Kubeadm 部署kubernetes
一、环境准备
1.1 操作系统
IP | 部署内容 | |
---|---|---|
master | 192.168.10.109 | kubeadm kubelet kubectl |
node1 | 192.168.10.107 | kubeadm kubelet |
node2 | 192.168.10.108 |
修改/etc/hosts文件,加入maste和node节点信息
1.2 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
1.3 关闭swap
1 swapoff -a 2 修改/etc/fstab 注释掉关于swap部分
二、安装docker
2.1 安装
安装docker 1.更新yum包 yum update 2.卸载旧版本 yum remove docker 3.安装依赖 yum install -y yum-utils device-mapper-persistent-data lvm2 4.设置yum源 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 5.安装docker yum install docker-ce 6.启动docker systemctl start docker systemctl enable docker 7.验证安装是否成功 docker version
2.2 替换国内源
vi /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com"] } systemctl restart docker.service
2.3 配置k8s源
1 /etc/yum.repos.d/kubernetes.repo 2 3 [kubernetes] 4 name=Kubernetes Repo 5 baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ 6 gpgcheck=1 7 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg 8 enable=1 9 10 11 wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg 12 rpm --import rpm-package-key.gpg 13 yum repolist
三、安装Kubernetes
以下部分在master上执行
3.1 安装kubeadm和相关工具
yum -y install kubelet kubeadm kubectl --disableexcludes=kubernets
此时kubectl可能会起不来,可以在kubeadm init完成后再启动
3.2 kubeadm config
执行kubeadm config print init-defaults,获取默认的初始化参数文件 kubeadm config print init-defaults > init.default.yaml 将该文件保存备用
3.3 列出所需的镜像列表
kubeadm config images list k8s.gcr.io/kube-apiserver:v1.18.3 k8s.gcr.io/kube-controller-manager:v1.18.3 k8s.gcr.io/kube-scheduler:v1.18.3 k8s.gcr.io/kube-proxy:v1.18.3 k8s.gcr.io/pause:3.2 k8s.gcr.io/etcd:3.4.3-0 k8s.gcr.io/coredns:1.6.7
k8s.gcr.io镜像仓库地址在国内无法访问,可以使用下面地址替代 registry.cn-hangzhou.aliyuncs.com/google_containers
没有v1.18.3就找v1.18.2
images=(kube-apiserver:v1.18.3kube-controller-manager:v1.18.3kube-scheduler:v1.18.3kube-proxy:v1.18.3pause:3.2etcd:3.4.3-0coredns:1.6.7 ) for imageName in ${images[@]};do docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
3.4 初始化环境
kubeadm init # 这一步注意,如果需要特定的网络插件,需要额外加参数,具体看网络插件的介绍 保存好 kubeadm join的信息 kubeadm join 192.168.10.109:6443 --token 3fntt0.e0k8ivnl1p6cxesy \ --discovery-token-ca-cert-hash sha256:f98b963683b0370f6b24ca7ea4577a08acbf9ce9a88902aadfe115b8a2c258a7
报错信息 以下修改在node节点上也执行 1)detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". 修改或创建/etc/docker/daemon.json,加入下面的内容: { "exec-opts": ["native.cgroupdriver=systemd"] } systemctl restart docker 2)/proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1 echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables 3)/proc/sys/net/ipv4/ip_forward contents are not set to 1 echo "1" >/proc/sys/net/ipv4/ip_forward [ERROR Swap]: running with swap on is not supported. Please disable swap swapoff -a vim /etc/fstab 注释掉swap部分
3.5 配置授权信息
按照init最后部分提示执行 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
此时已经在master上安装完成了Kubernetes,但集群内还没有可以用的Node,并缺乏对容器网络的配置
启动master上的kubelet
systemctl start kubelet && systemctl enable kubelet
Kubernetes官方默认策略是worker节点运行Pod,master节点不运行Pod。如果为了测试或开发目的部署单节点集群,可以通过以下命令设置:
kubectl taint nodes --all node-role.kubernetes.io/master-
3.6 配置node节点
对于新节点的加入,系统准备和Kubernetes yum源配置过程一样
yum install kubelet kubeadm --disableexcludes=kubernetes
将node节点加入集群
kubeadm join 192.168.10.109:6443 --token 3fntt0.e0k8ivnl1p6cxesy \ --discovery-token-ca-cert-hash sha256:f98b963683b0370f6b24ca7ea4577a08acbf9ce9a88902aadfe115b8a2c258a7
在node节点上启动kubelet
systemctl start kubelet && systemctl enable kubelet
四、网络插件
在master上执行kubectl get nodes命令,会发现Kubernetes提示节点为NotReady状态,这是因为还没有安装CNI网络插件
# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady master 27m v1.18.3 node1 NotReady <none> 4m26s v1.18.3 node2 NotReady <none> 4m5s v1.18.3
4.1 flannel
需要在kubeadm init 时设置 --pod-network-cidr=10.244.0.0/16
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml
4.2 weave
sysctl net.bridge.bridge-nf-call-iptables=1 kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
4.3 calico
需要 kubeadm init 时设置 --pod-network-cidr=192.168.0.0/16
kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
例如选择weave插件,执行命令安装
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
4.5 验证Kubernetes集群是否安装成功
kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-66bff467f8-hqqz7 1/1 Running 0 73m coredns-66bff467f8-z2hr4 1/1 Running 0 73m etcd-master 1/1 Running 1 73m kube-apiserver-master 1/1 Running 1 73m kube-controller-manager-master 1/1 Running 1 73m kube-proxy-fhzcv 1/1 Running 0 50m kube-proxy-jhmp5 1/1 Running 0 50m kube-proxy-n7ldl 1/1 Running 1 73m kube-scheduler-master 1/1 Running 1 73m weave-net-2d6sz 2/2 Running 0 32m weave-net-jfxbt 2/2 Running 0 32m weave-net-kmj98 2/2 Running 0 32m
其中有些可能不能启动,大部分原因就是镜像获取不到,如果是k8s.gcr.io仓库的,可以把之前下载
到master上的镜像导入到node节点上
查看pod启动失败的原因
kubectl -n kube-system describe pod <pod-name>
查看节点是否都Ready
# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 73m v1.18.3 node1 Ready <none> 50m v1.18.3 node2 Ready <none> 50m v1.18.3
至此,通过kubeadm工具就实现了Kubernetes集群的安装。