centos7 搭建 kubernetes1.16.7 集群 I
环境
三台 Centos 7 服务器:kube_1、kube_2、kube_3,配置:2核 4G
设置主机名称(*不改的话,加入work节点时会出大错,这个细节改了好久)
# 临时修改 hostname XXX # 永久修改 (建议) hostnamectl set-hostname xxx
关闭、禁用防火墙:
1 systemctl stop firewalld 2 3 systemctl disable firewalld
禁用SELINUX:
1 setenforce 0
禁用交换分区
1 swapoff -a
修改 /etc/fstab 文件,将交换分区的文件系统注释掉,如下
# /dev/mapper/centos-swap swap swap defaults 0 0
创建 /etc/sysctl.d/k8s.conf
文件,添加如下内容:
1 net.bridge.bridge-nf-call-ip6tables = 1 2 net.bridge.bridge-nf-call-iptables = 1 3 net.ipv4.ip_forward = 1
执行如下命令使修改生效:
1 modprobe br_netfilter 2 3 sysctl -p /etc/sysctl.d/k8s.conf
安装Docker
1 # step 1: 安装必要的一些系统工具 2 sudo yum install -y yum-utils device-mapper-persistent-data lvm2 3 4 # Step 2: 添加软件源信息 5 sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 6 7 # Step 3: 更新并安装 Docker-CE 8 sudo yum makecache fast 9 sudo yum -y install docker-ce 10 11 # Step 4: 开启Docker服务 12 sudo service docker start 13 14 # Step 5: 设置开机启动 15 sudo systemctl enable docker
配置阿里云镜像加速器:
1 mkdir -p /etc/docker 2 3 tee /etc/docker/daemon.json <<-'EOF' 4 { 5 "registry-mirrors": ["https://obww7jh1.mirror.aliyuncs.com"] # 上自己的阿里云找自己的加速 6 } 7 EOF 8 9 systemctl daemon-reload 10 11 systemctl restart docker
安装 kubelet kubeadm kubectl
1 cat <<EOF > /etc/yum.repos.d/kubernetes.repo 2 [kubernetes] 3 name=Kubernetes 4 baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ 5 enabled=1 6 gpgcheck=1 7 repo_gpgcheck=1 8 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg 9 EOF 10 11 yum install -y kubelet-1.16.7 kubeadm-1.16.7 kubectl-1.16.7 12 13 systemctl enable --now kubelet
构建 Kubernetes 集群
1、初始化 Master 节点 kube1
1 kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers
- --pod-network-cidr :后续安装 flannel 的前提条件,且值为 10.244.0.0/16, 参考资料
- --image-repository :指定镜像仓库,这个好像已经不行了,用我的仓库 registry.cn-hangzhou.aliyuncs.com/wzllzw
输出日志:
1 [addons] Applied essential addon: CoreDNS 2 3 Your Kubernetes control-plane has initialized successfully! 4 5 To start using your cluster, you need to run the following as a regular user: 6 7 mkdir -p $HOME/.kube 8 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config 9 sudo chown $(id -u):$(id -g) $HOME/.kube/config 10 11 You should now deploy a pod network to the cluster. 12 Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: 13 https://kubernetes.io/docs/concepts/cluster-administration/addons/ 14 15 Then you can join any number of worker nodes by running the following on each as root: 16 17 kubeadm join 192.168.1.127:6443 --token yjscgl.eybl86olwr3g2ct9 \ 18 --discovery-token-ca-cert-hash sha256:91f7982ff4ffb9099b5228449044483192b73d52932929674985ef595a769055
从日志中,可以看出,要使用集群,需要执行如下命令:
1 mkdir -p $HOME/.kube 2 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config 3 sudo chown $(id -u):$(id -g) $HOME/.kube/config
还需要部署一个 Pod Network 到集群中,此处选择 flannel
,因为要访问国外资源的缘故,这里另外处理
# 将 yml 文件下载到本地 [root@localhost ~]# wget https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml # 打开文件,将文件中所有 quay.io 修改为 quay-mirror.qiniu.com (https://blog.csdn.net/zsd498537806/article/details/85157560) # 最后拉取镜像 [root@localhost ~]# kubectl apply -f kube-flannel.yml
至此,Master 节点初始化完毕,查看集群相关信息:
