目录
- 一.环境说明
- 二.生成秘钥,使所有主机能够免密码登录
- 三.添加阿里云yum源,并安装ansible自动化管理工具
- 四.生成ansible的hosts文件
- 五.关闭防火墙、selinux
- 六.修改主机名
- 七.添加本地/etc/hosts/文件
- 八.同步所有主机的yum源
- 九.修改内核参数,并关闭swap分区
- 十.配置docker加速镜像地址
- 十一.安装keepalived、kubeadm-1.16.0、kubectl-1.16.0、kubelet-1.16.0、docker-ce-18.06.1.ce-3.el7
- 十二.使用kubeadm初始化kubernetes集群
- 十三.其他master加入集群
- 十四.node节点加入集群
- 十五.添加flannel网络
- 十六.master去污点
一.环境说明
一.环境说明
操作系统:centos7
kubernetes:16.0
docker:18.06
主机名 | IP地址 | 类型 |
---|---|---|
master-1 | 192.168.1.181 | masters |
master-2 | 192.168.1.182 | masters |
master-3 | 192.168.1.183 | masters |
node-1 | 192.168.1.184 | nodes |
node-2 | 192.168.1.185 | nodes |
node-3 | 192.168.1.186 | nodes |
vip | 192.168.1.180 | vips |
以下操作若无特别说明,默认在master-1上执行
二.生成秘钥,使所有主机能够免密码登录
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:2iC7vtK7x1XEdXhvQMhHTAJ/4XfP1WyFGfID5siGKA0 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| E ..+*BB+.|
| o . oo=+BBoo|
| . o ..+ oo=oB|
| . .. . =*|
| . . S. .o|
| o +. |
| ...... |
| . ..o |
| o*= |
+----[SHA256]-----+
## 发送公钥到各个节点,实现免密码登陆
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.1.181:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.181 (192.168.1.181)' can't be established.
ECDSA key fingerprint is SHA256:ouDBNSO0P+fR3kL+QIpSw6A6uHZa4JF+REA2+30yAgE.
ECDSA key fingerprint is MD5:db:eb:bb:8c:b2:fb:6e:70:49:19:87:99:d8:58:3a:78.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.181's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.1.181'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.1.182:
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.1.183:
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.1.184:
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.1.185:
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.1.186:
三.添加阿里云yum源,并安装ansible自动化管理工具
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo && yum -y install ansible
四.生成ansible的hosts文件
[root@localhost ~]# cat >/etc/ansible/hosts <<EOF
[masters]
master-1 ansible_ssh_host="192.168.1.181"
master-2 ansible_ssh_host="192.168.1.182"
master-3 ansible_ssh_host="192.168.1.183 "
[nodes]
node-1 ansible_ssh_host="192.168.1.184"
node-2 ansible_ssh_host="192.168.1.185"
node-3 ansible_ssh_host="192.168.1.186"
EOF
五.关闭防火墙、selinux
[root@master-1 ~]# ansible all -m shell -a "setenforce 0 && systemctl stop firewalld && systemctl disable firewalld&& sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux"
六.修改主机名
[root@localhost ~]# ansible master-1 -m shell -a "hostnamectl set-hostname master-1"
[root@localhost ~]# ansible master-2 -m shell -a "hostnamectl set-hostname master-2"
[root@localhost ~]# ansible master-3 -m shell -a "hostnamectl set-hostname master-3"
[root@localhost ~]# ansible node-1 -m shell -a "hostnamectl set-hostname node-1 "
[root@localhost ~]# ansible node-2 -m shell -a "hostnamectl set-hostname node-2 "
[root@localhost ~]# ansible node-3 -m shell -a "hostnamectl set-hostname node-3"
七.添加本地/etc/hosts/文件
[root@master-1 ~]# ansible all -m shell -a "echo '192.168.1.180 vip'>> /etc/hosts "
[root@master-1 ~]# ansible all -m shell -a "echo '192.168.1.181 master-1'>> /etc/hosts "
[root@master-1 ~]# ansible all -m shell -a "echo '192.168.1.182 master-1'>> /etc/hosts "
