Kubernetes1.15.0安装记录（国内安装法）

Kubernetes1.15.0安装记录

集群结构

节点	IP	CPU数量	内存	系统	域名
主节点	192.168.23.130	>=2	>=2G	CentOS7	master
从节点	192.168.23.131	>=2	>=2G	CentOS7	node

基础环境配置

1. 配置hostname和hosts文件

   主节点
   #hostnamectl set-hostname master
   从节点
   #hostnamectl set-hostname node
   

   [root@master]# cat /etc/hosts
   127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
   ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
   192.168.23.130 master
   192.168.23.131 node
   [root@master]# scp /etc/hosts node:/etc/hosts
   

   2. 关闭防火墙和selinux（主从均做）

   #systemctl stop firewalld
   #systemctl disable firewalld
   #sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
   

   3. 关闭swap /etc/fstab 注释swap行（主从均做）

      # vi[root@master certs]# cat /etc/fstab 
      # /etc/fstab
      # Created by anaconda on Thu Nov  9 17:12:16 2017
      /dev/mapper/centos-root /                       xfs     defaults        0 0
      UUID=072cfb34-9d1d-400a-b0a6-586769794446 /boot                   xfs     defaults        0 0
      /dev/mapper/centos-home /home                   xfs     defaults        0 0
      # /dev/mapper/centos-swap swap                    swap    defaults        0 0   
   

   4. 配置yum源（主从均做）

• 新建docker-ce.repo,添加

  [docker-ce-stable]
  name=Docker CE Stable - $basearch
  baseurl=https://download.docker.com/linux/centos/7/$basearch/stable
  enabled=1
  gpgcheck=1
  gpgkey=https://download.docker.com/linux/centos/gpg
  

• 新建k8s.repo，添加

  [k8s]
  name=k8s_repo
  baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
  gpgcheck=0
  enable=1
  

• 新建epel.repo,添加

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

5. 下载安装常用工具（主从均做）

   # yum install -y conntrack ipvsadm ipset jq sysstat curl  libseccomp bash-completion device-mapper-persistent-data lvm2 conntrack-tools libtool-ltdl iptables
   

6. 时间同步（主从均做）

      # yum install chrony -y
      # systemctl enable chronyd.service && systemctl start chronyd.service
      # systemctl status chronyd
      # chronyc sources
   

7. ssh互信(主登陆从，从登陆主类似)，配置iptables

   # ssh-keygen
   # ssh-copy-id node
   # ssh node
   # echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
   

8. 重启机器，检查如下几点

   主从节点可以互相ping通对方域名

   主从节点互相ssh登陆可以免密码登陆

   主从节点时间一致，selinux均已关闭

docker 安装(主从均做)

9. 安装docker

   # yum install -y container-selinux docker-ce
   

10. 配置加速器

    [root@master ~]# cat /etc/docker/daemon.json 
    {
            "registry-mirrors":["https://q2hy3fzi.mirror.aliyuncs.com/"],
            "graph":"/tol/docker-data"
    }

11. 启动docker

# systemctl enable docker
# systemctl start docker

安装kubernetes相关工具

12. 安装kubelet kubeadm kubectl,其中kubectl是客户端工具，node节点可以安装

# yum  install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

13. 镜像下载

• 由于所需镜像均在谷歌网站，国内无法直接下载，需要通过阿里云下载镜像后重新打标为谷歌标签，首先可以查看所需镜像

[root@master ~]# kubeadm config images list
   W0826 18:11:25.314033   12426 version.go:98] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
   W0826 18:11:25.314204   12426 version.go:99] falling back to the local client version: v1.15.3
   k8s.gcr.io/kube-apiserver:v1.15.3
   k8s.gcr.io/kube-controller-manager:v1.15.3
   k8s.gcr.io/kube-scheduler:v1.15.3
   k8s.gcr.io/kube-proxy:v1.15.3
   k8s.gcr.io/pause:3.1
   k8s.gcr.io/etcd:3.3.10
   k8s.gcr.io/coredns:1.3.1

