kubeadm安装kubernetes1.14.0
使用kubeadm搭建kubernetes1.14.0单master集群
搭建kubernetes集群需要满足一下需求:
- 一台或多台机器,操作系统 CentOS7.2及以上
- 硬件配置:2GB及以上,2个CPU及以上,硬盘30GB
- 集群中所有机器之间网络互通
- 可以访问外网,需要拉取镜像
- 禁止swap分区
软件版本
搭建kubernetes1.14.0,组件版本如下
kubeadm-1.14.0
kubectl-1.14.0
kubelet-1.14.0
docker-18.06
环境准备
关闭防火墙
systemctl stop firewalld &&
systemctl disable firewalld
关闭selinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
关闭swap:
$ 临时
swapoff -a
$ 永久
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
修改hosts文件,添加如下内容
# cat /etc/hosts
192.168.1.102 master
192.168.1.103 node1
修改内核参数
cat <<EOF >
/etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
modprobe br_netfilter
安装组件
添加软件源
docker源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
kubernetes源
cat >
/etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
更新缓存
sudo yum clean all && sudo
yum makecache
安装kubeadm kubectl
kubelet docker
yum install -y kubelet-1.14.0
kubeadm-1.14.0 kubectl-1.14.0 docker-ce-18.06.1.ce-3.el7 -y
启动docker和kubelet
systemctl start docker &&
systemctl enable docker
systemctl start kubelet && systemctl enable kubelet
部署master
kubeadm init \
--apiserver-advertise-address=192.168.1.102 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.14.0 \
--service-cidr=10.10.0.0/23\
--pod-network-cidr=10.10.10.0/23
添加配置文件
将/etc/kubernetes/admin.conf复制到~/.kube/config文件
加入node节点
使用上一步输出命令,在node节点执行
kubeadm join 192.168.1.102:6443
--token 9ee8zm.s7np2u9cf5346se9 \
--discovery-token-ca-cert-hash
sha256:fcced58d843fdee5cb9560cc6df4e8c83271b1f8bb1f0566a0cde714228124c8
部署flannel
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentati
Dashboard安装
安装dashboard,国内可以使用别的yaml源
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
修改node为NodePort模式 kubectl -n kube-system edit
service kubernetes-dashboard
把type: ClusterIP 改成 type:
NodePort 然后保存
# 查看服务(得知dashboard运行在443:32383/TCP端口) kubectl get service
--namespace=kube-system #
--- 输出 ---
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.10.0.10 <none> 53/UDP,53/TCP,9153/TCP 7h40m kubernetes-dashboard NodePort 10.10.53.12 <none> 443:30675/TCP 3h42m #
--- 输出 --- #
查看dashboard运行在哪个node(得知dashboard运行在master节点上) kubectl get pods -A -o wide #
--- 输出 --- #
--- 输出 --- #
如果无法变成Running状态,可以使用以下命令排错 journalctl -f -u kubelet # 只看当前的kubelet进程日志 ### 提示拉取镜像失败,无法FQ的可以使用以下方法预先拉取镜像 ### 请在kubernetes-dashboard的节点上操作文件:
#!/bin/bash
docker pull registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0
docker pull
registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
docker tag
registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0
k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
docker image rm
registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0
报错处理:
kubectl get pods -A -o wide ##
查看结果: kube-system kubernetes-dashboard-5f7b999d65-rdwqt 0/1 CrashLoopBackOff 状态不正常,
kubectl logs kubernetes-dashboard-5f7b999d65-rdwqt --namespace=kube-system
----输出----- 2019/04/23 03:04:59 Starting overwatch 2019/04/23 03:04:59 Using in-cluster config to connect to apiserver 2019/04/23 03:04:59 Using service account token for csrf signing 2019/04/23 03:05:29 Error while initializing connection to Kubernetes apiserver. This most likely means that the cluster is misconfigured (e.g., it has invalid apiserver certificates or service account's configuration) or the --apiserver-host param points to a server that does not exist. Reason: Get https://10.96.0.1:443/version: dial tcp 10.96.0.1:443: i/o timeout Refer to our FAQ and wiki pages for more information: https://github.com/kubernetes/dashboard/wiki/FAQ ----输出-----
google后,网友给的建议:
1. I started fooling around and I saw (using the cmd: kubectl get pods -a -o wide --all-namespaces) that the kubernetes-dashboard was actually being set up on a slave node, and not on master (not sure if that's now it should be done)
2. I started removing all the slave node one by one and eventually, the dashboard ended up getting deployed on the master node itself (it happened automatically, all hail kubernetes!) 3. As soon as the dashboard was on the master node, the 'authentication to the API Server' problem got resolved since the api-server 'service' was also running on the master node.