# 查看集群 [root@localhost ~]# kubectl cluster-info Kubernetes master is running at https://192.168.1.127:6443 KubeDNS is running at https://192.168.1.127:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. # 查看 node [root@localhost ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master Ready master 106m v1.16.7 k8s-node1 Ready <none> 102m v1.16.7 k8s-node2 Ready <none> 33m v1.16.4 # 查看pod [root@localhost ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-58cc8c89f4-955zb 1/1 Running 0 106m kube-system coredns-58cc8c89f4-bp746 1/1 Running 0 106m kube-system etcd-k8s-master 1/1 Running 0 106m kube-system kube-apiserver-k8s-master 1/1 Running 0 105m kube-system kube-controller-manager-k8s-master 1/1 Running 0 105m kube-system kube-flannel-ds-amd64-ckdzv 1/1 Running 0 102m kube-system kube-flannel-ds-amd64-fvrmj 1/1 Running 0 105m kube-system kube-flannel-ds-amd64-m8557 1/1 Running 0 34m kube-system kube-proxy-6lgbv 1/1 Running 0 34m kube-system kube-proxy-d8sxd 1/1 Running 0 106m kube-system kube-proxy-v9xnz 1/1 Running 0 102m kube-system kube-scheduler-k8s-master 1/1 Running 0 106m
* 如果初始化中遇到问题:
[root@localhost ~]# kubeadm reset [root@localhost ~]# rm -rf /var/lib/cni/ [root@localhost ~]# rm -f $HOME/.kube/config
* 若出现 节点 NotReady, coredns 为 pending (https://www.jianshu.com/p/d446121dbfc2)
[root@localhost ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION k8s-master NotReady master 2m48s v1.16.7 # 查看 Pods 信息 [root@localhost ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-9d85f5447-4f65b 0/1 Pending 0 63m kube-system coredns-9d85f5447-b2m6m 0/1 Pending 0 63m kube-system etcd-localhost.localdomain 1/1 Running 0 63m kube-system kube-apiserver-localhost.localdomain 1/1 Running 0 63m kube-system kube-controller-manager-localhost.localdomain 1/1 Running 0 63m kube-system kube-proxy-sz9ld 1/1 Running 0 63m kube-system kube-scheduler-localhost.localdomain 1/1 Running 0 63m
解决方法:安装CNI,安装CNI配置文件
$ mkdir -p /etc/cni/net.d $ cat >/etc/cni/net.d/10-mynet.conf <<EOF { "cniVersion": "0.2.0", "name": "mynet", "type": "bridge", "bridge": "cni0", "isGateway": true, "ipMasq": true, "ipam": { "type": "host-local", "subnet": "10.22.0.0/16", "routes": [ { "dst": "0.0.0.0/0" } ] } } EOF $ cat >/etc/cni/net.d/99-loopback.conf <<EOF { "cniVersion": "0.2.0", "name": "lo", "type": "loopback" } EOF
这里两个配置一个是给容器塞一个网卡挂在网桥上的,另外一个配置负责撸(本地回环)
添加work节点
方式1 :使用 kubeadm init时返回的信息加入 (在work节点中输入命令)
kubeadm join 192.168.1.127:6443 --token yjscgl.eybl86olwr3g2ct9 \
--discovery-token-ca-cert-hash sha256:91f7982ff4ffb9099b5228449044483192b73d52932929674985ef595a769055
方式2 :重新生成token
kubeadm token generate
kubeadm token create <generated-token> --print-join-command --ttl=24h
配置dns
1 一、DNS的临是修改。(重启后失效) 2 vim /etc/resolv.conf //打开resolv.conf 文件 3 4 改为如下内容: 5 6 nameserver 8.8.8.8 #修改成你的主DNS 7 8 nameserver 8.8.7.7 #修改成你的备用DNS 9 10 11 12 二、DNS永久修改。(永久修改不失效) 13 vim /etc/resolvconf/resolv.conf.d/base //打开resolv.conf 文件 14 15 最后输入: 16 17 nameserver 8.8.8.8 #修改成你的主DNS 18 19 nameserver 8.8.7.7 #修改成你的备用DNS
raw.githubusercontent.com的IP访问呢不到(被污染)
1 # /etc/hosts 中加入 2 199.232.68.133 raw.githubusercontent.com
参考:
kubernetes v1.16.x环境搭建 :https://www.jianshu.com/p/832bcd89bc07
彻底理解kubernetes CNI :https://www.jianshu.com/p/d446121dbfc2
gcr.io和quay.io拉取镜像失败 :https://blog.csdn.net/zsd498537806/article/details/85157560