主机名 | IP | 组件 |
|---|---|---|
k8s-master | 192.168.40.128/24 | kubeadm、kubelet、kubectl、docker-ce |
k8s-node1 | 192.168.40.129/24 | kubeadm、kubelet、kubectl、docker-ce |
k8s-node2 | 192.168.40.130/24 | kubeadm、kubelet、kubectl、docker-ce |
系统:CentOS8
配置:master:8核,4G node1:8核 2G node1:8核 2G
网络环境:IPv6、IPv4、VPN
网络环境有VPN下文部分资源使用了官方源
1.更新软件包
代码语言:javascript复制[root@localhost ~]# dnf update2.三台机器安装Docker
代码语言:javascript复制[root@localhost ~]# vim /etc/hosts[root@localhost ~]# cat /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.40.128 k8s-master master192.168.40.129 k8s-node1 node1192.168.40.130 k8s-node2 node2 [root@localhost ~]# dnf install yum-utilsdevice-mapper-persistent-data lvm2[root@localhost ~]# dnf remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine[root@localhost ~]# cd /etc/yum.repos.d/[root@localhost~]# wget https://download.docker.com/linux/centos/docker-ce.repo[root@localhost~]# dnf update[root@localhost~]# dnf install docker-ce –nobest3.开机自启docker并启动
代码语言:javascript复制[root@localhost~]# systemctl enable docker[root@localhost~]# systemctl start docker[root@localhost~]# systemctl status docker●docker.service - Docker Application Container Engine Loaded: loaded(/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since Wed2019-12-18 10:25:46 EST; 6s ago Docs: https://docs.docker.com Main PID: 73169 (dockerd) Tasks: 32 (limit: 5935) Memory: 105.9M CGroup: /system.slice/docker.service ├─73169 /usr/bin/dockerd └─73180 docker-containerd --config/var/run/docker/containerd/containerd.toml4.配置内核参数
代码语言:javascript复制[root@localhost~]# vim /etc/sysctl.d/k8s.conf [root@localhost~]# cat /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables= 1net.bridge.bridge-nf-call-iptables= 1net.ipv4.ip_nonlocal_bind= 1net.ipv4.ip_forward= 1vm.swappiness=0 [root@localhost~]# sysctl –system5.添加必要内核模块
代码语言:javascript复制[root@localhost~]# vim /etc/sysconfig/modules/ipvs.modules[root@localhost~]# cat /etc/sysconfig/modules/ipvs.modules#!/bin/bashmodprobe-- ip_vsmodprobe-- ip_vs_rrmodprobe-- ip_vs_wrrmodprobe-- ip_vs_shmodprobe-- nf_conntrack_ipv4[root@localhost~]# chmod x /etc/sysconfig/modules/ipvs.modules[root@localhost~]# ./etc/sysconfig/modules/ipvs.modules-bash:./etc/sysconfig/modules/ipvs.modules: 没有那个文件或目录[root@localhost~]# /etc/sysconfig/modules/ipvs.modules6添加kubeadm的yum源
代码语言:javascript复制[root@localhost~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo>[kubernetes]>name=Kubernetes>baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64>enabled=1>gpgcheck=1>repo_gpgcheck=1>gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpghttps://packages.cloud.google.com/yum/doc/rpm-package-key.gpg>exclude=kube*> EOF7.配置master节点
代码语言:javascript复制[root@localhost~]# cd /etc/yum.repos.d/[root@localhost~]# mv docker-ce.repo{,.back}[root@localhost~]# dnf update –nobest[root@localhost~]# dnf install ipvsadm[root@localhost~]# yum install -y kubelet kubeadm kubectl --disableexcludes=Kubernetes[root@localhost~]# systemctl enable kubelet && systemctl start kubelet [root@localhost~]# kubeadm config print init-defaults > kubeadm-init.yaml[root@localhost~]# vim kubeadm-init.yaml[root@localhost~]# cat kubeadm-init.yamlapiVersion:kubeadm.k8s.io/v1beta2bootstrapTokens:-groups: -system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authenticationkind:InitConfigurationlocalAPIEndpoint: advertiseAddress: 1.2.3.4 bindPort: 6443nodeRegistration: criSocket: /var/run/dockershim.sock name: localhost.localdomain taints: - effect: NoSchedule key: node-role.kubernetes.io/master---apiServer: timeoutForControlPlane: 4m0sapiVersion:kubeadm.k8s.io/v1beta2certificatesDir:/etc/kubernetes/pkiclusterName:kubernetescontrollerManager:{}dns: type: CoreDNSetcd: local: dataDir: /var/lib/etcdimageRepository:k8s.gcr.iokind:ClusterConfigurationkubernetesVersion:v1.17.0networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12scheduler:{}[root@localhost~]# vim kubeadm-init.yaml[root@localhost~]# cat kubeadm-init.yamlapiVersion:kubeadm.k8s.io/v1beta2bootstrapTokens:-groups: -system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authenticationkind:InitConfigurationlocalAPIEndpoint: advertiseAddress: 192.168.40.128 bindPort: 6443nodeRegistration: criSocket: /var/run/dockershim.sock name: localhost.localdomain taints: - effect: NoSchedule key: node-role.kubernetes.io/master---apiServer: timeoutForControlPlane: 4m0sapiVersion:kubeadm.k8s.io/v1beta2certificatesDir:/etc/kubernetes/pkiclusterName:kubernetescontrollerManager:{}dns: type: CoreDNSetcd: local: dataDir: /var/lib/etcdimageRepository:k8s.gcr.iokind:ClusterConfigurationkubernetesVersion:v1.17.0networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12scheduler:{}---apiVersion:kubeproxy.config.k8s.io/v1alpha1kind:KubeProxyConfigurationmode:"ipvs"8.拉取镜像