大概意思是将 kubernetes-dashboard部署在master节点。
我的操作:
#mater节点操作:
kubectl drain node_name(节点的名字)
---输出---
node/iz23sfrk7n5z cordoned error: unable to drain node "iz23sfrk7n5z", aborting command... There are pending nodes to be drained: iz23sfrk7n5z cannot delete DaemonSet-managed Pods (use --ignore-daemonsets to ignore): kube-system/kube-flannel-ds-amd64-z4ggk, kube-system/kube-proxy-8d5kh cannot delete Pods with local storage (use --delete-local-data to override): kube-system/kubernetes-dashboard-5f7b999d65-rdwqt
----输出----
#再次执行
kubectl drain iz23sfrk7n5z --ignore-daemonsets --delete-local-data
---输出----
node/iz23sfrk7n5z already cordoned WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-flannel-ds-amd64-z4ggk, kube-system/kube-proxy-8d5kh evicting pod "kubernetes-dashboard-5f7b999d65-rdwqt" pod/kubernetes-dashboard-5f7b999d65-rdwqt evicted node/iz23sfrk7n5z evicted -
--输出---
这样 kubernetes-dashboard会从原先节点删除。 我就两个节点master和node。 所以会跑到master上面重启。如果有多个节点的,可能要多次删除。 到此,错误解决!!
# 创建dashboard管理用户 kubectl create serviceaccount dashboard-admin -n kube-system # 绑定用户为集群管理用户 kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# 生成tocken
kubectl describe secret -n kube-system dashboard-admin-token
# --- 输出如下 ---
Name: dashboard-admin-token-pb78x
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 166aeb8d-604e-11e9-80d6-080027d8332b
Type: kubernetes.io/service-account-token
Data(qxl:done)
====
ca.crt: 1025 bytes
namespace: 11 bytes
token:
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbHBzc2oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOGUxNzM3YjUtNjE3OC0xMWU5LWJlMTktMDAwYzI5M2YxNDg2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.KHTf4_3DJu0liKeoOIoCssmIRXSHM_A4w9XVJKQ44jqEfPSbpwohqKnHxOspWAWsjwRrc3kSQyC9KEDCfTYl91ZY_PzUSqPG8XY58ab1p9q1xUxdDYu3qCyaSHWTQ2dATl1G5nNZQLfrarwWIPurm0BLBLsR1crIQj1P8VGafJJXz-TCQZgiw1OHqB8w89IBUhGrn8vuaIdspNLNZmrl-icjFS4eAevBREwlxqxX0-3-mzTFE8xqCHyfJ7pKpK-Jv1jSpuHjb0CfDPvNBuAGp5jQG44Ya6wq1BcqQO4RiQ07hjfIrnwmfWyZWmBn9YLvBVByupLv872kUUSSxjxxbg
# ------
使用生成的tocken就可以登录dashboard了。根据上面的信息可以得知dashboard的ip和端口,使用火狐浏览器访问https://192.168.200.25:32383(必须使用https,所以会提示不安全,火狐浏览器可以添加例外,谷歌浏览器不行)选择令牌登陆
其他常见问题:
node节点状态为:Ready,SchedulingDisabled
可执行:kubectl uncordon node-name,即可
