kubeadm方式安裝k8s叢集
一、準備機器
| 主機 | 說明 |
|---|---|
| 192.168.0.11 | master節點,能連外網,官網最低要求2核2G |
| 192.168.0.12 | node1節點,能連外網,官網最低要求2核2G |
| 192.168.0.13 | node2節點,能連外網,官網最低要求2核2G |
二、伺服器環境配置
2.1 關閉防火牆(所有節點)
關閉防火牆并設定開機不啟動
systemctl stop firewalld
systemctl disable firewalld
2.2 禁用selinux(所有節點)
#修改/etc/selinux/config檔案中的SELINUX=disabled
vim /etc/selinux/config
2.3 關閉swap分區(所有節點)
修改後重新開機伺服器生效
vim /etc/fstab #永久禁用swap,删除或注釋掉/etc/fstab裡的swap裝置的挂載指令即可
#/dev/mapper/centos-swap swap swap defaults 0 0
2.4 Centos7核心更新(所有節點)
CentOS 7.x 系統自帶的 3.10.x 核心存在一些 Bugs,導緻運作的 Docker、Kubernetes 不穩定
參考:更新centos系統核心
2.5 設定主機名(所有節點)
cat >> /etc/hosts <<EOF
192.168.0.11 master
192.168.0.12 worker01
192.168.0.13 worker02
EOF
2.6 時間同步(所有節點)
yum -y install ntp
systemctl start ntpd
systemctl enable ntpd
三、安裝docker(所有節點)
按照此方法安裝docker:centos安裝docker-ce
配置docker
#registry-mirrors是配置docker鏡像源
#exec-opts是配置Cgroup Driver為systemd,因為k8s使用的是systemd
cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": [
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn",
"https://registry.docker-cn.com"
],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#重新開機docker後檢視是否生效
systemctl restart docker
docker info | grep -i "Cgroup Driver"
四、安裝cri-dockerd(所有節點)
#從https://github.com/Mirantis/cri-dockerd/releases中下載下傳最新的rpm包,手動下載下傳後上傳到伺服器裡
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm
#修改/usr/lib/systemd/system/cri-docker.service檔案中的ExecStart配置
vim /usr/lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
systemctl daemon-reload
systemctl enable --now cri-docker
五、配置kubernetes的阿裡雲yum源(所有節點)
baseurl位址末尾的x86_64值需要根據系統修改,輸入 uname -m 以檢視該值。 例如,x86_64 的 baseurl URL 可以是:https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
六、yum安裝kubeadm、kubelet、kubectl(所有節點)
在3台虛拟機上都執行安裝kubeadm、kubelet、kubectl(kubeadm和kubectl都是工具,kubelet才是系統服務)
#删除之前的
yum -y remove kubelet kubeadm kubectl
#檢視yum可擷取的kubeadm版本,這裡安裝1.26.1版本,不指定版本的話預設安裝最新版本
yum list --showduplicates | grep kubeadm
#安裝kubeadm、kubelet、kubectl
yum -y install kubelet-1.26.1 kubeadm-1.26.1 kubectl-1.26.1
#設定kubelet開機自啟(先不用啟動,也起不了,後面kubeadm init初始化master時會自動拉起kubelet)
systemctl enable kubelet
七、初始化master節點的控制台(master節點)
執行下面指令可能會報錯,按照此Kubernetes常見報錯進行相應修改
# kubeadm init --help可以檢視指令的具體參數用法
#在master節點執行初始化(node節點不用執行)
#apiserver-advertise-address 指定apiserver的IP,即master節點的IP
#image-repository 設定鏡像倉庫為國内的阿裡雲鏡像倉庫
#kubernetes-version 設定k8s的版本,跟步驟三的kubeadm版本一緻
#service-cidr 這是設定node節點的網絡的,暫時這樣設定
#pod-network-cidr 這是設定node節點的網絡的,暫時這樣設定
#cri-socket 設定cri使用cri-dockerd
kubeadm init \
--apiserver-advertise-address=192.168.0.11 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.26.1 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--cri-socket unix:///var/run/cri-dockerd.sock \
--ignore-preflight-errors=all
如果上面kubeadm init指令有錯誤,執行下面指令重置kubeadm及無用的鏡像
#重置Kubeadm
kubeadm reset -f
#删除docker無用的鏡像容器
docker system prune -f
上面執行後出現下面結果表示成功
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.0.11:6443 --token xw8o4d.ly5o9kxgbodtrykw \
--discovery-token-ca-cert-hash sha256:2fbb2be8829dd90f789b13269f2ef4d8de6a39bc568c61e3a6a00ea3c95efd94
根據上面結果在master節點執行相應指令(直接複制上面提示的指令即可)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
