关闭防火墙:
$ systemctl stop firewalld
$ systemctl disable firewalld
关闭selinux:
$ sed -i 's/enforcing/disabled/' /etc/selinux/config
$ setenforce 0
关闭swap:
$ swapoff -a $ 临时
$ vi /etc/fstab $ 永久
添加主机名与IP对应关系(记得设置主机名):
$ cat /etc/hosts
192.168.200.136 k8s01
192.168.200.137 k8s02
192.168.200.138 k8s03
将桥接的IPv4流量传递到iptables的链:
$ cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system
ip_forward 配置文件当前内容为 0,表示禁止数据包转发,将其修改为 1 表 示允许
echo "1" > /proc/sys/net/ipv4/ip_forward
更换yum源
yum install wget -y
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
刷新 yum 缓存
yum clean all && yum makecache fast cvcfv
安装docker
yum install docker-ce-18.09.9 docker-ce-cli-18.09.9 containerd.io -y
k8s 运行要求 docker 的--cgroup-driver=systemd
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://v16strybc.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
systemctl enable docker && systemctl start docker
安装kubeadm,kubelet和kubectl
yum install -y kubelet-1.16.4 kubeadm-1.16.4 kubectl-1.16.4
设置开机启动:
systemctl enable kubelet && systemctl start kubelet
添加 kubectl 上下文到环境中
echo "source <(kubectl completion bash)" >> ~/.bash_profile source .bash_profile
使用kubectl工具:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
添加 flannel 的网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
确保能够访问到quay.io这个registery。
Master 节点初始化
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.16.4 --pod-network-cidr=10.244.0.0/16
加入集群
打印加入节点命令
kubeadm token create --print-join-command
删除节点
master上执行
kubectl drain k8s2 --delete-local-data --force --ignore-daemonsets
kubectl delete node k8s2
node2上执行
kubeadm reset
kubeadm join 192.168.200.137:6443 --token wno77d.vv7mlbjtgqckf0ft \
--discovery-token-ca-cert-hash sha256:a6edac7a83ebf6c32ef8fb758076aa538ac182aebdaefbeffaa4b3ed9618a78e
kubectl run nginx-dep --image=nginx:1.7.9 --port=80 --replicas=2
kubectl get deployment
kubectl get pods -o wide
查看有问题的节点kubelet的日志
journalctl -f -u kubelet
cat /var/lib/kubelet/kubeadm-flags.env
--network-plugin=cni 删除
重启kubelet:
systemctl enable kubelet && systemctl start kubelet
重新初始化:
kubeadm reset
kubeadm init --kubernetes-version=v1.11.2 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.11.90 --token-ttl 0
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.16.4 --pod-network-cidr=10.244.0.0/16
去查询pod
kubectl describe pod kube-flannel-ds-amd64-2dqlf -n kube-system
kubectl get pods --all-namespaces
kubeadm init \
--apiserver-advertise-address=192.168.200.137 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.16.4 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
别的集群中的镜像导出一份,在导入
docker load -i flannel.tar
docker images
date
ntpdate time.windows.com
补全命令
yum -y install bash-completion