[root@master-1 ~]# ansible all -m shell -a "echo '192.168.1.183 master-1'>> /etc/hosts "
[root@master-1 ~]# ansible all -m shell -a "echo '192.168.1.186 node-3'>> /etc/hosts "
[root@master-1 ~]# ansible all -m shell -a "echo '192.168.1.184 node-2'>> /etc/hosts "
[root@master-1 ~]# ansible all -m shell -a "echo '192.168.1.185 node-1'>> /etc/hosts "
##查看/etc/hosts文件是否正确
[root@master-1 ~]# ansible all -m shell -a "cat /etc/hosts "
八.同步所有主机的yum源
## 安装基础命令
[root@master-1 ~]# ansible all -m shell -a "yum install yum-utils device-mapper-persistent-data lvm2 vim wget yum-utils lrzsz lsof -y "
## 配置docker、kubernetes阿里云yum源
[root@master-1 ~]# curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@master-1~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF
[root@master-1 ~]# curl -o /tmp/rpm-package-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@master-1 ~]# ansible all -m copy -a "src=/tmp/rpm-package-key.gpg dest=/tmp/rpm-package-key.gpg"
[root@master-1 ~]# ansible all -m copy -a "src=/etc/yum.repos.d/docker-ce.repo dest=/etc/yum.repos.d/docker-ce.repo"
[root@master-1 ~]# ansible all -m copy -a "src=/etc/yum.repos.d/kubernetes.repo dest=/etc/yum.repos.d/kubernetes.repo"
九.修改内核参数,并关闭swap分区
[root@master-1 ~]#
[root@master-1 ~]# cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[root@master-1 ~]# ansible all -m copy -a "src=/etc/sysctl.d/k8s.conf dest=/etc/sysctl.d/k8s.conf"
[root@master-1 ~]# ansible all -m shell -a "modprobe br_netfilter && sysctl -p /etc/sysctl.d/k8s.conf"
## 关闭swap分区
[root@master-1 ~]# ansible all -m shell -a "sed -i '/swap/ s/^/#/' /etc/fstab && swapoff -a"
十.配置docker加速镜像地址
[root@master-1 ~]# ansible all -m shell -a "mkdir -p /etc/docker &&mkdir -p /etc/systemd/system/docker.service.d"
[root@master-1 ~]# cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"registry-mirrors": ["https://v2ltjwbg.mirror.aliyuncs.com"]
}
EOF
[root@master-1 ~]# ansible all -m copy -a "src=/etc/docker/daemon.json dest=/etc/docker/daemon.json"
十一.安装keepalived、kubeadm-1.16.0、kubectl-1.16.0、kubelet-1.16.0、docker-ce-18.06.1.ce-3.el7
[root@master-1 ~]# vip="192.168.1.180"
[root@master-1 ~]# masters="masters"
[root@master-1 ~]# ansible ${masters} -m shell -a "yum -y install keepalived kubeadm-1.16.0 kubectl-1.16.0 kubelet-1.16.0 docker-ce-18.06.1.ce-3.el7 "
[root@master-1 ~]# ansible ${masters} -m shell -a "mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak"
[root@master-1 ~]# virtual_router_id="140"
[root@master-1 ~]# cat <<EOF > /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id HOSTNAME #主调度器的主机名
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id ${virtual_router_id}
nopreempt
priority priority_mun
advert_int 1
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
${vip} #VIP地址声明
}
}
EOF
[root@master-1 ~]# ansible ${masters} -m copy -a "src=/etc/keepalived/keepalived.conf dest=/etc/keepalived/keepalived.conf"
[root@master-1 ~]# sed -i 's/BACKUP/MASTER/g' /etc/keepalived/keepalived.conf
[root@master-1 ~]# priority_mun="90"
[root@master-1 ~]# ip="192.168.1.181"
[root@master-1 ~]# hostname=$(ssh -p22 ${ip} "hostname")
[root@master-1 ~]# ssh -p22 ${ip} "sed -i 's/priority_mun/${priority_mun}/g' /etc/keepalived/keepalived.conf"
[root@master-1 ~]# ssh -p22 ${ip} "sed -i 's/HOSTNAME/${hostname}/g' /etc/keepalived/keepalived.conf"
