k8s部署
初始化
1.配置yum仓库
mkdir -p /etc/yum.repos.d/repo_bak/
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repo_bak/
1、若您安装过docker,需要先删掉,之后再安装依赖: sudo yum remove docker docker-common docker-selinux docker-engine sudo yum install -y yum-utils device-mapper-persistent-data lvm2 2、根据版本不同,下载repo文件。您使用的发行版: CentOS/RHEL wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo 软件仓库地址替换为: sudo sed -i 's+download.docker.com+mirrors.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo 3、更新索引文件并安装 sudo yum makecache fast sudo yum install docker-ce echo '[kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg'>/etc/yum.repos.d/kubernetes.repo yum clean all yum makecache
2.配置ssh免密登录
ssh-keygen scp /root/.ssh/id_rsa.pub root@172.18.0.68:/root/.ssh/ scp /root/.ssh/id_rsa.pub root@172.18.0.69:/root/.ssh/ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys 或 ssh-copy-id -i .ssh/id_rsa.pub root@172.18.0.68 ssh-copy-id -i .ssh/id_rsa.pub root@172.18.0.69
3.配置NTP时钟源同步
4.配置hosts文件
scp /etc/hosts root@k8s-node1:/etc/hosts scp /etc/hosts root@k8s-node2:/etc/hosts
5.关闭并禁用防火墙,selinux,iptables.service。
systemctl stop firewalld systemctl disable firewalld sed -i 's/enforcing/disabled/' /etc/selinux/config
6.禁用swap,如果要永久禁止swap挂载,可以修改/etc/fstab,将与swap有关的配置注释,重启系统即可
swapoff -a
7.安装docker,kubelet,kubectl,kubeadm
yum list kubelet kubeadm kubectl --showduplicates|sort -r //查看kubelet kubeadm kubectl版本,其中第一列是包的名字,第二列是版本信息。 yum install kubeadm-1.17.11-0 kubectl-1.17.11-0 kubelet-1.17.11-0 //安装指定版本的kubelet kubeadm kubectl systemctl start docker systemctl enable docker kubelet
8.开启ipv4的转发在CentOS7.5版本上依然是必须的
echo "net.ipv4.ip_forward = 1">>/etc/sysctl.conf echo 'net.bridge.bridge-nf-call-iptables = 1'>>/etc/sysctl.conf echo 'net.bridge.bridge-nf-call-ip6tables = 1'>>/etc/sysctl.conf sysctl -p
9.在国内网站站上找到相关的镜像
]# kubeadm config images list --kubernetes-version v1.17.1 //查看安装指定版本 k8s 需要的镜像有哪些 k8s.gcr.io/kube-apiserver:v1.17.1 k8s.gcr.io/kube-controller-manager:v1.17.1 k8s.gcr.io/kube-scheduler:v1.17.1 k8s.gcr.io/kube-proxy:v1.17.1 k8s.gcr.io/pause:3.1 k8s.gcr.io/etcd:3.4.3-0 k8s.gcr.io/coredns:1.6.5 [root@k8s-m ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.17.1 [root@k8s-m ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.17.1 [root@k8s-m ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.17.1 [root@k8s-m ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.17.1 [root@k8s-m ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.4.3-0 [root@k8s-m ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 [root@k8s-m ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.5 [root@k8s-m ~]# docker images
10.把这些images重新tag一下
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.5 k8s.gcr.io/coredns:1.6.5 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.17.1 k8s.gcr.io/kube-scheduler:v1.17.1 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.17.1 k8s.gcr.io/kube-controller-manager:v1.17.1 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.17.1 k8s.gcr.io/kube-apiserver:v1.17.1 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.17.1 k8s.gcr.io/kube-proxy:v1.17.1
11.初始化集群
kubeadm init --kubernetes-version=1.17.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
12.查看监听端口
ss -tnlp
13.查看错误日志
tail -f /var/log/messages
14.保存的系统提示命令
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
15.如果初始化失败,执行下面命令
kubeadm reset
16.Node节点安装kubelet kubectl kebeadm docker-ce
