Centos7安装kubernetes1.18.1

感谢 https://www.cnblogs.com/xiao987334176/

参考 博客https://www.cnblogs.com/xiao987334176/p/12696740.html

master 192.168.122.100
node01 192.168.122.101
node02 192.168.122.102

三台服务器都要执行

cat <<EOF >> /etc/hosts
192.168.122.100 master-122-100
192.168.122.101 node01-122-101
192.168.122.102 node02-122-102
EOF

同步一下时间

yum install -y ntpdate
/usr/sbin/ntpdate ntp1.aliyun.com

安装依赖包
yum install -y epel-release
yum install -y screen conntrack ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git

 关闭firewalld、selinux、postfix

systemctl stop firewalld
systemctl disable firewalld
systemctl stop postfix
systemctl disable postfix
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

# 安装iptables

yum -y install iptables-services
systemctl start iptables
systemctl enable iptables
iptables -F
service iptables save

 # 停用swap

swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

# 调整内核参数，对于K8S
cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0 # 禁止使用swap空间,只有当系统OOM时才允许使用它
vm.overcommit_memory=1 # 不检查物理内存是否够用
vm.panic_on_oom=0 # 开启OOM
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf
# 调整系统时区,设置系统时区为中国/上海
timedatectl set-timezone Asia/Shanghai
# 将当前的UTC时间写入硬件时钟
timedatectl set-local-rtc 0# 重启依赖于系统时间的服务
systemctl restart rsyslog
systemctl restart crond
# 设置 rsyslogd 和 systemd journald
mkdir -p /var/log/journal # 持久化保存日志的目录
mkdir -p /etc/systemd/journald.conf.d
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
# 持久化保存到磁盘
Storage=persistent
# 压缩历史日志
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
# 最大占用空间10G
SystemMaxUse=10G
# 单日志文件最大200M
SystemMaxFileSize=200M
# 日志保存时间2周
MaxRetentionSec=2week
# 不将日志转发到syslog
ForwardToSyslog=no
EOF
systemctl restart systemd-journald
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install -y kernel-lt
# 设置开机从新内核启动
new_core=`ls -lt /lib/modules|grep ^d | awk '{print $NF}'|grep ^4.4`
grub2-set-default 'CentOS Linux ('$new_core') 7 (Core)'
重启系统
reboot

modprobe br_netfilter
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules
bash /etc/sysconfig/modules/ipvs.modules
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
# 安装Docker软件
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum update -y --exclude=kube*
yum install -y docker-ce
systemctl start docker
systemctl enable docker
## 创建/etc/docker 目录
mkdir -p /etc/docker
# 配置daemon.
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
}
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
# 重启docker服务
systemctl daemon-reload 
systemctl restart docker
systemctl enable docker
# 安装 Kubeadm （主从配置）
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum -y install kubeadm-1.18.1 kubectl-1.18.1 kubelet-1.18.1

systemctl enable kubelet && systemctl start kubelet

# 由于之前系统进行了update操作，所以还需要设置从新内核启动
new_core=`ls -lt /lib/modules|grep ^d | awk '{print $NF}'|grep ^4.4`
grub2-set-default 'CentOS Linux ('$new_core') 7 (Core)'
重启系统 
reboot

以上步骤是3台机器都要进行

初始化，只在master上进行操作

[root@master-122-100 ~]# kubeadm init --kubernetes-version=1.18.1 --apiserver-advertise-address=192.168.122.100 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16

W0424 15:51:57.494483 1604 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.18.1
[preflight] Running pre-flight checks
[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [master-122-100 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.1.0.1 192.168.122.100]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [master-122-100 localhost] and IPs [192.168.122.100 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [master-122-100 localhost] and IPs [192.168.122.100 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
W0424 15:54:13.054241 1604 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[control-plane] Creating static Pod manifest for "kube-scheduler"
W0424 15:54:13.055988 1604 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 31.533831 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.18" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master-122-100 as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node master-122-100 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: cr9psd.2faufmg7vf0uqnri
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.122.100:6443 --token cr9psd.2faufmg7vf0uqnri \
--discovery-token-ca-cert-hash sha256:ecc1a82f3804cb16bf24c38d02c3f24a8b58a96f3e45fec9d00e9d98f35185df

初始化完成后执行

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

[root@master-122-100 ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

--2020-04-24 16:07:37--  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.76.133

Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.76.133|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 14366 (14K) [text/plain]

Saving to: ‘kube-flannel.yml’

 

100%[=========================================================================>] 14,366      --.-K/s   in 0.03s   

 

2020-04-24 16:07:37 (439 KB/s) - ‘kube-flannel.yml’ saved [14366/14366]

 

[root@master-122-100 ~]# cat kube-flannel.yml |grep image|uniq

        image: quay.io/coreos/flannel:v0.12.0-amd64

        image: quay.io/coreos/flannel:v0.12.0-arm64

        image: quay.io/coreos/flannel:v0.12.0-arm

        image: quay.io/coreos/flannel:v0.12.0-ppc64le

        image: quay.io/coreos/flannel:v0.12.0-s390x

从阿里云上拉取镜像

docker pull registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-amd64

docker pull registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-arm64

docker pull registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-arm

docker pull registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-ppc64le

docker pull registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-s390x

重命名镜像，和kube-flannel.yml文件中的镜像名称保存一致

docker tag registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-amd64 quay.io/coreos/flannel:v0.12.0-amd64

docker tag registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-arm64 quay.io/coreos/flannel:v0.12.0-arm64

docker tag registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-arm quay.io/coreos/flannel:v0.12.0-arm

docker tag registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-ppc64le quay.io/coreos/flannel:v0.12.0-ppc64le

docker tag registry.cn-shanghai.aliyuncs.com/yijindami/flannel:v0.12.0-s390x quay.io/coreos/flannel:v0.12.0-s390x

