Kubernetes安装配置指南(kubeadm工具安装)
安装 Kubernetes对软件和硬件的系统要求
-
cpu和内存
master:至少2core4GB内存
Node:根据需求而定 -
Linux操作系统(关闭防火墙和selinux)
基于x86_64架构的各种Linux发行版本
推荐redhat7或Centos7
kernel版本3.10以上,推荐关闭交换空间的使用,swapoff -a,在/etc/fstab中注释掉swap的挂载。 -
etcd3.0版本及以上,推荐3.3版本
etcd下载地址:
https://github.com/etcd-io/etcd/releases/download/v3.3.13/etcd-v3.3.13-linux-amd64.tar.gz -
Docker18.03版本及以上,推荐18.09版本
docker下载地址:
https://download.docker.com/linux/centos/7/x86\_64/stable/Packages/docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
使用kubeadm工具快速安装Kubernetes集群
1.首先配置yum源
官方yum源的地址为https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64。如果无法访问官方yum源的地址,则也可以使用国内的一个yum源,地址为http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/,yum源的配置文件/ etc/yum.repos.d/kubernetes.repo的内容如下:
```
[root@common yum.repos.d]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enable=1
gpgcheck=0
```
2.安装kubeadm和相关工具并启动kubelet服务
```
yum -y install kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet
```
3.拉取镜像
```
[root@common ~]# cat init-config.yaml
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
imageRepository: docker.io/dustise
kubernetesVersion: v1.14.0
networking:
podSubnet: "192.168.0.0/16"
拉取镜像:kubeadm config images pull --config=init-config.yaml
```
4.运行kubeadm init命令安装Master
至此,准备工作已就绪,执行kubeadm init命令即可一键安装Kubernetes的Master。在开始之前需要注意:kubeadm的安装过程不涉及网络插件(CNI)的初始化,因此kubeadm初步安装完成的集群不具备网络功能,任何Pod包括自带的CoreDNS都无法正常工作。而网络插件的安装往往对kubeadm init命令的参数有一定的要求。例如,安装Calico插件时需要指定--pod-network-cidr=192.168.0.0/16,详情可参考https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network。
接下来使用kubeadminit命令,使用前面创建的配置文件进行集群控制面的初始化:
kubeadm init --config=init-config.yaml
等待一段时间后,Kubernetes的Master安装成功,显示如下信息:
[bootstrap-token] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.10.10.2:6443 --token d5rwf4.334gsqh9iovly5g2 \
--discovery-token-ca-cert-hash sha256:1585f8435e4fa11038e85541b6539498c6cca24b9ddf4fb9901a640b3ba45f9a
按照提示执行下面的命令,复制配置文件到普通用户的home目录下:
[root@common ~]# mkdir -p $HOME/.kube
[root@common ~]# echo $HOME
/root
[root@common ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@common ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
这样就在Master上安装了Kubernetes,但在集群内还是没有可用的工作Node,并缺乏对容器网络的配置。这里需要注意kubeadminit命令执行完成后的最后几行提示信息,其中包含加入节点的指令(kubeadm join)和所需的Token。
可以看到其中生成了名为kubeadm-config的ConfigMap对象。
[root@common ~]# kubectl get -n kube-system configmap
NAME DATA AGE
coredns 1 22m
extension-apiserver-authentication 6 22m
kube-proxy 2 21m
kubeadm-config 2 22m
kubelet-config-1.14 1 22m
5.安装Node,加入集群
对于新节点的添加,系统准备和Kubernetesyum源的配置过程是一致的,在Node主机上执行下面的安装过程。
(1)安装kubeadm和相关工具:
yum -y install kubelet kubeadm kubectl --disableexcludes=kubernetes
启动服务:
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet
(2)为kubeadm命令生成配置文件。创建文件join-config.yaml,内容如下:
[root@cfs-ctp ~]# cat join-config.yaml
apiVersion: kubeadm.k8s.io/v1beta1
kind: JoinConfiguration
discovery:
bootstrapToken:
apiServerEndpoint: 10.2.7.60:6443
token: d5rwf4.334gsqh9iovly5g2
unsafeSkipCAVerification: true
t1sBootstrapToken: d5rwf4.334gsqh9iovly5g2
其中,apiServerEndpoint的值来自Master服务器的地址,token和tlsBootstrapToken的值就来自于使用kubeadminit安装Master的最后一行提示信息。
(3) 执行kubeadm join命令,将本Node加入集群:
[root@cfs-ctp ~]# kubeadm join --config=join-config.yaml
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.03.1-ce. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
6.安装网络插件
执行 kubectl get nodes命令,会发现Kubernetes提示Master为NotReady状态,这是因为还没有安装CNI网络插件:
[root@common ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
cfs-ctp.jiuqi.com.cn NotReady <none> 9m12s v1.14.0
common.localdomain NotReady master 60m v1.14.0
安装网络插件:
[root@common ~]# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64| tr -d '\n')"
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.extensions/weave-net created
[root@common ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
cfs-ctp.jiuqi.com.cn Ready <none> 12m v1.14.0
common.localdomain NotReady master 63m v1.14.0
执行下面的命令,验证Kubernetes集群的相关Pod是否都正常创建并运行:
[root@common ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6897bd7b5-flm7x 1/1 Running 0 69m
kube-system coredns-6897bd7b5-njtxf 1/1 Running 0 69m
kube-system etcd-common.localdomain 1/1 Running 0 68m
kube-system kube-apiserver-common.localdomain 1/1 Running 0 68m
kube-system kube-controller-manager-common.localdomain 1/1 Running 0 68m
kube-system kube-proxy-nh6jv 1/1 Running 0 18m
kube-system kube-proxy-sj2z5 1/1 Running 0 69m
kube-system kube-scheduler-common.localdomain 1/1 Running 0 68m
kube-system weave-net-4x7hf 2/2 Running 0 6m21s
kube-system weave-net-nhsts 2/2 Running 0 6m21s
如果发现有状态错误的Pod,则可以执行kubectl --namespace=kube-system describe pod<pod_name>来查看错误原因,常见的错误原因是镜像没有下载完成。至此,通过kubeadm工具就实现了Kubernetes集群的快速搭建。如果安装失败,则可以执行kubeadm reset命令将主机恢复原状,重新执行kubeadm init命令,再次进行安装。