搭建环境:
三台CentOS7.6虚拟机(2核 4G)。
hosts文件解析,s1为master节点,其余n1,n2为node节点:
192.168.100.49 s1
192.168.100.50 n1
192.168.100.51 n2
准备工作:
关闭selinux及关闭防火墙
systemctl stop firewalld
cat /etc/selinux/config |grep disabled
# disabled - No SELinux policy is loaded.
SELINUX=disabled
关闭swap分区
swapoff -a
安装docker及kubelet(所有节点)
CentOS 7(使用 yum 进行安装docker)
# step 1: 安装必要的一些系统工具 sudo yum install -y yum-utils device-mapper-persistent-data lvm2 # Step 2: 添加软件源信息 sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # Step 3: 更新并安装Docker-CE sudo yum makecache fast sudo yum -y install docker-ce # Step 4: 开启Docker服务 sudo service docker start # 注意: # 官方软件源默认启用了最新的软件,您可以通过编辑软件源的方式获取各个版本的软件包。例如官方并没有将测试版本的软件源置为可用,您可以通过以下方式开启。同理可以开启各种测试版本等。 # vim /etc/yum.repos.d/docker-ee.repo # 将[docker-ce-test]下方的enabled=0修改为enabled=1 # # 安装指定版本的Docker-CE: # Step 1: 查找Docker-CE的版本: # yum list docker-ce.x86_64 --showduplicates | sort -r # Loading mirror speeds from cached hostfile # Loaded plugins: branch, fastestmirror, langpacks # docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable # docker-ce.x86_64 17.03.1.ce-1.el7.centos @docker-ce-stable # docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable # Available Packages # Step2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.0.ce.1-1.el7.centos) # sudo yum -y install docker-ce-[VERSION]
CentOS 7(使用 yum 进行安装k8s)
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF setenforce 0 yum install -y kubelet kubeadm kubectl systemctl enable kubelet && systemctl start kubelet
添加init初始化配置文件
[root@s1 ~]# vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: v1.16.3 imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers networking: serviceSubnet: "10.96.0.0/12" podSubnet: "10.244.0.0/16"主要是指定imageRepository,官方的镜像源被墙了,需做代理。我这里直接指定阿里的镜像仓库。
kubeadm init --config=kubeadm-config.yaml
master部署完成:
按照提示执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
部署flannel网络插件
[root@s1 ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
初始化 node节点
获得 join命令参数
该 token 的有效时间为 2 个小时,2小时内,您可以使用此 token 初始化任意数量的 worker 节点。
在 master 节点上执行
[root@s1 ~]# kubeadm token create --print-join-command
kubeadm join 192.168.100.49:6443 --token t1ig6s.f0kb00v0cm3uy9q7 --discovery-token-ca-cert-hash sha256:61923ca95428028f8a4fdaf3896f974bd229f8ec9b84185665e068d1afe89710
在两个node节点上执行
[root@n2 ~]# kubeadm join 192.168.100.49:6443 --token t1ig6s.f0kb00v0cm3uy9q7 --discovery-token-ca-cert-hash sha256:61923ca95428028f8a4fdaf3896f974bd229f8ec9b84185665e068d1afe89710
操作过程中报错:
[root@n1 ~]# kubeadm join 192.168.100.49:6443 --token t1ig6s.f0kb00v0cm3uy9q7 \
> --discovery-token-ca-cert-hash sha256:61923ca95428028f8a4fdaf3896f974bd229f8ec9b84185665e068d1afe89710
[preflight] Running pre-flight checks
[WARNING Service-Docker]: docker service is not enabled, please run 'systemctl enable docker.service'
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.5. Latest validated version: 18.09
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
则执行 ,没有报错不执行(配置存在差异):
[root@n1 ~]# echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
验证集群状态
在master节点上执行:
[root@s1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
n1 Ready <none> 13m v1.16.3
n2 Ready <none> 13m v1.16.3
s1 Ready master 16m v1.16.3
[root@s1 ~]# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-67c766df46-d6qjb 1/1 Running 0 15m 10.244.0.2 s1 <none> <none>
coredns-67c766df46-wdkbt 1/1 Running 0 15m 10.244.0.3 s1 <none> <none>
etcd-s1 1/1 Running 0 14m 192.168.100.49 s1 <none> <none>
kube-apiserver-s1 1/1 Running 0 14m 192.168.100.49 s1 <none> <none>
kube-controller-manager-s1 1/1 Running 0 14m 192.168.100.49 s1 <none> <none>
kube-flannel-ds-amd64-72qgm 1/1 Running 0 12m 192.168.100.51 n2 <none> <none>
kube-flannel-ds-amd64-f2s8n 1/1 Running 0 14m 192.168.100.49 s1 <none> <none>
kube-flannel-ds-amd64-jk22d 1/1 Running 0 12m 192.168.100.50 n1 <none> <none>
kube-proxy-glt2v 1/1 Running 0 12m 192.168.100.51 n2 <none> <none>
kube-proxy-lfpmn 1/1 Running 0 15m 192.168.100.49 s1 <none> <none>
kube-proxy-xxhw6 1/1 Running 0 12m 192.168.100.50 n1 <none> <none>
kube-scheduler-s1 1/1 Running 0 14m 192.168.100.49 s1 <none> <none>