实验环境:
centos7.4
三台设备,分别为k8s-master,k8s-node1,k8s-node2
准备工作:
关闭selinux及关闭防火墙
systemctl firewalld stop
cat /etc/selinux/config |grep disabled
# disabled - No SELinux policy is loaded.
SELINUX=disabled
部署步骤:
1.master与node创建秘钥
在master上面执行如下命令
ssh-keygen -t rsa
ssh-copy-id -i /root/.ssh/id_rsa.pub root@k8s-node1
ssh-copy-id -i /root/.ssh/id_rsa.pub root@k8s-node2
2.添加kubernetes和docker的yum源
cd /etc/yum.repos.d/
vim kubernetes.repo
[kubernetes]
name=Kubernetes repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.安装kubelet docker kubeadm kubelectl
yum install docker-ce kubelet kubeadm kubectl ##每个节点都需要安装
4.在master节点上面拉取镜像
vi /usr/lib/systemd/system/docker.service
添加如下命令
Environment="HTTPS_PROXY=http://www.ik8s.io:10080"
Environment="NO_PROXY=localhost,127.0.0.0/8,10.0.83.0/24"
因为国内是无法直接访问k8s.gcr.io里面的镜像文件的,需要通过代理来访问
如果代理不可用的话,把上面的配置注释掉,然后用如下脚本去pull镜像
docker pull mirrorgooglecontainers/kube-apiserver:v1.12.2
docker pull mirrorgooglecontainers/kube-controller-manager:v1.12.2
docker pull mirrorgooglecontainers/kube-scheduler:v1.12.2
docker pull mirrorgooglecontainers/kube-proxy:v1.12.2
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.2.24
docker pull coredns/coredns:1.2.2
docker pull quay.io/coreos/flannel:v0.10.0-amd64
镜像下载完以后再修改tag
docker tag mirrorgooglecontainers/kube-apiserver:v1.12.2 k8s.gcr.io/kube-apiserver:v1.12.2
docker tag mirrorgooglecontainers/kube-controller-manager:v1.12.2 k8s.gcr.io/kube-controller-manager:v1.12.2
docker tag mirrorgooglecontainers/kube-scheduler:v1.12.2 k8s.gcr.io/kube-scheduler:v1.12.2
docker tag mirrorgooglecontainers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag coredns/coredns:1.2.2 k8s.gcr.io/coredns:1.2.2
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/kube-proxy:v1.12.2 k8s.gcr.io/kube-proxy:v1.12.2
5.通过kubeadm部署k8s
默认是不支持swap的所以需要再kubelet里面修改配置
vi /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false --read-only-port=10255"
执行kubeadm命令初始化K8s
kubeadm init --kubernetes-version=v1.12.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
结束后
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
6.安装flannel网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
7.添加node的到集群里面
kubernetes源跟docker源参照master,docker.service跟/etc/sysconfig/kubelet配置参照master
先下载镜像
docker pull mirrorgooglecontainers/kube-proxy:v1.12.2
docker pull mirrorgooglecontainers/pause:3.1
docker pull quay.io/coreos/flannel: v0.10.0-amd64
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/kube-proxy:v1.12.2 k8s.gcr.io/kube-proxy:v1.12.2
kubeadm join 192.168.83.112:6443 --token 0mccze.xwvw3o5n3zbypb8q --discovery-token-ca-cert-hash sha256:dd129a36df0a5160aa4f6d5cc3a347712cf239c70bdde8b6906e0ec42815aea0 --ignore-preflight-errors=Swap(这一串字符在主控制部署完的时候会有记得保存方便后续添加节点使用)
9.检查集群状态是否正常
[root@k8s-master sysconfig]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health": "true"}
[root@k8s-master sysconfig]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 9d v1.12.2
k8s-node1 Ready <none> 9d v1.12.2
k8s-node2 Ready <none> 9d v1.12.2
遇到的问题:coredns无法正常解析kubernets,会解析到外部网络去
后来发现要将宿主机的DNS地址改成内部DNS服务器,不能直接填运营商的DNS地址,不明白为什么。
缺少--read-only-port=10255参数,如果没有这个参数的话默认不打开10255端口,那么后续在部署dashboard的时候heapster会报错提示无法连接节点的10255端口。