一、系统条件
CPU内存:2核4G
Linux:CentOS 8.0
Docker作为容器运行环境,推荐版本为Docker CE 18.09。
关闭防火墙及Selinux:确保master和Node的相互通信正常,禁用SELinux,让容器可以读取主机文件系统。
关闭防火墙:
# systemctl disable firewalld
# systemctl stop firewalld
禁用Selinux :
[root@VM-16-5-centos ~]# setenforce 0
setenforce: SELinux is disabled
[root@VM-16-5-centos ~]#
或修改系统文件/etc/sysconfig/selinux,将SELINUX=enforcing修改成SELINUX=disabled,然后重启Linux。
二、使用kubeadm工具快速安装Kubernetes集群
1、安装kubeadm和相关工具,Docker
配置yum源:
yum源的配置文件/etc/yum.repos.d/kubernetes.repo的内容如下
地址为:http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
运行yum install 安装kubeadm,kubectl,kubelet 工具
yum install -y kubelet kubectl kubeadm --disableexcludes=kubernetes
安装Docker
卸载旧版本(如果安装过的话)
yum remove docker docker-common docker-selinux docker-engine
安装需要的软件包, yum-util 提供yum-config-manager功能,另外两个是devicemapper驱动依赖的
yum install -y yum-utils device-mapper-persistent-data lvm2
设置docker 安装yum源:
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装docker:
yum install docker-ce -y
启动Docker服务(如果已安装Docker,则无须再次启动)和kubelet服务,并设置为开机自动启动:
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet
2、kubeadm config
kubeadm其控制面初始化和加入节点步骤都支持大量的可定制内容,因此kubeadm还提供了配置文件功能用于复杂定制。同时,kubeadm将配置文件以ConfigMap的形式保存到集群之中,便于后续的查询和升级工作。kubeadm config子命令提供了对这一组功能的支持:
◎ kubeadm config upload from-file:由配置文件上传到集群中生成ConfigMap。
◎ kubeadm config upload from-flags:由配置参数生成ConfigMap。
◎ kubeadm config view:查看当前集群中的配置值。
◎ kubeadm config print init-defaults:输出kubeadm init默认参数文件的内容。
◎ kubeadm config print join-defaults:输出kubeadm join默认参数文件的内容。
◎ kubeadm config migrate:在新旧版本之间进行配置转换。
◎ kubeadm config images list:列出所需的镜像列表。
◎ kubeadm config images pull:拉取镜像到本地。
执行kubeadm config print init-defaults,可以取得默认的初始化参数文件:
# kubeadm config print init-defaults >init.default.yaml
对生成的文件进行编辑,可以按需生成合适的配置。例如,若需要定制镜像仓库的地址,以及Pod的地址范围,则可以使用如下配置:
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
imageRepository: docker.io/dustise
kubernetesVersion: v1.14.0
networking:
podSubnet: "124.222.0.0/16"
将上面的内容保存为init-config.yaml备用
3、下载kuberneets的相关镜像
为了从国内的镜像托管站点获得镜像加速支持,建议修改Docker的配置文件,增加Registry Mirror参数,将镜像配置写入配置参数中,然后重启docker服务
echo '{"registry-mirrors":["https://registry.docker-cn.com"]}' > /etc/docker/daemon.json
systemctl restart docker
使用kubeadm config images pull子命令下载所需镜像:
kubeadm config images pull --config=init-config.yaml
提示如下错误:
your configuration file uses an old API spec: "kubeadm.k8s.io/v1beta1". Please use kubeadm v1.15 instead and run 'kubeadm config migrate --old-config old.yaml --new-config new.yaml', which will write the new, similar spec using a newer API version.
