安装Kubernetes(简称k8s)
1、配置三台主机主机名:
hostnamectl set-hostname k8s-master &&bash
hostnamectl set-hostname k8s-node1 &&bash
hostnamectl set-hostname k8s-node2 &&bash/
2、配置地址解析:
vim /etc/hosts
192.168.1.10 k8s-master
192.168.1.20 k8s-node1
192.168.1.30 k8s-node2
hosts解析分发到另外两台:
for i in {k8s-master,k8s-node1,k8s-node2};do scp /etc/hosts $i:/etc;done
3、配置k8s模块支持:(三台都需要做)
sudo modprobe br_netfilter
4、配置支持内核参数:(三台都需要做)
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 0
sysctl -p
5、创建三台主机之间的免密互信
Master:
ssh-keygen -t rsa
分发到另外两台:
for i in {k8s-master,k8s-node1,k8s-node2};do ssh-copy-id $i;done
另外两台参考master主机
验证是否免密互信:
ssh k8s-node1 #为确保失误个人建议3台都验证一下node是主机名
6、关闭交换分区 #注:必须关闭不关闭后面会执行失败(三台都需要做)
临时关闭:swapoff -a
永久关闭:
vim /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0 #将其注释掉,永久关闭需要重启主机
查看是否关闭成功:
free -h
7、加载模块:
sudo modprobe br_netfilter(三台都需要做)
查看模块是否被支持:lsmod | grep br_netfilter
sysctl -p
8、安装docker(三台操作一样)
(1)sudo yum install -y yum-utils device-mapper-persistent-data lvm2
(2)sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(3)yum makecache fast
(4)yum install docker-ce-19.03.15
(5)systemctl start docker;systemctl enable docker
Docker 19 和k8s 21 版本兼容
systemctl enable docker –now(开机自启并同时启动)
(6)配置docker加速源
cat /etc/docker/daemon.json
{
"registry-mirrors": [
"https://hub-mirror.c.163.com",
"https://hwq20gt2.mirror.aliyuncs.com",
"https://r938qv7a.mirror.aliyuncs.com",
"https://reg-mirror.qiniu.com"
]
}
拷贝到另外两台:for i in {k8smaster01,k8snode01,k8snode02};do scp /etc/docker/daemon.json $i:/etc/docker/;done
(7)重新启动docker
systemctl restart docker
docker info :查看docker信息
(8)如果要安装指定版本:
yum list docker-ce.x86_64 --showduplicates | sort -r
9、安装k8s(三台都需要 执行)
Cat <<EOF> ….内容 EOF 编辑文本内容
案例: cat <<EOF> ./a.txt 会自动创建 在a.txt 写入da baobei
> da baobei
> EOF
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#注:gpgcheck,repo_gpgcheck这里我关闭了认证不然安装会报错
阿里云默认是开启了的。
- 安装k8s-21版本 #三台都需要执行此操作
查看kubeadm,kubectl,kubeadm 各版本包
yum list kubeadm --showduplicates | sort -r(倒序)
yum install kubeadm-1.21.14-0 kubelet-1.21.14-0 kubectl-1.21.14-0
版本要统一
rpm -qa | grep kube
kubelet-1.21.14-0.x86_64
kubeadm-1.21.14-0.x86_64
kubectl-1.21.14-0.x86_64
否则yum remove 重新装
systemctl start kubelet.service
systemctl enable kubelet.service
或者
systemctl start kubelet.service --now
- 查看k8s版本:
kubeadm version
- 查看k8s需要哪些镜像支持:
kubeadm config images list --kubernetes-version=v1.21.14
- 从docker拉取镜像
#三台都需要做
推荐:或者tar包
calico.tar k8simage.tar calico.yaml(钉钉有)
docker load -i calico.tar,k8simage.tar, calico.yaml
默认是拉取不了的,因为google访问不到
采取一些特殊手段:
使用脚本方式从阿里拉取:
cat k8s.rmi.sh
#!/bin/bash
echo "正在下载镜像中"
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.14
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.14
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.14
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.21.14
docker pull registry.aliyuncs.com/google_containers/pause:3.4.1
docker pull registry.aliyuncs.com/google_containers/etcd:3.4.14-0
docker pull coredns/coredns:1.8.0 #默认阿里是下载不到的需要从docker hub拉取
echo "正在更改镜像名"
docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.14 k8s.gcr.io/kube-apiserver:v1.21.14
