官网学习:
中文: https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/
英文:https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/
1、安装前环境准备工作(master、worker)
(1) 环境
主机名 | k8s版本 | docker-ce版本 |
---|---|---|
master | v1.21.0 | 20.10.6 |
s1 | v1.21.0 | 20.10.6 |
s2 | v1.21.0 | 20.10.6 |
(2) 系统环境准备(三台服务器都要做!!!)
配置主机名
vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
master 192.168.1.154
s1 192.168.1.226
s2 192.168.1.212
关闭swap
swapoff -a
vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Tue Apr 6 06:49:46 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/cl-root / xfs defaults 0 0
UUID=37db61bf-5508-49db-a11a-78aacdc55d4c /boot xfs defaults 0 0
UUID=4855-96C9 /boot/efi vfat umask=0077,shortname=winnt 0 2
/dev/mapper/cl-home /home xfs defaults 0 0
# /dev/mapper/cl-swap none swap defaults 0 0
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "s#SELINUX=enforcing#SELINUX=disable#g" /etc/selinux/config
配置内核参数,将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf <<EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> net.ipv4.ip_forward = 1
> EOF
sysctl --system
更新yum源
yum update
添加阿里源,更新docker-ce
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
yum-config-manager --disable docker-ce-edge
yum-config-manager --disable docker-ce-test
sudo yum makecache fast
使用阿里源安装docker-ce
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce
若出错,根据提示再次安装docker-ce
sudo yum -y install docker-ce --nobest --allowerasing
启动docker,确认可启动
service docker start
更改cgroup driver为systemd
cat > /etc/docker/daemon.json <<EOF
> {
> "exec-opts": ["native.cgroupdriver=systemd"],
> "log-driver": "json-file",
> "log-opts": {
> "max-size": "100m"
> },
> "storage-driver": "overlay2"
> }
> EOF
重启docker
systemctl daemon-reload
systemctl restart docker
添加阿里云kubernetes源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
> enabled=1
> gpgcheck=1
> repo_gpgcheck=1
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
安装k8s相关组件:kubectl、kubelet、kubeadm
yum install kubectl kubelet kubeadm
systemctl enable kubelet.service
2、初始化(kubeadm init)k8s集群(master节点操作)
kubeadm init --kubernetes-version=1.21.0 --apiserver-advertise-address=192.168.1.154 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16
若显示找不到镜像,则从dockerhub的其他仓库拉取,方法如下:
首先获取需要的docker镜像名称
kubeadm config images list
然后编写可执行脚本:
vim pull_k8s_images.sh
# pull_k8s_images.sh 内容
set -o errexit
set -o nounset
set -o pipefail
## 定义版本
KUBE_VERSION=v1.21.0
KUBE_PAUSE_VERSION=3.4.1
ETCD_VERSION=3.4.13-0
DNS_VERSION=v1.8.0
GCR_URL=k8s.gcr.io
## 写你要使用的仓库
DOCKERHUB_URL=gotok8s
## 镜像列表
images=(
kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${DNS_VERSION}
)
## 拉取和改名的循环语句
for imageName in ${images[@]} ; do
docker pull $DOCKERHUB_URL/$imageName
docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName
docker rmi $DOCKERHUB_URL/$imageName
done
执行pull_k8s_images.sh,进行镜像拉取
# 授予执行权限
chmod +x ./pull_k8s_images.sh
# 执行
./pull_k8s_images.sh
# 查看拉取成功没有
docker images
再执行初始化
kubeadm init --kubernetes-version=1.21.0 --apiserver-advertise-address=192.168.1.154 --service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16
初始化成功:
记录生成的最后部分内容,此内容需要在其它节点加入Kubernetes集群时执行
初始化后,kubeadm 会为其他组件生成访问 kube-apiserver 所需的配置文件,这些文件的路径是:/etc/kubernetes/xxx.conf:
ls /etc/kubernetes/
根据提示,在普通用户下创建kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
source <(kubectl completion bash)
安装calico网络插件
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
查看node和pod
kubectl get node
kubectl get pod --all-namespaces
此时集群状态正常
3、worker节点加入(join)master节点(worker节点操作)
以防有些镜像会用到,node节点也一并拉取这些镜像:
首先获取需要的docker镜像名称
kubeadm config images list
然后编写可执行脚本:
vim pull_k8s_images.sh
# pull_k8s_images.sh 内容
set -o errexit
set -o nounset
set -o pipefail
## 定义版本
KUBE_VERSION=v1.21.0
KUBE_PAUSE_VERSION=3.4.1
ETCD_VERSION=3.4.13-0
DNS_VERSION=v1.8.0
GCR_URL=k8s.gcr.io
## 你要使用的仓库
DOCKERHUB_URL=gotok8s
## 镜像列表
images=(
kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${DNS_VERSION}
)
## 拉取和改名的循环语句
for imageName in ${images[@]} ; do
docker pull $DOCKERHUB_URL/$imageName
docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName
docker rmi $DOCKERHUB_URL/$imageName
done
执行pull_k8s_images.sh,进行镜像拉取
# 授予执行权限
chmod +x ./pull_k8s_images.sh
# 执行
./pull_k8s_images.sh
加入集群
kubeadm join 192.168.1.154:6443 --token zos50o.jlexorhnobsxika8 --discovery-token-ca-cert-hash sha256:b27c033fdece5e7598b91bac2c7d8142f9d25863b35fbd6331f5620933b8b3b8
加入成功:
在master节点查看node:
kubectl get node