kubernetes安装

环境说明

采用kubeadm进行kubernetes cluster的安装,一共三个节点,IP地址和主机名如下

 

172.16.10.102 k8s-master
172.16.10.103 k8s-node1
172.16.10.104 k8s-node2

涉及的操作系统和各软件版本如下

软件版本
系统/软件 版本
CentOS7 CentOS-7-x86_64-1908
docker docker-ce-18.09.01
kubernetes 1.16.9
kube-apiserver 1.16.9
kube-controller-manager 1.16.9
kube-scheduler 1.16.9
kube-proxy 1.16.9
etcd 3.3.15-0
coredns 1.6.2
pause 3.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

系统环境准备-每个节点都需要执行

关闭防火墙

systemctl stop firewalld.service
systemctl disable firewalld.service

关闭各节点的selinux

sed -i 's/enforcing/disabled/' /etc/selinux/config 
setenforce 0

同步时间

yum install -y ntpdate
ntpdate -u ntp.api.bz

修改/etc/hosts文件

172.16.10.102 k8s-master
172.16.10.103 k8s-node1
172.16.10.104 k8s-node2

关闭swap

swapoff -a  # 临时
vim /etc/fstab #永久

永久关闭

 

建议打开IP_VS模块

pod的负载均衡是用kube-proxy来实现的,实现方式有两种,一种是默认的iptables,一种是ipvs,ipvs比iptable的性能更好,查看是否开启

cut -f1 -d " "  /proc/modules | grep -e ip_vs -e nf_conntrack_ipv4

没有的话,使用以下命令加载

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4

 

在各节点安装docker

可以参考 https://developer.aliyun.com/mirror/docker-ce

 配置docker的yum源,使用阿里的镜像服务

# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新并安装Docker-CE,
sudo yum makecache fast
注意这步是安装最新版,如果不是特别了解的话不建议使用
#sudo yum -y install docker-ce # Step 
4: 开启Docker服务 sudo service docker start

可以查看有哪些版本的docker可以安装

[root@docker61 ~]#yum list docker-ce.x86_64 --showduplicates | sort -r
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror
Installed Packages
docker-ce.x86_64            3:19.03.9-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.8-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.7-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.6-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.5-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.4-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.3-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.2-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.1-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.11-3.el7                   docker-ce-stable 
docker-ce.x86_64            3:19.03.10-3.el7                   docker-ce-stable 
docker-ce.x86_64            3:19.03.0-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.9-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.8-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.7-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.6-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.5-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.4-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.3-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.2-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.1-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.1-3.el7                    @docker-ce-stable
docker-ce.x86_64            3:18.09.0-3.el7                    docker-ce-stable 
docker-ce.x86_64            18.06.3.ce-3.el7                   docker-ce-stable 
...
Available Packages

 

本次选择 18.09.1-3.el7版本

yum install -y docker-ce-18.09.1-3.el7

启动docker

systemctl start docker
systemctl enable docker

 安装完成后可通过下面的命令查看

docker version

 

保证nf-call为1

于docker随后会大量的操作iptables,需要确认nf-call的值是否为1

cat /proc/sys/net/bridge/bridge-nf-call-iptables
cat /proc/sys/net/bridge/bridge-nf-call-ip6tables

执行

docker info  | grep -i cgroup

如果出现

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

则修改/etc/sysctl.conf文件

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

然后执行命令

[root@master ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

 

安装kubeadm、kubelet、kubectl

安装kubernetes的yum源,采用阿里的镜像

可以参考https://developer.aliyun.com/mirror/kubernetes

在/etc/yum.repo.d/中新建文件kubernetes.repo,文件内容如下

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

执行

yum makecache fast

查看可用的kubernetes版本

yum list kubeadm --showduplicates | sort -r
kubeadm.x86_64                       1.18.4-0                         kubernetes
kubeadm.x86_64                       1.18.3-0                         kubernetes
kubeadm.x86_64                       1.18.2-0                         kubernetes
kubeadm.x86_64                       1.18.1-0                         kubernetes
kubeadm.x86_64                       1.18.0-0                         kubernetes
kubeadm.x86_64                       1.17.7-0                         kubernetes
kubeadm.x86_64                       1.17.6-0                         kubernetes
kubeadm.x86_64                       1.17.5-0                         kubernetes
kubeadm.x86_64                       1.17.4-0                         kubernetes
kubeadm.x86_64                       1.17.3-0                         kubernetes
kubeadm.x86_64                       1.17.2-0                         kubernetes
kubeadm.x86_64                       1.17.1-0                         kubernetes
kubeadm.x86_64                       1.17.0-0                         kubernetes
kubeadm.x86_64                       1.16.9-0                         kubernetes
kubeadm.x86_64                       1.16.8-0                         kubernetes
kubeadm.x86_64                       1.16.7-0                         kubernetes
kubeadm.x86_64                       1.16.6-0                         kubernetes
kubeadm.x86_64                       1.16.5-0                         kubernetes
kubeadm.x86_64                       1.16.4-0                         kubernetes
kubeadm.x86_64                       1.16.3-0                         kubernetes
kubeadm.x86_64                       1.16.2-0                         kubernetes
...