[root@master-1 ~]# priority_mun=$(( $priority_mun + 15 ))
[root@master-1 ~]# ip="192.168.1.182"
[root@master-1 ~]# hostname=$(ssh -p22 ${ip} "hostname")
[root@master-1 ~]# ssh -p22 ${ip} "sed -i 's/priority_mun/${priority_mun}/g' /etc/keepalived/keepalived.conf"
[root@master-1 ~]# ssh -p22 ${ip} "sed -i 's/HOSTNAME/${hostname}/g' /etc/keepalived/keepalived.conf"
[root@master-1 ~]# priority_mun=$(( $priority_mun + 15 ))
[root@master-1 ~]# ip="192.168.1.183"
[root@master-1 ~]# hostname=$(ssh -p22 ${ip} "hostname")
[root@master-1 ~]# ssh -p22 ${ip} "sed -i 's/priority_mun/${priority_mun}/g' /etc/keepalived/keepalived.conf"
[root@master-1 ~]# ssh -p22 ${ip} "sed -i 's/HOSTNAME/${hostname}/g' /etc/keepalived/keepalived.conf"
[root@master-1 ~]# ansible masters -m shell -a "systemctl enable keepalived && systemctl start keepalived"
[root@master-1 ~]# ansible all -m shell -a "systemctl enable docker kubelet && systemctl start docker kubelet"
十二.使用kubeadm初始化kubernetes集群
[root@master-1 ~]# cat <<EOF > /etc/kubernetes/kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: stable
apiServer:
certSANs:
- "${vip}" #请求改为你的vip地址
controlPlaneEndpoint: "${vip}:6443" #请求改为你的vip地址
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"
serviceSubnet: 10.96.0.0/12
EOF
## 初始化kubernetes集群
[root@master-1 ~]# kubeadm init --config /etc/kubernetes/kubeadm.yaml
W1021 23:26:53.008747 22742 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable.txt": Get https://dl.k8s.io/release/stable.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W1021 23:26:53.009179 22742 version.go:102] falling back to the local client version: v1.16.0
[init] Using Kubernetes version: v1.16.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [master-1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.1.181 192.168.1.180 192.168.1.180]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [master-1 localhost] and IPs [192.168.1.181 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [master-1 localhost] and IPs [192.168.1.181 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 38.505409 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.16" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master-1 as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node master-1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 9fsbcu.dzf3ac971y86it9p
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join 192.168.1.180:6443 --token 9fsbcu.dzf3ac971y86it9p \
--discovery-token-ca-cert-hash sha256:736da2c4da8d3df65057740f3c51808e7613d5670cd0b4c63bbbfffaa56f3a0b \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.1.180:6443 --token 9fsbcu.dzf3ac971y86it9p \
--discovery-token-ca-cert-hash sha256:736da2c4da8d3df65057740f3c51808e7613d5670cd0b4c63bbbfffaa56f3a0b
##这里我们看到的集群ip地址为:192.168.1.180,这是keepalived产生的虚拟ip
[root@master-1 ~]# mkdir -p $HOME/.kube
[root@master-1 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master-1 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 查看集群,状态为NotReady,这是因为我们没有添加网络插件,这里选择flannel网络,后面再添加;
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 NotReady master 3m58s v1.16.0
十三.其他master加入集群
## 输出秘钥
[root@master-1 ~]# ssh 192.168.1.182 "mkdir -p /etc/kubernetes/pki/etcd/"
[root@master-1 ~]# ssh 192.168.1.183 "mkdir -p /etc/kubernetes/pki/etcd/"
