb041ac9ed6e9728f04935c2fb
    v1.18.1: 39e9645c6bed1e7340b3d764db983b9fc35326b11325fd509c3660c9f55469ed
    v1.18.0: 0de307f90502cd58e5785cdcbebeb552df81fa2399190f8a662afea9e30bc74d
    v1.17.13: 9d62bb6f21a64fd464237b7c81e45075e2ce0a83b6e13c54a6539c076f3b536f
    v1.17.12: 22f383cef1a429cab5d4c98df6704295722044613dbea49c306e931d383d723f
    v1.17.11: 8eb18f37148d2786205bc70dded66c173df7517577e5ae024a19e72400263ed2
    v1.17.9: 4d818e97073113eb1e62bf97d63876757be0f273c47807c09f34511155e25afd
    v1.17.8: 4dfd36dbd637b8dca9a7c4e789fb3fe4ca420062c90d3a872ae751dfb9777cb6
    v1.17.7: 00c71ceffa9b50af081d2838b102be49ca224a8aa928f5c948b804af84c58818
    v1.17.6: ceccf6ef3e0ac523cb75d46d1b4979ae1f8cf199926244a9d828cb77f024e46b
    v1.17.5: 160d1198a6da3eb082e197e368ba86c2acce435e073e9f3ee271aa59c7fb47d6
    v1.17.4: 95867f3c977b1f754223b95dbb04a9ff45613529e9e4691ffa45c6b214f9fd4f
    v1.17.3: d007a212240fef9fee30c59b4d4203bbc463d334f679c4d0d1af521b7e2c42e6
    v1.17.2: 29c36d5866a76ca693a255567ac26d7558c1f02e6b840895093e47afe06594d9
    v1.17.1: 4208be10e2c12b67e71219cd39b0b2ab065d4ec1b26e19c5da88cb8ebc64ea2f
    v1.17.0: cba12bfe0ee447b06f00813d7d4ba3fbdbf5116eccc4d3291987044f2d6f93c2
  amd64:
    v1.19.3: 84eeb8237448e4f431fef0f0ec0ba8b07558d8e52d5a7e89b4ae64dadcffbe66
    v1.19.2: f51adfe7968ee173dbfb3dabfc10dc774983cbf8a3a7c1c75a1423b91fda6821
    v1.19.1: da4de99d4e713ba0c0a5ef6efe1806fb09c41937968ad9da5c5f74b79b3b38f5
    v1.19.0: 79bb0d2f05487ff533999a639c075043c70a0a1ba25c1629eb1eef6ebe3ba70f
    v1.18.10: b25c445cb36ab168de590c13b50bced4e7877ed15ca899a261053b4ba3ba1456
    v1.18.9: 6a68756a2d3d04b4d0f52b00de6493ba2c1fcb28b32f3e4a0e99b3d9f6c4e8ed
    v1.18.8: a076f5eff0710de94d1eb77bee458ea43b8f4d9572bbb3a3aec1edf0dde0a3e7
    v1.18.6: 62fcb9922164725c7cba5747562f2ad2f4d834ad0a458c1e4c794cc203dcdfb3
    v1.18.5: 69d9b044ffaf544a4d1d4b40272f05d56aaf75d7e3c526d5418d1d3c78249e45
    v1.18.4: 5fea9ad294ea73f952243178db5340dc29c14ad96aed3f92a18deedb73f221ec
    v1.18.3: 6fcf70aae5bc64870c358fac153cdfdc93f55d8bae010741ecce06bb14c083ea
    v1.18.2: 6ea8261b503c6c63d616878837dc70b758d4a3aeb9996ade8e83b51aedac9698
    v1.18.1: f5144823e6d8a0b78611a8d12e7a25202126d079c3a232b18f37e61e872ff563
    v1.18.0: bb16739fcad964c197752200ff89d89aad7b118cb1de5725dc53fe924c40e3f7
    v1.17.13: 25824bf20d8d9501e9b6cabdd6bd25ec10cc649d4e3155dba86037f57bba842e
    v1.17.12: d6472a5f5d3ff125b4a1aa5cefd6197faadfb578c36f639240a04df1a71597e1
    v1.17.11: 002d640a12d6fad48f7d8a5c56cb4ff656397caf3511f50426d9c69c94b2d137
    v1.17.9: 2ca83eecd221bedf3eceb0ccfcf45bb2e27950c382c2326211303adb0a9c4232
    v1.17.8: 01283cbc2b09555cbf2a71c162097552a62a4fd48a0a4c06e34e9b853b815486
    v1.17.7: 7124a296518edda2ae326e754aec9be6d0ac86131e6f61b52f5ecaa413b66ae4
    v1.17.6: 5e245f6af6fb761fbe4b3ac06b753f33b361ce0486c48c85b45731a7ee5e4cca
    v1.17.5: 03cd1fa19f90d38005148793efdb17a9b58d01dedea641a8496b9cf228db3ab4
    v1.17.4: 465b2d2bd7512b173860c6907d8127ee76a19a385aa7865608e57a5eebe23597
    v1.17.3: ae8627adb1f0ae7bdb82ffd74a579953b8acdcd4b94aeefc7569078c3d7994c6
    v1.17.2: 7732548b9c353114b0dfa173bc7bcdedd58a607a5b4ca49d867bdb4c05dc25a1
    v1.17.1: a87a0acdc67d066bc331cb96c7fd29a883d67a41beeef538a0bd2878872ebad9
    v1.17.0: 6e0aaaffe5507a44ec6b1b8a0fb585285813b78cc045f8804e70a6aac9d1cb4c
kubeadm_checksums:
  arm:
    v1.19.3: 522358c8596d10cac1a04a9e52f0ae59a1c06ca122292429d36773e7f6ad0a01
    v1.19.2: effc35d1e3ab01ac80185ff9f7ca5afabbb94f5f91d7326b04b09e903315647d
    v1.19.1: 0e910cf9c771976f6eb079098ad428f3e99080624f478e3d71b670005a7c3651
    v1.19.0: 62fca8b373f8c63409bcfcb7c585f8de882a8a119d88d39666e1ab3a11be188b
    v1.18.10: 49f53573bdefd4ed37376800119b082666d03d5657d5886a4caa35e63a11d658
    v1.18.9: 026cd1ec3b75703994254ae44998a544f46723b424775218f90c07754bb42bb6
    v1.18.8: 52ec1a5d8a6826762c112d55734e35cf895a02e746b8d6ca4a9c942289aab077
    v1.18.6: 84abadc0abc01970ee73bf25078b2120a0725e4afcb9bb8c0d03077c978d7452
    v1.18.5: 461641c8fb8db2afe6e103aca925a4ef9d161dcae08a96fc24674b0ea0122e04
    v1.18.4: 0a8a021cb3d18295f53843b1ab7d2d8bf9b861d5d6bd160f24717d22aa5a8fa7
    v1.18.3: 88b8004dcfbf8862e5ae4dadcd4e4ef86c91211e48cd45922d5a18634b06d1b3
    v1.18.2: c3558beca26c1b970cee8419dcf24f9812483f6ef384cea9a704491bc3af1e2c
    v1.18.1: 4f919ad7215209dee97ea4c61668e44a2cce8f575b9cf4032e47f0c377924854
    v1.18.0: 0f05bd526bb38be11459675c69bc882a2d3e583e48339fab49b620d292c2433e
    v1.17.13: 086de433c9e77d37a6fd38fca059b7ab4cae9d0a3e57350d245f753cb391cec0
    v1.17.12: c18a1c4aa3788c8e860a8653987bd50df9f2da70e15e5a4e1cce6f9a4bee4831
    v1.17.11: df79e696668290091cf93b4c68ff614b3886cecbe40dbf76fdfff799ba41901d
    v1.17.9: 69c28a8e35394cf72b3926bb557724b7d0c5bbd07a22fdd9c207b943b4c617b3
    v1.17.8: 1e8e653a07438131126f62b853b442356b341d2950f0d7c30d2a96e773a54611
    v1.17.7: 47c911a7deff993e654da1e0644fe627e496292d7a7a5f43f33fa4cde6b6856d
    v1.17.6: a12f4281d018a7d53611cb1c0c537cd8f82dc01f3e16c16513622c1d6c9db658
    v1.17.5: ae2b66de65a6a435ff06ea8e542904e92c5eec0c42c2e57905a2a31a52106ca1
    v1.17.4: d22dd143947aa442812b325f36d48929506ea8416230213ffb83c29c1c1222f5
    v1.17.3: fc94d273927bc7e1dce91518133492f4e76aead6e795338317281fb0c6b6445e
    v1.17.2: c0a74989da367d9c11b25d4fbd90e8d3d1a013a63c9be7bbce61b320715c1a83
    v1.17.1: 501d1bacb863713dd9d0101d0021b0227869c4b1b9e903f6498333c613d384e1
    v1.17.0: 5fcf1234d89bc2a364c53b76b36134fc57278b456138d93c278805f2c9b186f1
  arm64:
    v1.19.3: c398c23019f988514ac0f2c1e32a388cf11ca9d48634530092dbf54d9e00eaa6
    v1.19.2: b6900a44558ba1a0a364406e2072163f5fc561030da97045e1403cdc69ff2682
    v1.19.1: dcdabd2fdec9b4dd8febd1625e1fbbe15362919041e5f4ce3aab629e4aea7540
    v1.19.0: db1c432646e6e6484989b6f7191f3610996ac593409f12574290bfc008ea11f5
    v1.18.10: dc4a2daa3bf3e652fc7a81f5b449752c08e6a91e27aa1bbffad7ade35508a77b
    v1.18.9: c17e29b8cec1892b6cd72aed1af6d9abfd39816c222d3cc5c97c6637a284162d
    v1.18.8: 71f6d95f165a9e8066c6f299217af779829ab3d798f6130caf6daa4784dc0464
    v1.18.6: df5a3d7c70c3f8221d57093c5cb17558aad6e65725d7a096c6620302fbf64730
    v1.18.5: 0e2a9de622177015c2514498382b0d821ac8f71c7ed5f02e5684d456ff3c0e4d
    v1.18.4: 67feef5289663ac1bf7c3ab6bdc2d5ac2f24e9ca5ddad82129fd8ea1f9c8b747
    v1.18.3: 6a6fda8e2abdaed05f9df16528c8c0ae59cbe89fbda467cce204bf548965863f
    v1.18.2: e5a1f738443c15f5f8f3b316c6c7f8038f84f24b5d4bf2eef5bee39ca208952a
    v1.18.1: 0cb6589d9b4c09b007eae977ab8a185fc4140eda886408dced4f500a508e4e83
    v1.18.0: 2ef1785159c80a9acd454a1c8be3c6b8db2260200b22e4359426e709ff786d01
    v1.17.13: eb84d8cd772a02c6db35ffd77f2ee2703db5b92571f9b7c8c30108ee7bb35b0a
    v1.17.12: fb2f090c4bd62229a738b8e1faa81bd3b01252a49351464a1e1be9fe689ab959
    v1.17.11: 0875b49d7eacb80db3b9a375086a091304420c875ae8b54191ed9aa0af4c54e3
    v1.17.9: b56dc03177636fdafb4f8ab329d087b804cb7395c142f76e8246e86083c6d750
    v1.17.8: 5a52e7d0306890e68ed66fc47ecd70bf14628c70527442fd0cd2973dbde7064c
    v1.17.7: 6c8622adf5a7a2dfc66ebe15058353b2e2660b01f1e8990bab7a9c7fca76bccb
    v1.17.6: b9f20f98aeecc7b011727ff8be9008a8229cdbea6d3dd93f782622c306306288
    v1.17.5: 6f004152ca1f60bb6ac7446e2c317957df5cff5ac55b60c08ce7869792dc4196
    v1.17.4: 20e1e095f8c46e5dba6366eec162a40b22cd7639f32e83743afef3c0daafd127
    v1.17.3: 92d584c2ff83790830384159fbf6d04798eea002d6315923657fd6f74c80f092
    v1.17.2: 091864574d38d3e30ed57734419b55d0957f39291d6f573ff8fffc8d474fb9ec
    v1.17.1: c640eb50406962628ac6e31fd840506a360b5d9c57d14007d0eaada28c49d64f
    v1.17.0: 0b94d1ace240a8f9995358ca2b66ac92072e3f3cd0543275b315dcd317798546
  amd64:
    v1.19.3: 0a7581fdebe05fb101ce30d4e1f85e865e18f5c034e4f7cc785c786e861f9be2
    v1.19.2: 377dbf06469709aafb7a9a6c925e890bf48727b905455c2a81fee28727716f2f
    v1.19.1: d5afcf4ff916b4c6810f10f76176c73238f0854b7748b2cde8afbd91de65a3c9
    v1.19.0: 88ce7dc5302d8847f6e679aab9e4fa642a819e8a33d70731fb7bc8e110d8659f
    v1.18.10: 9bf46e5276bc14d42d6dcf05ac507bb3236ce8dc0fa21aad985d9328c377c18d
    v1.18.9: 3f7f61e0fe3de43f5b345343f85d7ba5145737efb80974baa6076965f3a6963e
    v1.18.8: 27c8f4d4398d57762998b157d35802a36a7ea9b2b6f9a363c397a9d65b4f3c89
    v1.18.6: 11b4180b9f82a8b6bb30250e3d7341b104521f3b654076b8569853ec9451b2a9
    v1.18.5: e428fc9d1cf860090346a83eb66082c3be6b6032f0db9e4f8e6d52492d46231f
    v1.18.4: cec00c2629805b660b5f41b13292dfe75cbd3803e57a1ded53def912fedb1a22
    v1.18.3: a60974e9840e006076d204fd4ddcba96213beba10fb89ff01882095546c9684d
    v1.18.2: 290bb6acb12c844f76affbab1ce374903bd97c4f19ac8cd3e6fdb7208d638ac8
    v1.18.1: fdb194647048f3e3ebdc93613b21a5b678fcbe0d212d08c0d56758d1bf2d2c85
    v1.18.0: 0261331c2ea718c0cd39114871aa098f1b4685f6101cb78cc880f645e72d0654
    v1.17.13: eaea610b88369dfd46aaaaad343865f5ef2e5bffe97dda9638adb467d86cd5cd
    v1.17.12: 214f547788410a643d57aee8215d99f44ebe59967e973f83b024e2ba7832593f
    v1.17.11: 328ca55af305fef59e72544d0faf76167b5b5dc5779cec17c670961e6529d907
    v1.17.9: 5ef1660d3d56e93e3d87d6a7028aa64745984be0b0678c45c32f66043b4d69b4
    v1.17.8: c59b85696c4cbabe896ba71f4bbc99e4ad2444fcea851e3ee740705584420aad
    v1.17.7: 9d4b97e93ddb204798b91fec063743e218c92b42798779b5248a49e1476226e2
    v1.17.6: d4cfc9a0a734ba015594974ee4253b8965b95cdb6e83d8a6a946675aad418b40
    v1.17.5: 9bd2fd1118b3d07d12e2a806c04bf34d99e79886c5318ddc003ba38f30da390c
    v1.17.4: 3cdcffcf8a1660241a045cfdfed3ebbf7f7c6a0840f008e2b049b533bca5bb8c
    v1.17.3: e34e3193a1161aea7269cee3f115e86ff71f01702a1c15fa0f71103bf2dba304
    v1.17.2: 33a1d8e3cea2bdbb9fa9cb257c516289ee50d957fcb6d7b35919f5f0e6ca2f41
    v1.17.1: 11bd31833dab9adb5b53398772dd1582264c3d1757cb3395e691d6a7379081ec
    v1.17.0: 0d8443f50fb7caab2e5e7e53f9dc56d5ffe55f021ec061f2e2bcba0481df5a48

