環境 centos7 為例
1 yum 源修改為國內
// 備份本地yum源 mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak // 獲取阿里yum源配置 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo // 或者 curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo // 更新catch yum clean all # 清除系統所有的yum緩存
yum makecache # 生成yum緩存 // 查看 yum -y update
// 調整時區為上海
timedatectl set-timezone Asia/Shanghai
2 使用本地軟件包管理軟件安裝 kubectl 二進制文件
$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
開始安裝 kubelet kubeadm kubectl $ yum install -y kubelet-1.18.2 kubeadm-1.18.2 kubectl-1.18.2 設置開機啟動 $ systemctl enable kubelet && systemctl start kubelet
設置路由策略
lsmod | grep br_netfilter
使橋接流量對iptables可見
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
關閉swap
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
sudo swapoff -a
驗證是否生效,均返回 1 即正確
sysctl -n net.bridge.bridge-nf-call-iptables
sysctl -n net.bridge.bridge-nf-call-ip6tables
echo "1" >/proc/sys/net/ipv4/ip_forward
3 關閉防火牆
sudo systemctl stop firewalld.service #停止firewall
sudo systemctl disable firewalld.service #禁止firewall開機啟動
sudo firewall-cmd --state #查看防火牆狀態
4 禁用SELINUX
sudo setenforce 0 sudo vi /etc/selinux/config #SELINUX修改為disabled SELINUX=disabled
5 升級內核為 4.44 版本
更新yum源 yum -y update 獲取源 rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm 安裝,裝完成后檢查 /boot/grub2/grub.cfg中對應內核menuentry中是否包含 initrd16 配置,如果沒有,再安裝一次! yum --enablerepo=elrepo-kernel install -y kernel-lt 查看系統的全部內核
sudo awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
0 : CentOS Linux (4.4.234-1.el7.elrepo.x86_64) 7 (Core)
1 : CentOS Linux (3.10.0-1127.19.1.el7.x86_64) 7 (Core)
2 : CentOS Linux (3.10.0-1127.el7.x86_64) 7 (Core)
3 : CentOS Linux (0-rescue-a3c527d56cc044c1887c29a15fe92891) 7 (Core)
設置開機從新內核啟動
grub2-set-default 0
生成grub配置文件
grub2-mkconfig -o /boot/grub2/grub.cfg
重啟使配置有效
reboot
查看正在使用的內核
uname -r
6 安裝 docker-ce,國內阿里倉庫安裝
安裝所需的軟件包。yum-utils 提供了 yum-config-manager ,並且 device mapper 存儲驅動程序需要 device-mapper-persistent-data 和 lvm2。
sudo yum install -y yum-utils \ device-mapper-persistent-data \ lvm2
$ sudo yum-config-manager \ --add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安裝最新版本的 Docker Engine-Community 和 containerd
$ sudo yum install docker-ce docker-ce-cli containerd.io
將普通用戶可以執行docker命令
創建docker 用戶組sudo groupadd docker普通用戶加入docker用戶組sudo usermod -aG docker ${USER}
啟動dockersudo systemctl restart docker
## Create /etc/docker
mkdir /etc/docker# Set up the Docker daemon cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ] } EOF
mkdir -p /etc/systemd/system/docker.service.d
# Restart Docker
systemctl daemon-reload
systemctl restart docker
# 開機啟動docker
systemctl enable docker
7 查看kubeadm、kubectl、cubelet 版本命令
[allen@k8s-node2 ~]$ kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:28:32Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"} [allen@k8s-node2 ~]$ kubectl version --client Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:30:33Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"} [allen@k8s-node2 ~]$ kubelet --version Kubernetes v1.19.0
8 master 節點初始化集群
[root@master ~]# kubeadm init --kubernetes-version=1.18.2 \
--apiserver-advertise-address=192.168.253.11 \
--ignore-preflight-errors=all \ --image-repository registry.aliyuncs.com/google_containers \ --service-cidr=10.1.0.0/16 \ --pod-network-cidr=10.244.0.0/16
POD的網段為: 10.122.0.0/16, api server地址就是master本機IP。
這一步很關鍵,由於kubeadm 默認從官網k8s.grc.io下載所需鏡像,國內無法訪問,因此需要通過–image-repository指定阿里雲鏡像倉庫地址。
參數解釋:
–kubernetes-version: 用於指定k8s版本; –apiserver-advertise-address:用於指定kube-apiserver監聽的ip地址,就是 master本機IP地址。 –pod-network-cidr:用於指定Pod的網絡范圍; 10.244.0.0/16 –service-cidr:用於指定SVC的網絡范圍; –image-repository: 指定阿里雲鏡像倉庫地址
9 執行以下命令
[root@master ~]# mkdir -p $HOME/.kube [root@master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
10 使kubectl自動補全
# source <(kubectl completion bash)
11 查看節點