## master-2
[root@master-1 ~]# scp -r /etc/kubernetes/admin.conf 192.168.1.182:/etc/kubernetes/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/ca* 192.168.1.182:/etc/kubernetes/pki/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/sa* 192.168.1.182:/etc/kubernetes/pki/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/front* 192.168.1.182:/etc/kubernetes/pki/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/etcd/ca* 192.168.1.182:/etc/kubernetes/pki/etcd/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/etcd/ser* 192.168.1.182:/etc/kubernetes/pki/etcd/
## master-3
[root@master-1 ~]# scp -r /etc/kubernetes/admin.conf 192.168.1.183:/etc/kubernetes/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/ca* 192.168.1.183:/etc/kubernetes/pki/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/sa* 192.168.1.183:/etc/kubernetes/pki/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/front* 192.168.1.183:/etc/kubernetes/pki/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/etcd/ca* 192.168.1.183:/etc/kubernetes/pki/etcd/
[root@master-1 ~]# scp -r /etc/kubernetes/pki/etcd/ser* 192.168.1.183:/etc/kubernetes/pki/etcd/
## 加入master集群
###获取token值
[root@master-1 ~]# kubeadm token list | awk '{print $1}' | sed "1d"
9fsbcu.dzf3ac971y86it9p
[root@master-1 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
sha256:736da2c4da8d3df65057740f3c51808e7613d5670cd0b4c63bbbfffaa56f3a0b
## master-2加入到masters
[root@master-2 ~]# kubeadm join 192.168.1.180:6443 --token 9fsbcu.dzf3ac971y86it9p \
--discovery-token-ca-cert-hash sha256:736da2c4da8d3df65057740f3c51808e7613d5670cd0b4c63bbbfffaa56f3a0b \
--control-plane
[root@master-2 ~]# mkdir -p $HOME/.kube
[root@master-2 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master-2 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
## master-3加入到masters
[root@master-3 ~]# kubeadm join 192.168.1.180:6443 --token 9fsbcu.dzf3ac971y86it9p \
--discovery-token-ca-cert-hash sha256:736da2c4da8d3df65057740f3c51808e7613d5670cd0b4c63bbbfffaa56f3a0b \
--control-plane
[root@master-3 ~]# mkdir -p $HOME/.kube
[root@master-3 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master-3 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
十四.node节点加入集群
[root@node-1 ~]# kubeadm join 192.168.1.180:6443 --token 9fsbcu.dzf3ac971y86it9p \
--discovery-token-ca-cert-hash sha256:736da2c4da8d3df65057740f3c51808e7613d5670cd0b4c63bbbfffaa56f3a0b
[root@node-2 ~]# kubeadm join 192.168.1.180:6443 --token 9fsbcu.dzf3ac971y86it9p \
--discovery-token-ca-cert-hash sha256:736da2c4da8d3df65057740f3c51808e7613d5670cd0b4c63bbbfffaa56f3a0b
[root@node-3 ~]# kubeadm join 192.168.1.180:6443 --token 9fsbcu.dzf3ac971y86it9p \
--discovery-token-ca-cert-hash sha256:736da2c4da8d3df65057740f3c51808e7613d5670cd0b4c63bbbfffaa56f3a0b
十五.添加flannel网络
[root@master-1 ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
## 查看集群kubectl get node
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 NotReady master 17m v1.16.0
master-2 NotReady master 8m40s v1.16.0
master-3 NotReady master 6m19s v1.16.0
node-1 NotReady <none> 5m57s v1.16.0
node-2 NotReady <none> 5m43s v1.16.0
node-3 NotReady <none> 5m51s v1.16.0
十六.master去污点