etcd_binary_checksums:
  # Etcd does not have arm32 builds at the moment, having some dummy value is
  # required to avoid "no attribute" error
  arm: 0
  arm64: 01bd849ad99693600bd59db8d0e66ac64aac1e3801900665c31bd393972e3554
  amd64: 6c642b723a86941b99753dff6c00b26d3b033209b15ee33325dc8e7f4cd68f07
cni_binary_checksums:
  arm: 5757778f4c322ffd93d7586c60037b81a2eb79271af6f4edf9ff62b4f7868ed9
  arm64: ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f
  amd64: 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8
calicoctl_binary_checksums:
  arm:
    v3.15.2: 0
    v3.14.1: 0
    v3.13.3: 0
  amd64:
    v3.15.2: 219ae954501cbe15daeda0ad52e13ec65f99c77548c7d3cbfc4ced5c7149fdf1
    v3.14.1: 5fe8a7b00a45cf48879eff42b08dcdb85cf0121f3720ac8cbd06566aaa385667
    v3.13.3: 570539d436df51bb349bb1a8c6b200a3a6f20803a9d391aa2c5cf19a70a083d4
  arm64:
    v3.15.2: 49165f9e4ad55402248b578310fcf68a57363f54e66be04ac24be9714899b4d5
    v3.14.1: 326da28cb726988029f70fbf3d4de424a4edd9949fd435fad81f2203c93e4c36
    v3.13.3: 0c47acd6d200ba1f8348b389cd7a54771542158fef657afc633a30ddad97e272

etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}"
cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}"
kubelet_binary_checksum: "{{ kubelet_checksums[image_arch][kube_version] }}"
kubectl_binary_checksum: "{{ kubectl_checksums[image_arch][kube_version] }}"
kubeadm_binary_checksum: "{{ kubeadm_checksums[image_arch][kubeadm_version] }}"
calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl_version] }}"
crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"

# Containers
# In some cases, we need a way to set --registry-mirror or --insecure-registry for docker,
# it helps a lot for local private development or bare metal environment.
# So you need define --registry-mirror or --insecure-registry, and modify the following url address.
# example:
# You need to deploy kubernetes cluster on local private development.
# Also provide the address of your own private registry.
# And use --insecure-registry options for docker
kube_proxy_image_repo: "{{ kube_image_repo }}/kube-proxy"
etcd_image_repo: "{{ quay_image_repo }}/coreos/etcd"
etcd_image_tag: "{{ etcd_version }}{%- if image_arch != 'amd64' -%}-{{ image_arch }}{%- endif -%}"
flannel_image_repo: "{{ quay_image_repo }}/coreos/flannel"
flannel_image_tag: "{{ flannel_version }}"
calico_node_image_repo: "{{ docker_image_repo }}/calico/node"
calico_node_image_tag: "{{ calico_version }}"
calico_cni_image_repo: "{{ docker_image_repo }}/calico/cni"
calico_cni_image_tag: "{{ calico_cni_version }}"
calico_policy_image_repo: "{{ docker_image_repo }}/calico/kube-controllers"
calico_policy_image_tag: "{{ calico_policy_version }}"
calico_typha_image_repo: "{{ docker_image_repo }}/calico/typha"
calico_typha_image_tag: "{{ calico_typha_version }}"
pod_infra_image_repo: "{{ kube_image_repo }}/pause"
pod_infra_image_tag: "{{ pod_infra_version }}"
install_socat_image_repo: "{{ docker_image_repo }}/xueshanf/install-socat"
install_socat_image_tag: "latest"
netcheck_version: "v1.0"
netcheck_agent_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-agent"
netcheck_agent_image_tag: "{{ netcheck_version }}"
netcheck_server_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-server"
netcheck_server_image_tag: "{{ netcheck_version }}"
weave_kube_image_repo: "{{ docker_image_repo }}/weaveworks/weave-kube"
weave_kube_image_tag: "{{ weave_version }}"
weave_npc_image_repo: "{{ docker_image_repo }}/weaveworks/weave-npc"
weave_npc_image_tag: "{{ weave_version }}"
contiv_image_repo: "{{ docker_image_repo }}/contiv/netplugin"
contiv_image_tag: "{{ contiv_version }}"
contiv_init_image_repo: "{{ docker_image_repo }}/contiv/netplugin-init"
contiv_init_image_tag: "{{ contiv_version }}"
contiv_auth_proxy_image_repo: "{{ docker_image_repo }}/contiv/auth_proxy"
contiv_auth_proxy_image_tag: "{{ contiv_version }}"
contiv_etcd_init_image_repo: "{{ docker_image_repo }}/ferest/etcd-initer"
contiv_etcd_init_image_tag: latest
contiv_ovs_image_repo: "{{ docker_image_repo }}/contiv/ovs"
contiv_ovs_image_tag: "latest"
cilium_image_repo: "{{ docker_image_repo }}/cilium/cilium"
cilium_image_tag: "{{ cilium_version }}"
cilium_init_image_repo: "{{ docker_image_repo }}/cilium/cilium-init"
cilium_init_image_tag: "2019-04-05"
cilium_operator_image_repo: "{{ docker_image_repo }}/cilium/operator"
cilium_operator_image_tag: "{{ cilium_version }}"
kube_ovn_container_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn"
kube_ovn_container_image_tag: "{{ kube_ovn_version }}"
kube_router_image_repo: "{{ docker_image_repo }}/cloudnativelabs/kube-router"
kube_router_image_tag: "{{ kube_router_version }}"
multus_image_repo: "{{ docker_image_repo }}/nfvpe/multus"
multus_image_tag: "{{ multus_version }}"
ovn4nfv_ovn_image_repo: "{{ docker_image_repo }}/integratedcloudnative/ovn-images"
ovn4nfv_ovn_image_tag: "{{ ovn4nfv_ovn_image_version }}"
ovn4nfv_k8s_plugin_image_repo: "{{ docker_image_repo }}/integratedcloudnative/ovn4nfv-k8s-plugin"
ovn4nfv_k8s_plugin_image_tag: "{{ ovn4nfv_k8s_plugin_image_version }}"

