# 相关链接
kubeadm安装官网 (opens new window)
kubeadm安装k8s完整教程 (opens new window)
# 安装配置
以下操作是每个节点都要执行的步骤
- 配置hosts
将主节点与子节点分别配置hostname如下:
代码语言:javascript复制hostnamectl set-hostname master # 主节点
hostnamectl set-hostname node1 # 子节点
hostnamectl set-hostname node2 # 子节点
在/etc/hosts
中添加本机hostname与ip的映射关系
1.1.1.1 master
1.1.1.2 node1
1.1.1.3 node2
- 关闭防火墙
需要将主节点与子节点都关闭防火墙
代码语言:javascript复制systemctl stop firewalld
- 配置yum源
在安装kubeadm之前,都需要配置yum源,创建文件/etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
- 将 SELinux 设置为 permissive 模式(相当于将其禁用)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- 安装kubeadm、kubelet、kubectl
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
- 安装docker并开启
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
systemctl enable --now docker
- 开启kubelet
sudo systemctl enable --now kubelet
- 手动配置containerd的配置
自动生成的文件会使用k8s.gcr.io/pause:3.6镜像,国内无法下载,导致kubeadm初始化失败。
生成 containerd 的配置文件
代码语言:javascript复制mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
修改 SystemdCgroup 为 true
代码语言:javascript复制# 编辑文件
vi /etc/containerd/config.toml
#更改SystemdCgroup值为true
SystemdCgroup = true
修改 sandbox_image 值
代码语言:javascript复制# 更改k8s.gcr.io/pause:3.6为registry.aliyuncs.com/google_containers/pause:3.7
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"
重启containerd
代码语言:javascript复制systemctl restart containerd
# 主节点执行
- 使用
kubedam init
初始化
kubeadm init --image-repository registry.aliyuncs.com/google_containers --v=5 --pod-network-cidr 10.244.0.0/16
- kubectl读取k8s授权认证文件
将安全配置文件放在指定目录中,该文件时kubectl需要读取的授权文件,放在指定目录下,kubectl才能读取到并访问到k8s
代码语言:javascript复制 mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
或者放在环境变量中,kubectl会读取该环境变量中的文件
代码语言:javascript复制vim /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
source /etc/profile
- 创建网络flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 子节点加入集群
- 使用kubeadm join加入集群
先在主节点使用kubeadm token create --print-join-command来获取到子节点加入主节点的命令
代码语言:javascript复制[root@master ~]# kubeadm token create --print-join-command
kubeadm join 172.16.16.16:6443 --token vnu6yz.4zk8f7hdorb8fpl0 --discovery-token-ca-cert-hash sha256:ca4e1e3e2afe16f592c3623f17a6b0dc9cfebd4ec459755e02f4b8db779e21d4
再在子节点上执行该命令,即可加入集群
- 将主节点的config移动到子节点
子节点也需要主节点的config文件,才能通过kubectl访问集群
代码语言:javascript复制scp ~/.kube/config node1:~/.kube/config
# 测试
在主节点创建deployment.yaml文件如下
代码语言:javascript复制apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: demoapp
name: demo-deploy
spec:
replicas: 10
selector:
matchLabels:
app: demoapp
template:
metadata:
labels:
app: demoapp
spec:
containers:
- image: ikubernetes/demoapp:v1.0
name: demoapp
创建控制器
代码语言:javascript复制[root@master ~]# kubectl apply -f deployment.yaml
deployment.apps/demo-deploy created
可以看到创建成功,并且所有的pod已经READY
代码语言:javascript复制[root@master ~]# kubectl get deploy -n zwf
NAME READY UP-TO-DATE AVAILABLE AGE
demo-deploy 10/10 10 10 3m15s
可以看到pod都已经创建成功。
代码语言:javascript复制[root@master ~]# kubectl get pods -n zwf
NAME READY STATUS RESTARTS AGE
demo-deploy-55c5f88dcb-2nzbf 1/1 Running 0 4m38s
demo-deploy-55c5f88dcb-5kwc9 1/1 Running 0 4m38s
demo-deploy-55c5f88dcb-8jd9k 1/1 Running 0 4m38s
demo-deploy-55c5f88dcb-b7zjp 1/1 Running 0 4m38s
demo-deploy-55c5f88dcb-bs7tm 1/1 Running 0 4m38s
demo-deploy-55c5f88dcb-jrbzw 1/1 Running 0 4m38s
demo-deploy-55c5f88dcb-lsfff 1/1 Running 0 4m38s
demo-deploy-55c5f88dcb-mgqpq 1/1 Running 0 4m38s
demo-deploy-55c5f88dcb-wfzzb 1/1 Running 0 4m38s
demo-deploy-55c5f88dcb-wkbv2 1/1 Running 0 4m38s
# 常见错误
- kubeadm init 报错 ”unknown service runtime.v1alpha2.RuntimeService”
解决:
代码语言:javascript复制rm /etc/containerd/config.toml -f
systemctl restart containerd
- 如果在
kubeadm init
中出现了失败,在解决问题后,需要执行kubeadm reset
,否则会报错 - Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "k8s.gcr.io/pause:3.6": failed to pull image "k8s.gcr.io/pause:3.6": failed to pull and unpack image "k8s.gcr.io/pause:3.6": failed to resolve reference "k8s.gcr.io/pause:3.6": failed to do request: Head "https://k8s.gcr.io/v2/pause/manifests/3.6": dial tcp 74.125.23.82:443: connect: connection refused
是因为拉不到k8s官方的k8s.gcr.io/pause:3.6镜像,使用主节点container配置可以解决。
- kube-flannel报错: running-error-CrashLoopBackOff。node“k8s-master-1“podcidr not assigned
https://blog.csdn.net/shm19990131/article/details/107115750/
https://blog.csdn.net/anqixiang/article/details/107715591
- plugin type="flannel" failed (add): failed to delegate add: failed to set bridge addr: "cni0" already has an IP address different from
解决办法:
代码语言:javascript复制sudo ifconfig cni0 down
sudo ip link delete cni0
相关资料:
https://blog.csdn.net/ibless/article/details/107899009