使用Kubeadm安装K8S
环境准备
-
机器信息
# 实验机器均为centos7.9系统,1主3从。 # 每个机器均为4核CPU 4G内存 # 注意:cpu和内存太低k8s会起不来。最低好像是2核CPU 2G内存。 master 10.0.0.170 node01 10.0.0.171 node02 10.0.0.172 node03 10.0.0.173 -
ssh key验证(非必须,为了方便)
# 使用下面的脚本实现 #!/bin/bash # #******************************************************************** #Author: Wuvikr #QQ: 744123155 #Date: 2020-10-29 #FileName ssh_auth_each_other.sh #URL: http://www.wuvikr.com #Description The test script #Copyright (C): 2020 All rights reserved #******************************************************************** PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH IPLIST=" 10.0.0.171 10.0.0.172 10.0.0.173 " export SSHPASS=744123 PASS=744123 rpm -q sshpass &> /dev/null || yum -y install sshpass &> /dev/null rpm -q expect &> /dev/null || yum -y install expect &> /dev/null [ -f /root/.ssh/id_rsa ] || ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa &> /dev/null sshpass -e ssh-copy-id -o StrictHostKeyChecking=no 127.0.0.1 > /dev/null for IP in $IPLIST do expect &> /dev/null <<EOF set timeout 20 spawn scp -rp /root/.ssh/ ${IP}:/root/ expect { "yes/no" { send "yes\n";exp_continue } "password" { send "${PASS}\n" } } expect eof EOF echo -e "\\e[1;32m${IP}:免密登录设置成功!\\e[0m" done -
修改hosts文件
# 在主节点修改hosts文件 # 将主和从的信息都加入进去 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.170 master.k8s master kubeapi.k8s 10.0.0.171 node01.k8s node01 10.0.0.172 node02.k8s node02 10.0.0.173 node03.k8s node03 # 拷贝到其他从节点上去 scp /etc/hosts node01:/etc/hosts scp /etc/hosts node02:/etc/hosts scp /etc/hosts node03:/etc/hosts -
禁用防火墙和SELINUX
systemctl disable --now firewalld sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config -
关闭swap
swapoff -a sed -ri 's/(.*swap.*)/#\1/' /etc/fstab -
时间同步
yum install -y chrony systemctl enable --now chronyd # 这里使用了阿里和腾讯的时间服务器 ntp1.aliyun.com ntp2.aliyun.com time1.cloud.tencent.com time2.cloud.tencent.com [root@master ~]#chronyc sources 210 Number of sources = 4 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 120.25.115.20 2 7 377 145 +17ms[+9805us] +/- 36ms ^+ 203.107.6.88 2 6 377 406 +15ms[ -11ms] +/- 32ms ^+ 139.199.215.251 2 7 367 143 +14ms[ +14ms] +/- 52ms ^+ 111.230.189.174 2 7 377 146 +16ms[+9570us] +/- 56ms
安装Docker
# Centos7安装Docker脚本
#!/bin/bash
#
#********************************************************************
#Author: Wuvikr
#QQ: 744123155
#Date: 2020-12-01
#FileName docker_install_for_centos7.sh
#URL: http://www.wuvikr.top
#Description The test script
#Copyright (C): 2020 All rights reserved
#********************************************************************
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
Version="19.03.13-3.el7"
# 下载docker安装源
wget -P /etc/yum.repos.d/ https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker
yum -y install docker-ce-$Version docker-ce-cli-$Version || echo -e '\033[1;31m安装失败,请检查网络和yum源配置!\033[0m'
# 使用国内镜像加速
# 阿里云(需要登录账号分配地址)
# 网易云 https://vgunv6qp.mirror.aliyuncs.com
# 腾讯云 https://mirror.ccs.tencentyun.com
# 中科大 https://docker.mirrors.ustc.edu.cn
# docker中国 https://registry.docker-cn.com
# 这里顺便修改下CGROUP驱动
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://mirror.ccs.tencentyun.com",
"https://docker.mirrors.ustc.edu.cn",
"https://registry.docker-cn.com"
]
}
EOF
# 重新加载配置并启动docker
systemctl daemon-reload
systemctl enable --now docker
docker version && echo -e "\033[1;32m${Version}安装成功!\033[0m" || echo -e '\033[1;31m安装失败!\033[0m'
安装k8s
- centos
# 使用阿里云的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 有梯子的朋友可以试试google官网源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
# 安装kubuadm并启动
yum install -y kubelet kubeadm kubectl
systemctl enable --now kubelet
- ubuntu
apt update
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