## 这里发现coredns的状态为Pending,并且kube-flannel-ds-amd64的状态也不是为running
[root@master-1 ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-67c766df46-hn9fp 0/1 Pending 0 17m
coredns-67c766df46-t99xw 0/1 Pending 0 17m
etcd-master-1 1/1 Running 2 16m
etcd-master-2 1/1 Running 0 9m10s
etcd-master-3 1/1 Running 0 6m48s
kube-apiserver-master-1 1/1 Running 1 16m
kube-apiserver-master-2 1/1 Running 0 9m10s
kube-apiserver-master-3 1/1 Running 0 6m48s
kube-controller-manager-master-1 1/1 Running 2 16m
kube-controller-manager-master-2 1/1 Running 1 9m10s
kube-controller-manager-master-3 1/1 Running 0 6m48s
kube-flannel-ds-amd64-8df8p 0/1 Init:0/1 0 6s
kube-flannel-ds-amd64-8jnmv 0/1 Init:0/1 0 6s
kube-flannel-ds-amd64-ctpm6 0/1 Init:0/1 0 6s
kube-flannel-ds-amd64-g64k5 0/1 Init:0/1 0 6s
kube-flannel-ds-amd64-qxqdc 0/1 Init:0/1 0 6s
kube-flannel-ds-amd64-t6cxp 0/1 Init:0/1 0 6s
kube-proxy-78xp8 1/1 Running 0 6m13s
kube-proxy-8qqck 1/1 Running 0 6m21s
kube-proxy-hmznl 1/1 Running 0 6m27s
kube-proxy-lwtsq 1/1 Running 1 17m
kube-proxy-rdktz 1/1 Running 0 6m49s
kube-proxy-wqq88 1/1 Running 0 9m10s
kube-scheduler-master-1 1/1 Running 2 16m
kube-scheduler-master-2 1/1 Running 1 9m10s
kube-scheduler-master-3 1/1 Running 0 6m48s
## 使用kubectl describe pod xxxx -n kube-system命令排查,发现had taints that the pod didn't tolerate.
[root@master-1 ~]# kubectl describe pod coredns-67c766df46-hn9fp -n kube-system | tail -n 10
Warning FailedScheduling <unknown> default-scheduler 0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate.
Warning FailedScheduling <unknown> default-scheduler 0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate.
Warning FailedScheduling <unknown> default-scheduler 0/2 nodes are available: 2 node(s) had taints that the pod didn't tolerate.
Warning FailedScheduling <unknown> default-scheduler 0/2 nodes are available: 2 node(s) had taints that the pod didn't tolerate.
Warning FailedScheduling <unknown> default-scheduler 0/3 nodes are available: 3 node(s) had taints that the pod didn't tolerate.
Warning FailedScheduling <unknown> default-scheduler 0/4 nodes are available: 4 node(s) had taints that the pod didn't tolerate.
Warning FailedScheduling <unknown> default-scheduler 0/5 nodes are available: 5 node(s) had taints that the pod didn't tolerate.
Warning FailedScheduling <unknown> default-scheduler 0/6 nodes are available: 6 node(s) had taints that the pod didn't tolerate.
Warning FailedScheduling <unknown> default-scheduler 0/6 nodes are available: 6 node(s) had taints that the pod didn't tolerate.
## 发现master节点是不可调度的。这是因为kubernetes出于安全考虑默认情况下无法在master节点上部署pod
[root@master-1 ~]# kubectl get no -o yaml | grep taint -A 5
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node.kubernetes.io/not-ready
status:
--
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node.kubernetes.io/not-ready
status:
--
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node.kubernetes.io/not-ready
status:
--
taints:
- effect: NoSchedule
key: node.kubernetes.io/not-ready
status:
addresses:
- address: 192.168.1.184
--
taints:
- effect: NoSchedule
key: node.kubernetes.io/not-ready
status:
addresses:
- address: 192.168.1.185
--
taints:
- effect: NoSchedule
key: node.kubernetes.io/not-ready
status:
addresses:
- address: 192.168.1.186
## 去污操作
[root@master-1 ~]# kubectl taint nodes --all node-role.kubernetes.io/master-