安装flannel网络

[root@master-122-100 ~]# kubectl apply -f kube-flannel.yml

podsecuritypolicy.policy/psp.flannel.unprivileged created

clusterrole.rbac.authorization.k8s.io/flannel created

clusterrolebinding.rbac.authorization.k8s.io/flannel created

serviceaccount/flannel created

configmap/kube-flannel-cfg created

daemonset.apps/kube-flannel-ds-amd64 created

daemonset.apps/kube-flannel-ds-arm64 created

daemonset.apps/kube-flannel-ds-arm created

daemonset.apps/kube-flannel-ds-ppc64le created

daemonset.apps/kube-flannel-ds-s390x created

[root@master-122-100 ~]# kubectl get pod --all-namespaces -o wide

NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-7ff77c879f-x9vqf 1/1 Running 0 27m 10.244.0.2 master-122-100 <none> <none>
kube-system coredns-7ff77c879f-xc6kg 1/1 Running 0 27m 10.244.0.3 master-122-100 <none> <none>
kube-system etcd-master-122-100 1/1 Running 0 27m 192.168.122.100 master-122-100 <none> <none>
kube-system kube-apiserver-master-122-100 1/1 Running 0 27m 192.168.122.100 master-122-100 <none> <none>
kube-system kube-controller-manager-master-122-100 1/1 Running 0 27m 192.168.122.100 master-122-100 <none> <none>
kube-system kube-flannel-ds-amd64-s2t9q 1/1 Running 0 12m 192.168.122.100 master-122-100 <none> <none>
kube-system kube-proxy-zhzpj 1/1 Running 0 27m 192.168.122.100 master-122-100 <none> <none>
kube-system kube-scheduler-master-122-100 1/1 Running 0 27m 192.168.122.100 master-122-100 <none> <none>

node01加入master集群

kubeadm join 192.168.122.100:6443 --token cr9psd.2faufmg7vf0uqnri \

    --discovery-token-ca-cert-hash sha256:ecc1a82f3804cb16bf24c38d02c3f24a8b58a96f3e45fec9d00e9d98f35185df

[root@node01-122-101 ~]# kubeadm join 192.168.122.100:6443 --token cr9psd.2faufmg7vf0uqnri --discovery-token-ca-cert-hash sha256:ecc1a82f3804cb16bf24c38d02c3f24a8b58a96f3e45fec9d00e9d98f35185df
W0424 16:58:48.589384 1696 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@node01-122-101 ~]#

node02加入master集群

[root@node02-122-102 ~]# kubeadm join 192.168.122.100:6443 --token cr9psd.2faufmg7vf0uqnri --discovery-token-ca-cert-hash sha256:ecc1a82f3804cb16bf24c38d02c3f24a8b58a96f3e45fec9d00e9d98f35185df
W0424 16:58:54.192320 1711 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.18" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@master-122-100 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master-122-100 Ready master 65m v1.18.1
node01-122-101 NotReady <none> 48s v1.18.1
node02-122-102 NotReady <none> 41s v1.18.1
[root@master-122-100 ~]#

等待几分钟

[root@master-122-100 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master-122-100 Ready master 67m v1.18.1
node01-122-101 Ready <none> 3m32s v1.18.1
node02-122-102 Ready <none> 3m25s v1.18.1
[root@master-122-100 ~]#

新建deployment

[root@master-122-100 ~]# cat flaskapp-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: flaskapp-1
spec:
  selector:
    matchLabels:
      run: flaskapp-1
  replicas: 1
  template:
    metadata:
      labels:
        run: flaskapp-1
    spec:
      containers:
      - name: flaskapp-1
        image: jcdemo/flaskapp
        ports:
        - containerPort: 5000

新建svc文件
[root@master-122-100 ~]# cat flaskapp-service.yaml

apiVersion: v1
kind: Service
metadata:
  name: flaskapp-1
  labels:
    run: flaskapp-1
spec:
  type: NodePort
  ports:
  - port: 5000
    name: flaskapp-port
    targetPort: 5000
    protocol: TCP
    nodePort: 30005
  selector:
    run: flaskapp-1

[root@master-122-100 ~]# kubectl apply -f flaskapp-service.yaml
service/flaskapp-1 created
[root@master-122-100 ~]# kubectl apply -f flaskapp-deployment.yaml
deployment.apps/flaskapp-1 created

[root@master-122-100 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
flaskapp-1-5d96dbf59b-gh5kp 1/1 Running 0 27s 10.244.2.2 node02-122-102 <none> <none>

访问测试，需要安装elinks  yum install elinks -y

[root@master-122-100 ~]# elinks http://192.168.122.100:30005/ --dump
Start Time 2020-Apr-24 09:04:18
Hostname flaskapp-1-5d96dbf59b-gh5kp
Local Address 10.244.2.2
Remote Address 10.244.0.0
Server Hit 3
[root@master-122-100 ~]# elinks http://192.168.122.101:30005/ --dump
Start Time 2020-Apr-24 09:04:18
Hostname flaskapp-1-5d96dbf59b-gh5kp
Local Address 10.244.2.2
Remote Address 10.244.1.0
Server Hit 4
[root@master-122-100 ~]

有问题欢迎留言联系。再次感谢原作者。