k8s 安装
K8S集群安装
设置hostname
sudo hostnamectl set-hostname master-node
sudo hostnamectl set-hostname node1
sudo hostnamectl set-hostname node2
sudo cat <<EOF>> /etc/hosts
192.168.164.11 master-node
192.168.164.12 node1
192.168.164.13 node2
EOF
关闭selinux
sudo setenforce 0
sudo sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
它叫做“安全增强型 Linux(Security-Enhanced Linux)”,简称 SELinux,它是 Linux 的一个安全子系统
其主要作用就是最大限度地减小系统中服务进程可访问的资源(根据的是最小权限原则)。避免权限过大的角色给系统带来灾难性的结果。
关闭防火墙
systemctl disable firewalld
systemctl stop firewalld
开启桥接
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
设置ipvs clusterip 才可以访问
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
关闭系统交换区
sudo sed -i '/swap/d' /etc/fstab
sudo swapoff -a
Linux swapoff命令用于关闭系统交换区(swap area)
重启
reboot
安装docker
sudo yum check-update
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce
sudo systemctl start docker
sudo systemctl enable docker
sudo systemctl status docker
安装kubelet
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
sudo yum install -y kubelet
sudo systemctl enable --now kubelet
安装kubeadm
sudo yum install -y kubeadm
### 由于k8s.gcr.io 需要连外网才可以拉取到,导致 k8s 的基础容器 pause 经常无法获取。k8s docker 可使用代理服拉取,再利用 docker tag 解决问题
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 k8s.gcr.io/pause:3.6
## 但是我们k8s集群中使用的CRI是containerd。所以只能通过 docker tag 镜像,再使用 ctr 导入镜像.
docker save k8s.gcr.io/pause -o pause.tar
ctr -n k8s.io images import pause.tar
初始化master节点
master执行:
kubeadm init \
--apiserver-advertise-address=192.168.164.11 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
安装flannel网络插件
master执行:
https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
获取节点信息
sudo kubectl get nodes
sudo kubectl get pods --all-namespaces -o wide
sudo kubectl get service --all-namespaces -o wide
添加node节点
sudo kubeadm token create --print-join-command
sudo kubectl label node node1 node-role.kubernetes.io/worker=worker
问题排查
kubectl describe pod kube-proxy-sfrsp -n kube-system # 查看为什么无法启动
kubectl logs kube-proxy-sfrsp -n kube-system # 查看为什么无法启动
很大一部分都是由于要FQ导致image如法下载,都可以使用aliyun镜像服务器
# 移除已经添加的节点 Run on Master
# kubectl cordon <node-name>
# kubectl drain <node-name> --force --ignore-daemonsets --delete-emptydir-data
kubectl drain node2 --force --ignore-daemonsets --delete-emptydir-data
# kubectl delete node <node-name>
kubectl delete node
# Run on node
kubeadm reset
安装dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml
kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
type: ClusterIP修改为type: NodePort
https://192.168.164.12:31483/#/workloads?namespace=default
添加用户角色
# dashboard-adminuser.yaml
----
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
----
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
kubectl apply -f dashboard-adminuser.yaml
获取token
kubectl -n kubernetes-dashboard create token admin-user
