备忘,将之前总结的本地安装手册搬到博客
准备工作
关掉selinux
vi /etc/selinux/config
disabled
关掉firewalld,iptables
systemctl disable firewalld
systemctl stop firewalld
systemctl disable iptables
systemctl stop iptables
(以下可选,非必须)
设置主机名
hostnamectl set-hostname k8s-1
修改/etc/hosts文件
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.105 k8s-1
192.168.0.106 k8s-2
192.168.0.107 k8s-3
修改网络配置成静态ip,然后
Service network restart
安装docker,kubectl,kubelet,kubeadm
安装docker
安装
yum install docker
验证
[root@k8s-master1 ~]# service docker start
Redirecting to /bin/systemctl start docker.service
[root@k8s-master1 ~]# docker version
Client:
Version: 1.12.6
API version: 1.24
Package version: docker-1.12.6-61.git85d7426.el7.centos.x86_64
Go version: go1.8.3
Git commit: 85d7426/1.12.6
Built: Tue Oct 24 15:40:21 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Package version: docker-1.12.6-61.git85d7426.el7.centos.x86_64
Go version: go1.8.3
Git commit: 85d7426/1.12.6
Built: Tue Oct 24 15:40:21 2017
OS/Arch: linux/amd64
设置开机启动
[root@k8s-master1 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@k8s-master1 ~]# systemctl start docker
安装kubelet,kubectl,kubenetes-cni,kubeadm
编辑生成kubernetes的yum源
[root@k8s-1 network-scripts]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
安装
yum install kubectl kubelet kubernetes-cni kubeadm
sysctl net.bridge.bridge-nf-call-iptables=1
修改kubelet启动配置文件,主要是将–cgroup-driver改为cgroupfs(确保和/usr/lib/systemd/system/docker.service的用户一致就可以了,不需要修改!)
[root@k8s-1 bin]# cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--kubeconfig=/etc/kubernetes/kubelet.conf --require-kubeconfig=true"
Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true"
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local"
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CGROUP_ARGS $KUBELET_EXTRA_ARGS
启动docker和kubelet
systemctl enable docker
systemctl enable kubelet
systemctl start docker
systemctl start kubelet
下载镜像
国内因为gcr.io被墙,所以要么通过代理翻墙获取,要么从其他仓库获取镜像
1. 配置代理
创建配置文件:
mkdir -p /etc/systemd/system/docker.service.d
vim /etc/systemd/system/docker.service.d/http-proxy.conf
内容如下:
[Service]
Environment="HTTP_PROXY=http://代理ip:端口/"
重启:
systemctl daemon-reload
systemctl restart docker
查看变量是否生效:
systemctl show docker --property Environment
2. 偷梁换柱
如果代理不可用的话,把上面的配置注释掉,然后用如下脚本去pull镜像
docker pull mirrorgooglecontainers/kube-apiserver:v1.16.2
docker pull mirrorgooglecontainers/kube-controller-manager:v1.16.2
docker pull mirrorgooglecontainers/kube-scheduler:v1.16.2
docker pull mirrorgooglecontainers/kube-proxy:v1.16.2
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd: 3.3.15
docker pull coredns/coredns:1.6.2
docker pull quay.io/coreos/flannel:v0.11.0-amd64
镜像下载完以后再修改tag
docker tag mirrorgooglecontainers/kube-apiserver:v1.16.2 k8s.gcr.io/kube-apiserver:v1.16.2
docker tag mirrorgooglecontainers/kube-controller-manager:v1.16.2 k8s.gcr.io/kube-controller-manager:v1.16.2
docker tag mirrorgooglecontainers/kube-scheduler:v1.16.2 k8s.gcr.io/kube-scheduler:v1.16.2
docker tag mirrorgooglecontainers/etcd:3.3.15 k8s.gcr.io/etcd:3.3.15
docker tag coredns/coredns:1.6.2 k8s.gcr.io/coredns:1.6.2
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/kube-proxy:v1.16.2 k8s.gcr.io/kube-proxy:v1.16.2
之后将多余的TAG 删除掉,最后验证images 是否pull成功
通过kubeadm部署k8s
默认是不支持swap的所以需要再kubelet里面修改配置
vi /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false --read-only-port=10255
执行kubeadm命令初始化K8s
(注意保存此时执行的log中kubeadm join的信息,之后node节点需要执行此命令加入集群
如忘记执行kubeadm token create --print-join-command --ttl 0 重新生成token)
kubeadm init --kubernetes-version=v1.16.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
结束后 执行
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
安装flannel网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
添加node到集群
kubernetes源跟docker源参照master,docker.service跟/etc/sysconfig/kubelet配置参照master
先下载镜像
docker pull mirrorgooglecontainers/kube-proxy:v1.16.2
docker pull mirrorgooglecontainers/pause:3.1
docker pull quay.io/coreos/flannel: v0.11.0-amd64
然后修改TAG
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/kube-proxy:v1.16.2 k8s.gcr.io/kube-proxy:v1.16.2
在node 节点执行下面命令加入集群
(这一串字符在主节点部署完的时候会有,记得保存方便后续添加节点)
kubeadm join 192.168.83.112:6443 --token 0mccze.xwvw3o5n3zbypb8q --discovery-token-ca-cert-hash sha256:dd129a36df0a5160aa4f6d5cc3a347712cf239c70bdde8b6906e0ec42815aea0 --ignore-preflight-errors=Swap
检查集群状态是否正常
安装一个dashborad