k8s部署 1.19.0（使用kubeadm部署）

本文轉載自查看原文 2020-05-21 13:35 2160

1-8 (除了5) 在所有節點執行

1.關閉防火牆，配置免密登錄，這點基本所有教程都有

systemctl stop firewalld 
systemctl disable firewalld.service

2.關閉selinux

setenforce 0

3.關閉swap

swapoff -a    臨時關閉
free          可以通過這個命令查看swap是否關閉了
vim /etc/fstab  永久關閉 注釋swap那一行

4.添加主機名與IP對應的關系，免密（這一步可以只在master執行）

vim /etc/hosts
192.168.235.145       k8s-master
192.168.235.146       k8s-node1

ssh-keygen
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

# 可以在master生成，然后拷貝到node節點
scp -r .ssh root@node1:/root

5.將橋接的IPV4流量傳遞到iptables 的鏈

 
          vi /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

6.安裝Docker及同步時間

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O/etc/yum.repos.d/docker-ce.repo

yum -y install docker-ce

systemctl start docker
systemctl enable docker

# 同步時間（這一步必須做，否則后面安裝flannel可能會有證書錯誤）
yum install ntpdate -y
ntpdate cn.pool.ntp.org

7.添加阿里雲YUM軟件源

vi /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

8.安裝kubeadm，kubelet和kubectl

yum makecache fast

yum install -y kubectl-1.19.0 kubeadm-1.19.0 kubelet-1.19.0 --nogpgcheck

9. 部署Kubernetes Master

初始化master（在master執行）

 
          # 第一次初始化比較慢，需要拉取鏡像
kubeadm init --apiserver-advertise-address=192.168.235.145   # 換成自己master的ip
--image-repository registry.aliyuncs.com/google_containers 
--kubernetes-version v1.19.0
--service-cidr=10.1.0.0/16 
--pod-network-cidr=10.244.0.0/16  # 使用flannel網絡必須設置成這個cidr

接下來，將初始化結果中的命令復制出來執行：
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config 
         

驗證狀態，發現前兩個是pending，get pods 發現是not ready

 
          kubectl get pods --all-namespaces
NAMESPACE     NAME                             READY   STATUS   RESTARTS   AGE
kube-system   coredns-9d85f5447-fhdmx         0/1     Pending   0         100d
kube-system   coredns-9d85f5447-x5wfq         0/1     Pending   0         100d
kube-system   etcd-local1                     1/1     Running   0         100d
kube-system   kube-apiserver-local1           1/1     Running   0         100d
kube-system   kube-controller-manager-local1   1/1     Running   0         100d
kube-system   kube-proxy-2trv9                 1/1     Running   0         100d
kube-system   kube-scheduler-local1           1/1     Running   0         100d 
         

需要安裝flannel

 
          安裝flannel（在master執行）
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

若出現如下錯誤

The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port? 
          是因為外網不可訪問，修改hosts文件后，重新執行即可 
          sudo vim /etc/hosts
199.232.28.133 raw.githubusercontent.com 
          安裝完flannel，將配置拷到node節點，否則添加節點之后狀態不對
scp -r /etc/cni root@node:/etc

# 這一步也要拷貝，否則節點看着正常，但是pod由於網絡原因無法創建 
scp -r /run/flannel/ root@local2:/run 
         

再次初始化

 
          # 執行第9步的命令
kubeadm init ...

參數
--kubernetes-version 指定Kubernetes版本
--apiserver-advertise-address 指定apiserver的監聽地址
--pod-network-cidr 10.244.0.0/16 指定使用flanneld網絡
--apiserver-bind-port api-server 6443的端口
--ignore-preflight-errors all 跳過之前已安裝部分（出問題時，問題解決后加上繼續運行） 
         

查看集群狀態，master正常

 
          [root@local1 ~]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
scheduler            Healthy   ok                  
controller-manager   Healthy   ok                  
etcd-0               Healthy   {"health":"true"}

[root@local1 ~]# kubectl get nodes
NAME     STATUS     ROLES    AGE     VERSION
local1   Ready      master   2m16s   v1.17.3

[root@local1 ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                             READY   STATUS    RESTARTS   AGE
kube-system   coredns-9d85f5447-9s4mc          1/1     Running   0          16m
kube-system   coredns-9d85f5447-gt2nf          1/1     Running   0          16m
kube-system   etcd-local1                      1/1     Running   0          16m
kube-system   kube-apiserver-local1            1/1     Running   0          16m
kube-system   kube-controller-manager-local1   1/1     Running   0          16m
kube-system   kube-proxy-sdbl9                 1/1     Running   0          15m
kube-system   kube-proxy-v4vxg                 1/1     Running   0          16m
kube-system   kube-scheduler-local1            1/1     Running   0   
         

10、node工作節點加載

node節點執行1-8，如果第五步不執行，會添加失敗

在node節點執行上面初始化時生成的join命令

 
          kubeadm join 192.168.235.145:6443 --token w5rify.gulw6l1yb63zsqsa 
    --discovery-token-ca-cert-hash 
    sha256:4e7f3a03392a7f9277d9f0ea2210f77d6e67ce0367e824ed891f6fefc7dae3c8

# 輸出
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster. 
         

在master查看

[root@local1 ~]# kubectl get nodes
NAME     STATUS     ROLES    AGE     VERSION
local1   Ready      master   4m58s   v1.17.3
local2   Ready      <none>   3m36s   v1.17.3

在node節點查看

[root@local3 ~]# kubectl get nodes
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

# 如果報錯，需要將master的admin.conf拷貝過來
# master執行
scp /etc/kubernetes/admin.conf root@local3:/etc/kubernetes/

# 然后在node執行下面三步
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

再次在node查看

[root@local3 ~]# kubectl get nodes
NAME     STATUS   ROLES    AGE     VERSION
local1   Ready    master   6m36s   v1.18.0
local2   Ready    <none>   31s     v1.18.0
local3   Ready    <none>   5m43s   v1.18.0

11、如果節點出錯，可以移除節點

#重置節點
kubeadm reset

#刪除節點，刪除后 數據就從etcd中清除了(可運行kubectl的任一節點中執行)
kubectl delete node node-1

12、如果加入節點時，token過期，可以重新生成

查看token
kubeadm token list

默認生成的token有效期是一天，生成永不過期的token
[root@k8s-master ~]# kubeadm token create --ttl 0
W0501 09:14:13.887115   38074 validation.go:28] Cannot validate kube-proxy config - no validator is available
W0501 09:14:13.887344   38074 validation.go:28] Cannot validate kubelet config - no validator is available

查看token
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
# token
4dc852fb46813f5b1840f06578ba01283c1a12748419ba8f25ce2788419ab1c2   

在worker節點執行join
kubeadm join 192.168.0.104:6443 --token vahjcu.rhm7864v6l400188 --discovery-token-ca-cert-hash sha256:4dc852fb46813f5b1840f06578ba01283c1a12748419ba8f25ce2788419ab1c2

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 使用kubeadm部署k8s k8s之使用Kubeadm部署k8s集群 K8S部署之kubeadm kubeadm部署K8S K8S部署之kubeadm 使用kubeadm部署k8s多master集群(一)集群部署【02】Kubernets：使用 kubeadm 部署 K8S 集群在Centos7.6使用kubeadm部署k8s 1.14.3 ubuntu18.04使用kubeadm部署k8s單節點利用kubeadm快速部署k8s