## 稍等一会,再次查看集群信息,STATUS状态为Ready则表示集群环境搭建成功
[root@master-1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 17m v1.16.0
master-2 Ready master 8m40s v1.16.0
master-3 Ready master 6m19s v1.16.0
node-1 Ready <none> 5m57s v1.16.0
node-2 Ready <none> 5m43s v1.16.0
node-3 Ready <none> 5m51s v1.16.0
flannel镜像pull失败
[root@master-1 ~]# kubectl describe pod kube-flannel-ds-amd64-kwjxv -n kube-system | tail -n 10
Normal Scheduled <unknown> default-scheduler Successfully assigned kube-system/kube-flannel-ds-amd64-kwjxv to master-1
Warning Failed 23m kubelet, master-1 Failed to pull image "quay.io/coreos/flannel:v0.11.0-amd64": rpc error: code = Unknown desc = Error response from daemon: Get https://quay.io/v2/coreos/flannel/manifests/v0.11.0-amd64: read tcp 192.168.1.181:33496->54.225.149.151:443: read: connection timed out
Normal Pulling 22m (x4 over 36m) kubelet, master-1 Pulling image "quay.io/coreos/flannel:v0.11.0-amd64"
Warning Failed 20m (x4 over 31m) kubelet, master-1 Error: ErrImagePull
Warning Failed 9m41s (x5 over 31m) kubelet, master-1 Failed to pull image "quay.io/coreos/flannel:v0.11.0-amd64": rpc error: code = Unknown desc = context canceled
Normal BackOff 5m26s (x42 over 31m) kubelet, master-1 Back-off pulling image "quay.io/coreos/flannel:v0.11.0-amd64"
Warning Failed 36s (x62 over 31m) kubelet, master-1 Error: ImagePullBackOff
## 手动pull镜像
[root@master-1 ~]# docker pull quay.io/coreos/flannel:v0.11.0-amd64
v0.11.0-amd64: Pulling from coreos/flannel
cd784148e348: Pull complete
04ac94e9255c: Pull complete
e10b013543eb: Pull complete
005e31e443b1: Pull complete
74f794f05817: Pull complete
Digest: sha256:7806805c93b20a168d0bbbd25c6a213f00ac58a511c47e8fa6409543528a204e
Status: Downloaded newer image for quay.io/coreos/flannel:v0.11.0-amd64
再次查看pod
[root@master-1 ~]# kubectl get po --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-67c766df46-qbvp4 1/1 Running 0 67m
kube-system coredns-67c766df46-qrdhz 1/1 Running 0 67m
kube-system etcd-master-1 1/1 Running 0 66m
kube-system etcd-master-2 1/1 Running 0 65m
kube-system etcd-master-3 1/1 Running 0 58m
kube-system kube-apiserver-master-1 1/1 Running 0 67m
kube-system kube-apiserver-master-2 1/1 Running 0 65m
kube-system kube-apiserver-master-3 1/1 Running 0 58m
kube-system kube-controller-manager-master-1 1/1 Running 2 66m
kube-system kube-controller-manager-master-2 1/1 Running 0 65m
kube-system kube-controller-manager-master-3 1/1 Running 1 58m
kube-system kube-flannel-ds-amd64-645cv 1/1 Running 0 55m
kube-system kube-flannel-ds-amd64-92cdd 1/1 Running 0 55m
kube-system kube-flannel-ds-amd64-gmsjj 1/1 Running 0 55m
kube-system kube-flannel-ds-amd64-kwjxv 1/1 Running 0 55m
kube-system kube-flannel-ds-amd64-lft5p 1/1 Running 0 55m
kube-system kube-flannel-ds-amd64-lxh2b 1/1 Running 0 55m
kube-system kube-proxy-7qwvv 1/1 Running 0 58m
kube-system kube-proxy-8sbl9 1/1 Running 0 67m
kube-system kube-proxy-nn5ms 1/1 Running 0 58m
kube-system kube-proxy-vbmhc 1/1 Running 0 65m
kube-system kube-proxy-x9rr9 1/1 Running 0 57m
kube-system kube-proxy-xtt2p 1/1 Running 0 57m
kube-system kube-scheduler-master-1 1/1 Running 1 66m
kube-system kube-scheduler-master-2 1/1 Running 2 65m
kube-system kube-scheduler-master-3 1/1 Running 0 58m