虚拟机: VMware® Workstation 15 Pro 15.5.6 build-16341506
操作系统:CentOS Linux release 7.5.1804 (Core)
Docker:docker-ce-19.03.5-3.el7
K8s:1.17
部署规划 虚拟机必须为双核,不然master节点初始化时会报错
192.168.52.184 k8s-master
192.168.52.185 k8s-node1
192.168.52.186 k8s-node2
备注:第1步~第8步,所有的节点都要操作,第9、10步Master节点操作,第11步Node节点操作。
如果第9、10、11步操作失败,可以通过 kubeadm reset 命令来清理环境重新安装。
初始化环境
1.关闭防火墙和selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config & setenforce 0&& systemctl disable firewalld.service && systemctl stop firewalld.service
备注:必须关闭
2.关闭swap
swapoff -a 临时关闭$
free 可以通过这个命令查看swap是否关闭了
vim /etc/fstab 永久关闭
注释掉swap挂载一行
备注:必须关闭
3.修改hosts和主机名
vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.52.184 k8s-master
192.168.52.185 k8s-node1
192.168.52.186 k8s-node2
k8s-master节点
hostnamectl set-hostname k8s-master
k8s-node1节点
hostnamectl set-hostname k8s-node1
k8s-node2节点
hostnamectl set-hostname k8s-node3
4.时间同步
yum install ntpdate -y
/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null
加入计划任务:crontab -e
*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null
5.将桥接的IPV4流量传递到iptables 的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system
服务部署
6.安装Docker
1)下载并安装
1)更改docker的启动参数 $ vim /usr/lib/systemd/system/docker.service #ExecStart=/usr/bin/dockerd ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd |
2)设置开机启动
|
7.添加阿里云YUM软件源
直接执行如下命令
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
8.安装kubeadm,kubelet和kubectl
在部署kubernetes时,要求master node和worker node上的版本保持一致,否则会出现版本不匹配导致奇怪的问题出现。本文将介绍如何在CentOS系统上,使用yum安装指定版本的Kubernetes。
我们需要安装指定版本的kubernetes。那么如何做呢?在进行yum安装时,可以使用下列的格式来进行安装
yum install -y kubelet-<version> kubectl-<version> kubeadm-<version>
yum install -y kubelet-1.17.1 kubectl-1.17.1 kubeadm-1.17.1
使用yum安装程序时,提示xxx.rpm公钥尚未安装
使用 yum install xxx.rpm --nogpgcheck 命令格式跳过公钥检查,如下
yum install -y kubelet-1.17.1 kubectl-1.17.1 kubeadm-1.17.1 --nogpgcheck
systemctl enable kubelet
9.部署Kubernetes Master
1)初始化kubeadm
|
当出现如下结果,表示初始化顺利
把最后的token记下来,后面要用
使用kubectl工具
复制如下命令直接执行
|
下面就可以直接使用kubectl命令了
[root@k8s-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 107s v1.17.1
10.安装Pod网络插件(CNI)
这里在网上找了很多笔记链接都是没法使用的,
1)安装插件
[root@k8s-master ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@k8s-master ~]# sed -i -r "s#quay.io/coreos/flannel:.*-amd64#lizhenliang/flannel:v0.12.0-amd64#g" kube-flannel.yml
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged configured
clusterrole.rbac.authorization.k8s.io/flannel configured
clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged
serviceaccount/flannel unchanged
configmap/kube-flannel-cfg configured
daemonset.apps/kube-flannel-ds-amd64 configured
daemonset.apps/kube-flannel-ds-arm64 configured
daemonset.apps/kube-flannel-ds-arm configured
daemonset.apps/kube-flannel-ds-ppc64le configured
daemonset.apps/kube-flannel-ds-s390x configured
查询是否部署成功
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-9d85f5447-62fbm 1/1 Running 0 115m
coredns-9d85f5447-p2x58 1/1 Running 0 115m
etcd-k8s-master 1/1 Running 0 115m
kube-apiserver-k8s-master 1/1 Running 0 115m
kube-controller-manager-k8s-master 1/1 Running 0 115m
kube-flannel-ds-amd64-m5jvc 1/1 Running 0 22s
kube-flannel-ds-amd64-qgnsp 1/1 Running 0 23s
kube-flannel-ds-amd64-tvg9b 1/1 Running 0 23s
kube-proxy-dtsjk 1/1 Running 0 115m
kube-proxy-m4ngm 1/1 Running 0 10m
kube-proxy-t4zd5 1/1 Running 0 17m
kube-scheduler-k8s-master 1/1 Running 0 115m
11.Node节点加入集群
向集群添加新节点,执行在kubeadm init输出的kubeadm join命令:
复制上面命令,在node节点上执行
[root@k8s-node2 ~]# kubeadm join 192.168.52.184:6443 --token npdvdj.xklug7wpdr1nzh05 --discovery-token-ca-cert-hash sha256:d8345330738760c424286cd4afc75efd373922f4cc9dc2aa2294c42eb0f6cf28
W0907 18:10:30.034248 6453 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.17" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
如果token忘记了,则可以通过如下操作:
1)查看token,如果token失效,则重新生成一个
|
2)获取ca证书sha256编码hash值
|
3)节点加入集群
|
12.测试k8s集群
[root@k8s-master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@k8s-master ~]# free -m
total used free shared buff/cache available
Mem: 1821 687 87 9 1045 860
Swap: 0 0 0
[root@k8s-master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@k8s-master ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-86c57db685-szbw7 1/1 Running 0 20s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 118m
service/nginx NodePort 10.1.215.163 <none> 80:32259/TCP 6s
通过浏览器访问:http://192.168.52.184:32259可以正常访问