[root@master ~]# cat /etc/hosts 192.168.116.241 master 192.168.116.240 node1 192.168.116.251 node2
[root@master ~]# cd /etc/yum.repos.d/ [root@master yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo [root@master yum.repos.d]# vim kubernetes.repo [kubernetes] name=Kubernete Repo baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ gpkcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg enabled=1
安裝docker kuber 插件
[root@master yum.repos.d]# cd /root/ [root@master ~]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg [root@master ~]# rpm --import yum-key.gpg [root@master ~]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg [root@master ~]# rpm --import rpm-package-key.gpg [root@master yum.repos.d]# yum install docker-ce kubelet kubeadm kubectl
master 啟動docker 配置鏡像
由於k8s安裝有很多鏡像國內下載不到,因為編輯如下的配置文件可以找到需要的鏡像,啟動docker前,在Service配置段里定義環境變量,Environment,表示通過這個代理去加載k8s所需的鏡像,加載完成后,可以注釋掉,僅使用國內的加速器來拉取非k8s的鏡像,后續需要使用時,再開啟。
[root@master ~]# vim /usr/lib/systemd/system/docker.service Environment="HTTPS_PROXY=http://www.ik8s.io:10080" Environment="NO_PROXY=127.0.0.0/8,192.168.110.0/24" [root@master ~]# systemctl daemon-reload [root@master ~]# systemctl start docker [root@master bridge]# docker info WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled [root@master bridge]# vim /etc/sysctl.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-arptables = 1 [root@master bridge]# systemctl enable kubelet Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /etc/systemd/system/kubelet.service. [root@master bridge]# systemctl enable docker
[root@node2 ~]# vim /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--fail-swap-on=false"
初始化kube
[root@master ~]# kubeadm init --kubernetes-version=v1.12.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
[init] using Kubernetes version: v1.11.2 [preflight] running pre-flight checks [WARNING Hostname]: hostname "master" could not be reached [WARNING Hostname]: hostname "master" lookup master on 100.100.2.136:53: no such host [preflight] Some fatal errors occurred: [ERROR KubeletVersion]: the kubelet version is higher than the control plane version. This is not a supported version skew and may lead to a malfunctional cluster. Kubelet version: "1.12.2" Control plane version: "1.11.2" [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` [root@master ~]# kubeadm init --kubernetes-version=v1.12.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 [init] using Kubernetes version: v1.12.2 [preflight] running pre-flight checks [WARNING Hostname]: hostname "master" could not be reached [WARNING Hostname]: hostname "master" lookup master on 100.100.2.136:53: no such host [preflight/images] Pulling images required for setting up a Kubernetes cluster [preflight/images] This might take a minute or two, depending on the speed of your internet connection [preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull' [preflight] Some fatal errors occurred: [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.12.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.12.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.12.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.12.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.2.24: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused , error: exit status 1 [ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:1.2.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: proxyconnect tcp: dial tcp 172.96.236.117:10080: connect: connection refused , error: exit status 1 [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` 發現報錯 拉不到鏡像
初始化過程,默認會到gcr.io/google_containers站點拉取相關k8s的鏡像信息,當前國內不能進行這些站點的訪問,如果網絡不能訪問google,則會出現鏡像錄取失敗的報錯
https://console.cloud.google.com/gcr/images/google-containers?project=google-containers
v1.12.2版本初始化需要的鏡像如下
k8s.gcr.io/kube-apiserver-amd64:v1.12.1
k8s.gcr.io/kube-controller-manager-amd64:v1.12.1
k8s.gcr.io/kube-scheduler-amd64:v1.12.1
k8s.gcr.io/kube-proxy-amd64:v1.12.1
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd-amd64:3.2.24
