使用Kubeadm安裝K8S
阿新 • • 發佈:2020-12-05
環境準備
-
機器資訊
# 實驗機器均為centos7.9系統,1主3從。 # 每個機器均為4核CPU 4G記憶體 # 注意:cpu和記憶體太低k8s會起不來。最低好像是2核CPU 2G記憶體。 master 10.0.0.170 node01 10.0.0.171 node02 10.0.0.172 node03 10.0.0.173
-
ssh key驗證(非必須,為了方便)
# 使用下面的指令碼實現 #!/bin/bash # #******************************************************************** #Author: Wuvikr #QQ: 744123155 #Date: 2020-10-29 #FileName ssh_auth_each_other.sh #URL: http://www.wuvikr.com #Description The test script #Copyright (C): 2020 All rights reserved #******************************************************************** PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH IPLIST=" 10.0.0.171 10.0.0.172 10.0.0.173 " export SSHPASS=744123 PASS=744123 rpm -q sshpass &> /dev/null || yum -y install sshpass &> /dev/null rpm -q expect &> /dev/null || yum -y install expect &> /dev/null [ -f /root/.ssh/id_rsa ] || ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa &> /dev/null sshpass -e ssh-copy-id -o StrictHostKeyChecking=no 127.0.0.1 > /dev/null for IP in $IPLIST do expect &> /dev/null <<EOF set timeout 20 spawn scp -rp /root/.ssh/ ${IP}:/root/ expect { "yes/no" { send "yes\n";exp_continue } "password" { send "${PASS}\n" } } expect eof EOF echo -e "\\e[1;32m${IP}:免密登入設定成功!\\e[0m" done
-
修改hosts檔案
# 在主節點修改hosts檔案 # 將主和從的資訊都加入進去 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.170 master.k8s master kubeapi.k8s 10.0.0.171 node01.k8s node01 10.0.0.172 node02.k8s node02 10.0.0.173 node03.k8s node03 # 拷貝到其他從節點上去 scp /etc/hosts node01:/etc/hosts scp /etc/hosts node02:/etc/hosts scp /etc/hosts node03:/etc/hosts
-
禁用防火牆和SELINUX
systemctl disable --now firewalld sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
-
關閉swap
swapoff -a sed -ri 's/(.*swap.*)/#\1/' /etc/fstab
-
時間同步
yum install -y chrony systemctl enable --now chronyd # 這裡使用了阿里和騰訊的時間伺服器 ntp1.aliyun.com ntp2.aliyun.com time1.cloud.tencent.com time2.cloud.tencent.com [root@master ~]#chronyc sources 210 Number of sources = 4 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 120.25.115.20 2 7 377 145 +17ms[+9805us] +/- 36ms ^+ 203.107.6.88 2 6 377 406 +15ms[ -11ms] +/- 32ms ^+ 139.199.215.251 2 7 367 143 +14ms[ +14ms] +/- 52ms ^+ 111.230.189.174 2 7 377 146 +16ms[+9570us] +/- 56ms
安裝Docker
# Centos7安裝Docker指令碼
#!/bin/bash
#
#********************************************************************
#Author: Wuvikr
#QQ: 744123155
#Date: 2020-12-01
#FileName docker_install_for_centos7.sh
#URL: http://www.wuvikr.top
#Description The test script
#Copyright (C): 2020 All rights reserved
#********************************************************************
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
Version="19.03.13-3.el7"
# 下載docker安裝源
wget -P /etc/yum.repos.d/ https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安裝docker
yum -y install docker-ce-$Version docker-ce-cli-$Version || echo -e '\033[1;31m安裝失敗,請檢查網路和yum源配置!\033[0m'
# 使用國內映象加速
# 阿里雲(需要登入賬號分配地址)
# 網易雲 https://vgunv6qp.mirror.aliyuncs.com
# 騰訊雲 https://mirror.ccs.tencentyun.com
# 中科大 https://docker.mirrors.ustc.edu.cn
# docker中國 https://registry.docker-cn.com
# 這裡順便修改下CGROUP驅動
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://mirror.ccs.tencentyun.com",
"https://docker.mirrors.ustc.edu.cn",
"https://registry.docker-cn.com"
]
}
EOF
# 重新載入配置並啟動docker
systemctl daemon-reload
systemctl enable --now docker
docker version && echo -e "\033[1;32m${Version}安裝成功!\033[0m" || echo -e '\033[1;31m安裝失敗!\033[0m'
安裝k8s
# 使用阿里雲的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 有梯子的朋友可以試試google官網源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
# 安裝kubuadm並啟動
yum install -y kubelet kubeadm kubectl
