国内 yum源安装 kubelet 和 kubeadm
安装docker
安装依赖包,添加docker源仓库,安装,启动,添加开机启动,查看版本(验证是否安装成功)
yum install yum-utils -y && \
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && \
yum install docker-ce docker-ce-cli containerd.io -y && \
systemctl start docker && systemctl enable docker && \
systemctl status docker && docker version
修改cgroup
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#重启
systemctl restart docker && systemctl status docker
1.设置国内阿里源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2.安装
yum install -y kubelet kubeadm kubectl
3.需要安装指定版本,可以
yum install -y kubelet-1.23.4 kubeadm-1.23.4 kubectl-1.23.4
- 设置开机启动
systemctl enable kubelet && systemctl start kubelet
master 节点初始化
kubeadm config print init-defaults > kubeadm-config.yaml
编辑配置文件
vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.xx.xx #修改成master节点IP
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
imagePullPolicy: IfNotPresent
name: k8s-master-1 #之前/etc/hosts里设置节点的别名
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers #改成国内源
kind: ClusterConfiguration
kubernetesVersion: 1.23.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
预先拉取所需镜像
kubeadm config images pull --config=kubeadm-config.yaml
初始化
加上 tee kubeadm-init.log,方便后续查看 token 和初始化信息
kubeadm init --config=kubeadm-config.yaml | tee kubeadm-init.log
成功信息
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.31.170:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:a5d9c8d271fc1b3165fa8bbdcc9b092207a223509b8ae53aa0078d13f67b050f
按照提示,root 身份简单设置
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
#启动生效
source ~/.bash_profile
master节点安装pod网络
curl -o kube-flannel.yml https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#把yml文件中的所有的quay.io改为quay.mirrors.ustc.edu.cn
sed -i 's/quay.io/quay.mirrors.ustc.edu.cn/g' kube-flannel.yml
#生成 flannel 插件pod
kubectl apply -f kube-flannel.yml
#确认所有的Pod都处于Running状态
kubectl get pod -n kube-system
添加worker节点
#每一个节点服务器也和 master 主节点一样安装 Docker、kubectl、kubelet和kubeadm
#如果master 重新init,则work节点join之前先执行 kubeadm reset
#按照 master 初始化的输出提示加入集群
kubeadm join 192.168.31.170:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:a5d9c8d271fc1b3165fa8bbdcc9b092207a223509b8ae53aa0078d13f67b050f
kubeadm token create --ttl 0 --print-join-command
#如果没有记住刚才的 token , master 主机 # cat kubeadm-init.log 可以找到,或这样
kubeadm token list
#如果超过 24 小时没有 join ,token 过期,需要在 master 重新获取 token
kubeadm token create 8mfiss.yvbnl8m319ysiflh
#获取ca证书sha256编码hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
#节点加入集群
kubeadm join --token aa78f6.8b4cafc8ed26c34f --discovery-token-ca-cert-hash sha256:0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538 192.168.x.x:6443 --skip-preflight-checks
#验证node和 Pod状态,
kubectl get nodes
kubectl get pods --all-namespaces
#允许master节点部署pod,使用命令如下:
kubectl taint nodes --all node-role.kubernetes.io/master-
#禁止master部署pod
kubectl taint nodes k8s node-role.kubernetes.io/master=true:NoSchedule
#k8s 给worker/master节点打标签(角色标签
kubectl label node node4 node-role.kubernetes.io/worker=worker
# master节点若缺少角色标签,执行:
kubectl label node node1 node-role.kubernetes.io/master=master
