kubeadm安装kubernetes1.14.0

使用kubeadm搭建kubernetes1.14.0单master集群

搭建kubernetes集群需要满足一下需求:

  • 一台或多台机器,操作系统 CentOS7.2及以上
  • 硬件配置:2GB及以上,2个CPU及以上,硬盘30GB
  • 集群中所有机器之间网络互通
  • 可以访问外网,需要拉取镜像
  • 禁止swap分区

软件版本

搭建kubernetes1.14.0,组件版本如下

kubeadm-1.14.0
kubectl-1.14.0
kubelet-1.14.0
docker-18.06

环境准备

关闭防火墙

systemctl stop firewalld && systemctl disable firewalld

关闭selinux

setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config


关闭swap:

$ 临时
swapoff -a 
$ 永久
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

修改hosts文件,添加如下内容

# cat /etc/hosts
192.168.1.102 master
192.168.1.103 node1

修改内核参数

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
modprobe br_netfilter

安装组件

添加软件源

docker源

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

kubernetes源

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

更新缓存

sudo yum clean all && sudo yum makecache

安装kubeadm kubectl kubelet docker

yum install -y kubelet-1.14.0 kubeadm-1.14.0 kubectl-1.14.0 docker-ce-18.06.1.ce-3.el7 -y

启动docker和kubelet

systemctl start docker && systemctl enable docker
systemctl start kubelet && systemctl enable kubelet

部署master

kubeadm init \
--apiserver-advertise-address=192.168.1.102 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.14.0 \
--service-cidr=10.10.0.0/23\
--pod-network-cidr=10.10.10.0/23 

添加配置文件
将/etc/kubernetes/admin.conf复制到~/.kube/config文件

加入node节点

使用上一步输出命令,在node节点执行

kubeadm join 192.168.1.102:6443 --token 9ee8zm.s7np2u9cf5346se9 \
--discovery-token-ca-cert-hash sha256:fcced58d843fdee5cb9560cc6df4e8c83271b1f8bb1f0566a0cde714228124c8

部署flannel

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentati

Dashboard安装

安装dashboard,国内可以使用别的yaml源

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

修改node为NodePort模式 kubectl -n kube-system edit service kubernetes-dashboard

把type: ClusterIP 改成 type: NodePort 然后保存
# 查看服务(得知dashboard运行在443:32383/TCP端口) kubectl get service --namespace=kube-system #

--- 输出 ---

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.10.0.10 <none> 53/UDP,53/TCP,9153/TCP 7h40m kubernetes-dashboard NodePort 10.10.53.12 <none> 443:30675/TCP 3h42m #

--- 输出 --- #

查看dashboard运行在哪个node(得知dashboard运行在master节点上) kubectl get pods -A -o wide #

--- 输出 --- #

 

 

 

 

 

--- 输出 --- #

如果无法变成Running状态,可以使用以下命令排错 journalctl -f -u kubelet # 只看当前的kubelet进程日志 ### 提示拉取镜像失败,无法FQ的可以使用以下方法预先拉取镜像 ### 请在kubernetes-dashboard的节点上操作文件:

   #!/bin/bash
   docker pull registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0
   docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
   docker tag registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
   docker image rm registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0

 

报错处理:

kubectl get pods -A -o wide ##

查看结果: kube-system kubernetes-dashboard-5f7b999d65-rdwqt 0/1 CrashLoopBackOff 状态不正常,

kubectl logs kubernetes-dashboard-5f7b999d65-rdwqt --namespace=kube-system

----输出----- 2019/04/23 03:04:59 Starting overwatch 2019/04/23 03:04:59 Using in-cluster config to connect to apiserver 2019/04/23 03:04:59 Using service account token for csrf signing 2019/04/23 03:05:29 Error while initializing connection to Kubernetes apiserver. This most likely means that the cluster is misconfigured (e.g., it has invalid apiserver certificates or service account's configuration) or the --apiserver-host param points to a server that does not exist. Reason: Get https://10.96.0.1:443/version: dial tcp 10.96.0.1:443: i/o timeout Refer to our FAQ and wiki pages for more information: https://github.com/kubernetes/dashboard/wiki/FAQ ----输出-----

google后,网友给的建议:

1. I started fooling around and I saw (using the cmd: kubectl get pods -a -o wide --all-namespaces) that the kubernetes-dashboard was actually being set up on a slave node, and not on master (not sure if that's now it should be done)

2. I started removing all the slave node one by one and eventually, the dashboard ended up getting deployed on the master node itself (it happened automatically, all hail kubernetes!) 3. As soon as the dashboard was on the master node, the 'authentication to the API Server' problem got resolved since the api-server 'service' was also running on the master node.

