1. 前期准备
Master节点和Node节点都需要配置这些准备
1.1 安装docker
删除原先docker
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
安装依赖
sudo yum update -y && sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
添加官方yum库
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
安装docker
sudo yum install docker-ce docker-ce-cli containerd.io
开机自启
systemctl enable --now docker
1.2 修改docker cgroup驱动
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
重启生效
systemctl restart docker
1.3 更换kubernates源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
关闭SElinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
1.4 安装kubelet kubeadm kubectl
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
开机自启kubelet
systemctl enable --now kubelet
1.5 设置路由
yum install -y bridge-utils.x86_64
加载br_netfilter模块
modprobe br_netfilter
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
重新加载所有配置
sysctl --system
关闭防火墙
systemctl disable --now firewalld
systemctl daemon-reload
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
k8s要求关闭swap
# 关闭swap
swapoff -a && sysctl -w vm.swappiness=0
# 取消开机挂载
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
2. 配置Master和Node端
2.1 Master端拉取集群所需镜像
需要翻墙
kubeadm config images pull
不翻墙可以尝试下列方法
- 列出所需镜像
kubeadm config images list
-
根据所需镜像名字先拉取国内资源
docker pull mirrorgooglecontainers/kube-apiserver:v1.14.1 docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.1 docker pull mirrorgooglecontainers/kube-scheduler:v1.14.1 docker pull mirrorgooglecontainers/kube-proxy:v1.14.1 docker pull mirrorgooglecontainers/pause:3.1 docker pull mirrorgooglecontainers/etcd:3.3.10 docker pull coredns/coredns:1.3.1
-
修改镜像tag
docker tag mirrorgooglecontainers/kube-apiserver:v1.14.1 k8s.gcr.io/kube-apiserver:v1.14.1
docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.1 k8s.gcr.io/kube-controller-manager:v1.14.1
docker tag mirrorgooglecontainers/kube-scheduler:v1.14.1 k8s.gcr.io/kube-scheduler:v1.14.1
docker tag mirrorgooglecontainers/kube-proxy:v1.14.1 k8s.gcr.io/kube-proxy:v1.14.1
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
- 删除原来镜像
docker rmi mirrorgooglecontainers/kube-apiserver:v1.14.1
docker rmi mirrorgooglecontainers/kube-controller-manager:v1.14.1
docker rmi mirrorgooglecontainers/kube-scheduler:v1.14.1
docker rmi mirrorgooglecontainers/kube-proxy:v1.14.1
docker rmi mirrorgooglecontainers/pause:3.1
docker rmi mirrorgooglecontainers/etcd:3.3.10
docker rmi coredns/coredns:1.3.1
2.2 Node拉取所需镜像
需要翻墙
kubeadm config images pull
不需要翻墙的安装方式与上面一样
3. 创建集群
使用kubeadm创建集群,这是在Master节点中需要执行的(至少是2核)
- –apiserver-advertise-address 是你本机的ip地址
- –pod-network-cidr 指定pod网络子网,使用fannel网络必须使用这个CIDR,不用改
kubeadm init --apiserver-advertise-address 108.61.187.245 --pod-network-cidr 10.244.0.0/16
创建成功后会提示你成功,这时要记录token
,我们后面将其他节点加入到该集群中需要使用到它
注意 :如果出现 Error writing Crisocket information for the control-plane node: timed out waiting for the condition
重启 kubeadm
然后再执行init
sudo kubeadm reset
设置权限(一条条执行)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
应用flannel网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
4. Node节点加入集群
这句话其实就是Master节点执行kubeadm init
成功之后输出的最后一句话,我们拿到Node节点中直接执行即可
kubeadm join 108.61.187.245:6443 --token t0dx7r.jjmf3pnmwj3shbc6 \
--discovery-token-ca-cert-hash sha256:794376ec13c98bdc0aa0c2f762a4a0864079638eb4665f9397ee68c0187e800b
当看到下面这句话就说明加入成功了
5. 查看节点状态
回到Maser节点,运行下面命令
获取namespace信息
kubectl get namespace
查看pod状态
kubectl get pods --all-namespaces
查看有多少个节点
kubectl get nodes
查看kubelet进程日志
journalctl -f -u kubelet
查看所有的token
kubeadm token list
创建新的token
kubeadm token create