• 生成配置应答文件

  # kubeadm config print init-defaults > kubeadm.conf
  

• 执行命令后，在当前目录下将生成kubeadm.conf文件，修改其中的imageRepository选项，将其值修改为registry.aliyuncs.com/google_containers，即：

  imageRepository: registry.aliyuncs.com/google_containers
  

• 根据配置文件下载镜像

  # kubeadm config images pull --config kubeadm.conf
  

• 等待镜像下载至本地，正常情况下，kubeadm config images list命令下的镜像均会下载下来，如果有镜像未下载，只需重复运行上面命令即可

• 重新对镜像打标，将阿里云标签换成谷歌的标签

  # docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0 k8s.gcr.io/kube-proxy:v1.15.0
  
  # docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.0 k8s.gcr.io/kube-apiserver:v1.15.0
  
  # docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.15.0 k8s.gcr.io/kube-controller-manager:v1.15.0
  
  # docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.15.0 k8s.gcr.io/kube-scheduler:v1.15.0
  
  # docker tag registry.aliyuncs.com/google_containers/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
  
  # docker tag registry.aliyuncs.com/google_containers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
  
  # docker tag registry.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
  

• 移除原下载的阿里镜像

  # docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0
  
  # docker rmi registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.0
  
  # docker rmi registry.aliyuncs.com/google_containers/kube-controller-manager:v1.15.0
  
  # docker rmi registry.aliyuncs.com/google_containers/kube-scheduler 
  
  # docker rmi registry.aliyuncs.com/google_containers/kube-scheduler:v1.15.0 
  
  # docker rmi registry.aliyuncs.com/google_containers/coredns:1.3.1 
  
  # docker rmi registry.aliyuncs.com/google_containers/etcd:3.3.10
  

部署master节点

14. 初始化master节点

#  kubeadm init --kubernetes-version=v1.15.0 --pod-network-cidr=172.22.0.0/16 --apiserver-advertise-address=192.168.23.130

• 如果一切正常，将会显示安装成功信息，最后并会给出node节点加入的命令

  kubeadm join 192.168.23.130:6443 --token nzay3v.g2915ugobo8bq08o \
   --discovery-token-ca-cert-hash sha256:bfa0a4aa2869324df83069cc4bf3d37042c9fadc936ae5dd1f1d2e5d0b9bac38
  

• 正常情况下，在目录下也会生成如下文件

  # ls /etc/kubernetes/
  

admin.conf certs controller-manager.conf kubelet.conf manifests pki scheduler.conf

15. 配置kubectl命令
```bash
# mkdir /root/.kube
# cp /etc/kubernetes/admin.conf /root/.kube/config

16. 验证，查看健康状态

[root@master ~]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"} 

安装flannel网络模块并添加node节点

17. 进入Github flannel官网，其帮助信息中有安装命令，该命令指向一个网页文件，可能经常变动，需以官网最新命令为准

# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

18. 添加node节点，添加前检查node节点docker和kubelet是否安装和启动

• 在node节点上执行master节点初始化时生成的添加节点命令

# kubeadm join 192.168.23.130:6443 --token nzay3v.g2915ugobo8bq08o --discovery-token-ca-cert-hash sha256:bfa0a4aa2869324df83069cc4bf3d37042c9fadc936ae5dd1f1d2e5d0b9bac38

• 正常情况下，node节点将自动下载kube-proxy、pause和flannel镜像，由于国内原因，kube-proxy和pause不能被自动下载，需要如master节点一样手动下载后并修改标签。

docker pull registry.aliyuncs.com/google_containers/pause:3.1
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0

docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0 k8s.gcr.io/kube-proxy:v1.15.0
docker tag registry.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1

docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0
docker rmi registry.aliyuncs.com/google_containers/pause:3.1

• 期间需要较长时间等待，如果flannel镜像也难下载下来，也可以在node节点上手动下载flannel镜像

 docker pull quay.io/coreos/flannel:v0.11.0-amd64

• node节点下载完必备镜像后，可以在master节点上查看其状态，如果master和node都处于ready状态，表示服务安装正确

[root@master ~]# kubectl get node
NAME     STATUS   ROLES    AGE   VERSION
master   Ready    master   19h   v1.15.3
node     Ready    <none>   18h   v1.15.3