本次安装采用 1.16.9

yum install -y kubeadm-1.16.9-0 kubealet-1.16.9-0 kubectl-1.16.9-0

采用上面的命令会出现如下错误

Error: Package: kubeadm-1.16.9-0.x86_64 (kubernetes)
           Requires: kubernetes-cni >= 0.7.5
           Available: kubernetes-cni-0.3.0.1-0.07a8a2.x86_64 (kubernetes)
               kubernetes-cni = 0.3.0.1-0.07a8a2
           Available: kubernetes-cni-0.5.1-0.x86_64 (kubernetes)
               kubernetes-cni = 0.5.1-0
           Available: kubernetes-cni-0.5.1-1.x86_64 (kubernetes)
               kubernetes-cni = 0.5.1-1
           Available: kubernetes-cni-0.6.0-0.x86_64 (kubernetes)
               kubernetes-cni = 0.6.0-0
           Available: kubernetes-cni-0.7.5-0.x86_64 (kubernetes)
               kubernetes-cni = 0.7.5-0
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

问题原因是,在新的版本中,kubernetes-cni组件安装包的功能已经被kubelet替代,yum这时会进行解析并给出提示,此时也不能直接使用 yum安装 kubernetes-cni-0.7.5.0-0,因为一旦执行yum会自动安装最新版本的kubelet,而不是我们指定的版本。

本文编写时,最新版本是1.18.4-0,所以采用如下命令进行安装

yum install -y kubeadm-1.16.9-0 kubelet-1.16.9-0 kubectl-1.16.9-0  --exclude kubelet-1.18.4-0

 执行

yum list installed | grep kube

确保结果如下:

 

准备kebernetes所需组件的镜像

kubernetes正常工作需要 kubernetes-proxy,kubernetes-apiserver,kubernetes-scheduler,kubernetes-controller-manager以及etcd,pause,coredns,flannel等组件的镜像,由于这些镜像都在google的镜像仓库中,下载较慢,所以需要使用阿里的镜像进行下载,下载完成后通过 docker tag命令修改镜像名称,以便kubernetes能够发现和使用

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.16.9
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.16.9
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.16.9
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.16.9
docker pull  registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.3.15-0
docker pull  registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull  registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2
docker pull quay.io/coreos/flannel:v0.12.0-amd64

修改名称

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.16.9  k8s.gcr.io/kube-apiserver:v1.16.9
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.16.9  k8s.gcr.io/kube-proxy:v1.16.9
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.16.9  k8s.gcr.io/kube-controller-manager:v1.16.9
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.16.9  k8s.gcr.io/kube-scheduler:v1.16.9
docker tag  registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.3.15-0  k8s.gcr.io/etcd:3.3.15-0
docker tag  registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1  k8s.gcr.io/pause:3.1
docker tag  registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2  k8s.gcr.io/coredns:1.6.2

 docker images查看如下

REPOSITORY                                                                          TAG                 IMAGE ID            CREATED             SIZE
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64   v1.16.9             b6f6512bb3ba        2 months ago        152MB
k8s.gcr.io/kube-controller-manager                                                  v1.16.9             b6f6512bb3ba        2 months ago        152MB
k8s.gcr.io/kube-apiserver                                                           v1.16.9             dd3b6beaa554        2 months ago        160MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64            v1.16.9             dd3b6beaa554        2 months ago        160MB
k8s.gcr.io/kube-proxy                                                               v1.16.9             a197b1cf22e3        2 months ago        82.8MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64                v1.16.9             a197b1cf22e3        2 months ago        82.8MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64            v1.16.9             476ac3ab84e5        2 months ago        83.6MB
k8s.gcr.io/kube-scheduler                                                           v1.16.9             476ac3ab84e5        2 months ago        83.6MB
k8s.gcr.io/etcd                                                                     3.3.15-0            b2756210eeab        9 months ago        247MB
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64                      3.3.15-0            b2756210eeab        9 months ago        247MB
k8s.gcr.io/coredns                                                                  1.6.2               bf261d157914        10 months ago       44.1MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns                         1.6.2               bf261d157914        10 months ago       44.1MB
k8s.gcr.io/pause                                                                    3.1                 da86e6ba6ca1        2 years ago         742kB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause                           3.1                 da86e6ba6ca1        2 years ago         742kB

 

 关于etcd,pause和coredns版本的确定

可以先安装指定版本的kubeadm,然后执行

kubeadm config images list

结果如下:

I0623 22:13:15.868280    9670 version.go:251] remote version is much newer: v1.18.4; falling back to: stable-1.16
k8s.gcr.io/kube-apiserver:v1.16.11
k8s.gcr.io/kube-controller-manager:v1.16.11
k8s.gcr.io/kube-scheduler:v1.16.11
k8s.gcr.io/kube-proxy:v1.16.11
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2

