一、環境准備
1.1 操作系統
| IP | 部署內容 | |
|---|---|---|
| master | 192.168.10.109 | kubeadm kubelet kubectl |
| node1 | 192.168.10.107 | kubeadm kubelet |
| node2 | 192.168.10.108 |
修改/etc/hosts文件,加入maste和node節點信息
1.2 關閉防火牆
systemctl stop firewalld
systemctl disable firewalld
1.3 關閉swap
1 swapoff -a 2 修改/etc/fstab 注釋掉關於swap部分
二、安裝docker
2.1 安裝
安裝docker 1.更新yum包 yum update 2.卸載舊版本 yum remove docker 3.安裝依賴 yum install -y yum-utils device-mapper-persistent-data lvm2 4.設置yum源 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 5.安裝docker yum install docker-ce 6.啟動docker systemctl start docker systemctl enable docker 7.驗證安裝是否成功 docker version
2.2 替換國內源
vi /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com"] } systemctl restart docker.service
2.3 配置k8s源
1 /etc/yum.repos.d/kubernetes.repo 2 3 [kubernetes] 4 name=Kubernetes Repo 5 baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ 6 gpgcheck=1 7 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg 8 enable=1 9 10 11 wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg 12 rpm --import rpm-package-key.gpg 13 yum repolist
三、安裝Kubernetes
以下部分在master上執行
3.1 安裝kubeadm和相關工具
yum -y install kubelet kubeadm kubectl --disableexcludes=kubernets
此時kubectl可能會起不來,可以在kubeadm init完成后再啟動
3.2 kubeadm config
執行kubeadm config print init-defaults,獲取默認的初始化參數文件 kubeadm config print init-defaults > init.default.yaml 將該文件保存備用
3.3 列出所需的鏡像列表
kubeadm config images list k8s.gcr.io/kube-apiserver:v1.18.3 k8s.gcr.io/kube-controller-manager:v1.18.3 k8s.gcr.io/kube-scheduler:v1.18.3 k8s.gcr.io/kube-proxy:v1.18.3 k8s.gcr.io/pause:3.2 k8s.gcr.io/etcd:3.4.3-0 k8s.gcr.io/coredns:1.6.7
k8s.gcr.io鏡像倉庫地址在國內無法訪問,可以使用下面地址替代 registry.cn-hangzhou.aliyuncs.com/google_containers
沒有v1.18.3就找v1.18.2
images=(kube-apiserver:v1.18.3kube-controller-manager:v1.18.3kube-scheduler:v1.18.3kube-proxy:v1.18.3pause:3.2etcd:3.4.3-0coredns:1.6.7 ) for imageName in ${images[@]};do docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
3.4 初始化環境
kubeadm init # 這一步注意,如果需要特定的網絡插件,需要額外加參數,具體看網絡插件的介紹 保存好 kubeadm join的信息 kubeadm join 192.168.10.109:6443 --token 3fntt0.e0k8ivnl1p6cxesy \ --discovery-token-ca-cert-hash sha256:f98b963683b0370f6b24ca7ea4577a08acbf9ce9a88902aadfe115b8a2c258a7
報錯信息 以下修改在node節點上也執行 1)detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". 修改或創建/etc/docker/daemon.json,加入下面的內容: { "exec-opts": ["native.cgroupdriver=systemd"] } systemctl restart docker 2)/proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1 echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables 3)/proc/sys/net/ipv4/ip_forward contents are not set to 1 echo "1" >/proc/sys/net/ipv4/ip_forward [ERROR Swap]: running with swap on is not supported. Please disable swap swapoff -a vim /etc/fstab 注釋掉swap部分
3.5 配置授權信息
按照init最后部分提示執行 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
此時已經在master上安裝完成了Kubernetes,但集群內還沒有可以用的Node,並缺乏對容器網絡的配置
啟動master上的kubelet
systemctl start kubelet && systemctl enable kubelet
Kubernetes官方默認策略是worker節點運行Pod,master節點不運行Pod。如果為了測試或開發目的部署單節點集群,可以通過以下命令設置:
kubectl taint nodes --all node-role.kubernetes.io/master-
3.6 配置node節點
對於新節點的加入,系統准備和Kubernetes yum源配置過程一樣
yum install kubelet kubeadm --disableexcludes=kubernetes
將node節點加入集群
kubeadm join 192.168.10.109:6443 --token 3fntt0.e0k8ivnl1p6cxesy \ --discovery-token-ca-cert-hash sha256:f98b963683b0370f6b24ca7ea4577a08acbf9ce9a88902aadfe115b8a2c258a7
在node節點上啟動kubelet
systemctl start kubelet && systemctl enable kubelet
四、網絡插件
在master上執行kubectl get nodes命令,會發現Kubernetes提示節點為NotReady狀態,這是因為還沒有安裝CNI網絡插件
# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady master 27m v1.18.3 node1 NotReady <none> 4m26s v1.18.3 node2 NotReady <none> 4m5s v1.18.3
4.1 flannel
需要在kubeadm init 時設置 --pod-network-cidr=10.244.0.0/16
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml
4.2 weave
sysctl net.bridge.bridge-nf-call-iptables=1 kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
4.3 calico
需要 kubeadm init 時設置 --pod-network-cidr=192.168.0.0/16
kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
例如選擇weave插件,執行命令安裝
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
4.5 驗證Kubernetes集群是否安裝成功
kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-66bff467f8-hqqz7 1/1 Running 0 73m coredns-66bff467f8-z2hr4 1/1 Running 0 73m etcd-master 1/1 Running 1 73m kube-apiserver-master 1/1 Running 1 73m kube-controller-manager-master 1/1 Running 1 73m kube-proxy-fhzcv 1/1 Running 0 50m kube-proxy-jhmp5 1/1 Running 0 50m kube-proxy-n7ldl 1/1 Running 1 73m kube-scheduler-master 1/1 Running 1 73m weave-net-2d6sz 2/2 Running 0 32m weave-net-jfxbt 2/2 Running 0 32m weave-net-kmj98 2/2 Running 0 32m
其中有些可能不能啟動,大部分原因就是鏡像獲取不到,如果是k8s.gcr.io倉庫的,可以把之前下載
到master上的鏡像導入到node節點上
查看pod啟動失敗的原因
kubectl -n kube-system describe pod <pod-name>
查看節點是否都Ready
# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 73m v1.18.3 node1 Ready <none> 50m v1.18.3 node2 Ready <none> 50m v1.18.3
至此,通過kubeadm工具就實現了Kubernetes集群的安裝。