To see the stack trace of this error execute with --v=5 or higher
卸载已安装 再次安装对应版本
yum list |grep kube
yum remove kubeadm.x86_64 kubectl.x86_64 kubelet.x86_64
yum install -y kubelet-1.14.0 kubeadm-1.14.0 kubectl-1.14.0
再次执行j就可以正常pull镜像:
[root@VM-16-5-centos ~]# kubeadm config images pull --config=init-config.yaml
[config/images] Pulled docker.io/dustise/kube-apiserver:v1.14.0
[config/images] Pulled docker.io/dustise/kube-controller-manager:v1.14.0
[config/images] Pulled docker.io/dustise/kube-scheduler:v1.14.0
[config/images] Pulled docker.io/dustise/kube-proxy:v1.14.0
[config/images] Pulled docker.io/dustise/pause:3.1
[config/images] Pulled docker.io/dustise/etcd:3.3.10
[config/images] Pulled docker.io/dustise/coredns:1.3.1
[root@VM-16-5-centos ~]#
[root@VM-16-5-centos ~]#
[root@VM-16-5-centos ~]#
4、运行kubeadm init命令安装Master
准备工作已就绪,执行kubeadm init命令即可一键安装Kubernetes的Master。但是kubeadm的安装过程不涉及网络插件(CNI)的初始化,因此kubeadm初步安装完成的集群不具备网络功能,任何Pod包括自带的CoreDNS都无法正常工作,而网络插件的安装往往对kubeadm init命令的参数有一定的要求。例如,安装Calico插件时需要指定--pod-network-cidr=192.168.0.0/16,详情可参考https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network。
使用kubeadm init命令,使用前面创建的配置文件进行集群控制面的初始化:
kubeadm init --config=init-config.yaml
提示如下:错误信息[ERROR Port-10250]: Port 10250 is in use。
[root@VM-16-5-centos ~]# kubeadm init --config=init-config.yaml
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING FileExisting-tc]: tc not found in system path
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.14. Latest validated version: 18.09
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR Port-10250]: Port 10250 is in use
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
[root@VM-16-5-centos ~]#
解决方法 忽略错误:
执行下方命令初始化成功:
kubeadm init --config=init-config.yaml --experimental-upload-certs --ignore-preflight-errors=Port-10250,DirAvailable--var-lib-etcd
kubeadm init命令执行完成后的最后几行提示信息,其中包含加入节点的指令(kubeadm join)和所需的Token,如下所示。
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.16.5:6443 --token pbp51i.4pu3n3ugnqbnl569 \
--discovery-token-ca-cert-hash sha256:f8dff79dd797601bb46123478a42fa6f51316ac32581819d5e2fd09bce556cad
[root@VM-16-5-centos ~]#
按照提示执行下方命令,复制配置文件到普通用户的home目录下:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
这样就在Master上安装了Kubernetes,但在集群内还是没有可用的工作Node,并缺乏对容器网络的配置。
此时可以用kubectl命令验证在2.2.2节中提到的ConfigMap:可以看到其中生成了名为kubeadm-config的ConfigMap对象。
[root@VM-16-5-centos ~]# kubectl get -n kube-system configmap
NAME DATA AGE
coredns 1 6m27s
extension-apiserver-authentication 6 6m31s
kube-proxy 2 6m26s
kubeadm-config 2 6m28s
kubelet-config-1.14 1 6m28s
[root@VM-16-5-centos ~]#
5、安装Node,加入集群
对于新节点的添加,系统准备和Kubernetes yum源的配置过程是一致的,在Node主机上执行下面的安装过程
(1)Node节点主机上安装docker及kubeadm相关工具,可参考上述Master安装过程:
vim /etc/yum.repos.d/kubernetes.repo 配置yum源 :
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
yum install -y kubelet-1.14.0 kubeadm-1.14.0 kubectl-1.14.0
yum install -y yum-utils device-mapper-persistent-data lvm2
systemctl disable firewalld
systemctl stop firewalld
setenforce 0
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce -y
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet
(2)为kubeadm命令生成配置文件。创建文件join-config.yaml:
apiVersion: kubeadm.k8s.io/v1beta1
kind: JoinConfiguration
discovery:
bootstrapToken:
apiServerEndpoint: 10.0.16.5:6443
token: pbp51i.4pu3n3ugnqbnl569
unsafeSkipCAVerification: true
tlsBootstrapToken: pbp51i.4pu3n3ugnqbnl569
其中,apiServerEndpoint的值来自Master服务器的地址,token和tlsBootstrapToken的值就来自于使用kubeadm init安装Master的最后一行提示信息。
(3)执行kubeadm join命令,将本Node加入集群:
kubeadm join --config=join-config.yaml
6 安装网络插件
执行kubectl get nodes命令,会发现Kubernetes提示Master为NotReady状态,这是因为还没有安装CNI网络插件:
[root@VM-16-5-centos ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
vm-16-5-centos NotReady master 45h v1.14.0
对于CNI网络插件,可以有许多选择,请参考https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network的说明。
例如,选择weave插件,执行下面的命令即可一键完成安装
[root@VM-16-5-centos ~]# kubectl apply -f "http://cloud.weave.works/k8s/net?k8s-version=$(kubectl version |base64 |tr -d '\n')"
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.apps/weave-net created
[root@VM-16-5-centos ~]#
7、验证Kubernetes集群是否安装完成
执行下面的命令,验证Kubernetes集群的相关Pod是否都正常创建并运行
[root@VM-16-5-centos ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6897bd7b5-5ljd4 0/1 Pending 0 46h
kube-system coredns-6897bd7b5-msgr4 0/1 Pending 0 46h
kube-system etcd-vm-16-5-centos 1/1 Running 1 46h
kube-system kube-apiserver-vm-16-5-centos 1/1 Running 1 46h
kube-system kube-controller-manager-vm-16-5-centos 1/1 Running 1 46h
kube-system kube-proxy-tck2k 1/1 Running 1 46h
kube-system kube-scheduler-vm-16-5-centos 1/1 Running 1 46h
kube-system weave-net-kv7c6 0/2 Init:0/1 0 88s
至此,通过kubeadm工具就实现了Kubernetes集群的快速搭建。如果安装失败,则可以执行kubeadm reset命令将主机恢复原状,重新执行kubeadm init命令,再次进行安装。