kubectl get pod --all-namespaces -o wide
12 添加網絡
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml 或者 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
13 worker 節點添加到集群中
kubeadm join 192.168.253.11:6443 --token zz2iu9.ta51l53ajgai8rhx --discovery-token-ca-cert-hash sha256:e49bc0b32bd1f8ebdd8420bf5f29c4d8ab8b0f4abc21d0e9612b57cb8b0c41a8
重新生成加入集群命令
kubeadm token create --print-join-command
14 部署 dashbord 界面
下載 dashbord.yaml 文件到本地,可以在github上查看想要的版本,例如 2.0.0 地址如下
https://github.com/kubernetes/dashboard/blob/v2.0.0/aio/deploy/recommended.yaml
部署
kubectl create -f dashbord.yaml
kubectl proxy
可以通過以下方式查看界面
https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md
15 設置可以在外部訪問dashboard,修改 dashboard以 nodePort 訪問,編輯配置文件
$ kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
修改類型
type: ClusterIP
改為
type: NodePort
查看暴露的端口
kubectl -n kubernetes-dashboard get service kubernetes-dashboard
此時可以通過31481端口訪問
https://192.168.253.11:31481/#/login
查看dashboard.yaml 文件找到
表示創建了 kubernetes-dashbord 賬戶
15.1 為該賬戶創建登錄 token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep kubernetes-dashboard | awk '{print $1}')
輸出樣例如下:
Name: kubernetes-dashboard-certs Namespace: kubernetes-dashboard Labels: k8s-app=kubernetes-dashboard Annotations: <none> Type: Opaque Data ==== Name: kubernetes-dashboard-csrf Namespace: kubernetes-dashboard Labels: k8s-app=kubernetes-dashboard Annotations: <none> Type: Opaque Data ==== csrf: 256 bytes Name: kubernetes-dashboard-key-holder Namespace: kubernetes-dashboard Labels: <none> Annotations: <none> Type: Opaque Data ==== priv: 1679 bytes pub: 459 bytes Name: kubernetes-dashboard-token-5w8wl Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: kubernetes-dashboard kubernetes.io/service-account.uid: bbc82fe3-cd7d-439a-b8e6-0cc0babc3909 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlZ1Nm1aWDMxZlVqenl3OVJtdnJldmtDQ1UyS1F0UVVjd3VVLTEzc2tXYzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi01dzh3bCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY29jZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJiYzgyZmUzLWNkN2QtNDM5YS1iOGU2LTBjYzBiYWJjMzkwOSIsInN1YiI6ZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.oFNrIn9sfEXtENOz3ENWrtHN_snUkMkDD5cvMPlAVqBZMM1jHK4bzl2tzym2jcd-1rA1X3g_GfgECGCmnNkU33TublWXaofkMsy8qR6y5sy9uXo8_lke-c3XRwDI3GTq_TU0A61b3MgiuP4U9z2StYxL2lsC9OZfKfmAx5cn8titkvIu7zxftxjJKVKQb6QHjX2q8zbOV3J7x9ObmdLv4emjOqUZvl_5uRNbaSTCcnXJ7TAXvdOzi506EkkjtlwQCccpnOUqt3IzMS5vT_WyeItJ2iZ_vnxs5frnsfof2diYprIr9V88WWP_XmDX0g
此時將 token 復制到 dashbord 登錄頁 token 輸入框
卸載kubenetes集群
kubectl delete node --all kubeadm reset -f modprobe -r ipip lsmod rm -rf ~/.kube/ rm -rf /etc/kubernetes/ rm -rf /etc/systemd/system/kubelet.service.d rm -rf /etc/systemd/system/kubelet.service rm -rf /usr/bin/kube* rm -rf /etc/cni rm -rf /opt/cni rm -rf /var/lib/etcd rm -rf /var/etcd yum clean all yum remove kube*
常見問題:
1. 加入集群時報錯: /etc/kubernetes/kubelet.conf already exists
原因: 上次的配置文件沒有清理干凈,刪除即可
rm -rf /etc/kubernetes/kubelet.conf /etc/kubernetes/pki/ca.crt
2. 加入集群時報錯: [ERROR Port-10250]: Port 10250 is in use
原因:上次加入沒有成功就關閉。重置kubeadm
kubeadm reset
3. 加入集群報錯:/proc/sys/net/ipv4/ip_forward contents are not set to 1
echo "1" >/proc/sys/net/ipv4/ip_forward
參考文獻
https://blog.csdn.net/xiaojin21cen/article/details/84726193
https://www.cnblogs.com/xjh713/p/7458437.html
https://blog.csdn.net/weixin_43394724/article/details/96477946
https://www.cnblogs.com/chenzhenqi/p/10695959.html
https://blog.csdn.net/u013641234/article/details/106329087/
https://www.cnblogs.com/xzkzzz/p/9627658.html
https://www.runoob.com/docker/centos-docker-install.html
https://blog.csdn.net/sq4521/article/details/105873575
https://blog.csdn.net/aixiaoyang168/article/details/78411511
https://www.cnblogs.com/hellxz/p/use-kubeadm-init-kubernetes-cluster.html