kubeadm方式部署k8s,详细步骤(不用FQ)
时间同步。查看chronyd服务的状态,并开启
# systemctl restart chronyd
主机名称解析正常
关闭防火墙
关闭iptables
禁用Selinux
禁用所有swap设备
临时关闭所有swap设备
# swapoff -a
打开所有swap设备
# swapon -a
永久关闭swap设备,编辑fstab文件,将需要禁用的设备注释掉
# vim /etc/fstab
启用ipvs内核模块
以下为模块探测脚本(可以不用开启)
# cd /usr/lib/modules
# ls
3.10.0-862.el7.x86_64
# uname -r
3.10.0-862.el7.x86_64
#!/bin/bash ipvs_mods_dir="/usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs" for mod in $(ls $ipvs_mods_dir | grep -o "^[^.]*"); do /sbin/modinfo -F filename &mod $> /dev/null if [ $? -eq 0 ]; then /sbin/modprobe $mod fi done
安装docker
# cd /etc/yum.repos.d/
# yum -y install docker-ce
启动docker服务
首先编辑配置文件,添加如下命令
# vim /usr/lib/systemd/system/docker.service (node节点同样设置,用scp将该docker.service文件拷贝至node节点即可)
#Environment="HTTPS_PROXY=http://www.ik8s.io:10070" 增加代理,可以不加 #Environment="NO_PROXY=127.0.0.0/8,10.10.10.0/8" 例外,本地网络不用代理 ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
看看docker启动后的参数
# docker info
查看iptables的策略
# iptables -vnL
Chain INPUT (policy ACCEPT 215 packets, 17636 bytes)
pkts bytes target prot opt in out source destination
添加配置项
# vim /etc/sysctl.d/k8s.conf (node节点同样设置,用scp将该k8s.conf文件拷贝至node节点即可)
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
检查配置是否成功
# sysctl -p /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
启动docker
# systemctl daemon-reload && systemctl start docker
开机自启
# systemctl enable docker
安装k8s组件
编辑yum文件
# vim /etc/yum.repos.d/kubernetes.repo
[kubernetes] name=kubernetes Repository baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
检查
# yum repolist
查看仓库中kube开头的安装程序
# yum list all | grep "^kube"
安装kubeadm和kubectl
# yum install kubeadm kubelet kubectl
查看安装结果
# rpm -ql kubelet
/etc/kubernetes/manifests
/etc/sysconfig/kubelet
/usr/bin/kubelet
/usr/lib/systemd/system/kubelet.service
# rpm -ql kubeadm
/usr/bin/kubeadm
/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
初始化集群
编辑配置文件,让swap启用时不报错(其实应该禁用swap设备)
# vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
查看集群信息
# kubeadm config print init-defaults
集群初始化
初始化前,先将需要的docker镜像下载,不想FQ,利用以下形式下载
首先查看需要下载的镜像有哪些kubeadm config images list
根据镜像,选择国内镜像站点一一下载
将下载好的镜像打标签,写成初始化需要的格式
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2 coredns:1.6.2
查看镜像
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE kube-proxy v1.16.2 8454cbe08dc9 3 weeks ago 86.1MB k8s.gcr.io/kube-apiserver v1.16.2 c2c9a0406787 3 weeks ago 217MB kube-controller-manager v1.16.2 6e4bffa46d70 3 weeks ago 163MB kube-scheduler v1.16.2 ebac1ae204a2 3 weeks ago 87.3MB etcd 3.3.15-0 b2756210eeab 2 months ago 247MB coredns 1.6.2 bf261d157914 2 months ago 44.1MB pause 3.1 da86e6ba6ca1 22 months ago 742kB
干跑测试
# kubeadm init --kubernetes-version="v1.16.2" --pod-network-cidr="10.244.0.0/16" --dry-run --ignore-preflight-errors=Swap
真跑执行
# kubeadm init --kubernetes-version="v1.16.2" --pod-network-cidr="10.244.0.0/16" --ignore-preflight-errors=Swap
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 10.10.10.110:6443 --token lli626.gmmbard6jootgare \ --discovery-token-ca-cert-hash sha256:775aa63cd724a8b3461780dfa6f54b2e8205a3a6970088ea1c1fca457c4bcfcb
添加配置文件
[root@master ~]# mkdir .kube
[root@master ~]# cp /etc/kubernetes/admin.conf .kube/config
添加完毕后即可用命令查看配置
# kubectl config view
若其他节点也想使用配置文件和kubectl命令,