tee /etc/apt/sources.list.d/kubernetes.list <<EOF
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt update
apt install -y kubelet kubeadm kubectl
systemctl enable kubelet
初始化集群
只需要在主节点上执行此步骤
- 方法一:使用命令行配置初始化(较简单,未指定的使用默认设定)
# 初始化命令
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.19.4 --control-plane-endpoint kubeapi.k8s --apiserver-advertise-address 10.0.0.170 --pod-network-cidr 10.244.0.0/16
# 说明
--image-repository : 指定镜像源
--kubernetes-version: 指定K8S版本,最好和安装的kubeadm保持一致
--control-plane-endpoint: 指定control-plane的IP或DNS名称
--apiserver-advertise-address: 指定API服务器的IP地址
--pod-network-cidr: 指定Pod网络的IP网段
- 方法二:使用配置文件初始化(可以具体的设置想要修改的参数)
# 生成默认初始化配置文件
kubeadm config print init-defaults > kubeadm.yaml
# 生成默认初始化配置文件后可以按需进行修改
cat kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s # token令牌的过期时间
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.0.0.170 # apiserver节点IP
bindPort: 6443 # 默认端口
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: master.k8s # 默认使用当前master节点的hostname
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki # 各种证书路径
clusterName: kubernetes # 集群名称
controllerManager: {}
dns:
type: CoreDNS # 默认使用CoreDNS
etcd:
local:
dataDir: /var/lib/etcd # etcd目录
imageRepository: registry.aliyuncs.com/google_containers # 改为阿里云镜像源
kind: ClusterConfiguration
kubernetesVersion: v1.19.4 # K8S版本
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16 # Pod网络的IP网段,这里使用flannel插件的网段
serviceSubnet: 10.96.0.0/12 # service网络的网段地址
scheduler: {}
# 使用预先配置好的文件进行初始化
kubeadm init --config kubeadm.yaml
出现以下内容即表示初始化成功,然后按照提示进行操作
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join kubeapi.k8s:6443 --token onlo0f.5mio4k9d2o5xs0tt \
--discovery-token-ca-cert-hash sha256:1d58267976a4f9e61858d217599e70305796ef129708b02c07c6eb38763a9885 \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join kubeapi.k8s:6443 --token onlo0f.5mio4k9d2o5xs0tt \
--discovery-token-ca-cert-hash sha256:1d58267976a4f9e61858d217599e70305796ef129708b02c07c6eb38763a9885
# 拷贝kubeconfig文件到当前用户的家目录下
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 配置网络插件,这里是用flannel,如果修改了pod网段,需要在flannel配置文件中也做相应修改。
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
# 添加子节点到集群
# 在子节点上执行如下命令
kubeadm join kubeapi.k8s:6443 --token onlo0f.5mio4k9d2o5xs0tt \
--discovery-token-ca-cert-hash sha256:1d58267976a4f9e61858d217599e70305796ef129708b02c07c6eb38763a9885
# 注意:令牌有时间限制,经过一段时间会过期
## 可以在初始化的时候使用 --token-ttl duration 参数指定令牌过期时间,默认为24h。
## 令牌过期后可以使用命令 kubeadm token create --print-join-command 重新获取。
# 使用kubectl get nodes 查看节点状况
相关报错解决
# 初始化预检测阶段可能会出现以下错误
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
# 解决方法
cat > /etc/sysctl.d/k8s.conf <<EOF
> net.bridge.bridge-nf-call-iptables = 1
> net.bridge.bridge-nf-call-ip6tables = 1
> net.ipv4.ip_forward = 1
> EOF
sysctl -p /etc/sysctl.d/k8s.conf
查看集群状况
# 查看Pod运行状态
[root@master ~]#kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6d56c8448f-nv28f 1/1 Running 0 4m59s
coredns-6d56c8448f-qwkhr 1/1 Running 0 4m59s
etcd-master.k8s 1/1 Running 0 5m17s
kube-apiserver-master.k8s 1/1 Running 0 5m17s
kube-controller-manager-master.k8s 1/1 Running 0 5m17s
kube-flannel-ds-cts45 1/1 Running 0 2m25s
kube-flannel-ds-jql5t 1/1 Running 0 88s
kube-flannel-ds-m522q 1/1 Running 0 4m
kube-flannel-ds-vwcp8 1/1 Running 0 91s
kube-proxy-dw5fq 1/1 Running 0 91s
kube-proxy-fnxch 1/1 Running 0 2m25s
kube-proxy-g9c77 1/1 Running 0 88s
kube-proxy-gdb25 1/1 Running 0 5m
kube-scheduler-master.k8s 1/1 Running 0 5m17s
# 查看节点状况
[root@master ~]#kubectl get nodes
NAME STATUS ROLES AGE VERSION
master.k8s Ready master 5m25s v1.19.4
node01.k8s Ready <none> 2m31s v1.19.4
node02.k8s Ready <none> 98s v1.19.4
node03.k8s Ready <none> 94s v1.19.4
## 可能有些pod是Init状态,node是NotReady状态,不要着急,多等待一会即可。
## 到这里k8s的安装就算是初步完成了