根据结果可以选择需要的etcd,pause和coredns进行下载

配置kubelet的cgroup drive

确保docker 的cgroup drive 和kubelet的cgroup drive一样

[root@k8s-node1 ~]# cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
cat: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf: No such file or directory

如果提示找不到该文件,就再去我们的:/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf 

[root@k8s-node1 ~]# cat /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf 
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
[root@k8s-node1 ~]# 

没有的话,加入进去

Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"

然后重新加载

 systemctl daemon-reload 

 

至此单个节点的环境配置完成,一定要注意的是,如果采用的是克隆虚拟机的方式组建集群的话,一定要保证三个节点的hostname不同,并且hostname要写入/etc/hosts,否则后续工作节点加入的时候,会出很多莫名其妙的问题

初始化kubernetes master节点

在Master主节点(k8s-master)上执行

kubeadm init --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.16.9 --apiserver-advertise-address=172.16.10.102
含义:
1.选项--pod-network-cidr=10.244.0.0/16表示集群将使用Calico网络,这里需要提前指定Calico的子网范围
2.选项--kubernetes-version=v1.16.9 指定K8S版本,这里必须与之前导入到Docker镜像版本一致,否则会访问谷歌去重新下载K8S最新版的Docker镜像
3.选项--apiserver-advertise-address表示绑定的网卡IP
4.若执行kubeadm init出错或强制终止,则再需要执行该命令时,需要先执行kubeadm reset重置

如果出现下面报错:

ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

则执行

echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables

然后再重新操作:

root@k8s-master ~]# kubeadm init --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.16.9 --apiserver-advertise-address=172.16.10.102
[init] Using Kubernetes version: v1.16.9
[preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
    [WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.16.10.102]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [172.16.10.102 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [172.16.10.102 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 45.004988 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.16" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s-master as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node k8s-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 7wogu3.yko2b420q8gib6id
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.16.10.102:6443 --token 7wogu3.yko2b420q8gib6id \
    --discovery-token-ca-cert-hash sha256:158b1f66371f64d1922b1ae5d2917c77955c83699f3bb276a74241834721e110 

如上结果表明已经初始化完成,为了后续操作,需要执行红色字体提示的下一步操作,并记录

kubeadm join 172.16.10.102:6443 --token 7wogu3.yko2b420q8gib6id \
    --discovery-token-ca-cert-hash sha256:158b1f66371f64d1922b1ae5d2917c77955c83699f3bb276a74241834721e110 

 

首先执行

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 sudo chown $(id -u):$(id -g) $HOME/.kube/config

然后查看

kubectl get nodes

此时的结果是

NAME         STATUS     ROLES    AGE     VERSION
k8s-master   NotReady   master   3m52s   v1.16.9

注意此时master的状态是 NotReady

具体查看

kubectl get pods -n kube-system

结果

 

 此时在执行提示信息中的下一步,即Run "kubectl apply -f [podnetwork].yaml" with one of the options listed

下载kube-flannel.yml

wget https://raw.githubusercontent.com/coreos/flannel/v0.12.0/Documentation/kube-flannel.yml

 

然后执行

[root@k8s-master ~]#  kubectl apply -f ./kube-flannel.yml 
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created

此时再次查看

kubectl get pods -n kube-system

 

 

 pod的初始化过程会持续一段时间,最终结果如下

 

 

 

 至此,master节点已经完成初始化

将Master作为工作节点-非必须

K8S集群默认不会将Pod调度到Master上,这样Master的资源就浪费了。在Master(即k8s-master)上,可以运行以下命令使其作为一个工作节点:(利用该方法,我们可以不使用minikube而创建一个单节点的K8S集群)

kubectl taint nodes --all node-role.kubernetes.io/master-node/k8s-master untainted

 

加入工作节点-在node1和node2节点上执行

为了避免错误,首先在各node节点上执行

echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables 
systemctl enable kubelet.service

执行加入操作(集群初始化时的提示信息)

kubeadm join 172.16.10.102:6443 --token 7wogu3.yko2b420q8gib6id --discovery-token-ca-cert-hash sha256:158b1f66371f64d1922b1ae5d2917c77955c83699f3bb276a74241834721e110

如果出现

error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s
To see the stack trace of this error execute with --v=5 or higher

 则有三种可能

第一,token过期,执行

kubeadm token create --print-join-command

重新获取加入命令

第二,防火墙没有关,关闭防火墙

第三,开启了iptables.service服务,为了试验方便,彻底移除该服务

yum install -y iptables-services

执行成功结果

[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

此时在工作节点上执行

kubectl get nodes

如果出现

The connection to the server localhost:8080 was refused - did you specify the right host or port?

 解决方法如下

第一种,将主节点中的【/etc/kubernetes/admin.conf】文件拷贝到从节点相同目录下,然后配置环境变量:

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile

 第二种,将主节点中的【/etc/kubernetes/admin.conf】文件拷贝到从节点相同目录下,然后执行

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 sudo chown $(id -u):$(id -g) $HOME/.kube/config

再运行kubectl命令就成功了

 

posted @ 2020-06-24 00:08  canger  阅读(514)  评论(0编辑  收藏  举报