nginx_image_repo: "{{ docker_image_repo }}/library/nginx"
nginx_image_tag: 1.19
haproxy_image_repo: "{{ docker_image_repo }}/library/haproxy"
haproxy_image_tag: 2.1

# Coredns version should be supported by corefile-migration (or at least work with)
# bundle with kubeadm; if not 'basic' upgrade can sometimes fail
# add by wangb
#coredns_version: "1.6.7"
coredns_version: "1.7.0"
coredns_image_repo: "{{ docker_image_repo }}/coredns/coredns"
coredns_image_tag: "{{ coredns_version }}"

nodelocaldns_version: "1.15.13"
nodelocaldns_image_repo: "{{ kube_image_repo }}/k8s-dns-node-cache"
nodelocaldns_image_tag: "{{ nodelocaldns_version }}"

# add by wangb start
#dnsautoscaler_version: 1.8.1
dnsautoscaler_version: v1.3.0
dnsautoscaler_image_repo: "{{ kube_image_repo }}/cluster-proportional-autoscaler-{{ image_arch }}"
dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}"
# add by wangb end
test_image_repo: "{{ docker_image_repo }}/library/busybox"
test_image_tag: latest
busybox_image_repo: "{{ docker_image_repo }}/library/busybox"
busybox_image_tag: 1.32.0
helm_version: "v3.2.4"
helm_image_repo: "{{ docker_image_repo }}/lachlanevenson/k8s-helm"
helm_image_tag: "{{ helm_version }}"
tiller_image_repo: "{{ gcr_image_repo }}/kubernetes-helm/tiller"
tiller_image_tag: "{{ helm_version }}"

registry_image_repo: "{{ docker_image_repo }}/library/registry"
registry_image_tag: "2.7.1"
registry_proxy_image_repo: "{{ kube_image_repo }}/kube-registry-proxy"
registry_proxy_image_tag: "0.4"
# add by wangb start
#metrics_server_version: "v0.3.7"
#metrics_server_image_repo: "{{ kube_image_repo }}/metrics-server/metrics-server"
metrics_server_version: "v0.3.6"
metrics_server_image_repo: "{{ kube_image_repo }}/metrics-server-amd64"
# add by wangb end
metrics_server_image_tag: "{{ metrics_server_version }}"
local_volume_provisioner_image_repo: "{{ quay_image_repo }}/external_storage/local-volume-provisioner"
local_volume_provisioner_image_tag: "v2.3.4"
cephfs_provisioner_image_repo: "{{ quay_image_repo }}/external_storage/cephfs-provisioner"
cephfs_provisioner_image_tag: "v2.1.0-k8s1.11"
rbd_provisioner_image_repo: "{{ quay_image_repo }}/external_storage/rbd-provisioner"
rbd_provisioner_image_tag: "v2.1.1-k8s1.11"
local_path_provisioner_image_repo: "{{ docker_image_repo }}/rancher/local-path-provisioner"
local_path_provisioner_image_tag: "v0.0.14"
ingress_nginx_controller_image_repo: "{{ kube_image_repo }}/ingress-nginx/controller"
# add by wangb start
#ingress_nginx_controller_image_tag: "v0.35.0"
ingress_nginx_controller_image_tag: "v0.25.1"
# add by wangb end
ingress_ambassador_image_repo: "{{ quay_image_repo }}/datawire/ambassador-operator"
ingress_ambassador_image_tag: "v1.2.8"
alb_ingress_image_repo: "{{ docker_image_repo }}/amazon/aws-alb-ingress-controller"
alb_ingress_image_tag: "v1.1.8"
cert_manager_version: "v0.16.1"
cert_manager_controller_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-controller"
cert_manager_controller_image_tag: "{{ cert_manager_version }}"
cert_manager_cainjector_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-cainjector"
cert_manager_cainjector_image_tag: "{{ cert_manager_version }}"
cert_manager_webhook_image_repo: "{{ quay_image_repo }}/jetstack/cert-manager-webhook"
cert_manager_webhook_image_tag: "{{ cert_manager_version }}"
addon_resizer_version: "1.8.11"
addon_resizer_image_repo: "{{ kube_image_repo }}/addon-resizer"
addon_resizer_image_tag: "{{ addon_resizer_version }}"

csi_attacher_image_repo: "{{ quay_image_repo }}/k8scsi/csi-attacher"
csi_attacher_image_tag: "v2.2.0"
csi_provisioner_image_repo: "{{ quay_image_repo }}/k8scsi/csi-provisioner"
csi_provisioner_image_tag: "v1.6.0"
csi_snapshotter_image_repo: "{{ quay_image_repo }}/k8scsi/csi-snapshotter"
csi_snapshotter_image_tag: "v2.1.1"
csi_resizer_image_repo: "{{ quay_image_repo }}/k8scsi/csi-resizer"
csi_resizer_image_tag: "v0.5.0"
csi_node_driver_registrar_image_repo: "{{ quay_image_repo }}/k8scsi/csi-node-driver-registrar"
csi_node_driver_registrar_image_tag: "v1.3.0"
csi_livenessprobe_image_repo: "{{ quay_image_repo }}/k8scsi/livenessprobe"
csi_livenessprobe_image_tag: "v2.0.0"
snapshot_controller_image_repo: "{{ quay_image_repo }}/k8scsi/snapshot-controller"
snapshot_controller_image_tag: "v2.0.1"

cinder_csi_plugin_image_repo: "{{ docker_image_repo }}/k8scloudprovider/cinder-csi-plugin"
cinder_csi_plugin_image_tag: "v1.18.0"

aws_ebs_csi_plugin_image_repo: "{{ docker_image_repo }}/amazon/aws-ebs-csi-driver"
aws_ebs_csi_plugin_image_tag: "v0.5.0"

azure_csi_image_repo: "mcr.microsoft.com/oss/kubernetes-csi"
azure_csi_provisioner_image_tag: "v1.5.0"
azure_csi_attacher_image_tag: "v1.2.0"
azure_csi_cluster_registrar_image_tag: "v1.0.1"
azure_csi_node_registrar_image_tag: "v1.1.0"
azure_csi_snapshotter_image_tag: "v2.0.0"
azure_csi_resizer_image_tag: "v0.3.0"
azure_csi_livenessprobe_image_tag: "v1.1.0"
azure_csi_plugin_image_repo: "mcr.microsoft.com/k8s/csi"
azure_csi_plugin_image_tag: "v0.7.0"

gcp_pd_csi_image_repo: "gke.gcr.io"
gcp_pd_csi_driver_image_tag: "v0.7.0-gke.0"
gcp_pd_csi_provisioner_image_tag: "v1.5.0-gke.0"
gcp_pd_csi_attacher_image_tag: "v2.1.1-gke.0"
gcp_pd_csi_resizer_image_tag: "v0.4.0-gke.0"
gcp_pd_csi_registrar_image_tag: "v1.2.0-gke.0"

dashboard_image_repo: "{{ docker_image_repo }}/kubernetesui/dashboard-{{ image_arch }}"
dashboard_image_tag: "v2.0.4"
dashboard_metrics_scraper_repo: "{{ docker_image_repo }}/kubernetesui/metrics-scraper"
dashboard_metrics_scraper_tag: "v1.0.5"

image_pull_command: "{{ docker_bin_dir }}/docker pull"
image_save_command: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_final }}"
image_load_command: "{{ docker_bin_dir }}/docker load < {{ image_path_final }}"
image_info_command: "{{ docker_bin_dir }}/docker images -q | xargs {{ docker_bin_dir }}/docker inspect -f \"{{ '{{' }} if .RepoTags {{ '}}' }}{{ '{{' }} (join .RepoTags \\\",\\\") {{ '}}' }}{{ '{{' }} end {{ '}}' }}{{ '{{' }} if .RepoDigests {{ '}}' }},{{ '{{' }} (join .RepoDigests \\\",\\\") {{ '}}' }}{{ '{{' }} end {{ '}}' }}\" | tr '\n' ','"

image_pull_command_on_localhost: "{{ docker_bin_dir }}/docker pull"
image_save_command_on_localhost: "{{ docker_bin_dir }}/docker save {{ image_reponame }} | gzip -{{ download_compress }} > {{ image_path_cached }}"
image_info_command_on_localhost: "{{ docker_bin_dir }}/docker images"

