Centos7使用kubeadm安裝1.23.1版本的k8s集群

系統環境

#cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 

#Linux內核一定要大約等於3.10，也就是centos版本要大於7

#配置主機hostname及dns解析
vim /etc/hostname
vim /etc/hosts

---

安裝Docker（Master/Node都需要安裝）

1. 關閉swap，關閉selinux，關閉firewall（centos7特有）

   swapoff -a #重啟后失效
   vi /etc/fstab	#注釋掉swap那一行,需要重啟
   
   #關閉selinux
   getenforce
   setenforce 0
   sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
   
   #關閉防火牆
   firewall-cmd --state 
   systemctl stop firewalld.service 
   systemctl disable firewalld.service 
   

2. 修改docker驅動為overlay2（磁盤格式如果是xfs的，要使用 xfs_info / 查看ftype 是否是1 如果不是要打開，百度關鍵詞 xfs docker）

   mkdir /etc/docker/
   vim /etc/docker/daemon.json
   
   {
     "storage-driver": "overlay2",
     "exec-opts": ["native.cgroupdriver=systemd"]
   }
   

3. 配置內核參數

   ## 配置網卡轉發,看值是否為1
   sysctl -a |grep 'net.ipv4.ip_forward = 1'
   sysctl -a |grep 'net.bridge.bridge-nf-call-iptables = 1'
   sysctl -a |grep 'net.bridge.bridge-nf-call-ip6tables = 1'
   
   ## 若未配置，需要執行如下
   cat <<EOF >  /etc/sysctl.d/k8s.conf
   net.ipv4.ip_forward=1
   net.bridge.bridge-nf-call-ip6tables=1
   net.bridge.bridge-nf-call-iptables=1
   EOF
   
   sysctl -p /etc/sysctl.d/k8s.conf
   

   加載網卡轉發報錯

   sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: 沒有那個文件或目錄
   sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: 沒有那個文件或目錄
   
   lsmod | grep br_netfilter
   #如果沒有返回，說明沒有加載模塊
   
   #臨時解決，重啟失效
   modprobe br_netfilter	
   
   #徹底解決，重啟也有效
   cat > /etc/rc.sysinit << EOF
   #!/bin/bash
   for file in /etc/sysconfig/modules/*.modules ; do
   [ -x $file ] && $file
   done
   EOF
   cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
   modprobe br_netfilter
   EOF
   
   chmod 755 /etc/sysconfig/modules/br_netfilter.modules
   重啟后可見自動加載
   

4. 安裝docker

   #安裝相關依賴
   yum install -y yum-utils device-mapper-persistent-data lvm2 epel-release
   
   #添加阿里雲docker-ce源
   yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
   
   yum clean all
   yum makecache fast
   yum install docker-ce docker-ce-cli	containerd.io
   
   #設置docker開機自啟
   systemctl enable docker
   
   #啟動docker服務
   systemctl start docker
   
   #查看docker信息
   docker info
   

---

安裝kubelet、kubeadm

添加阿里雲k8s源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安裝kubelet kubeadm

yum install kubectl kubelet kubeadm

修改kubelet配置（把kubelet驅動方式改為和docker驅動方式一致，否則會有報錯）

cat <<EOF >/etc/sysconfig/kubelet
KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"
EOF　

添加kubelet自啟動

systemctl enable kubelet

現在啟動kubelet會有報錯找不到配置的yaml文件，不用管，等加入到k8s集群后即可解決

---

初始化k8s集群（在master上）

#使用kubeadm查看所需要的docker鏡像
kubeadm config images list --kubernetes-version v1.23.1

#使用阿里雲鏡像倉庫下載
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.1
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.1
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.1
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1
docker pull registry.aliyuncs.com/google_containers/pause:3.6
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.1-0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.8.6

#修改對應鏡像
docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.1 k8s.gcr.io/kube-apiserver:v1.23.1
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.1 k8s.gcr.io/kube-controller-manager:v1.23.1
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.1 k8s.gcr.io/kube-scheduler:v1.23.1
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1  k8s.gcr.io/kube-proxy:v1.23.1
docker tag registry.aliyuncs.com/google_containers/pause:3.6  k8s.gcr.io/pause:3.6
docker tag registry.aliyuncs.com/google_containers/etcd:3.5.1-0  k8s.gcr.io/etcd:3.5.1-0
docker tag registry.aliyuncs.com/google_containers/coredns:v1.8.6  k8s.gcr.io/coredns/coredns:v1.8.6

#刪除阿里雲鏡像
docker rmi registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.1
docker rmi registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.1
docker rmi registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.1
docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1
docker rmi registry.aliyuncs.com/google_containers/pause:3.6
docker rmi registry.aliyuncs.com/google_containers/etcd:3.5.1-0
docker rmi registry.aliyuncs.com/google_containers/coredns:v1.8.6

#初始化k8s集群（apiserver-advertise-address需要指定master節點IP）
kubeadm init --kubernetes-version=v1.23.1 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--apiserver-advertise-address=10.1.129.86

#配置master參數
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

---

安裝flannel網絡插件

kubectl get nodes
#可以看到各個節點還是 notready狀態，是因為還沒有安裝網絡插件

#在master節點上:
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

kubectl get pods --all-namespaces 
#查看pod信息，發現node節點的kube-proxy與flannel還沒有ready

kubectl describe pod kube-flannel-ds-fj6f7 -n kube-system
kubectl logs kube-flannel-ds-fj6f7 -n kube-system
#發現沒有ready是因為docker鏡像沒有下載到

#在node節點上:
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1
docker pull registry.aliyuncs.com/google_containers/pause:3.6

docker tag registry.aliyuncs.com/google_containers/pause:3.6  k8s.gcr.io/pause:3.6
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1  k8s.gcr.io/kube-proxy:v1.23.1

#過一會再查看pod與node信息，都已ready