CentOS7 部署K8S集群(kubeadm方式）

虚拟机：   VMware® Workstation 15 Pro 15.5.6 build-16341506
操作系统：CentOS Linux release 7.5.1804 (Core)

Docker：docker-ce-19.03.5-3.el7

K8s:1.17

部署规划    虚拟机必须为双核，不然master节点初始化时会报错

192.168.52.184     k8s-master

192.168.52.185     k8s-node1

192.168.52.186     k8s-node2

备注：第1步~第8步，所有的节点都要操作，第9、10步Master节点操作，第11步Node节点操作。

           如果第9、10、11步操作失败，可以通过 kubeadm reset 命令来清理环境重新安装。

 

初始化环境

1.关闭防火墙和selinux

sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config & setenforce 0&& systemctl disable firewalld.service && systemctl stop firewalld.service

备注：必须关闭

2.关闭swap

swapoff -a    临时关闭$ 

free             可以通过这个命令查看swap是否关闭了

vim /etc/fstab  永久关闭

注释掉swap挂载一行

备注：必须关闭

3.修改hosts和主机名

vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.52.184     k8s-master
192.168.52.185     k8s-node1
192.168.52.186     k8s-node2


k8s-master节点

hostnamectl set-hostname k8s-master   

k8s-node1节点

hostnamectl set-hostname k8s-node1

k8s-node2节点

hostnamectl set-hostname k8s-node3

4.时间同步

yum install ntpdate -y

/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null

加入计划任务：crontab -e

*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null

5.将桥接的IPV4流量传递到iptables 的链

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system

服务部署

6.安装Docker

1）下载并安装

$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O/etc/yum.repos.d/docker-ce.repo $ yum install docker-ce-19.03.5-3.el7   1）更改docker的启动参数 $ vim /usr/lib/systemd/system/docker.service #ExecStart=/usr/bin/dockerd ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd

2）设置开机启动

$ systemctl enable docker && systemctl start docker

 

7.添加阿里云YUM软件源

直接执行如下命令

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

8.安装kubeadm，kubelet和kubectl

在部署kubernetes时，要求master node和worker node上的版本保持一致，否则会出现版本不匹配导致奇怪的问题出现。本文将介绍如何在CentOS系统上，使用yum安装指定版本的Kubernetes。

我们需要安装指定版本的kubernetes。那么如何做呢？在进行yum安装时，可以使用下列的格式来进行安装

yum install -y kubelet-<version> kubectl-<version> kubeadm-<version>
yum install -y kubelet-1.17.1 kubectl-1.17.1 kubeadm-1.17.1

使用yum安装程序时，提示xxx.rpm公钥尚未安装
使用 yum install xxx.rpm --nogpgcheck 命令格式跳过公钥检查，如下
yum install -y kubelet-1.17.1 kubectl-1.17.1 kubeadm-1.17.1  --nogpgcheck

systemctl enable kubelet

9.部署Kubernetes Master

1）初始化kubeadm

kubeadm init \ --apiserver-advertise-address=192.168.52.184 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.17.1 \ --service-cidr=10.1.0.0/16 \ --pod-network-cidr=10.244.0.0/16

当出现如下结果，表示初始化顺利

把最后的token记下来，后面要用

使用kubectl工具

复制如下命令直接执行

mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config

下面就可以直接使用kubectl命令了

[root@k8s-master ~]# kubectl get node
NAME         STATUS     ROLES    AGE    VERSION
k8s-master   NotReady   master   107s   v1.17.1

10.安装Pod网络插件（CNI）

这里在网上找了很多笔记链接都是没法使用的，
 

1）安装插件
[root@k8s-master ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@k8s-master ~]# sed -i -r "s#quay.io/coreos/flannel:.*-amd64#lizhenliang/flannel:v0.12.0-amd64#g" kube-flannel.yml
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged configured
clusterrole.rbac.authorization.k8s.io/flannel configured
clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged
serviceaccount/flannel unchanged
configmap/kube-flannel-cfg configured
daemonset.apps/kube-flannel-ds-amd64 configured
daemonset.apps/kube-flannel-ds-arm64 configured
daemonset.apps/kube-flannel-ds-arm configured
daemonset.apps/kube-flannel-ds-ppc64le configured
daemonset.apps/kube-flannel-ds-s390x configured

查询是否部署成功
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-9d85f5447-62fbm              1/1     Running   0          115m
coredns-9d85f5447-p2x58              1/1     Running   0          115m
etcd-k8s-master                      1/1     Running   0          115m
kube-apiserver-k8s-master            1/1     Running   0          115m
kube-controller-manager-k8s-master   1/1     Running   0          115m
kube-flannel-ds-amd64-m5jvc          1/1     Running   0          22s
kube-flannel-ds-amd64-qgnsp          1/1     Running   0          23s
kube-flannel-ds-amd64-tvg9b          1/1     Running   0          23s
kube-proxy-dtsjk                     1/1     Running   0          115m
kube-proxy-m4ngm                     1/1     Running   0          10m
kube-proxy-t4zd5                     1/1     Running   0          17m
kube-scheduler-k8s-master            1/1     Running   0          115m

11.Node节点加入集群

向集群添加新节点，执行在kubeadm init输出的kubeadm join命令：

复制上面命令，在node节点上执行

[root@k8s-node2 ~]# kubeadm join 192.168.52.184:6443 --token  npdvdj.xklug7wpdr1nzh05 --discovery-token-ca-cert-hash sha256:d8345330738760c424286cd4afc75efd373922f4cc9dc2aa2294c42eb0f6cf28
W0907 18:10:30.034248    6453 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.17" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

如果token忘记了，则可以通过如下操作：

1）查看token，如果token失效，则重新生成一个

$ kubeadm token list $ kubeadm token create

2）获取ca证书sha256编码hash值

$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

3）节点加入集群

$ kubeadm reset $ kubeadm join 192.168.52.184:6443 --token unnscz.aq2r62cuc14w27oa \ --discovery-token-ca-cert-hash sha256:8b79b6461e58c07333c

12.测试k8s集群

[root@k8s-master ~]#  kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@k8s-master ~]# free -m
              total        used        free      shared  buff/cache   available
Mem:           1821         687          87           9        1045         860
Swap:             0           0           0
[root@k8s-master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@k8s-master ~]# kubectl get pod,svc
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-86c57db685-szbw7   1/1     Running   0          20s

NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.1.0.1       <none>        443/TCP        118m
service/nginx        NodePort    10.1.215.163   <none>        80:32259/TCP   6s

通过浏览器访问：http://192.168.52.184:32259可以正常访问