kubeadm部署kubernetes
安装kubeadm
所有节点同步/etc/hosts
[root@master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.4.36 master
192.168.4.38 node
192.168.4.40 node1
所有节点关闭selinux和防火墙
[root@master ~]# systemctl stop firewalld
[root@master ~]# setenforce 0
所有节点关闭swap分区
[root@master ~]# sed -i '/swap/s/UUID/#UUID/g' /etc/fstab
[root@master ~]# swapoff -a ##临时关闭
所有节点配置yum源
[root@master ~]# wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@master ~]#cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
所有节点安装docker,并设置开机自启
[root@master ~]# yum -y install docker-ce-20.10.8-3.el7
[root@master ~]# systemctl enable docker && systemctl start docker
所有节点设置内核参数
[root@master ~]# cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@master ~]# sysctl -p
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
在所有节点安装软件包
[root@master ~]# yum install -y kubelet-1.21.0-0 kubeadm-1.21.0-0 kubectl-1.21.0-0 --disableexcludes=kubernetes
[root@master ~]# systemctl restart kubelet && systemctl enable kubelet
master
在master节点查看所需镜像
国内是无法拉取镜像,可以先拉取国内的镜像然后对其打上标签
[root@master ~]# kubeadm config images list
I0419 01:58:12.401080 48881 version.go:254] remote version is much newer: v1.23.5; falling back to: stable-1.21
k8s.gcr.io/kube-apiserver:v1.21.11
k8s.gcr.io/kube-controller-manager:v1.21.11
k8s.gcr.io/kube-scheduler:v1.21.11
k8s.gcr.io/kube-proxy:v1.21.11
k8s.gcr.io/pause:3.4.1
k8s.gcr.io/etcd:3.4.13-0
k8s.gcr.io/coredns/coredns:v1.8.0
拉取镜像
[root@master ~]# kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.21.0 --pod-network-cidr=10.244.0.0/16
如果以上命令无法执行,则执行下面步骤
[root@master ~]# docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.11
[root@master ~]# docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.11
[root@master ~]# docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.11
[root@master ~]# docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.21.11
[root@master ~]# docker pull registry.aliyuncs.com/google_containers/pause:3.4.1
[root@master ~]# docker pull registry.aliyuncs.com/google_containers/etcd:3.4.13-0
[root@master ~]# docker pull registry.aliyuncs.com/google_containers/coredns:v1.8.0
打上标签
[root@master ~]# docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.11 k8s.gcr.io/kube-apiserver:v1.21.11
[root@master ~]# docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.11 k8s.gcr.io/kube-controller-manager:v1.21.11
[root@master ~]# docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.11 k8s.gcr.io/kube-scheduler:v1.21.11
[root@master ~]# docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.21.11 k8s.gcr.io/kube-proxy:v1.21.11
[root@master ~]# docker tag registry.aliyuncs.com/google_containers/pause:3.4.1 k8s.gcr.io/pause:3.4.1
[root@master ~]# docker tag registry.aliyuncs.com/google_containers/etcd:3.4.13-0 k8s.gcr.io/etcd:3.4.13-0
[root@master ~]# docker tag registry.aliyuncs.com/google_containers/coredns:v1.8.0 k8s.gcr.io/coredns/coredns:v1.8.0
初始化kubeadm
kubeadm参数可以在官方网站上查看:
https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/
[root@master ~]# kubeadm init --pod-network-cidr=10.244.0.0/16
安装pod网络组件
适用于Kubernetes v1.17+ 根据实际版本进行修改
[root@master ~]# wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
[root@master ~]# kubectl apply -f kube-flannel.yml
node
拉取镜像
[root@ndoe ~]# docker pull registry.aliyuncs.com/google_containers/pause:3.4.1
[root@ndoe ~]# docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.21.11
打上标签
[root@ndoe ~]# docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.21.11 k8s.gcr.io/kube-proxy:v1.21.11
[root@ndoe ~]# docker tag registry.aliyuncs.com/google_containers/pause:3.4.1 k8s.gcr.io/pause:3.4.1
加入集群
这条命令时master初始化输出加入集群的命令
[root@ndoe ~]# kubeadm join 192.168.4.36:6443 --token 7mtflb.rpcmxrz4xly9zinb --discovery-token-ca-cert-hash sha256:1ff3e0a017f282264f9243a7cb233e8e38dd61b7af78df9990ecc944988fd4e2
可以在master上查询token或者创建
[root@master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
7mtflb.rpcmxrz4xly9zinb 20h 2022-04-19T23:11:40-04:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
[root@master ~]# kubeadm token create
nw0r5e.fnsa9faypx7ub02l
在master上查看discovery-token-ca-cert-hash的值
[root@master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //'
查看集群状态
节点健康状态
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 3h22m v1.21.0
ndoe Ready <none> 3h4m v1.21.0
node1 Ready <none> 3h3m v1.21.0
pod启动状态
[root@master ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-558bd4d5db-gx24n 1/1 Running 0 3h21m
kube-system coredns-558bd4d5db-w7ngh 1/1 Running 0 3h21m
kube-system etcd-master 1/1 Running 0 3h22m
kube-system kube-apiserver-master 1/1 Running 0 3h22m
kube-system kube-controller-manager-master 1/1 Running 0 3h22m
kube-system kube-flannel-ds-amd64-4nmr2 1/1 Running 0 164m
kube-system kube-flannel-ds-amd64-7nlvn 1/1 Running 0 164m
kube-system kube-flannel-ds-amd64-ttggc 1/1 Running 0 164m
kube-system kube-proxy-bwhm5 1/1 Running 0 3h4m
kube-system kube-proxy-jqc7g 1/1 Running 0 3h4m
kube-system kube-proxy-nqp5n 1/1 Running 0 3h21m
kube-system kube-scheduler-master 1/1 Running 0 3h22m
组件健康状态
[root@master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Unhealthy Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused
scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused
etcd-0 Healthy {"health":"true"}
修改组件文件,注释文件中- --port=0
[root@master ~]# cd /etc/kubernetes/manifests/
[root@master manifests]# cat kube-controller-manager.yaml |grep "#"
# - --port=0
[root@master manifests]# cat kube-scheduler.yaml |grep "#"
# - --port=0
[root@master manifests]# kubectl apply -f kube-controller-manager.yaml
[root@master manifests]# kubectl apply -f kube-scheduler.yaml.yaml
[root@master manifests]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
部署附加组件
cat >> /etc/kubernetes/manifests/kube-addon-manager.yaml << EOF
apiVersion: v1
kind: Pod
metadata:
name: kube-addon-manager
namespace: kube-system
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
labels:
component: kube-addon-manager
spec:
hostNetwork: true
containers:
- name: kube-addon-manager
# When updating version also bump it in:
# - test/kubemark/resources/manifests/kube-addon-manager.yaml
image: registry.aliyuncs.com/google_containers/kube-addon-manager:v8.7
command:
- /bin/bash
- -c
- exec /opt/kube-addons.sh 1>>/var/log/kube-addon-manager.log 2>&1
resources:
requests:
cpu: 3m
memory: 50Mi
volumeMounts:
- mountPath: /etc/kubernetes/
name: addons
readOnly: true
- mountPath: /var/log
name: varlog
readOnly: false
# env:
# - name: KUBECTL_EXTRA_PRUNE_WHITELIST
# value: {{kubectl_extra_prune_whitelist}}
volumes:
- hostPath:
path: /etc/kubernetes/
name: addons
- hostPath:
path: /var/log
name: varlog
EOF