17.master节点
]# kubectl get cs 查看组件健康信息
]# kubectl get nodes 查看节点信息
]# kubectl get ns 查看所有名称空间
]# kubectl get pods -n kube-system 查看指定名称空间下运行的Pod,系统级的pod都在kube-system名称空间中
18.master部署Flannel
]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml [如果下载不了,点击链接,复制就好](https://blog.csdn.net/weixin_45483207/article/details/112547571) ]# docker images 可以看到flannel镜像已经下载完成 REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/coreos/flannel v0.12.0-amd64 4e9f801d2217 35 hours ago 52.8MB
19.镜像备份
master]# docker save quay.io/coreos/flannel:v0.12.0-amd64 -o flannel.tar node]# flannel.tar root@172.18.0.68:~ node]# flannel.tar root@172.18.0.69:~ Node节点解包 docker load -i flannel.tar docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.17.1 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.17.1 k8s.gcr.io/kube-proxy:v1.17.1 检查 docker images
20.加入Node节点
重新生成加入命令 master ~]# kubeadm token create --print-join-command 加入集群 kubeadm join 172.18.0.67:6443 --token vs1bna.tsws2f3ya91p0yn0 --discovery-token-ca-cert-hash sha256:37fcee2d33ffea2ad9a151b4c7fcde927ea146e45ea899b76d0ae646a2a53146 --ignore-preflight-errors=Swap 加入集群 kubeadm join 172.18.0.67:6443 --token vs1bna.tsws2f3ya91p0yn0 --discovery-token-ca-cert-hash sha256:37fcee2d33ffea2ad9a151b4c7fcde927ea146e45ea899b76d0ae646a2a53146 --ignore-preflight-errors=Swap
21.检查
master ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-6955765f44-sfptk 1/1 Running 4 18h kube-system coredns-6955765f44-xf9jt 1/1 Running 3 18h kube-system etcd-k8s-master 1/1 Running 3 18h kube-system kube-apiserver-k8s-master 1/1 Running 3 18h kube-system kube-controller-manager-k8s-master 1/1 Running 5 18h kube-system kube-flannel-ds-amd64-55nwh 1/1 Running 3 18h kube-system kube-flannel-ds-amd64-vhrf9 1/1 Running 3 15h kube-system kube-flannel-ds-amd64-vpm9f 1/1 Running 0 15h kube-system kube-proxy-fds8b 1/1 Running 3 18h kube-system kube-proxy-jt2ws 1/1 Running 0 15h kube-system kube-proxy-wh7d4 1/1 Running 0 15h kube-system kube-scheduler-k8s-master 1/1 Running 4 18h master ~]# kubectl get pods -n kube-system -o wide //查看某一个名称空间pod详情 NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES coredns-6955765f44-sfptk 1/1 Running 4 19h 10.244.0.9 k8s-master <none> <none> coredns-6955765f44-xf9jt 1/1 Running 3 19h 10.244.0.10 k8s-master <none> <none> etcd-k8s-master 1/1 Running 3 19h 172.18.0.67 k8s-master <none> <none> kube-apiserver-k8s-master 1/1 Running 3 19h 172.18.0.67 k8s-master <none> <none> kube-controller-manager-k8s-master 1/1 Running 5 19h 172.18.0.67 k8s-master <none> <none> kube-flannel-ds-amd64-55nwh 1/1 Running 3 18h 172.18.0.67 k8s-master <none> <none> kube-flannel-ds-amd64-vhrf9 1/1 Running 3 15h 172.18.0.69 k8s-node2 <none> <none> kube-flannel-ds-amd64-vpm9f 1/1 Running 0 15h 172.18.0.68 k8s-node1 <none> <none> kube-proxy-fds8b 1/1 Running 3 19h 172.18.0.67 k8s-master <none> <none> kube-proxy-jt2ws 1/1 Running 0 15h 172.18.0.68 k8s-node1 <none> <none> kube-proxy-wh7d4 1/1 Running 0 15h 172.18.0.69 k8s-node2 <none> <none> kube-scheduler-k8s-master 1/1 Running 4 19h 172.18.0.67 k8s-master <none> <none> master ~]# kubectl get nodes //查看集群节点状态 NAME STATUS ROLES AGE VERSION k8s-master Ready master 19h v1.17.4 k8s-node1 Ready <none> 15h v1.17.4 k8s-node2 Ready <none> 15h v1.17.4
22.测试
master ~]# kubectl describe node k8s-node1 //查看node详细信息 Taints: <none> //污点信息 Unschedulable: false //是否不可被调度
越学越感到自己的无知