downloads:
  netcheck_server:
    enabled: "{{ deploy_netchecker }}"
    container: true
    repo: "{{ netcheck_server_image_repo }}"
    tag: "{{ netcheck_server_image_tag }}"
#    sha256: "{{ netcheck_server_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  netcheck_agent:
    enabled: "{{ deploy_netchecker }}"
    container: true
    repo: "{{ netcheck_agent_image_repo }}"
    tag: "{{ netcheck_agent_image_tag }}"
#    sha256: "{{ netcheck_agent_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  etcd:
    container: "{{ etcd_deployment_type != 'host' }}"
    file: "{{ etcd_deployment_type == 'host' }}"
    enabled: true
    version: "{{ etcd_version }}"
    dest: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
    repo: "{{ etcd_image_repo }}"
    tag: "{{ etcd_image_tag }}"
    sha256: >-
      {{ etcd_binary_checksum if (etcd_deployment_type == 'host')
      else etcd_digest_checksum|d(None) }}      
    url: "{{ etcd_download_url }}"
    unarchive: "{{ etcd_deployment_type == 'host' }}"
    owner: "root"
    mode: "0755"
    groups:
    - etcd

  cni:
    enabled: true
    file: true
    version: "{{ cni_version }}"
    dest: "{{local_release_dir}}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
#    sha256: "{{ cni_binary_checksum }}"
    url: "{{ cni_download_url }}"
    unarchive: false
    owner: "root"
    mode: "0755"
    groups:
    - k8s-cluster

  kubeadm:
    enabled: true
    file: true
    version: "{{ kubeadm_version }}"
    dest: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
#    sha256: "{{ kubeadm_binary_checksum }}"
    url: "{{ kubeadm_download_url }}"
    unarchive: false
    owner: "root"
    mode: "0755"
    groups:
    - k8s-cluster

  kubelet:
    enabled: true
    file: true
    version: "{{ kube_version }}"
    dest: "{{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}"
#    sha256: "{{ kubelet_binary_checksum }}"
    url: "{{ kubelet_download_url }}"
    unarchive: false
    owner: "root"
    mode: "0755"
    groups:
    - k8s-cluster

  kubectl:
    enabled: true
    file: true
    version: "{{ kube_version }}"
    dest: "{{ local_release_dir }}/kubectl-{{ kube_version }}-{{ image_arch }}"
#    sha256: "{{ kubectl_binary_checksum }}"
    url: "{{ kubectl_download_url }}"
    unarchive: false
    owner: "root"
    mode: "0755"
    groups:
    - kube-master

  crictl:
    file: true
    enabled: "{{ container_manager in ['crio', 'cri', 'containerd'] }}"
    version: "{{ crictl_version }}"
    dest: "{{local_release_dir}}/crictl-{{ crictl_version }}-linux-{{ image_arch }}.tar.gz"
#    sha256: "{{ crictl_binary_checksum }}"
    url: "{{ crictl_download_url }}"
    unarchive: true
    owner: "root"
    mode: "0755"
    groups:
    - k8s-cluster

  cilium:
    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
    container: true
    repo: "{{ cilium_image_repo }}"
    tag: "{{ cilium_image_tag }}"
#    sha256: "{{ cilium_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  cilium_init:
    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
    container: true
    repo: "{{ cilium_init_image_repo }}"
    tag: "{{ cilium_init_image_tag }}"
#    sha256: "{{ cilium_init_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  cilium_operator:
    enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
    container: true
    repo: "{{ cilium_operator_image_repo }}"
    tag: "{{ cilium_operator_image_tag }}"
#    sha256: "{{ cilium_operator_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  multus:
    enabled: "{{ kube_network_plugin_multus }}"
    container: true
    repo: "{{ multus_image_repo }}"
    tag: "{{ multus_image_tag }}"
#    sha256: "{{ multus_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  flannel:
    enabled: "{{ kube_network_plugin == 'flannel' or kube_network_plugin == 'canal' }}"
    container: true
    repo: "{{ flannel_image_repo }}"
    tag: "{{ flannel_image_tag }}"
#    sha256: "{{ flannel_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  calicoctl:
    enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
    file: true
    version: "{{ calico_ctl_version }}"
    dest: "{{ local_release_dir }}/calicoctl"
#    sha256: "{{ calicoctl_binary_checksum }}"
    url: "{{ calicoctl_download_url }}"
    unarchive: false
    owner: "root"
    mode: "0755"
    groups:
    - k8s-cluster

  calico_node:
    enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
    container: true
    repo: "{{ calico_node_image_repo }}"
    tag: "{{ calico_node_image_tag }}"
    sha256: "{{ calico_node_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  calico_cni:
    enabled: "{{ kube_network_plugin == 'calico' or kube_network_plugin == 'canal' }}"
    container: true
    repo: "{{ calico_cni_image_repo }}"
    tag: "{{ calico_cni_image_tag }}"
    sha256: "{{ calico_cni_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  calico_policy:
    enabled: "{{ enable_network_policy and kube_network_plugin in ['calico', 'canal'] }}"
    container: true
    repo: "{{ calico_policy_image_repo }}"
    tag: "{{ calico_policy_image_tag }}"
    sha256: "{{ calico_policy_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  calico_typha:
    enabled: "{{ typha_enabled }}"
    container: true
    repo: "{{ calico_typha_image_repo }}"
    tag: "{{ calico_typha_image_tag }}"
    sha256: "{{ calico_typha_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  weave_kube:
    enabled: "{{ kube_network_plugin == 'weave' }}"
    container: true
    repo: "{{ weave_kube_image_repo }}"
    tag: "{{ weave_kube_image_tag }}"
#    sha256: "{{ weave_kube_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  weave_npc:
    enabled: "{{ kube_network_plugin == 'weave' }}"
    container: true
    repo: "{{ weave_npc_image_repo }}"
    tag: "{{ weave_npc_image_tag }}"
#    sha256: "{{ weave_npc_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  ovn4nfv:
    enabled: "{{ kube_network_plugin == 'ovn4nfv' }}"
    container: true
    repo: "{{ ovn4nfv_k8s_plugin_image_repo }}"
    tag: "{{ ovn4nfv_k8s_plugin_image_tag }}"
#    sha256: "{{ ovn4nfv_k8s_plugin_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  contiv:
    enabled: "{{ kube_network_plugin == 'contiv' }}"
    container: true
    repo: "{{ contiv_image_repo }}"
    tag: "{{ contiv_image_tag }}"
#    sha256: "{{ contiv_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  contiv_auth_proxy:
    enabled: "{{ kube_network_plugin == 'contiv' }}"
    container: true
    repo: "{{ contiv_auth_proxy_image_repo }}"
    tag: "{{ contiv_auth_proxy_image_tag }}"
#    sha256: "{{ contiv_auth_proxy_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  contiv_etcd_init:
    enabled: "{{ kube_network_plugin == 'contiv' }}"
    container: true
    repo: "{{ contiv_etcd_init_image_repo }}"
    tag: "{{ contiv_etcd_init_image_tag }}"
#    sha256: "{{ contiv_etcd_init_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  kube_ovn:
    enabled: "{{ kube_network_plugin == 'kube-ovn' }}"
    container: true
    repo: "{{ kube_ovn_container_image_repo }}"
    tag: "{{ kube_ovn_container_image_tag }}"
#    sha256: "{{ kube_ovn_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  kube_router:
    enabled: "{{ kube_network_plugin == 'kube-router' }}"
    container: true
    repo: "{{ kube_router_image_repo }}"
    tag: "{{ kube_router_image_tag }}"
#    sha256: "{{ kube_router_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  pod_infra:
    enabled: true
    container: true
    repo: "{{ pod_infra_image_repo }}"
    tag: "{{ pod_infra_image_tag }}"
#    sha256: "{{ pod_infra_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  install_socat:
    enabled: "{{ ansible_os_family in ['Flatcar Container Linux by Kinvolk'] }}"
    container: true
    repo: "{{ install_socat_image_repo }}"
    tag: "{{ install_socat_image_tag }}"
#    sha256: "{{ install_socat_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  nginx:
    enabled: "{{ loadbalancer_apiserver_localhost and loadbalancer_apiserver_type == 'nginx' }}"
    container: true
    repo: "{{ nginx_image_repo }}"
    tag: "{{ nginx_image_tag }}"
    sha256: "{{ nginx_digest_checksum|default(None) }}"
    groups:
    - kube-node

  haproxy:
    enabled: "{{ loadbalancer_apiserver_localhost and loadbalancer_apiserver_type == 'haproxy' }}"
    container: true
    repo: "{{ haproxy_image_repo }}"
    tag: "{{ haproxy_image_tag }}"
    sha256: "{{ haproxy_digest_checksum|default(None) }}"
    groups:
    - kube-node

  coredns:
    enabled: "{{ dns_mode in ['coredns', 'coredns_dual'] }}"
    container: true
    repo: "{{ coredns_image_repo }}"
    tag: "{{ coredns_image_tag }}"
    sha256: "{{ coredns_digest_checksum|default(None) }}"
    groups:
    - kube-master

  nodelocaldns:
    enabled: "{{ enable_nodelocaldns }}"
    container: true
    repo: "{{ nodelocaldns_image_repo }}"
    tag: "{{ nodelocaldns_image_tag }}"
    sha256: "{{ nodelocaldns_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  dnsautoscaler:
    enabled: "{{ dns_mode in ['coredns', 'coredns_dual'] }}"
    container: true
    repo: "{{ dnsautoscaler_image_repo }}"
    tag: "{{ dnsautoscaler_image_tag }}"
    sha256: "{{ dnsautoscaler_digest_checksum|default(None) }}"
    groups:
    - kube-master

  busybox:
    enabled: "{{ kube_network_plugin in ['kube-router'] }}"
    container: true
    repo: "{{ busybox_image_repo }}"
    tag: "{{ busybox_image_tag }}"
    sha256: "{{ busybox_digest_checksum|default(None) }}"
    groups:
    - k8s-cluster

  testbox:
    enabled: false
    container: true
    repo: "{{ test_image_repo }}"
    tag: "{{ test_image_tag }}"
    sha256: "{{ testbox_digest_checksum|default(None) }}"

