Centos7使用kubeadm安装1.23.1版本的k8s集群

系统环境

#cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 

#Linux内核一定要大约等于3.10，也就是centos版本要大于7

#配置主机hostname及dns解析
vim /etc/hostname
vim /etc/hosts

---

安装Docker（Master/Node都需要安装）

1. 关闭swap，关闭selinux，关闭firewall（centos7特有）

   swapoff -a #重启后失效
   vi /etc/fstab	#注释掉swap那一行,需要重启
   
   #关闭selinux
   getenforce
   setenforce 0
   sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
   
   #关闭防火墙
   firewall-cmd --state 
   systemctl stop firewalld.service 
   systemctl disable firewalld.service 
   

2. 修改docker驱动为overlay2（磁盘格式如果是xfs的，要使用 xfs_info / 查看ftype 是否是1 如果不是要打开，百度关键词 xfs docker）

   mkdir /etc/docker/
   vim /etc/docker/daemon.json
   
   {
     "storage-driver": "overlay2",
     "exec-opts": ["native.cgroupdriver=systemd"]
   }
   

3. 配置内核参数

   ## 配置网卡转发,看值是否为1
   sysctl -a |grep 'net.ipv4.ip_forward = 1'
   sysctl -a |grep 'net.bridge.bridge-nf-call-iptables = 1'
   sysctl -a |grep 'net.bridge.bridge-nf-call-ip6tables = 1'
   
   ## 若未配置，需要执行如下
   cat <<EOF >  /etc/sysctl.d/k8s.conf
   net.ipv4.ip_forward=1
   net.bridge.bridge-nf-call-ip6tables=1
   net.bridge.bridge-nf-call-iptables=1
   EOF
   
   sysctl -p /etc/sysctl.d/k8s.conf
   

   加载网卡转发报错

   sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: 没有那个文件或目录
   sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: 没有那个文件或目录
   
   lsmod | grep br_netfilter
   #如果没有返回，说明没有加载模块
   
   #临时解决，重启失效
   modprobe br_netfilter	
   
   #彻底解决，重启也有效
   cat > /etc/rc.sysinit << EOF
   #!/bin/bash
   for file in /etc/sysconfig/modules/*.modules ; do
   [ -x $file ] && $file
   done
   EOF
   cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
   modprobe br_netfilter
   EOF
   
   chmod 755 /etc/sysconfig/modules/br_netfilter.modules
   重启后可见自动加载
   

4. 安装docker

   #安装相关依赖
   yum install -y yum-utils device-mapper-persistent-data lvm2 epel-release
   
   #添加阿里云docker-ce源
   yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
   
   yum clean all
   yum makecache fast
   yum install docker-ce docker-ce-cli	containerd.io
   
   #设置docker开机自启
   systemctl enable docker
   
   #启动docker服务
   systemctl start docker
   
   #查看docker信息
   docker info
   

---

安装kubelet、kubeadm

添加阿里云k8s源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装kubelet kubeadm

yum install kubectl kubelet kubeadm

修改kubelet配置（把kubelet驱动方式改为和docker驱动方式一致，否则会有报错）

cat <<EOF >/etc/sysconfig/kubelet
KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"
EOF　

添加kubelet自启动

systemctl enable kubelet

现在启动kubelet会有报错找不到配置的yaml文件，不用管，等加入到k8s集群后即可解决

---

初始化k8s集群（在master上）

#使用kubeadm查看所需要的docker镜像
kubeadm config images list --kubernetes-version v1.23.1

#使用阿里云镜像仓库下载
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.1
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.1
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.1
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1
docker pull registry.aliyuncs.com/google_containers/pause:3.6
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.1-0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.8.6

#修改对应镜像
docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.1 k8s.gcr.io/kube-apiserver:v1.23.1
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.1 k8s.gcr.io/kube-controller-manager:v1.23.1
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.1 k8s.gcr.io/kube-scheduler:v1.23.1
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1  k8s.gcr.io/kube-proxy:v1.23.1
docker tag registry.aliyuncs.com/google_containers/pause:3.6  k8s.gcr.io/pause:3.6
docker tag registry.aliyuncs.com/google_containers/etcd:3.5.1-0  k8s.gcr.io/etcd:3.5.1-0
docker tag registry.aliyuncs.com/google_containers/coredns:v1.8.6  k8s.gcr.io/coredns/coredns:v1.8.6

#删除阿里云镜像
docker rmi registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.1
docker rmi registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.1
docker rmi registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.1
docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1
docker rmi registry.aliyuncs.com/google_containers/pause:3.6
docker rmi registry.aliyuncs.com/google_containers/etcd:3.5.1-0
docker rmi registry.aliyuncs.com/google_containers/coredns:v1.8.6

#初始化k8s集群（apiserver-advertise-address需要指定master节点IP）
kubeadm init --kubernetes-version=v1.23.1 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--apiserver-advertise-address=10.1.129.86

#配置master参数
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

---

安装flannel网络插件

kubectl get nodes
#可以看到各个节点还是 notready状态，是因为还没有安装网络插件

#在master节点上:
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

kubectl get pods --all-namespaces 
#查看pod信息，发现node节点的kube-proxy与flannel还没有ready

kubectl describe pod kube-flannel-ds-fj6f7 -n kube-system
kubectl logs kube-flannel-ds-fj6f7 -n kube-system
#发现没有ready是因为docker镜像没有下载到

#在node节点上:
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1
docker pull registry.aliyuncs.com/google_containers/pause:3.6

docker tag registry.aliyuncs.com/google_containers/pause:3.6  k8s.gcr.io/pause:3.6
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1  k8s.gcr.io/kube-proxy:v1.23.1

#过一会再查看pod与node信息，都已ready