离线安装kubernetes-1.20.1
docker安装
1.导入rmp包
2.rpm -Uvh --force --nodeps *.rpm
3.systemctl start docker.service
4.systemctl enable docker.service
5.安装docker-compose
将docker-compose-Linux-x86_64复制到、/usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose -v
修改/etc/docker/daemon.json
//这个可以
{"registry-mirrors":["https://registry.docker-cn.com"]}
{"insecure-registries":["10.176.50.30:80"]}
、、这个不可用
{
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["10.176.50.30"], # 私有仓库地址
"registry-mirrors":["http://10.176.50.30"] #私有仓库地址
}
#################################################################################
一、找一台能下载的linux(centos7.6),下载依赖的安装包和镜像
环境设置,master和node都要执行
1. 设置主机名与时区
timedatectl set-timezone Asia/Shanghai
systemctl enable --now chronyd
timedatectl set-local-rtc 0
systemctl restart rsyslog && systemctl restart crond
2. 添加hosts网络主机配置,三台虚拟机都要设置,方便寻找主机
hostnamectl set-hostname master #132执行
hostnamectl set-hostname node1 #133执行
hostnamectl set-hostname node2 #137执行
vim /etc/hosts
192.168.26.70 master
192.168.26.73 node1
192.168.26.77 node2
3. 关闭防火墙,三台虚拟机都要设置,这一步操作是为了防止在学习阶段由于防火墙造成的各种网络问题,生产环境跳过这一步,
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl disable firewalld
systemctl stop firewall
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
------个人感觉可以不用
设置主机名、/etc/hosts
配置ssh无密码登录
ssh-keygen -t rsa
ssh-copy-id root@172.16.0.164(指定对应可以登录到本主机的ip)
关闭防火墙、SElinux
关闭虚拟内存
cat >> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge‐nf‐call‐ip6tables = 1
net.bridge.bridge‐nf‐call‐iptables = 1
EOF
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
echo "1" >/proc/sys/net/ipv4/ip_forward
#################################################################
####################################################################
master
0.导入包 rpm和tar包
1.安装kubernetes
rpm -Uvh --force --nodeps *.rpm
2.加载docker镜像
docker load -i kube-controller-manager-v1.19.3.tar
docker load -i kube-apiserver-v1.19.3.tar
docker load -i kube-scheduler-v1.19.3.tar
docker load -i kube-proxy-v1.19.3.tar
docker load -i flanneld-v0.13.0-amd64.docker
docker load -i pause-3.2.tar
docker load -i coredns-1.7.0.tar
docker load -i etcd-3.4.13-0.tar
docker load -i dashboard-v2.0.1.tar
docker load -i metrics-scraper-v1.0.4.tar
3.初始化master节点
kubeadm init --apiserver-advertise-address 10.176.50.30 --apiserver-bind-port 6443 --kubernetes-version 1.19.3 --pod-network-cidr 10.244.0.0/16
需要记录下token 后续node节点加入集群需要用到
kubeadm join 10.176.50.30:6443 --token ivor96.05gt59exbwrjzvkc \
--discovery-token-ca-cert-hash sha256:8fe83ec3da1a0caaf07ed5aa49710ba4b08a57d7b99ed3e84b0f48a29e148937
kubeadm join 10.176.50.30:6443 --token jo25ei.d7h3qt42wd2lh4y8 --discovery-token-ca-cert-hash sha256:8fe83ec3da1a0caaf07ed5aa49710ba4b08a57d7b99ed3e84b0f48a29e148937
netstat -tunlp | grep 10250
生产不过期的token
kubeadm token create --ttl 0 --print-join-command
--discovery-token-ca-cert-hash sha256:c7c967d2a75ec67fd4abd69b6f0c5639c68ad92e4457f59fa3565205dc986758
以下可以在初始化后看到以下信息,执行即可
mkdir -p $HOME/.kube
cp -i /etc/kubernets/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
4.配置flanneld网络
修改镜像名字
docker tag quay.io/coreos/flannel:v0.13.0-amd64 quay.io/coreos/flannel:v0.11.0
vim /etc/cni/net.d/10-flannel.conflist
//加上cni的版本号
//文件内容如下
{
"name": "cbr0",
"cniVersion": "0.2.0",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
启动ymal
kubectl apply -f kube-flannel.yml
查看组件状态
kubectl get cs
发现 两处unhealthy状态,端口10252和10251端口也没启用。
解决方法
/etc/kubernetes/manifests/目录下的
kube-controller-manager.yaml和kube-scheduler.yaml 删掉- – port=0
重启服务systemctl restart kubelet
########################################################################################
#######################################################################################
node
1.安装kubernetes
rpm -Uvh --force --nodeps *.rpm
2.加载docker镜像
docker load -i kube-proxy-v1.19.3.tar
docker load -i flanneld-v0.13.0-amd64.docker
docker load -i pause-3.2.tar
docker load -i metrics-scraper-v1.0.4.tar
3.加入kubernetes集群
用刚才记录下的token,加入集群
kubeadm join 192.168.1.8:6443 --token qrduuk.l0o62raqkip0tnjr \
--discovery-token-ca-cert-hash sha256:c7c967d2a75ec67fd4abd69b6f0c5639c68ad92e4457f59fa3565205dc986758
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
mkdir -p $HOME/.kube
cp -i /etc/kubernets/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
4.配置flanneld网络
修改镜像名字
docker tag quay.io/coreos/flannel:v0.13.0-amd64 quay.io/coreos/flannel:v0.11.0
vim /etc/cni/net.d/10-flannel.conflist
//加上cni的版本号
//文件内容如下
{
"name": "cbr0",
"cniVersion": "0.2.0",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
启动ymal
kubectl apply -f kube-flannel.yml
#####################################################################
安装完成
状态检查
1.在master节点执行
kubectl get nodes
各个节点都是ready状态
如果node节点是not ready状态。
在node 节点查看状态
systemctl status kubelet
2.查看pod状态
kubectl get pod --all-namespaces -o wide
3.查看组件状态
kubectl get cs
发现 两处unhealthy状态,端口10252和10251端口也没启用。
解决方法
/etc/kubernetes/manifests/目录下的
kube-controller-manager.yaml和kube-scheduler.yaml 删掉- – port=0
重启服务systemctl restart kubelet
然后状态就可以了
master,node节点重新加入:
1.删除所有配置
rm -rf /var/lib/kubelet/
rm -rf /var/lib/dockershim/
rm -rf /var/run/kubernetes
rm -rf /var/lib/cni
rm -rf /etc/kubernetes/* rm -rf ~/.kube/*
rm -rf /var/lib/etcd/*
lsof -i :6443|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :10257|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :10259|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :2379|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :2380|grep -v "PID"|awk '{print "kill -9",$2}'|sh
停止端口使用
netstat -tunlp | grep 10250
kill 端口号id
重新加入master
kubeadm join 10.176.50.30:6443 --token ivor96.05gt59exbwrjzvkc \
--discovery-token-ca-cert-hash sha256:8fe83ec3da1a0caaf07ed5aa49710ba4b08a57d7b99ed3e84b0f48a29e148937
可以在master 生成永久 token
生产不过期的token 替换上面的token
kubeadm token create --ttl 0 --print-join-command