  helm:
    enabled: "{{ helm_enabled }}"
    container: true
    repo: "{{ helm_image_repo }}"
    tag: "{{ helm_image_tag }}"
    sha256: "{{ helm_digest_checksum|default(None) }}"
    groups:
    - kube-node

  tiller:
    enabled: "{{ helm_enabled and helm_version is version('v3.0.0', '<') }}"
    container: true
    repo: "{{ tiller_image_repo }}"
    tag: "{{ tiller_image_tag }}"
    sha256: "{{ tiller_digest_checksum|default(None) }}"
    groups:
    - kube-node

  registry:
    enabled: "{{ registry_enabled }}"
    container: true
    repo: "{{ registry_image_repo }}"
    tag: "{{ registry_image_tag }}"
    sha256: "{{ registry_digest_checksum|default(None) }}"
    groups:
    - kube-node

  registry_proxy:
    enabled: "{{ registry_enabled }}"
    container: true
    repo: "{{ registry_proxy_image_repo }}"
    tag: "{{ registry_proxy_image_tag }}"
    sha256: "{{ registry_proxy_digest_checksum|default(None) }}"
    groups:
    - kube-node

  metrics_server:
    enabled: "{{ metrics_server_enabled }}"
    container: true
    repo: "{{ metrics_server_image_repo }}"
    tag: "{{ metrics_server_image_tag }}"
    sha256: "{{ metrics_server_digest_checksum|default(None) }}"
    groups:
    - kube-master

  addon_resizer:
    # Currently addon_resizer is only used by metrics server
    enabled: "{{ metrics_server_enabled }}"
    container: true
    repo: "{{ addon_resizer_image_repo }}"
    tag: "{{ addon_resizer_image_tag }}"
    sha256: "{{ addon_resizer_digest_checksum|default(None) }}"
    groups:
    - kube-master

  local_volume_provisioner:
    enabled: "{{ local_volume_provisioner_enabled }}"
    container: true
    repo: "{{ local_volume_provisioner_image_repo }}"
    tag: "{{ local_volume_provisioner_image_tag }}"
    sha256: "{{ local_volume_provisioner_digest_checksum|default(None) }}"
    groups:
    - kube-node

  cephfs_provisioner:
    enabled: "{{ cephfs_provisioner_enabled }}"
    container: true
    repo: "{{ cephfs_provisioner_image_repo }}"
    tag: "{{ cephfs_provisioner_image_tag }}"
    sha256: "{{ cephfs_provisioner_digest_checksum|default(None) }}"
    groups:
    - kube-node

  rbd_provisioner:
    enabled: "{{ rbd_provisioner_enabled }}"
    container: true
    repo: "{{ rbd_provisioner_image_repo }}"
    tag: "{{ rbd_provisioner_image_tag }}"
    sha256: "{{ rbd_provisioner_digest_checksum|default(None) }}"
    groups:
    - kube-node

  local_path_provisioner:
    enabled: "{{ local_path_provisioner_enabled }}"
    container: true
    repo: "{{ local_path_provisioner_image_repo }}"
    tag: "{{ local_path_provisioner_image_tag }}"
    sha256: "{{ local_path_provisioner_digest_checksum|default(None) }}"
    groups:
    - kube-node

  ingress_nginx_controller:
    enabled: "{{ ingress_nginx_enabled }}"
    container: true
    repo: "{{ ingress_nginx_controller_image_repo }}"
    tag: "{{ ingress_nginx_controller_image_tag }}"
    sha256: "{{ ingress_nginx_controller_digest_checksum|default(None) }}"
    groups:
    - kube-node

  ingress_ambassador_controller:
    enabled: "{{ ingress_ambassador_enabled }}"
    container: true
    repo: "{{ ingress_ambassador_image_repo }}"
    tag: "{{ ingress_ambassador_image_tag }}"
    sha256: "{{ ingress_ambassador_digest_checksum|default(None) }}"
    groups:
    - kube-node

  ingress_alb_controller:
    enabled: "{{ ingress_alb_enabled }}"
    container: true
    repo: "{{ alb_ingress_image_repo }}"
    tag: "{{ alb_ingress_image_tag }}"
    sha256: "{{ ingress_alb_controller_digest_checksum|default(None) }}"
    groups:
    - kube-node

  cert_manager_controller:
    enabled: "{{ cert_manager_enabled }}"
    container: true
    repo: "{{ cert_manager_controller_image_repo }}"
    tag: "{{ cert_manager_controller_image_tag }}"
    sha256: "{{ cert_manager_controller_digest_checksum|default(None) }}"
    groups:
    - kube-node

  cert_manager_cainjector:
    enabled: "{{ cert_manager_enabled }}"
    container: true
    repo: "{{ cert_manager_cainjector_image_repo }}"
    tag: "{{ cert_manager_cainjector_image_tag }}"
    sha256: "{{ cert_manager_cainjector_digest_checksum|default(None) }}"
    groups:
    - kube-node

  cert_manager_webhook:
    enabled: "{{ cert_manager_enabled }}"
    container: true
    repo: "{{ cert_manager_webhook_image_repo }}"
    tag: "{{ cert_manager_webhook_image_tag }}"
    sha256: "{{ cert_manager_webhook_digest_checksum|default(None) }}"
    groups:
    - kube-node

  csi_attacher:
    enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}"
    container: true
    repo: "{{ csi_attacher_image_repo }}"
    tag: "{{ csi_attacher_image_tag }}"
    sha256: "{{ csi_attacher_digest_checksum|default(None) }}"
    groups:
    - kube-node

  csi_provisioner:
    enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}"
    container: true
    repo: "{{ csi_provisioner_image_repo }}"
    tag: "{{ csi_provisioner_image_tag }}"
    sha256: "{{ csi_provisioner_digest_checksum|default(None) }}"
    groups:
    - kube-node

  csi_snapshotter:
    enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}"
    container: true
    repo: "{{ csi_snapshotter_image_repo }}"
    tag: "{{ csi_snapshotter_image_tag }}"
    sha256: "{{ csi_snapshotter_digest_checksum|default(None) }}"
    groups:
    - kube-node

  snapshot_controller:
    enabled: "{{ cinder_csi_enabled }}"
    container: true
    repo: "{{ snapshot_controller_image_repo }}"
    tag: "{{ snapshot_controller_image_tag }}"
    sha256: "{{ snapshot_controller_digest_checksum|default(None) }}"
    groups:
    - kube-node

  csi_resizer:
    enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}"
    container: true
    repo: "{{ csi_resizer_image_repo }}"
    tag: "{{ csi_resizer_image_tag }}"
    sha256: "{{ csi_resizer_digest_checksum|default(None) }}"
    groups:
    - kube-node

  csi_node_driver_registrar:
    enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}"
    container: true
    repo: "{{ csi_node_driver_registrar_image_repo }}"
    tag: "{{ csi_node_driver_registrar_image_tag }}"
    sha256: "{{ csi_node_driver_registrar_digest_checksum|default(None) }}"
    groups:
    - kube-node

  cinder_csi_plugin:
    enabled: "{{ cinder_csi_enabled }}"
    container: true
    repo: "{{ cinder_csi_plugin_image_repo }}"
    tag: "{{ cinder_csi_plugin_image_tag }}"
    sha256: "{{ cinder_csi_plugin_digest_checksum|default(None) }}"
    groups:
    - kube-node

  aws_ebs_csi_plugin:
    enabled: "{{ aws_ebs_csi_enabled }}"
    container: true
    repo: "{{ aws_ebs_csi_plugin_image_repo }}"
    tag: "{{ aws_ebs_csi_plugin_image_tag }}"
    sha256: "{{ aws_ebs_csi_plugin_digest_checksum|default(None) }}"
    groups:
    - kube-node

  dashboard:
    enabled: "{{ dashboard_enabled }}"
    container: true
    repo: "{{ dashboard_image_repo }}"
    tag: "{{ dashboard_image_tag }}"
    sha256: "{{ dashboard_digest_checksum|default(None) }}"
    groups:
    - kube-master

  dashboard_metrics_scrapper:
    enabled: "{{ dashboard_enabled }}"
    container: true
    repo: "{{ dashboard_metrics_scraper_repo }}"
    tag: "{{ dashboard_metrics_scraper_tag }}"
    sha256: "{{ dashboard_digest_checksum|default(None) }}"
    groups:
    - kube-master

download_defaults:
  container: false
  file: false
  repo: None
  tag: None
  enabled: false
  dest: None
  version: None
  url: None
  unarchive: false
  owner: kube
  mode: None


文件服务file server

自定义文件服务file server,为kubespray提供下载文件

1
2
3
4
5
6
7
8
[root@node2 file_server]# ll tmp/kubernetes/v1.20.1/
total 306004
-rw-r--r-- 1 root root  40783872 Dec 21 17:41 calicoctl-linux-amd64
-rw-r--r-- 1 root root  39641346 Dec 21 17:41 cni-plugins-linux-amd64-v0.8.7.tgz
-rw-r--r-- 1 root root  39219200 Dec 18 20:21 kubeadm
-rw-r--r-- 1 root root  40230912 Dec 18 20:21 kubectl
-rw-r--r-- 1 root root 113982312 Dec 18 20:21 kubelet
-rw-r--r-- 1 root root  39485440 Dec 18 20:21 kube-proxy

kubespray会把其中的文件下载到暂存目录/tmp/release下

下载缓存目录/tmp/release

1
2
3
4
5
6
7
8
9
[root@node2 deploy-kube-batch]# ll /tmp/releases/
total 267444
-rwxr-xr-x 1 root root  40783872 Dec 22 17:14 calicoctl
-rwxr-xr-x 1 root root  39641346 Dec 22 17:14 cni-plugins-linux-amd64-v0.8.7.tgz
###drwxr-xr-x 2 root root         6 Dec 22 17:14 images
-rwxr-xr-x 1 root root  39219200 Dec 22 17:14 kubeadm-v1.20.1-amd64
-rwxr-xr-x 1 root root  40230912 Dec 22 17:14 kubectl-v1.20.1-amd64
-rwxr-xr-x 1 root root 113982312 Dec 22 17:14 kubelet-v1.20.1-amd64