systemctl enable --now kubelet
初始化叢集
只需要在主節點上執行此步驟
- 方法一:使用命令列配置初始化(較簡單,未指定的使用預設設定)
# 初始化命令
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.19.4 --control-plane-endpoint kubeapi.k8s --apiserver-advertise-address 10.0.0.170 --pod-network-cidr 10.244.0.0/16
# 說明
--image-repository : 指定映象源
--kubernetes-version: 指定K8S版本,最好和安裝的kubeadm保持一致
--control-plane-endpoint: 指定control-plane的IP或DNS名稱
--apiserver-advertise-address: 指定API伺服器的IP地址
--pod-network-cidr: 指定Pod網路的IP網段
- 方法二:使用配置檔案初始化(可以具體的設定想要修改的引數)
# 生成預設初始化配置檔案
kubeadm config print init-defaults > kubeadm.yaml
# 生成預設初始化配置檔案後可以按需進行修改
cat kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s # token令牌的過期時間
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.0.0.170 # apiserver節點IP
bindPort: 6443 # 預設埠
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: master.k8s # 預設使用當前master節點的hostname
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki # 各種證書路徑
clusterName: kubernetes # 叢集名稱
controllerManager: {}
dns:
type: CoreDNS # 預設使用CoreDNS
etcd:
local:
dataDir: /var/lib/etcd # etcd目錄
imageRepository: registry.aliyuncs.com/google_containers # 改為阿里雲映象源
kind: ClusterConfiguration
kubernetesVersion: v1.19.4 # K8S版本
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16 # Pod網路的IP網段,這裡使用flannel外掛的網段
serviceSubnet: 10.96.0.0/12 # service網路的網段地址
scheduler: {}
# 使用預先配置好的檔案進行初始化
kubeadm init --config kubeadm.yaml
出現以下內容即表示初始化成功,然後按照提示進行操作
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join kubeapi.k8s:6443 --token onlo0f.5mio4k9d2o5xs0tt \
--discovery-token-ca-cert-hash sha256:1d58267976a4f9e61858d217599e70305796ef129708b02c07c6eb38763a9885 \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join kubeapi.k8s:6443 --token onlo0f.5mio4k9d2o5xs0tt \
--discovery-token-ca-cert-hash sha256:1d58267976a4f9e61858d217599e70305796ef129708b02c07c6eb38763a9885
# 拷貝kubeconfig檔案到當前使用者的家目錄下
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 配置網路外掛,這裡是用flannel,如果修改了pod網段,需要在flannel配置檔案中也做相應修改。
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
# 新增子節點到叢集
# 在子節點上執行如下命令
kubeadm join kubeapi.k8s:6443 --token onlo0f.5mio4k9d2o5xs0tt \
--discovery-token-ca-cert-hash sha256:1d58267976a4f9e61858d217599e70305796ef129708b02c07c6eb38763a9885
# 注意:令牌有時間限制,經過一段時間會過期
## 可以在初始化的時候使用 --token-ttl duration 引數指定令牌過期時間,預設為24h。
## 令牌過期後可以使用命令 kubeadm token create --print-join-command 重新獲取。
# 使用kubectl get nodes 檢視節點狀況
相關報錯解決
# 初始化預檢測階段可能會出現以下錯誤
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
# 解決方法
cat > /etc/sysctl.d/k8s.conf <<EOF
> net.bridge.bridge-nf-call-iptables = 1
> net.bridge.bridge-nf-call-ip6tables = 1
> net.ipv4.ip_forward = 1
> EOF
sysctl -p /etc/sysctl.d/k8s.conf
檢視叢集狀況
# 檢視Pod執行狀態
[root@master ~]#kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6d56c8448f-nv28f 1/1 Running 0 4m59s
coredns-6d56c8448f-qwkhr 1/1 Running 0 4m59s
etcd-master.k8s 1/1 Running 0 5m17s
kube-apiserver-master.k8s 1/1 Running 0 5m17s
kube-controller-manager-master.k8s 1/1 Running 0 5m17s
kube-flannel-ds-cts45 1/1 Running 0 2m25s
kube-flannel-ds-jql5t 1/1 Running 0 88s
kube-flannel-ds-m522q 1/1 Running 0 4m
kube-flannel-ds-vwcp8 1/1 Running 0 91s
kube-proxy-dw5fq 1/1 Running 0 91s
kube-proxy-fnxch 1/1 Running 0 2m25s
kube-proxy-g9c77 1/1 Running 0 88s
kube-proxy-gdb25 1/1 Running 0 5m
kube-scheduler-master.k8s 1/1 Running 0 5m17s
# 檢視節點狀況
[root@master ~]#kubectl get nodes
NAME STATUS ROLES AGE VERSION
master.k8s Ready master 5m25s v1.19.4
node01.k8s Ready <none> 2m31s v1.19.4
node02.k8s Ready <none> 98s v1.19.4
node03.k8s Ready <none> 94s v1.19.4
## 可能有些pod是Init狀態,node是NotReady狀態,不要著急,多等待一會即可。
## 到這裡k8s的安裝就算是初步完成了