同样方法在家目录下创建目录.kube,在master节点将admin.conf文件考培至相应节点的.kube路径下
# scp /etc/kubernetes/admin.conf node1:/root/.kube/config
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady master 136m v1.16.2
安装部署网络插件flannel
在GitHub上找到相关项目 https://github.com/coreos/flannel
执行如下命令
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看集群状态
[root@master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE coredns-5644d7b6d9-pp56k 1/1 Running 0 163m coredns-5644d7b6d9-wm8gr 1/1 Running 0 163m etcd-master 1/1 Running 0 162m kube-apiserver-master 1/1 Running 0 162m kube-controller-manager-master 1/1 Running 1 163m kube-flannel-ds-amd64-ffkq9 1/1 Running 0 11m kube-proxy-t4c9b 1/1 Running 0 163m kube-scheduler-master 1/1 Running 1 163m
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 164m v1.16.2
node节点部署
安装docker
在master节点上将yum文件和kubelet文件考培至相应node节点,(省得再配置)
# scp /etc/yum.repos.d/kubernetes.repo node1:/etc/yum.repos.d/
# scp /etc/sysconfig/kubelet node1:/etc/sysconfig/
安装k8s组件
# yum install kubeadm kubelet kubect
下载相关docker镜像,可通过将master节点的镜像打包传过来
先在master节点将需要的镜像打包
# docker save -o ./k8s-node-v1.16.2.tar k8s.gcr.io/kube-proxy:v1.16.2 k8s.gcr.io/pause:3.1 quay.io/coreos/flannel:v0.11.0-amd64
传输到node1
# scp k8s-node-v1.16.2.tar node1:/root/
node1载入镜像
# docker load -i k8s-node-v1.16.2.tar
fe9a8b4f1dcc: Loading layer [==================================================>] 43.87MB/43.87MB 15c9248be8a9: Loading layer [==================================================>] 3.403MB/3.403MB d2956a2953c6: Loading layer [==================================================>] 40.65MB/40.65MB Loaded image: k8s.gcr.io/kube-proxy:v1.16.2 e17133b79956: Loading layer [==================================================>] 744.4kB/744.4kB Loaded image: k8s.gcr.io/pause:3.1 7bff100f35cb: Loading layer [==================================================>] 4.672MB/4.672MB 5d3f68f6da8f: Loading layer [==================================================>] 9.526MB/9.526MB 9b48060f404d: Loading layer [==================================================>] 5.912MB/5.912MB 3f3a4ce2b719: Loading layer [==================================================>] 35.25MB/35.25MB 9ce0bb155166: Loading layer [==================================================>] 5.12kB/5.12kB Loaded image: quay.io/coreos/flannel:v0.11.0-amd64
查看镜像
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE k8s.gcr.io/kube-proxy v1.16.2 8454cbe08dc9 3 weeks ago 86.1MB quay.io/coreos/flannel v0.11.0-amd64 ff281650a721 9 months ago 52.6MB k8s.gcr.io/pause 3.1 da86e6ba6ca1 23 months ago 742kB
将节点加入master,执行给定的语句
# kubeadm join 10.10.10.110:6443 --token lli626.gmmbard6jootgare \
--discovery-token-ca-cert-hash sha256:775aa63cd724a8b3461780dfa6f54b2e8205a3a6970088ea1c1fca457c4bcfcb
--ignore-preflight-errors=Swap
如果24小时内没有使用master节点给出的加入命令,则token会过期,需要在master上重新生成带有新token的加入命令
# kubeadm token generate utvks4.sheju0f4mh8dq448 # kubeadm token create utvks4.sheju0f4mh8dq448 --print-join-command --ttl=0 kubeadm join 10.10.10.110:6443 --token utvks4.sheju0f4mh8dq448 --discovery-token-ca-cert-hash sha256:775aa63cd724a8b3461780dfa6f54b2e8205a3a6970088ea1c1fca457c4bcfcb
查看是否加入成功
# kubectl get nodes
NAME STATUS ROLES AGE VERSION master Ready master 4d21h v1.16.2 node1 Ready <none> 37s v1.16.2