命令目录文件

可以把下载后的文件

  • kubeadm
  • kubectl
  • kubelet

放置到/usr/local/bin目录下。

安装完成后的命令目录文件如下(其它文件是有kubspray下载完成的):

1
2
3
4
5
6
7
8
9
[root@node131 releases]# ll /usr/local/bin
总用量 206112
-rwxr-x---. 1 root root       351 12月 21 14:52 etcd
-rwxr-xr-x. 1 root root  17620576 8月  25 03:22 etcdctl
drwx------. 2 root root        30 12月 21 14:50 etcd-scripts
-rwxr-x---. 1 root root  39219200 12月 21 15:18 kubeadm
-rwxr-x---. 1 root root  40230912 12月 21 15:18 kubectl
-rwxr-xr-x. 1 root root 113982312 12月 21 15:10 kubelet
drwxr-xr-x. 2 kube root         6 12月 21 13:49 kubernetes-scripts

二进制文件下载

安装过程中,某些二进制文件会下载很慢或者失败,则手动下载完成后 https://github.com/containernetworking/plugins/releases/download/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz

再把 下载 cni 部分注释掉 cni,如下:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
#  cni:
#    enabled: true
#    file: true
#    version: "{{ cni_version }}"
#    dest: "{{local_release_dir}}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
##    sha256: "{{ cni_binary_checksum }}"
#    url: "{{ cni_download_url }}"
#    unarchive: false
#    owner: "root"
#    mode: "0755"
#    groups:
#    - k8s-cluster

calicoctl下载地址 https://github.com/projectcalico/calicoctl/releases/download/v3.15.2/calicoctl-linux-amd64

k8s镜像下载

编辑下载脚本

需要按部署k8s版本修改版本参数 download_k8s_images.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/bin/bash

# 关闭防火墙

# setenforce 0
# systemctl stop firewalld.service

# use cmd to list images
# ./kubeadm config images list --kubernetes-version=v1.20.1
# origin images
# k8s.gcr.io/kube-apiserver:v1.20.1
# k8s.gcr.io/kube-controller-manager:v1.20.1
# k8s.gcr.io/kube-scheduler:v1.20.1
# k8s.gcr.io/kube-proxy:v1.20.1
# k8s.gcr.io/pause:3.2
# k8s.gcr.io/etcd:3.4.13-0
# k8s.gcr.io/coredns:1.7.0


echo "START downloading k8s.gcr.io/images..."

images=(
    kube-apiserver:v1.20.1
    kube-controller-manager:v1.20.1
    kube-scheduler:v1.20.1
    kube-proxy:v1.20.1
    pause:3.2
    # etcd:3.4.13-0
    # etcd:3.4.3
    coredns:1.7.0

    # requests for kubespray
    k8s-dns-node-cache:1.15.13
    # cluster-proportional-autoscaler-amd64:1.8.1
    kube-registry-proxy:0.4
    #metrics-server/metrics-server:v0.3.7
    # metrics v0.3.7 找不到,改用v0.3.6
    # metrics-server-amd64:v0.3.6
    # ingress-nginx/controller:v0.35.0
    addon-resizer:1.8.11
)


for imageName in ${images[@]} ; do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}
    docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName} k8s.gcr.io/${imageName}
    docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}
done


# custom docker pull

docker pull registry.cn-hangzhou.aliyuncs.com/ringtail/cluster-proportional-autoscaler-amd64:v1.3.0
docker tag registry.cn-hangzhou.aliyuncs.com/ringtail/cluster-proportional-autoscaler-amd64:v1.3.0 k8s.gcr.io/cluster-proportional-autoscaler-amd64:v1.3.0
docker rmi registry.cn-hangzhou.aliyuncs.com/ringtail/cluster-proportional-autoscaler-amd64:v1.3.0

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.25.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.25.1 k8s.gcr.io/nginx-ingress-controller:0.25.1
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:0.25.1

# [root@node131 ~]# docker images
# REPOSITORY                                                                    TAG                 IMAGE ID            CREATED             SIZE
# registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy                v1.20.1             e3f6fcd87756        2 days ago          118MB
# registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver            v1.20.1             75c7f7112080        2 days ago          122MB
# registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager   v1.20.1             2893d78e47dc        2 days ago          116MB
# registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler            v1.20.1             4aa0b4397bbb        2 days ago          46.4MB
# registry.cn-hangzhou.aliyuncs.com/google_containers/coredns                   1.7.0               bfe3a36ebd25        6 months ago        45.2MB
# registry.cn-hangzhou.aliyuncs.com/google_containers/pause                     3.2                 80d28bedfe5d        10 months ago       683kB

# [root@node131 ~]# docker images
# REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE
# k8s.gcr.io/kube-proxy                v1.20.1             e3f6fcd87756        2 days ago          118MB
# k8s.gcr.io/kube-controller-manager   v1.20.1             2893d78e47dc        2 days ago          116MB
# k8s.gcr.io/kube-apiserver            v1.20.1             75c7f7112080        2 days ago          122MB
# k8s.gcr.io/kube-scheduler            v1.20.1             4aa0b4397bbb        2 days ago          46.4MB
# k8s.gcr.io/coredns                   1.7.0               bfe3a36ebd25        6 months ago        45.2MB
# k8s.gcr.io/pause                     3.2                 80d28bedfe5d        10 months ago       683kB


echo "END downloading k8s.gcr.io/images..."

echo ""
echo ""
echo ""

echo "START downloading quay.io/images..."

# docker pull quay-mirror.qiniu.com/coreos/flannel
# docker pull quay.io/coreos/etcd:v3.4.13

echo "END downloading quay.io/images..."

执行脚本

1
bash download_k8s_images.sh

非下载方式说明

如果没有file server服务。

  1. 需要把手动把命令目录文件拷贝到/usr/local/bin

    • kubectl
    • kubeadm
    • kubelet
  2. 同时把其它下载文件如网络插件cni等下载包,放到/tmp/release目录下

k8s相关镜像

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

REPOSITORY                                         TAG                 IMAGE ID            CREATED             SIZE
k8s.gcr.io/kube-proxy                              v1.20.1             e3f6fcd87756        4 days ago          118MB
k8s.gcr.io/kube-controller-manager                 v1.20.1             2893d78e47dc        4 days ago          116MB
k8s.gcr.io/kube-apiserver                          v1.20.1             75c7f7112080        4 days ago          122MB
k8s.gcr.io/kube-scheduler                          v1.20.1             4aa0b4397bbb        4 days ago          46.4MB
nginx                                              1.19                ae2feff98a0c        7 days ago          133MB
calico/node                                        latest              048e0ac26968        4 weeks ago         165MB
kubernetesui/dashboard-amd64                       v2.0.4              46d0a29c3f61        3 months ago        225MB
calico/node                                        v3.15.2             cc7508d4d2d4        4 months ago        262MB
calico/cni                                         v3.15.2             5dadc388f979        4 months ago        110MB
calico/kube-controllers                            v3.15.2             fbbc4a1a0e98        4 months ago        52.9MB
quay.io/coreos/etcd                                v3.4.13             d1985d404385        4 months ago        83.8MB
k8s.gcr.io/addon-resizer                           1.8.11              b7db21b30ad9        5 months ago        32.8MB
coredns/coredns                                    1.7.0               bfe3a36ebd25        6 months ago        45.2MB
k8s.gcr.io/coredns                                 1.7.0               bfe3a36ebd25        6 months ago        45.2MB
kubernetesui/metrics-scraper                       v1.0.5              2cd72547f23f        6 months ago        36.7MB
k8s.gcr.io/k8s-dns-node-cache                      1.15.13             3f7a09f7cade        7 months ago        107MB
k8s.gcr.io/pause                                   3.2                 80d28bedfe5d        10 months ago       683kB
k8s.gcr.io/metrics-server-amd64                    v0.3.6              9dd718864ce6        14 months ago       39.9MB
k8s.gcr.io/nginx-ingress-controller                0.25.1              0439eb3e11f1        16 months ago       511MB
k8s.gcr.io/cluster-proportional-autoscaler-amd64   v1.3.0              33813c948942        2 years ago         45.8MB
k8s.gcr.io/kube-registry-proxy                     0.4                 60dc18151daf        3 years ago         188MB


  • k8s核心组件版本:1.20.1
  • etcd版本:3.4.13

k8s组件适配

kube-batch

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
[root@node2 kube-batch]# ./deploy.sh
configmap/kube-batch created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/default-sa-admin created
deployment.apps/kube-batch created
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/podgroups.scheduling.incubator.k8s.io created
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/queues.scheduling.incubator.k8s.io created
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/podgroups.scheduling.sigs.dev created
Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition
customresourcedefinition.apiextensions.k8s.io/queues.scheduling.sigs.dev created
service/kube-batch-prometheus-discovery created
queue.scheduling.incubator.k8s.io/default created
queue.scheduling.incubator.k8s.io/emergency-queue created
queue.scheduling.incubator.k8s.io/00000000000000000000000000000000 created

