Kubernetes1.15.0安装记录
集群结构
节点 | IP | CPU数量 | 内存 | 系统 | 域名 |
---|---|---|---|---|---|
主节点 | 192.168.23.130 | >=2 | >=2G | CentOS7 | master |
从节点 | 192.168.23.131 | >=2 | >=2G | CentOS7 | node |
基础环境配置
-
配置hostname和hosts文件
主节点 #hostnamectl set-hostname master 从节点 #hostnamectl set-hostname node
[root@master]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.23.130 master 192.168.23.131 node [root@master]# scp /etc/hosts node:/etc/hosts
- 关闭防火墙和selinux(主从均做)
#systemctl stop firewalld #systemctl disable firewalld #sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
- 关闭swap /etc/fstab 注释swap行(主从均做)
# vi[root@master certs]# cat /etc/fstab # /etc/fstab # Created by anaconda on Thu Nov 9 17:12:16 2017 /dev/mapper/centos-root / xfs defaults 0 0 UUID=072cfb34-9d1d-400a-b0a6-586769794446 /boot xfs defaults 0 0 /dev/mapper/centos-home /home xfs defaults 0 0 # /dev/mapper/centos-swap swap swap defaults 0 0
- 配置yum源(主从均做)
-
新建docker-ce.repo,添加
[docker-ce-stable] name=Docker CE Stable - $basearch baseurl=https://download.docker.com/linux/centos/7/$basearch/stable enabled=1 gpgcheck=1 gpgkey=https://download.docker.com/linux/centos/gpg
-
新建k8s.repo,添加
[k8s] name=k8s_repo baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ gpgcheck=0 enable=1
-
新建epel.repo,添加
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
-
下载安装常用工具(主从均做)
# yum install -y conntrack ipvsadm ipset jq sysstat curl libseccomp bash-completion device-mapper-persistent-data lvm2 conntrack-tools libtool-ltdl iptables
-
时间同步(主从均做)
# yum install chrony -y # systemctl enable chronyd.service && systemctl start chronyd.service # systemctl status chronyd # chronyc sources
-
ssh互信(主登陆从,从登陆主类似),配置iptables
# ssh-keygen # ssh-copy-id node # ssh node # echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
-
重启机器,检查如下几点
主从节点可以互相ping通对方域名
主从节点互相ssh登陆可以免密码登陆
主从节点时间一致,selinux均已关闭
docker 安装(主从均做)
-
安装docker
# yum install -y container-selinux docker-ce
-
配置加速器
[root@master ~]# cat /etc/docker/daemon.json
{
"registry-mirrors":["https://q2hy3fzi.mirror.aliyuncs.com/"],
"graph":"/tol/docker-data"
}
- 启动docker
# systemctl enable docker
# systemctl start docker
安装kubernetes相关工具
- 安装kubelet kubeadm kubectl,其中kubectl是客户端工具,node节点可以安装
# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
- 镜像下载
- 由于所需镜像均在谷歌网站,国内无法直接下载,需要通过阿里云下载镜像后重新打标为谷歌标签,首先可以查看所需镜像
[root@master ~]# kubeadm config images list
W0826 18:11:25.314033 12426 version.go:98] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W0826 18:11:25.314204 12426 version.go:99] falling back to the local client version: v1.15.3
k8s.gcr.io/kube-apiserver:v1.15.3
k8s.gcr.io/kube-controller-manager:v1.15.3
k8s.gcr.io/kube-scheduler:v1.15.3
k8s.gcr.io/kube-proxy:v1.15.3
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.10
k8s.gcr.io/coredns:1.3.1
-
生成配置应答文件
# kubeadm config print init-defaults > kubeadm.conf
-
执行命令后,在当前目录下将生成kubeadm.conf文件,修改其中的imageRepository选项,将其值修改为registry.aliyuncs.com/google_containers,即:
imageRepository: registry.aliyuncs.com/google_containers
-
根据配置文件下载镜像
# kubeadm config images pull --config kubeadm.conf
-
等待镜像下载至本地,正常情况下,kubeadm config images list命令下的镜像均会下载下来,如果有镜像未下载,只需重复运行上面命令即可
-
重新对镜像打标,将阿里云标签换成谷歌的标签
# docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0 k8s.gcr.io/kube-proxy:v1.15.0 # docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.0 k8s.gcr.io/kube-apiserver:v1.15.0 # docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.15.0 k8s.gcr.io/kube-controller-manager:v1.15.0 # docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.15.0 k8s.gcr.io/kube-scheduler:v1.15.0 # docker tag registry.aliyuncs.com/google_containers/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1 # docker tag registry.aliyuncs.com/google_containers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10 # docker tag registry.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
-
移除原下载的阿里镜像
# docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0 # docker rmi registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.0 # docker rmi registry.aliyuncs.com/google_containers/kube-controller-manager:v1.15.0 # docker rmi registry.aliyuncs.com/google_containers/kube-scheduler # docker rmi registry.aliyuncs.com/google_containers/kube-scheduler:v1.15.0 # docker rmi registry.aliyuncs.com/google_containers/coredns:1.3.1 # docker rmi registry.aliyuncs.com/google_containers/etcd:3.3.10
部署master节点
- 初始化master节点
# kubeadm init --kubernetes-version=v1.15.0 --pod-network-cidr=172.22.0.0/16 --apiserver-advertise-address=192.168.23.130
- 如果一切正常,将会显示安装成功信息,最后并会给出node节点加入的命令
kubeadm join 192.168.23.130:6443 --token nzay3v.g2915ugobo8bq08o \ --discovery-token-ca-cert-hash sha256:bfa0a4aa2869324df83069cc4bf3d37042c9fadc936ae5dd1f1d2e5d0b9bac38
- 正常情况下,在目录下也会生成如下文件
# ls /etc/kubernetes/
admin.conf certs controller-manager.conf kubelet.conf manifests pki scheduler.conf
15. 配置kubectl命令
```bash
# mkdir /root/.kube
# cp /etc/kubernetes/admin.conf /root/.kube/config
- 验证,查看健康状态
[root@master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
安装flannel网络模块并添加node节点
- 进入Github flannel官网,其帮助信息中有安装命令,该命令指向一个网页文件,可能经常变动,需以官网最新命令为准
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
- 添加node节点,添加前检查node节点docker和kubelet是否安装和启动
- 在node节点上执行master节点初始化时生成的添加节点命令
# kubeadm join 192.168.23.130:6443 --token nzay3v.g2915ugobo8bq08o --discovery-token-ca-cert-hash sha256:bfa0a4aa2869324df83069cc4bf3d37042c9fadc936ae5dd1f1d2e5d0b9bac38
- 正常情况下,node节点将自动下载kube-proxy、pause和flannel镜像,由于国内原因,kube-proxy和pause不能被自动下载,需要如master节点一样手动下载后并修改标签。
docker pull registry.aliyuncs.com/google_containers/pause:3.1
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0 k8s.gcr.io/kube-proxy:v1.15.0
docker tag registry.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0
docker rmi registry.aliyuncs.com/google_containers/pause:3.1
- 期间需要较长时间等待,如果flannel镜像也难下载下来,也可以在node节点上手动下载flannel镜像
docker pull quay.io/coreos/flannel:v0.11.0-amd64
- node节点下载完必备镜像后,可以在master节点上查看其状态,如果master和node都处于ready状态,表示服务安装正确
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 19h v1.15.3
node Ready <none> 18h v1.15.3