1. 前期準備
Master節點和Node節點都需要配置這些準備
1.1 安裝docker
刪除原先docker
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
安裝依賴
sudo yum update -y && sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
添加官方yum庫
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
安裝docker
sudo yum install docker-ce docker-ce-cli containerd.io
開機自啓
systemctl enable --now docker
1.2 修改docker cgroup驅動
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
重啓生效
systemctl restart docker
1.3 更換kubernates源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
關閉SElinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
1.4 安裝kubelet kubeadm kubectl
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
開機自啓kubelet
systemctl enable --now kubelet
1.5 設置路由
yum install -y bridge-utils.x86_64
加載br_netfilter模塊
modprobe br_netfilter
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
重新加載所有配置
sysctl --system
關閉防火牆
systemctl disable --now firewalld
systemctl daemon-reload
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
k8s要求關閉swap
# 關閉swap
swapoff -a && sysctl -w vm.swappiness=0
# 取消開機掛載
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
2. 配置Master和Node端
2.1 Master端拉取集羣所需鏡像
需要翻牆
kubeadm config images pull
不翻牆可以嘗試下列方法
- 列出所需鏡像
kubeadm config images list
-
根據所需鏡像名字先拉取國內資源
docker pull mirrorgooglecontainers/kube-apiserver:v1.14.1 docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.1 docker pull mirrorgooglecontainers/kube-scheduler:v1.14.1 docker pull mirrorgooglecontainers/kube-proxy:v1.14.1 docker pull mirrorgooglecontainers/pause:3.1 docker pull mirrorgooglecontainers/etcd:3.3.10 docker pull coredns/coredns:1.3.1
-
修改鏡像tag
docker tag mirrorgooglecontainers/kube-apiserver:v1.14.1 k8s.gcr.io/kube-apiserver:v1.14.1
docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.1 k8s.gcr.io/kube-controller-manager:v1.14.1
docker tag mirrorgooglecontainers/kube-scheduler:v1.14.1 k8s.gcr.io/kube-scheduler:v1.14.1
docker tag mirrorgooglecontainers/kube-proxy:v1.14.1 k8s.gcr.io/kube-proxy:v1.14.1
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
- 刪除原來鏡像
docker rmi mirrorgooglecontainers/kube-apiserver:v1.14.1
docker rmi mirrorgooglecontainers/kube-controller-manager:v1.14.1
docker rmi mirrorgooglecontainers/kube-scheduler:v1.14.1
docker rmi mirrorgooglecontainers/kube-proxy:v1.14.1
docker rmi mirrorgooglecontainers/pause:3.1
docker rmi mirrorgooglecontainers/etcd:3.3.10
docker rmi coredns/coredns:1.3.1
2.2 Node拉取所需鏡像
需要翻牆
kubeadm config images pull
不需要翻牆的安裝方式與上面一樣
3. 創建集羣
使用kubeadm創建集羣,這是在Master節點中需要執行的(至少是2核)
- –apiserver-advertise-address 是你本機的ip地址
- –pod-network-cidr 指定pod網絡子網,使用fannel網絡必須使用這個CIDR,不用改
kubeadm init --apiserver-advertise-address 108.61.187.245 --pod-network-cidr 10.244.0.0/16
創建成功後會提示你成功,這時要記錄token
,我們後面將其他節點加入到該集羣中需要使用到它
注意 :如果出現 Error writing Crisocket information for the control-plane node: timed out waiting for the condition
重啓 kubeadm
然後再執行init
sudo kubeadm reset
設置權限(一條條執行)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
應用flannel網絡
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
4. Node節點加入集羣
這句話其實就是Master節點執行kubeadm init
成功之後輸出的最後一句話,我們拿到Node節點中直接執行即可
kubeadm join 108.61.187.245:6443 --token t0dx7r.jjmf3pnmwj3shbc6 \
--discovery-token-ca-cert-hash sha256:794376ec13c98bdc0aa0c2f762a4a0864079638eb4665f9397ee68c0187e800b
當看到下面這句話就說明加入成功了
5. 查看節點狀態
回到Maser節點,運行下面命令
獲取namespace信息
kubectl get namespace
查看pod狀態
kubectl get pods --all-namespaces
查看有多少個節點
kubectl get nodes
查看kubelet進程日誌
journalctl -f -u kubelet
查看所有的token
kubeadm token list
創建新的token
kubeadm token create