1 |
请按照自己需求修改 k8s 版本号。再init 初始化 |
一、集群信息
1 2 3 |
192.168.0.177 K8S-master-01 192.168.0.178 K8S-node-01 192.168.0.179 K8S-node-02 |
二、安装前准备
系统基础配置参考(必选项)
设置添加阿里YUM软件源
1 2 3 4 5 6 7 8 9 |
cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF |
三、安装kubeadm,kubelet和kubectl
1 |
yum install -y kubelet-1.18.3 kubeadm-1.18.3 kubectl-1.18.3 |
1 2 |
#注: kubeadm reset //重启kubeadm |
3.1 docker的Cgroup Driver和kubelet的Cgroup Driver一致
设置kubelet的cgroup
1 2 3 4 5 |
为了实现docker使用cgroupdrive与kubelet使用的cgroup的一致性,建议修改如下文件内容 # vim /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--cgroup-drive=systemd" #设置kubelet为开机自启 systemctl enable kubelet.service |
设置dockerCgroup Drive
1 |
vim /usr/lib/systemd/system/docker.service |
1 |
ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd -H fd:// --containerd=/run/containerd/containerd.sock |
3.2重启docker
1 2 3 4 |
systemctl daemon-reload && systemctl restart docker docker info | grep Cgroup systemctl enable kubelet.service |
3.3、查看kubeadm 安装都需要哪些镜像(可选)
1 |
kubeadm config images list --kubernetes-version=v1.18.3 |
1 2 |
###使用明亮提前从阿里云拉去镜像(可选) kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers |
四、主节点初始化
4.1、快速初始化
1 2 3 4 5 6 |
kubeadm init \ --apiserver-advertise-address=0.0.0.0 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.18.3 \ --service-cidr=10.96.0.0/16 \ --pod-network-cidr=10.244.0.0/16 |
4.2、另一种yaml方式初始化(本文使用这一种)
1 |
vim kubeadm-config.yaml |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
apiVersion: kubeadm.k8s.io/v1beta2 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 192.168.0.177 #apiserver地址,因为单master,所以配置master的节点内网IP bindPort: 6443 nodeRegistration: criSocket: /var/run/dockershim.sock name: k8s-master taints: - effect: NoSchedule key: node-role.kubernetes.io/master --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: registry.aliyuncs.com/google_containers #修改成阿里镜像源 kind: ClusterConfiguration kubernetesVersion: v1.18.3 networking: dnsDomain: cluster.local podSubnet: 10.244.0.0/16 #指定pod运行的子网 serviceSubnet: 10.96.0.0/12 scheduler: {} --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration featureGates: SupportIPVSProxyMode: true mode: ipvs #修改默认调度模式为ipvs |
完整配置文件如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
apiVersion: kubeadm.k8s.io/v1beta2 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 192.168.0.177 bindPort: 6443 nodeRegistration: criSocket: /var/run/dockershim.sock name: k8s-master taints: - effect: NoSchedule key: node-role.kubernetes.io/master --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: registry.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: v1.18.3 networking: dnsDomain: cluster.local podSubnet: 10.244.0.0/16 serviceSubnet: 10.96.0.0/12 scheduler: {} --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration featureGates: SupportIPVSProxyMode: true mode: ipvs |
4.4、接下来通过指定的yaml文件,进行初始化安装,以及自动颁发证书
1 2 3 4 5 6 |
#执行下面语句开始初始化安装 kubeadm init --config=kubeadm-config.yaml --upload-certs | tee kubeadm-init.log 参数解析: --experimental-upload-certs (#让其他节点自动颁发证书,1.13版之后才有这个命令,高可用非常有用.1.18 需要替换成 --upload-certs) tee kubeadm-init.log (#把所有安装信息都写入到kuberadm-init.log中) |
1 2 |
/var/lib/kubelet/config.yaml #kubeadm配置文件 /etc/kubernetes/pki #证书存放目录 |
4.5、安装完成后还需做如下操作
1 2 3 |
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config #拷贝集群管理配置文件 sudo chown $(id -u):$(id -g) $HOME/.kube/config #授权 |
到此主节点配置完成,我们使用命令查看一下节点
1 |
kubectl get node |
4.6、 node1与node2 节点加入集群
将子节点加入到主节点master,加入的命令请查看安装日志最后一条
1 |
cat kubeadm-init.log |
1 2 3 4 |
kubeadm join 192.168.0.177:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:7414e51d809e3d3c3a0c20bf39933fe95be2caacd963e126fe3071615dc7e9be 备注:token为上面的master安装完后生成 |
1 |
4.7、查看k8s节点信息
1 |
备注:当前状态为NotReady,需安装网络插件flannel |
五、安装网络插件(本文使用flannel)
5.1、安装flannel插件(只需在master节点)
1 2 |
#需要外网 wget https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml |
1 |
vim kube-flannel.yml |
5.2、修改配置,指定网卡名称,
1 2 |
#大概在文件的190行,添加一行配置: - --iface=eth0 |
5.3、#指定网络地址(与安装master指定的网段需一致)
5.4、 执行安装flannel插件:
1 |
kubectl create -f kube-flannel.yml |
5.5、插件节点状态
安装Calico网络插件(可选)
5.6、下载calico.yaml
1 |
wget --no-check-certificate https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml |
修改calico.yaml
1 2 |
查看网卡名称 ip addr |
修改网段和网卡名称
1 2 3 4 5 6 7 |
vim calico.yaml --- - name: CALICO_IPV4POOL_CIDR value: "10.244.0.0/16" - name: IP_AUTODETECTION_METHOD value: "interface=ens160" #网卡名称看自己的 |
修改为
准备镜像
1 2 3 |
ctr -n k8s.io image pull docker.io/calico/cni:v3.26.1 ctr -n k8s.io image pull docker.io/calico/node:v3.26.1 ctr -n k8s.io image pull docker.io/calico/kube-controllers:v3.26.1 |
部署:
1 |
kubectl apply -f calico.yaml |
《完》
kubernetes安装dashboard
#安装网络插件常见错误提示
1 2 3 4 5 |
Error from server: error when creating "kube-flannel.yml": Get https://[::1]:6443/api/v1/namespaces/kube-system/resourcequotas: dial tcp [::1]:6443: connect: cannot assign requested address #一般情况下是因为,修改内核参数后为重启。内核如果有如下三个参数则不会报错 net.ipv4.tcp_timestamps=1 net.ipv4.tcp_tw_reuse=1 net.ipv4.ip_forward=1 |
- 本文固定链接: https://www.yoyoask.com/?p=6573
- 转载请注明: shooter 于 SHOOTER 发表