大概意思是将 kubernetes-dashboard部署在master节点。

我的操作:

#mater节点操作:

kubectl drain node_name(节点的名字)

---输出---

node/iz23sfrk7n5z cordoned error: unable to drain node "iz23sfrk7n5z", aborting command... There are pending nodes to be drained: iz23sfrk7n5z cannot delete DaemonSet-managed Pods (use --ignore-daemonsets to ignore): kube-system/kube-flannel-ds-amd64-z4ggk, kube-system/kube-proxy-8d5kh cannot delete Pods with local storage (use --delete-local-data to override): kube-system/kubernetes-dashboard-5f7b999d65-rdwqt

----输出----

#再次执行

kubectl drain iz23sfrk7n5z --ignore-daemonsets --delete-local-data

---输出----

node/iz23sfrk7n5z already cordoned WARNING: ignoring DaemonSet-managed Pods: kube-system/kube-flannel-ds-amd64-z4ggk, kube-system/kube-proxy-8d5kh evicting pod "kubernetes-dashboard-5f7b999d65-rdwqt" pod/kubernetes-dashboard-5f7b999d65-rdwqt evicted node/iz23sfrk7n5z evicted -

--输出---

这样 kubernetes-dashboard会从原先节点删除。 我就两个节点master和node。 所以会跑到master上面重启。如果有多个节点的,可能要多次删除。 到此,错误解决!!

# 创建dashboard管理用户 kubectl create serviceaccount dashboard-admin -n kube-system # 绑定用户为集群管理用户 kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

# 生成tocken

kubectl describe secret -n kube-system dashboard-admin-token

# --- 输出如下 ---

Name:         dashboard-admin-token-pb78x

Namespace:    kube-system

Labels:       <none>

Annotations:  kubernetes.io/service-account.name: dashboard-admin

              kubernetes.io/service-account.uid: 166aeb8d-604e-11e9-80d6-080027d8332b

 

Type:  kubernetes.io/service-account-token

 

 

Data(qxl:done)

====

ca.crt:     1025 bytes

namespace:  11 bytes

token:     

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbHBzc2oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOGUxNzM3YjUtNjE3OC0xMWU5LWJlMTktMDAwYzI5M2YxNDg2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.KHTf4_3DJu0liKeoOIoCssmIRXSHM_A4w9XVJKQ44jqEfPSbpwohqKnHxOspWAWsjwRrc3kSQyC9KEDCfTYl91ZY_PzUSqPG8XY58ab1p9q1xUxdDYu3qCyaSHWTQ2dATl1G5nNZQLfrarwWIPurm0BLBLsR1crIQj1P8VGafJJXz-TCQZgiw1OHqB8w89IBUhGrn8vuaIdspNLNZmrl-icjFS4eAevBREwlxqxX0-3-mzTFE8xqCHyfJ7pKpK-Jv1jSpuHjb0CfDPvNBuAGp5jQG44Ya6wq1BcqQO4RiQ07hjfIrnwmfWyZWmBn9YLvBVByupLv872kUUSSxjxxbg

# ------

使用生成的tocken就可以登录dashboard了。根据上面的信息可以得知dashboard的ip和端口,使用火狐浏览器访问https://192.168.200.25:32383(必须使用https,所以会提示不安全,火狐浏览器可以添加例外,谷歌浏览器不行)选择令牌登陆

 

 

 

 其他常见问题:

node节点状态为:Ready,SchedulingDisabled

可执行:kubectl uncordon node-name,即可

 

 

posted @ 2019-08-30 11:03  国家一级开机运动员  阅读(985)  评论(0编辑  收藏  举报