apiextensions.k8s.io/v1beta1 需要转换为 apiextensions.k8s.io/v1

安装完成状态

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

[root@node2 inventory]# kubectl get po -A -owide
NAMESPACE     NAME                                          READY   STATUS    RESTARTS   AGE     IP             NODE    NOMINATED NODE   READINESS GATES
default       myapp-batch-pod                               1/1     Running   3          3h11m   10.233.96.8    node2   <none>           <none>
default       myapp-pod                                     1/1     Running   17         3h53m   10.233.95.9    gpu53   <none>           <none>
kube-system   calico-kube-controllers-67f55f8858-xxnrs      1/1     Running   3          18h     10.151.11.53   gpu53   <none>           <none>
kube-system   calico-node-5ww7v                             1/1     Running   1          17h     10.151.11.61   node2   <none>           <none>
kube-system   calico-node-9fkz2                             1/1     Running   2          17h     10.151.11.53   gpu53   <none>           <none>
kube-system   coredns-8677555d68-bjkl2                      1/1     Running   2          18h     10.233.96.5    node2   <none>           <none>
kube-system   dns-autoscaler-5fb74f6dd4-wj62q               0/1     Running   2          18h     10.233.96.6    node2   <none>           <none>
kube-system   kube-apiserver-node2                          1/1     Running   2          18h     10.151.11.61   node2   <none>           <none>
kube-system   kube-batch-56858cf46f-tmnsb                   1/1     Running   0          3h25m   10.233.96.7    node2   <none>           <none>
kube-system   kube-controller-manager-node2                 1/1     Running   2          18h     10.151.11.61   node2   <none>           <none>
kube-system   kube-proxy-77tw9                              1/1     Running   2          18h     10.151.11.61   node2   <none>           <none>
kube-system   kube-proxy-8vsdb                              1/1     Running   3          18h     10.151.11.53   gpu53   <none>           <none>
kube-system   kube-scheduler-node2                          1/1     Running   2          18h     10.151.11.61   node2   <none>           <none>
kube-system   kubernetes-dashboard-dfb67d98c-b8n5j          1/1     Running   4          18h     10.233.95.7    gpu53   <none>           <none>
kube-system   kubernetes-metrics-scraper-54df648466-4jcc2   1/1     Running   3          18h     10.233.95.8    gpu53   <none>           <none>
kube-system   nginx-proxy-gpu53                             1/1     Running   3          18h     10.151.11.53   gpu53   <none>           <none>
kube-system   nodelocaldns-m26kx                            1/1     Running   2          18h     10.151.11.61   node2   <none>           <none>
kube-system   nodelocaldns-qm62v                            1/1     Running   3          18h     10.151.11.53   gpu53   <none>           <none>
[root@node2 inventory]#
[root@node2 inventory]#
[root@node2 inventory]#
[root@node2 inventory]# kubectl get no -owide
NAME    STATUS   ROLES                  AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION          CONTAINER-RUNTIME
gpu53   Ready    <none>                 18h   v1.20.1   10.151.11.53   <none>        CentOS Linux 7 (Core)   3.10.0-862.el7.x86_64   docker://19.3.12
node2   Ready    control-plane,master   18h   v1.20.1   10.151.11.61   <none>        CentOS Linux 7 (Core)   3.10.0-862.el7.x86_64   docker://19.3.12


说明:dns-autoscaler没有起来,是因为其版本过低。与集群k8s版本不匹配导致,其不影响k8s组件测试

问题

coredns等报错:connect: no route to host

现象: dial tcp 10.233.0.1:443: connect: no route to host

执行下面命令解决

1
2
3
4
5
6
systemctl stop kubelet
systemctl stop docker
iptables --flush
iptables -tnat --flush
systemctl start docker
systemctl start kubelet

The route problem can be solved by flush iptables. 类似网络路由问题,都可以使用上面命令解决

coredns pod 没有起来

HTTP probe failed with statuscode: 503

1
2
3
4
5
6
7
2月 02 10:09:19 node131 kubelet[36705]: I0202 10:09:19.484131   36705 prober.go:117] Readiness probe for "coredns-8677555d68-tjw4l_kube-system(863c8ab1-0f68-437e-a8fc-735cc65a5ba6):coredns" failed (failure): HTTP probe failed with statuscode: 503
2月 02 10:09:24 node131 kubelet[36705]: I0202 10:09:24.626538   36705 setters.go:86] Using node IP: "192.168.182.131"
2月 02 10:09:29 node131 kubelet[36705]: I0202 10:09:29.484193   36705 prober.go:117] Readiness probe for "coredns-8677555d68-tjw4l_kube-system(863c8ab1-0f68-437e-a8fc-735cc65a5ba6):coredns" failed (failure): HTTP probe failed with statuscode: 503
2月 02 10:09:34 node131 kubelet[36705]: I0202 10:09:34.691889   36705 setters.go:86] Using node IP: "192.168.182.131"
2月 02 10:09:39 node131 kubelet[36705]: I0202 10:09:39.484596   36705 prober.go:117] Readiness probe for "coredns-8677555d68-tjw4l_kube-system(863c8ab1-0f68-437e-a8fc-735cc65a5ba6):coredns" failed (failure): HTTP probe failed with statuscode: 503


查看防火墙,并关闭防火墙

查看防火墙的状态的命令为:

1
sudo systemctl status firewalld

打开防火墙的方式有两种,一种是打开后重启会恢复回原来的状态,命令为:

sudo systemctl start firewalld 另一种是打开后重启不会恢复到原来的状态,命令为:

1
sudo systemctl enable firewalld

这种方式输入命令后要重启系统才会生效。

关闭防火墙的方式也有两种,和打开相对应,命令分别为

1
2
sudo systemctl stop firewalld
sudo systemctl disable firewalld

dns-autoscaler 报错

dns-autoscaler Update failure: the server could not find the requested resource

E1222 01:07:18.706470 1 autoscaler_server.go:120] Update failure: the server could not find the requested resource

由于dns-autoscaler安装部署使用了低版本,现象分析可能是由于接口不匹配导致

创建pod报错

networkPlugin cni failed to set up pod “myapp-pod_default” network: failed to Statfs “/proc/62177/ns/net”: no such file or directory

networkPlugin cni failed to set up pod network: failed to Statfs: no such file or directory 有人建议操作如下:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
I executed following commands:
sudo systemctl stop kubelet
docker ps
docker stop [all running containers id]
rm -rf /etc/cni/net.d/*
sudo kubeadm reset
sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sudo iptables -X
sudo systemctl restart docker.service



https://github.com/kubernetes/kubernetes/issues/90429

https://github.com/kubernetes/kubernetes/issues/72044

https://github.com/vmware-tanzu/antrea/issues/831

仔细分析系统日志/var/log/messages,发现Memory cgroup out of memory导致

1
2
3
4
5
6
7
8
Dec 22 14:58:50 node131 kernel: Memory cgroup stats for /kubepods.slice/kubepods-pod7458ce47_f199_4abc_bced_747429207f75.slice/docker-efdd061c291cc737e425bfe6b7f25a69352d75a99415143955098311908588c8.scope: cache:0KB rss:2048KB rss_huge:0KB mapped_file:0KB swap:0KB inactive_anon:0KB active_anon:2008KB inactive_file:0KB active_file:0KB unevictable:0KB
Dec 22 14:58:50 node131 kernel: [ pid ]   uid  tgid total_vm      rss nr_ptes swapents oom_score_adj name
Dec 22 14:58:50 node131 kernel: [17978]     0 17978    39699     2343      27        0          -998 runc:[2:INIT]
Dec 22 14:58:50 node131 kernel: Memory cgroup out of memory: Kill process 17983 (runc:[2:INIT]) score 4628 or sacrifice child
Dec 22 14:58:50 node131 kernel: Killed process 17978 (runc:[2:INIT]), UID 0, total-vm:158796kB, anon-rss:6420kB, file-rss:2952kB, shmem-rss:0kB
Dec 22 14:58:50 node131 kubelet: W1222 14:58:50.043333    1923 helpers.go:198] readString: Failed to read "/sys/fs/cgroup/memory/kubepods.slice/kubepods-pod7458ce47_f199_4abc_bced_747429207f75.slice/docker-efdd061c291cc737e425bfe6b7f25a69352d75a99415143955098311908588c8.scope/memory.limit_in_bytes": read /sys/fs/cgroup/memory/kubepods.slice/kubepods-pod7458ce47_f199_4abc_bced_747429207f75.slice/docker-efdd061c291cc737e425bfe6b7f25a69352d75a99415143955098311908588c8.scope/memory.limit_in_bytes: no such device


修改pod 请求内存,一般是请求内存太小,导致实际使用内存超过限制,被系统杀掉该pod进程

出现目录无法删除:Device or resource busy

1
2
3
4
5
6

[root@gpu53 lib]# rm -rf kubelet/
rm: cannot remove ‘kubelet/pods/837704db-2bae-11eb-913c-6c92bf8c5840/volumes/kubernetes.io~secret/kube-proxy-token-8mdk5’: Device or resource busy
rm: cannot remove ‘kubelet/pods/bce1b611-2bc3-11eb-9c41-6c92bf8c5840/volumes/kubernetes.io~secret/calico-node-token-d9dv8’: Device or resource busy
rm: cannot remove ‘kubelet/pods/402d0c26-43fd-11eb-bdb1-6c92bf8c5840/volumes/kubernetes.io~secret/default-token-vlvfj’: Device or resource busy

lsof没有信息,则查看挂载信息,并取消挂载。

1
2
3
4
5

# mount
tmpfs on /var/lib/kubelet/pods/bce1b611-2bc3-11eb-9c41-6c92bf8c5840/volumes/kubernetes.io~secret/calico-node-token-d9dv8 type tmpfs (rw,relatime)
tmpfs on /var/lib/kubelet/pods/837704db-2bae-11eb-913c-6c92bf8c5840/volumes/kubernetes.io~secret/kube-proxy-token-8mdk5 type tmpfs (rw,relatime)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

[root@gpu53 lib]# mount |grep kubelet
tmpfs on /var/lib/kubelet/pods/837704db-2bae-11eb-913c-6c92bf8c5840/volumes/kubernetes.io~secret/kube-proxy-token-8mdk5 type tmpfs (rw,relatime)
tmpfs on /var/lib/kubelet/pods/402d0c26-43fd-11eb-bdb1-6c92bf8c5840/volumes/kubernetes.io~secret/default-token-vlvfj type tmpfs (rw,relatime)
[root@gpu53 lib]#
[root@gpu53 lib]#
[root@gpu53 lib]# umount /var/lib/kubelet/pods/837704db-2bae-11eb-913c-6c92bf8c5840/volumes/kubernetes.io~secret/kube-proxy-token-8mdk5
[root@gpu53 lib]#
[root@gpu53 lib]#
[root@gpu53 lib]# umount /var/lib/kubelet/pods/402d0c26-43fd-11eb-bdb1-6c92bf8c5840/volumes/kubernetes.io~secret/default-token-vlvfj
[root@gpu53 lib]#

