title: k8s
categories:
- k8s
k8s环境搭建(centos7)
配置基础环境
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
# 关闭swap
swapoff -a
# vi /etc/fstab # 永久关闭需打开fstab注释掉swap一行
# 配置节点对应关系
echo '''
10.132.9.28 master
10.132.9.20 node01
''' >> /etc/hosts
# 设置主机名
hostnamectl set-hostname master
#各个节点各设置各的
hostnamectl set-hostname node01
# iptables
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system #这个是查看信息
安装docker18.09
版本太高k8s和docker版本间不支持,最好不要用最新版本
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce-18.09.0 docker-ce-cli-18.09.0 containerd.io
systemctl start docker
systemctl enable docker
# 设置源
echo > /etc/docker/daemon.json << EOF
{
"registry-mirrors": [
"https://dockerproxy.com",
"https://hub-mirror.c.163.com",
"https://mirror.baidubce.com",
"https://ccr.ccs.tencentyun.com"
],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
安装k8s1.19.3
k8s1.20以后不在对docker维护(勉强可以用),1.24以后彻底删除dockercri(彻底不能用),需要使用三方插件,不利于新手部署,k8s不在对docker进行维护原因是dockercri不是W3C标准,神仙打架小鬼遭殃!
# 添加阿里云镜像
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装1.19.3
yum install -y kubectl-1.19.3 kubeadm-1.19.3 kubelet-1.19.3
systemctl start kubelet
systemctl enable kubelet
# 执行版本配置bash脚本,创建一个k8sversion.sh,加入以下后执行
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.19.3
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
master节点初始化
kubeadm init --apiserver-advertise-address=10.132.9.28 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.19.3 \
--service-cidr=10.140.0.0/16 --pod-network-cidr=192.168.0.0/16
master节点部署成功欢迎界面,要保存和按照它的操作来
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.132.9.28:6443 --token yldps0.jsqlw24d6nuoc0ip \
--discovery-token-ca-cert-hash sha256:9c7e71f0b6302217594c1d2173c461e7e0ab45923d4ff7061cc8a1970c0a1763
# 钥匙过期使用这个
kubeadm token create --print-join-command
网络插件安装
- 没有插件状态是NotReady:
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady master 4m31s v1.19.3
node01 NotReady <none> 9s v1.19.3
wget https://docs.projectcalico.org/v3.14/manifests/calico.yaml
# 网段自行修改
kubectl apply -f calico.yaml
- 配置好了就是这样
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 25m v1.19.3
node01 Ready <none> 21m v1.19.3
[root@master ~]# kubectl get nodes -owide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master Ready master 27m v1.19.3 10.132.9.28 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://18.9.0
node01 Ready <none> 22m v1.19.3 10.132.9.20 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://18.9.0
记录节点上配置问题(如果master节点使用root创建要这样)
# master上操作,这里要输入密码
scp /etc/kubernetes/admin.conf 10.132.9.20:/etc/kubernetes/admin.conf
# 节点上操作
export KUBECONFIG=/etc/kubernetes/admin.conf
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
记录kubeadm reset 失败
rm -rf /var/lib/kubelet/
rm -rf /var/lib/dockershim/
rm -rf /var/run/kubernetes
rm -rf /var/lib/cni
rm -rf /etc/kubernetes/*
rm -rf ~/.kube/*
rm -rf /var/lib/etcd/*
lsof -i :6443|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :10257|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :10259|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :2379|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :2380|grep -v "PID"|awk '{print "kill -9",$2}'|sh
删除k8s,一定用得到,刚开始部署这东西有些麻烦
kubeadm reset -f
modprobe -r ipip
lsmod
rm -rf ~/.kube/
rm -rf /etc/kubernetes/
rm -rf /etc/systemd/system/kubelet.service.d
rm -rf /etc/systemd/system/kubelet.service
rm -rf /usr/bin/kube*
rm -rf /etc/cni
rm -rf /opt/cni
rm -rf /var/lib/etcd
rm -rf /var/etcd
yum clean all
yum remove kube*
删除docker,版本不对还是一定用得到
rm -rf /etc/docker
rm -rf /run/docker
rm -rf /var/lib/dockershim
rm -rf /var/lib/docker
ps -ef|grep docker
kill -9 xxx
yum list installed | grep docker
有几个删几个
常用命令记录
kubectl get nodes #查看节点
kubectl get pods -A #查看所有pods
kubectl delete pod xxx #删除pod
kubectl get ns #查看命名空间
kubectl describe ns nginx #查看命名空间描述
kubectl delete ns #删除命名空间
kubectl apply -f nginx-deployment.yaml #应用配置文件
kubectl delete -f nginx-deployment.yaml #删除配置文件和其配置内容
kubeadm reset #整错了重新来过
kubeadm token create --print-join-command #更新令牌
kubetctl get pod -owide #docker ps
kubetctl exec -it nginxser -- bash #docker exec