八、将node節點加入k8s叢集
#指令最後加上cri-socket指定使用cri-dockerd
kubeadm join 192.168.0.11:6443 --token xw8o4d.ly5o9kxgbodtrykw \
--discovery-token-ca-cert-hash sha256:2fbb2be8829dd90f789b13269f2ef4d8de6a39bc568c61e3a6a00ea3c95efd94 \
--cri-socket unix:///var/run/cri-dockerd.sock
上面指令報錯後根據報錯内容進行相應修改即可,例如下面報錯資訊
[preflight] Running pre-flight checks
[WARNING Swap]: swap is enabled; production deployments should disable swap unless testing the NodeSwap feature gate of the kubelet
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
[ERROR Port-10250]: Port 10250 is in use
[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
删除已有配置檔案并重新開機kubelet即可
kubeadm reset --cri-socket unix:///var/run/cri-dockerd.sock
rm -f /etc/kubernetes/kubelet.conf
rm -f /etc/kubernetes/pki/ca.crt
systemctl stop kubelet
九、在master節點配置pod網絡建立
執行kubectl get nodes後檢視發現都是NotReady,需要配置CNI網絡插件
[[email protected] ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady control-plane 58m v1.26.1
worker01 NotReady <none> 37m v1.26.1
worker02 NotReady <none> 25m v1.26.1
#在master節點配置pod網絡建立
#node節點加入k8s叢集後,在master上執行kubectl get nodes發現狀态是NotReady,因為還沒有部署CNI網絡插件,其實在步驟四初始化
#完成master節點的時候k8s已經叫我們去配置pod網絡了。在k8s系統上Pod網絡的實作依賴于第三方插件進行,這類插件有近數十種之多,較為
#著名的有flannel、calico、canal和kube-router等,簡單易用的實作是為CoreOS提供的flannel項目。
#執行下面這條指令線上配置pod網絡,因為是國外網站,是以可能報錯,測試去http://ip.tool.chinaz.com/網站查到
#域名raw.githubusercontent.com對應的IP,把域名解析配置到/etc/hosts檔案,然後執行線上配置pod網絡,多嘗試幾次即可成功。
[[email protected] ~]# kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
[[email protected] ~]# kubectl get pods -n kube-system #檢視pod狀态
NAME READY STATUS RESTARTS AGE
coredns-7f6cbbb7b8-bm2gl 0/1 Pending 0 86m
coredns-7f6cbbb7b8-frq8l 0/1 Pending 0 86m
etcd-master 1/1 Running 1 87m
kube-apiserver-master 1/1 Running 1 87m
kube-controller-manager-master 1/1 Running 1 87m
kube-flannel-ds-5rwkt 0/1 Init:1/2 0 2m13s
kube-flannel-ds-9fqkl 1/1 Running 0 2m13s
kube-flannel-ds-bvgh4 1/1 Running 0 2m13s
kube-proxy-8vmqg 1/1 Running 0 59m
kube-proxy-ll9hw 1/1 Running 0 86m
kube-proxy-zndg7 1/1 Running 0 59m
kube-scheduler-master 1/1 Running 1 87m
# 重新開機伺服器後擷取
[[email protected] ~]# kubectl get nodes #pod網絡已經配置完成,狀态已經是Ready
NAME STATUS ROLES AGE VERSION
master Ready control-plane 58m v1.26.1
worker01 Ready <none> 37m v1.26.1
worker02 Ready <none> 25m v1.26.1
十、測試k8s叢集
在k8s中建立一個pod,驗證是否正常運作
[[email protected] ~]# kubectl create deployment httpd --image=httpd #建立一個httpd服務測試
deployment.apps/httpd created
[[email protected] ~]# kubectl expose deployment httpd --port=80 --type=NodePort #端口就寫80,如果你寫其他的可能防火牆攔截了
service/httpd exposed
[[email protected] ~]# kubectl get pod,svc #對外暴露端口
NAME READY STATUS RESTARTS AGE
pod/httpd-757fb56c8d-w42l5 1/1 Running 0 39s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/httpd NodePort 10.102.83.215 <none> 80:30176/TCP 26s #30176端口就是對外映射的端口
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 112m
[[email protected] ~]#
#作為初學者,以上指令先不用糾結,端口就寫80即可,如果你寫其他的端口可能防火牆攔截了,網頁就通路不了
網頁測試通路,使用master節點的IP或者node節點的IP都可以通路,端口就是30176,如下所示,這就說明我們k8s已經部署完成,網絡ok。
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)