[root@gpu53 lib]# rm -rf kubelet/

calico node pod一直没有起来

Number of node(s) with BGP peering established = 0

1
2
3
4
5
网上解决方法如下:
https://blog.csdn.net/qq_36783142/article/details/107912407
- name: IP_AUTODETECTION_METHOD
  value: "interface=enp26s0f3"
但此方式不能解决自己环境所遇问题。

自己分析应该是网络路由问题(原来环境残留的脏路由导致),做下清理处理

执行下面命令解决

1
2
3
4
5
6
systemctl stop kubelet
systemctl stop docker
iptables --flush
iptables -tnat --flush
systemctl start docker
systemctl start kubelet

启动测试pod,Failed to create pod sandbox

getting the final child’s pid from pipe caused: read init-p: connection reset by peer: unknown

报错如下:

1
2
3
4
5
6
Events:
  Type     Reason                  Age                 From               Message
  ----     ------                  ----                ----               -------
  Normal   Scheduled               74s                 default-scheduler  Successfully assigned default/myapp-pod to gpu53
  Normal   SandboxChanged          78s (x12 over 89s)  kubelet            Pod sandbox changed, it will be killed and re-created.
  Warning  FailedCreatePodSandBox  77s (x13 over 90s)  kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "myapp-pod": Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:338: getting the final child's pid from pipe caused: read init-p: connection reset by peer: unknown

检查内核参数 max_user_namespaces,并修改,该方式为临时生效。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
[root@node2 ~]# cat /proc/sys/user/max_user_namespaces
0
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]# echo 10000 > /proc/sys/user/max_user_namespaces
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]# cat /proc/sys/user/max_user_namespaces
10000
[root@node2 ~]#

具体详细修改参数user namespaces方式, 参考配置 CentOS 7 系统启用 user namespaces

kuelet1.20 配置–cgroups-per-qos=False 时会导致kubelet无法正常启动

kuelet1.20 默认开启cgroups-per-qos

kubelet启动的pod 所在cgroup组一般都在cgroup的kubepods.slice 目录下,

测试pod一直是ContainerCreating

1
2
3
NAMESPACE     NAME                                          READY   STATUS              RESTARTS   AGE   IP             NODE    NOMINATED NODE   READINESS GATES
default       myapp-pod                                     0/1     ContainerCreating   0          11m   <none>         gpu53   <none>           <none>
k

系统日志打印信息如下:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
Dec 23 09:52:18 gpu53 kernel: Task in /kubepods.slice/kubepods-pod40b435fc_0bbb_4eeb_9bff_5ce1f473cb9e.slice/docker-1f0491dfbae47dcf8a6b8f5b6f94e50ef3da592420f2d25e34d87f30524f71f2.scope killed as a result of limit of /kubepods.slice/kubepods-pod40b435fc_0bbb_4eeb_9bff_5ce1f473cb9e.slice
Dec 23 09:52:18 gpu53 kernel: memory: usage 2048kB, limit 2048kB, failcnt 861
Dec 23 09:52:18 gpu53 kernel: memory+swap: usage 2048kB, limit 9007199254740988kB, failcnt 0
Dec 23 09:52:18 gpu53 kernel: kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
Dec 23 09:52:18 gpu53 kernel: Memory cgroup stats for /kubepods.slice/kubepods-pod40b435fc_0bbb_4eeb_9bff_5ce1f473cb9e.slice: cache:0KB rss:0KB rss_huge:0KB mapped_file:0KB swap:0KB inactive_anon:0KB active_anon:0KB inactive_file:0KB active_file:0KB unevictable:0KB
Dec 23 09:52:18 gpu53 kernel: Memory cgroup stats for /kubepods.slice/kubepods-pod40b435fc_0bbb_4eeb_9bff_5ce1f473cb9e.slice/docker-1f0491dfbae47dcf8a6b8f5b6f94e50ef3da592420f2d25e34d87f30524f71f2.scope: cache:0KB rss:2048KB rss_huge:0KB mapped_file:0KB swap:0KB inactive_anon:0KB active_anon:2020KB inactive_file:0KB active_file:0KB unevictable:0KB
Dec 23 09:52:18 gpu53 kernel: [ pid ]   uid  tgid total_vm      rss nr_ptes swapents oom_score_adj name
Dec 23 09:52:18 gpu53 kernel: [112691]     0 112691     5734     1041      13        0          -998 6
Dec 23 09:52:18 gpu53 kernel: Memory cgroup out of memory: Kill process 112691 (6) score 1998 or sacrifice child
Dec 23 09:52:18 gpu53 kernel: Killed process 112691 (6) total-vm:22936kB, anon-rss:1944kB, file-rss:2220kB, shmem-rss:0kB
Dec 23 09:52:18 gpu53 systemd: Stopped libcontainer container 1f0491dfbae47dcf8a6b8f5b6f94e50ef3da592420f2d25e34d87f30524f71f2.
Dec 23 09:52:18 gpu53 systemd: Stopping libcontainer container 1f0491dfbae47dcf8a6b8f5b6f94e50ef3da592420f2d25e34d87f30524f71f2.
Dec 23 09:52:18 gpu53 containerd: time="2020-12-23T09:52:18.227196277+08:00" level=info msg="shim reaped" id=1f0491dfbae47dcf8a6b8f5b6f94e50ef3da592420f2d25e34d87f30524f71f2
Dec 23 09:52:18 gpu53 dockerd: time="2020-12-23T09:52:18.237403201+08:00" level=error msg="stream copy error: reading from a closed fifo"
Dec 23 09:52:18 gpu53 dockerd: time="2020-12-23T09:52:18.237413120+08:00" level=error msg="stream copy error: reading from a closed fifo"
Dec 23 09:52:18 gpu53 dockerd: time="2020-12-23T09:52:18.271031114+08:00" level=error msg="1f0491dfbae47dcf8a6b8f5b6f94e50ef3da592420f2d25e34d87f30524f71f2 cleanup: failed to delete container from containerd: no such container"
Dec 23 09:52:18 gpu53 dockerd: time="2020-12-23T09:52:18.271110530+08:00" level=error msg="Handler for POST /v1.40/containers/1f0491dfbae47dcf8a6b8f5b6f94e50ef3da592420f2d25e34d87f30524f71f2/start returned error: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:338: getting the final child's pid from pipe caused: read init-p: connection reset by peer: unknown"
Dec 23 09:52:18 gpu53 kubelet: E1223 09:52:18.271582  104914 remote_runtime.go:116] RunPodSandbox from runtime service failed: rpc error: code = Unknown desc = failed to start sandbox container for pod "myapp-pod": Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:338: getting the final child's pid from pipe caused: read init-p: connection reset by peer: unknown
Dec 23 09:52:18 gpu53 kubelet: E1223 09:52:18.271680  104914 kuberuntime_sandbox.go:70] CreatePodSandbox for pod "myapp-pod_default(40b435fc-0bbb-4eeb-9bff-5ce1f473cb9e)" failed: rpc error: code = Unknown desc = failed to start sandbox container for pod "myapp-pod": Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:338: getting the final child's pid from pipe caused: read init-p: connection reset by peer: unknown
Dec 23 09:52:18 gpu53 kubelet: E1223 09:52:18.271705  104914 kuberuntime_manager.go:755] createPodSandbox for pod "myapp-pod_default(40b435fc-0bbb-4eeb-9bff-5ce1f473cb9e)" failed: rpc error: code = Unknown desc = failed to start sandbox container for pod "myapp-pod": Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:338: getting the final child's pid from pipe caused: read init-p: connection reset by peer: unknown
Dec 23 09:52:18 gpu53 kubelet: E1223 09:52:18.271793  104914 pod_workers.go:191] Error syncing pod 40b435fc-0bbb-4eeb-9bff-5ce1f473cb9e ("myapp-pod_default(40b435fc-0bbb-4eeb-9bff-5ce1f473cb9e)"), skipping: failed to "CreatePodSandbox" for "myapp-pod_default(40b435fc-0bbb-4eeb-9bff-5ce1f473cb9e)" with CreatePodSandboxError: "CreatePodSandbox for pod \"myapp-pod_default(40b435fc-0bbb-4eeb-9bff-5ce1f473cb9e)\" failed: rpc error: code = Unknown desc = failed to start sandbox container for pod \"myapp-pod\": Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:338: getting the final child's pid from pipe caused: read init-p: connection reset by peer: unknown"
Dec 23 09:52:19 gpu53 kubelet: I1223 09:52:19.101556  104914 kubelet.go:1923] SyncLoop (PLEG): "myapp-pod_default(40b435fc-0bbb-4eeb-9bff-5ce1f473cb9e)", event: &pleg.PodLifecycleEvent{ID:"40b435fc-0bbb-4eeb-9bff-5ce1f473cb9e", Type:"ContainerDied", Data:"1f0491dfbae47dcf8a6b8f5b6f94e50ef3da592420f2d25e34d87f30524f71f2"}

检查kubelet的cgroup参数和系统中的cgroup配置,没有问题。 定位测试pod请求资源太少(2M)导致,实际内存使用量超过2M,导致系统根据cgroup杀掉该pod容器进程 把该pod请求内存改大,比如20M,则pod运行正常。

附录

命令

  • 给节点node2 打master标签
1
kubectl label node node2 node-role.kubernetes.io/master=true --overwrite
  • 给节点gpu53 打node标签
1
kubectl label node gpu53 node-role.kubernetes.io/node=true --overwrite
  • 强制删除某pod
1
kubectl delete po myapp-pod --force --grace-period=0
  • docker 镜像批量打包
1
docker save $(docker images | grep -v REPOSITORY | awk 'BEGIN{OFS=":";ORS=" "}{print $1,$2}') -o k8s_packages.tar

访问dashboard

使用kubectl proxy

使用kubectl proxy命令就可以使API server监听在本地的8001端口上 使用命令如下:

1
kubectl proxy --address='0.0.0.0'  --accept-hosts='^*$'

则在内网的任意节点浏览器中可以使用地址访问,当然该地址需要证书授权访问

1
curl http://192.168.182.131:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/