一鍵安裝的腳本已經不少了,但是手動安裝一遍感覺更能體會一下kubernetes的架構。參考的安裝腳本和信息在本文最后列出。
###安裝前檢查與預配置
-
CentOS 7.
-
2 GB or more of RAM per machine (any less will leave little room for your apps).
-
2 CPUs or more.(CPU少於2個,會有錯誤提示,初始化時忽略就可以)
-
Full network connectivity between all machines in the cluster (public or private network is fine).
-
Unique hostname, MAC address, and product_uuid for every node.
- You can get the MAC address of the network interfaces using the command
ip linkorifconfig -a - The product_uuid can be checked by using the command
sudo cat /sys/class/dmi/id/product_uuid
- You can get the MAC address of the network interfaces using the command
-
Certain ports are open on your machines.
-
Control-plane node(s)
Protocol Direction Port Range Purpose Used By TCP Inbound 6443 Kubernetes API server All TCP Inbound 2379-2380 etcd server client API kube-apiserver, etcd TCP Inbound 10250 Kubelet API Self, Control plane TCP Inbound 10251 kube-scheduler Self TCP Inbound 10252 kube-controller-manager Self -
Worker node(s)
Protocol Direction Port Range Purpose Used By TCP Inbound 10250 Kubelet API Self, Control plane TCP Inbound 30000-32767 NodePort Services All
-
-
Set SELinux in permissive mode (effectively disabling it).(我的雲服務器默認已經是關閉狀態了)
This is required to allow containers to access the host filesystem, which is needed by pod networks for example. You have to do this until SELinux support is improved in the kubelet.
setenforce 0 cp -p /etc/selinux/config /etc/selinux/config.bak$(date '+%Y%m%d%H%M%S') sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config -
Setup iptables (routing).
Some users on RHEL/CentOS 7 have reported issues with traffic being routed incorrectly due to iptables being bypassed.
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-arptables = 1 EOF sysctl --system -
Swap disabled. You MUST disable swap in order for the kubelet to work properly.
swapoff -a cp -p /etc/fstab /etc/fstab.bak$(date '+%Y%m%d%H%M%S') sed -i "s/\/dev\/mapper\/rhel-swap/\#\/dev\/mapper\/rhel-swap/g" /etc/fstab sed -i "s/\/dev\/mapper\/centos-swap/\#\/dev\/mapper\/centos-swap/g" /etc/fstab mount -a free -m cat /proc/swaps
最好關閉防火牆,否則可能在某一步出現問題,不好排查:
systemctl stop firewalld
systemctl disable firewalld
安裝Container runtime—Docker
在CentOS7中使用yum安裝方式如下:
# step 1: 安裝必要的一些系統工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加軟件源信息
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新並安裝 Docker-CE
sudo yum makecache fast
sudo yum install docker-ce-18.06.2.ce-3.el7
# Step 4: 開啟Docker服務
sudo systemctl enable docker
sudo systemctl start docker
# Step 5: 配置鏡像加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://lnxo5xh2.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
安裝kubeadm,kubelet和kubectl
# step 1: 添加軟件源信息
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# Step 3: 更新並安裝 kubelet kubeadm kubectl
yum clean all
yum makecache -y
yum repolist all
setenforce 0
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
初始化控制平面節點
拉取初始化所需鏡像(這些鏡像我是通過在dockerhub上下載然后docker tag自己打的對應標簽)
通過kubeadm config images list可以查看對應kubeadm版本的初始化鏡像,我整理如下,其中最后一個鏡像是用於通信的flannel插件
k8s.gcr.io/kube-apiserver:v1.15.0
k8s.gcr.io/kube-controller-manager:v1.15.0
k8s.gcr.io/kube-scheduler:v1.15.0
k8s.gcr.io/kube-proxy:v1.15.0
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.10
k8s.gcr.io/coredns:1.3.1
quay.io/coreos/flannel:v0.11.0-amd64 #pod通信使用的插件
初始化控制平面節點
sudo kubeadm init --kubernetes-version=v1.15.0 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=NumCPU
初始化成功后,最后會提示如下信息,方便普通用戶使用kubernetes。同時kubeadm join處信息,可以添加node節點。
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.17.17.59:6443 --token khk4ig.sjz142bi0xxxxxxx \
--discovery-token-ca-cert-hash sha256:1f6b9a1a675188cd76b97e9050f7343a361adxxxxxxxxxxxxxxxx
安裝pod網絡附加組件
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/62e44c867a2846fefb68bd5f178daf4da3095ccb/Documentation/kube-flannel.yml
安裝了pod網絡后,您可以通過在``kubectl get pods --all-namespaces`的輸出中檢查CoreDNS pod正在運行來確認它是否正常工作。一旦CoreDNS pod啟動並運行,您可以繼續加入您的節點。
控制平面節點加入工作節點中(默認master節點不參加工作負載。因為是自己玩,只有一個服務器,所以將master節點當作工作節點)
kubectl taint nodes --all node-role.kubernetes.io/master-
有欠妥之處,歡迎交流討論~~