代码语言:javascript复制[root@localhost~]# kubeadm config images pull --config kubeadm-init.yamlW121810:48:44.641505 75319 validation.go:28]Cannot validate kube-proxy config - no validator is availableW121810:48:44.641691 75319 validation.go:28]Cannot validate kubelet config - no validator is available[config/images]Pulled k8s.gcr.io/kube-apiserver:v1.17.0[config/images]Pulled k8s.gcr.io/kube-controller-manager:v1.17.0[config/images]Pulled k8s.gcr.io/kube-scheduler:v1.17.0[config/images]Pulled k8s.gcr.io/kube-proxy:v1.17.0[config/images]Pulled k8s.gcr.io/pause:3.1[config/images]Pulled k8s.gcr.io/etcd:3.4.3-0[config/images]Pulled k8s.gcr.io/coredns:1.6.5 [root@localhost~]# docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEk8s.gcr.io/kube-proxy v1.17.0 7d54289267dc 10 days ago 116MBk8s.gcr.io/kube-apiserver v1.17.0 0cae8d5cc64c 10 days ago 171MBk8s.gcr.io/kube-controller-manager v1.17.0 5eb3b7486872 10 days ago 161MBk8s.gcr.io/kube-scheduler v1.17.0 78c190f736b1 10 days ago 94.4MBk8s.gcr.io/coredns 1.6.5 70f311871ae1 6 weeks ago 41.6MBk8s.gcr.io/etcd 3.4.3-0 303ce5db0e90 7 weeks ago 288MBk8s.gcr.io/pause 3.1 da86e6ba6ca1 24 months ago 742kB9.添加开机自启并启动kublet
代码语言:javascript复制[root@localhost~]# systemctl enable kubelet[root@localhost~]# systemctl start kubeletKubelet无法启动可能是您的交换分区没有关闭[root@localhost~]# swapoff -a10.初始化master节点
代码语言:javascript复制[root@localhost~]# kubeadm init --pod-network-cidr=10.244.0.0/16 YourKubernetes control-plane has initialized successfully! To startusing your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf$HOME/.kube/config sudo chown $(id -u):$(id -g)$HOME/.kube/config Youshould now deploy a pod network to the cluster.Run"kubectl apply -f [podnetwork].yaml" with one of the options listedat: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then youcan join any number of worker nodes by running the following on each as root: kubeadmjoin 192.168.40.128:6443 --token eitxr6.l7que99ui33phdts --discovery-token-ca-cert-hashsha256:2b65bf29e32c1906391b66796f3cd5cf79bce239b43ff82fefb73ace984ac29411.根据提示准备kubeconfig配置文件
代码语言:javascript复制[root@localhost ~]# mkdir -p $HOME/.kube[root@localhost ~]# sudo cp -i /etc/kubernetes/admin.conf$HOME/.kube/config[root@localhost ~]# sudochown $(id -u):$(id -g) $HOME/.kube/config12.查看master的组件是否正常
代码语言:javascript复制[root@localhost ~]# kubectl get csNAME STATUS MESSAGE ERRORscheduler Healthy ok controller-manager Healthy ok etcd-0 Healthy {"health":"true"} [root@localhost ~]# kubectl get pods -ANAMESPACE NAME READY STATUS RESTARTS AGEkube-system coredns-6955765f44-q42ch 1/1 Running 0 3m11skube-system coredns-6955765f44-xld2q 1/1 Running 0 3m11skube-system etcd-localhost.localdomain 1/1 Running 0 3m27skube-system kube-apiserver-localhost.localdomain 1/1 Running 0 3m27skube-system kube-controller-manager-localhost.localdomain 1/1 Running 0 3m27skube-system kube-proxy-zb4dq 1/1 Running 0 3m11skube-system kube-scheduler-localhost.localdomain 1/1 Running 0 3m26s [root@localhost ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONlocalhost.localdomain Ready master 4m38s v1.17.013.配置俩台node节点
代码语言:javascript复制这行是在master节点初始化完成后提示的[root@localhost ~]# kubeadm join 192.168.40.128:6443 --tokeneitxr6.l7que99ui33phdts > --discovery-token-ca-cert-hashsha256:2b65bf29e32c1906391b66796f3cd5cf79bce239b43ff82fefb73ace984ac294W1218 23:48:20.344418 4134join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will beignored when control-plane flag is not set.[preflight] Running pre-flight checks [WARNINGIsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroupdriver. The recommended driver is "systemd". Please follow the guideat https://kubernetes.io/docs/setup/cri/ [WARNINGService-Kubelet]: kubelet service is not enabled, please run 'systemctl enablekubelet.service'[preflight] Reading configuration from the cluster...[preflight] FYI: You can look at this config file with 'kubectl -nkube-system get cm kubeadm-config -oyaml'[kubelet-start] Downloading configuration for the kubelet from the"kubelet-config-1.17" ConfigMap in the kube-system namespace[kubelet-start] Writing kubelet configuration to file"/var/lib/kubelet/config.yaml"[kubelet-start] Writing kubelet environment file with flags to file"/var/lib/kubelet/kubeadm-flags.env"[kubelet-start] Starting the kubelet[kubelet-start] Waiting for the kubelet to perform the TLSBootstrap... This node has joined the cluster:* Certificate signing request was sent to apiserver and a responsewas received.* The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node jointhe cluster.在master节点插看是否有子节点的信息
代码语言:javascript复制[root@localhost ~]# kubectl get nodes
