一、系统架构
IP | 主机名 | CPU | 内存 |
---|---|---|---|
192.168.1.14 | k8s-master | 2 | 2G |
192.168.1.15 | k8s-node1 | 2 | 4G |
192.168.1.16 | k8s-node2 | 2 | 4G |
k8s官方要求master节点至少2个CPU。
二、环境配置
在master和node节点进行以下配置:
1、配置k8s.conf参数
[root@k8s-master ~]# modprobe br_netfilter
[root@k8s-master ~]# vim /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@k8s-master ~]# sysctl -p /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
不然会出现如下报错:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
2、永久关闭swap,注释/etc/fstab文件里swap相关的行:
[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# vim /etc/fstab
[root@k8s-master ~]# free -m
total used free shared buff/cache available
Mem: 3771 161 3424 11 185 3374
Swap: 0 0
3、关闭SELinux:
# 永久关闭 修改/etc/sysconfig/selinux文件设置
[root@k8s-master ~]# sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
# 临时禁用selinux
[root@k8s-master ~]# setenforce 0
4、关闭防火墙:
[root@k8s-master ~]# systemctl stop firewalld && systemctl disable firewalld
5、修改hosts文件
[root@k8s-master ~]# vim /etc/hosts
192.168.1.14 k8s-master
192.168.1.15 k8s-node1
192.168.1.16 k8s-node2
三、安装kubeadm和相关工具
1、安装docker:
# step 1: 安装必要的一些系统工具
[root@k8s-master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
[root@k8s-master ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@k8s-master ~]# yum -y install docker-ce-18.06.1.ce-3.el7
[root@k8s-master ~]# systemctl enable docker && systemctl start docker
[root@k8s-master ~]# docker --version
Docker version 18.06.1-ce, build e68fc7a
2、配置k8s的yum源:
[root@k8s-master ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
3、安装k8s组件,所有节点安装kubeadm、kubectl和kubelet:
[root@k8s-master ~]# yum install -y kubelet kubeadm kubectl
[root@k8s-master ~]# systemctl enable kubelet && systemctl start kubelet
五、运行kubeadm init命令安装Master
在开始之前需要注意:kubeadm的安装过程不涉及网络插件(CNI)的初始化,因此kubeadm初步安装完成的集群不具备网络功能,任何Pod包括自带的CoreDNS都无法正常工作。而网络插件的安装往往对kubeadm init命令的参数有一定的要求。例如,安装Calico插件时需要指定–pod-network-cidr=10.244.0.0/16,详情可参考https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network。
接下来使用kubeadm init命令,使用前面创建的配置文件进行集群控制面的初始化:
[root@k8s-master ~]# kubeadm init \
--kubernetes-version=v1.18.0 \
--apiserver-advertise-address=192.168.1.14 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=10.244.0.0/16 \
--image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
运行后,控制台将输出如下内容:
等待一段时间后,Kubernetes的Master安装成功,显示如下信息:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
#下面的意思是:在node上使用root用户执行以下命令,可以作为worker节点加入集群
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.1.14:6443 --token mujhb5.vj7nz560bszzh1mo \
--discovery-token-ca-cert-hash sha256:2361b28f8668090fd8db6f990932c8281c5020493a79b67f5f2c5463ad4bdf03
这时要注意到里面的三行内容,要执行一下这三条命令,再进行后续操作,让node加入集群:
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
六、安装Node,加入集群
在node1和node2执行命令,加入集群:
[root@k8s-node1 ~]# kubeadm join 192.168.1.14:6443 --token mujhb5.vj7nz560bszzh1mo \
--discovery-token-ca-cert-hash sha256:2361b28f8668090fd8db6f990932c8281c5020493a79b67f5f2c5463ad4bdf03
出现以下内容说明成功加入集群:
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster
上面的token值和hash值如果忘记了,可以使用以下命令找回:
获取token:
[root@k8s-master ~]# kubeadm token list
获取hash:
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
七、安装网络插件
执行kubectl get nodes命令,会发现Kubernetes提示Master为NotReady状态,
这是因为还没有安装CNI网络插件:
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 NotReady <none> 10d v1.18.2
k8s-node2 NotReady <none> 10d v1.18.2
使用docker pull 手动下载镜像quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64,然后打标签即可(其他节点也要同样操作):
[root@k8s-master ~]# docker pull quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64
[root@k8s-master ~]# docker tag quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64 quay.io/coreos/flannel:v0.12.0-amd64
下载好网络插件所需要的镜像,下面就根据kubeadm的提示安装CNI网络插件。对于CNI网络插件,可以有许多选择,请参考https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network的说明。
例如,选择flannel插件,访问https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml 将其中的代码复制出来,创建名为flannel.yml的文件,执行下面的命令即可完成安装:
[root@k8s-master ~]# kubectl apply -f flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
再查看pods状态都是running了,node状态也是Ready了:
[root@localhost ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7ff77c879f-5tpl5 1/1 Running 0 13m
kube-system coredns-7ff77c879f-qksmj 1/1 Running 0 13m
kube-system etcd-k8s-master 1/1 Running 0 13m
kube-system kube-apiserver-k8s-master 1/1 Running 0 13m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 13m
kube-system kube-flannel-ds-amd64-8lw8s 1/1 Running 0 17s
kube-system kube-flannel-ds-amd64-fmfcq 1/1 Running 0 17s
kube-system kube-flannel-ds-amd64-x8qhv 1/1 Running 0 17s
kube-system kube-proxy-272ss 1/1 Running 0 7m45s
kube-system kube-proxy-9dgln 1/1 Running 0 13m
kube-system kube-proxy-sp574 1/1 Running 0 7m44s
kube-system kube-scheduler-k8s-master 1/1 Running 0 13m
查看node状态:
[root@localhost ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 26m v1.18.2
k8s-node1 Ready <none> 19m v1.18.2
k8s-node2 Ready <none> 19m v1.18.2
八、节点管理
在master节点查看节点状态:
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready <none> 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
此时看到node1的ROLES是,如果要将其改为master,则使用以下命令:
[root@k8s-master ~]# kubectl label node k8s-node1 node-roler.kubernetes.io/master=
node/k8s-node1 labeled
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready master 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
如果要将node1的master删除,则使用:
[root@k8s-master ~]# kubectl label node k8s-node1 node-roler.kubernetes.io/master-
node/k8s-node1 labeled
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready <none> 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
要将其改为node,则使用:
[root@k8s-master ~]# kubectl label node k8s-node1 node-roler.kubernetes.io/node=
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready node 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
将node1的ROLES删除node:
[root@k8s-master ~]# kubectl label node k8s-node1 node-roler.kubernetes.io/node-
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10d v1.18.2
k8s-node1 Ready <none> 10d v1.18.2
k8s-node2 Ready <none> 10d v1.18.2
kubeadm在Master上也安装了kubelet,在默认情况下并不参与工作负载。如果希望安装一个单机All-In-One的Kubernetes环境,则可以执行下面的命令(删除Node的Label“node-role.kubernetes.io/master”),让Master成为一个Node:
[root@k8s-master ~]# kubectl taint nodes –all-role.kubernetes.io/master