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.14 k8s.gcr.io/kube-controller-manager:v1.21.14
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.14 k8s.gcr.io/kube-scheduler:v1.21.14
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.21.14 k8s.gcr.io/kube-proxy:v1.21.14
docker tag registry.aliyuncs.com/google_containers/pause:3.4.1 k8s.gcr.io/pause:3.4.1
docker tag registry.aliyuncs.com/google_containers/etcd:3.4.14-0 k8s.gcr.io/etcd:3.4.14-0
docker tag coredns/coredns:1.8.0 k8s.gcr.io/coredns/coredns:v1.8.0
echo "正在删除原始镜像"
docker rmi -f registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.14
docker rmi -f registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.14
docker rmi -f registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.14
docker rmi -f registry.aliyuncs.com/google_containers/kube-proxy:v1.21.14
docker rmi -f registry.aliyuncs.com/google_containers/pause:3.4.1
docker rmi -f registry.aliyuncs.com/google_containers/etcd:3.4.14-0
docker rmi -f coredns/coredns:1.8.0
给可执行权限:
chmod +x k8s.rmi.sh
./k8s.rmi.sh
刚刚说了有个镜像需要去dockerhub 拉取如果脚本拉取失败,请手动拉取
docker pull coredns/coredns
之后在执行脚本删除原始镜像
./k8s.rmi.sh
docker load -i k8simage.tar 上载docker镜像
拉取完成后查看是否拉取成功
docker images
因为下载的过程比较漫长另外两台建议打包,上载(有包可省略)
docker save -o k8s-21.tar k8s.gcr.io/kube-apiserver:v1.21.14 k8s.gcr.io/kube-proxy:v1.21.14 k8s.gcr.io/kube-controller-manager:v1.21.14 k8s.gcr.io/kube-scheduler:v1.21.14k8s.gcr.io/pause:3.4.1 k8s.gcr.io/coredns/coredns:v1.8.0 k8s.gcr.io/etcd:3.4.13-0
上传到其他两台主机:node1 node2
Scp k8simage.tar k8s-node1:/root/
scp k8simage.tar k8s-node2:/root/
上载:
docker load -ik8simage.tar #两台都需要执行
查看镜像是否上载:docker images
- 初始化k8s,添加网络
master:
kubeadm init --kubernetes-version=v1.21.14(可省略)--apiserver-advertise-address 192.168.3.10 --pod-network-cidr 10.224.0.0/16 --service-cidr 10.96.0.0/12
- 初始化完的操作
看到Your Kubernetes control-plane has initialized successfully!
说明初始化已经成功了!!!
Ip a
初始化完会推荐你执行下一步操作:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
临时加入环境变量:
export KUBECONFIG=/etc/kubernetes/admin.conf
永久加入环境变量:
vim /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
source /etc/profile
需要在三台添加端口
firewall-cmd --add-port=6443/tcp
firewall-cmd --add-port=6443/udp
firewall-cmd --add-port=6443/tcp --permanent
firewall-cmd --add-port=6443/udp --permanent
查看集群状态:
kubectl get cs
查看节点:
kubectl get nodes
(7)添加node节点到master #两台node都需要添加
kubeadm join 192.168.23.30:6443 --token mcgl6y.o06qk5badbrpery8 --discovery-token-ca-cert-hash sha256:157bb050e36c58ed7eb71b13e2683132b9c6b011b85283e78423ab66898540e9
#上面的串号是初始化完成后的信息去master初始化完成界面复制就好
- 添加支持网络 #默认node是没有网络的
也可以去官网下载:
Installing Addons | Kubernetes
master上执行:指定yaml文件
kubectl apply -f calico.yaml
查看集群状态:
kubectl get nodes
kubectl get cs
可能会出现不良现象Unhealthy如果出现执行以下操作
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
# - --port=0 #这行需要注释
vim /etc/kubernetes/manifests/kube-scheduler.yaml
# - --port=0
三台重启
systemctl restart kubelet
systemctl enable kubelet.service
现在在查看:
kubectl get cs
可以看到节点是健康的:
kubectl get nodes:
显示Ready成功(需要等待)
到了这里k8s集群就部署完成了