k8s.gcr.io/coredns:1.2.2
執行如下的腳步進行安裝
[root@master ~]# cat pullimages.sh images=( kube-apiserver:v1.12.1 kube-controller-manager:v1.12.1 kube-scheduler:v1.12.1 kube-proxy:v1.12.1 pause:3.1 etcd:3.2.24 coredns:1.2.2 ) for imageName in ${images[@]} ; do docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName done
鏡像拉取成功后再重新執行init命令
初始化命令執行成功后,執行如下的命令,啟動集群
kubeadm join 192.168.116.241:6443 --token oz31po.qu86h666qp1kyava --discovery-token-ca-cert-hash sha256:852b91fa9180b5b296845724d9b5f78a8976e730b6c47987668b4a3504f9005c
獲取組件的健康狀態
[root@master ~]# mkdir -p $HOME/.kube [root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@master ~]# kubectl get cs NAME STATUS MESSAGE ERROR controller-manager Healthy ok scheduler Healthy ok etcd-0 Healthy {"health": "true"}
[root@master ~]# kubectl get node NAME STATUS ROLES AGE VERSION master NotReady master 18m v1.12.2
這里status未就緒,是因為沒有網絡插件,如flannel.地址https://github.com/coreos/flannel可以查看flannel在github上的相關項目,執行如下的命令自動安裝flannel
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.extensions/kube-flannel-ds-amd64 created daemonset.extensions/kube-flannel-ds-arm64 created daemonset.extensions/kube-flannel-ds-arm created daemonset.extensions/kube-flannel-ds-ppc64le created daemonset.extensions/kube-flannel-ds-s390x created [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady master 23m v1.12.2 [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 25m v1.12.2 [root@master ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-576cbf47c7-2jhdm 1/1 Running 0 26m coredns-576cbf47c7-pmvc2 1/1 Running 0 26m etcd-master 1/1 Running 2 2m16s kube-apiserver-master 1/1 Running 3 2m16s kube-controller-manager-master 1/1 Running 2 2m16s kube-flannel-ds-amd64-rn5js 1/1 Running 0 6m20s kube-proxy-69j8k 1/1 Running 2 26m kube-scheduler-master 1/1 Running 2 52s [root@master ~]# kubectl get ns NAME STATUS AGE default Active 26m kube-public Active 26m kube-system Active 26m
node節點
關閉 swapoff
swapoff -a
開啟轉發的參數,根據實際報錯情況開啟,一般有如下三項
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
[root@node2 ~]# systemctl start docker [root@node2 ~]# systemctl enable docker [root@node2 ~]# systemctl enable kubelet Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /etc/systemd/system/kubelet.service.
注意,kubelet此時不啟動,因為缺配置文件,啟動也會報錯,所以不啟動
設置開機啟動,必須的操作
要執行如下的命令,加入master節點,注意,如下命令token和discovery-token-ca-cert-hash是隨機生成,可以用命令查找,比較麻煩,建議安裝成功后,在成功的信息中,如下的命令需要保存,后期方便加入主節點。
[root@node1 ~]# kubeadm join 192.168.116.241:6443 --token oz31po.qu86h666qp1kyava --discovery-token-ca-cert-hash sha256:852b91fa9180b5b296845724d9b5f78a8976e730b6c47987668b4a3504f9005c
[root@master ~]# kubectl get pods -n kube-system -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE coredns-576cbf47c7-2jhdm 1/1 Running 0 39m 10.244.0.2 master <none> coredns-576cbf47c7-pmvc2 1/1 Running 0 39m 10.244.0.3 master <none> etcd-master 1/1 Running 2 15m 192.168.116.241 master <none> kube-apiserver-master 1/1 Running 3 15m 192.168.116.241 master <none> kube-controller-manager-master 1/1 Running 2 15m 192.168.116.241 master <none> kube-flannel-ds-amd64-7dfs7 0/1 Init:0/1 0 3m51s 192.168.116.251 node2 <none> kube-flannel-ds-amd64-rn5js 1/1 Running 0 19m 192.168.116.241 master <none> kube-flannel-ds-amd64-zkh7r 0/1 Init:0/1 0 4m3s 192.168.116.240 node1 <none> kube-proxy-69j8k 1/1 Running 2 39m 192.168.116.241 master <none> kube-proxy-7n7f4 0/1 ContainerCreating 0 4m3s 192.168.116.240 node1 <none> kube-proxy-pjq2d 0/1 ContainerCreating 0 3m51s 192.168.116.251 node2 <none> kube-scheduler-master 1/1 Running 2 13m 192.168.116.241 master <none> [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 40m v1.12.2 node1 NotReady <none> 4m42s v1.12.2 node2 NotReady <none> 4m30s v1.12.2
[root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 62m v1.12.2 node1 Ready <none> 26m v1.12.2 node2 Ready <none> 26m v1.12.2
排查一
kubectl get pods -n kube-system -o wide
kubectl describe pod kube-flannel-ds-amd64-2mxvx --namespace=kube-system
看日志一直在pull 鏡像 手動下載鏡像
