快速部署k8s集群(kubeadm)
kubeadm 部署k8s集群
基于centos7,centos8未成功!!!
除了提示,否则三个节点都执行!!!
配置hosts
cat >> /etc/hosts <<EOF
10.10.1.51 master
10.10.1.52 node1
10.10.1.53 node2
EOF
修改主机名
hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2
配置阿里云yum源
yum install wget -y
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo && \
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo && \
wget -O /etc/yum.repos.d/docker-ce.repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && \
yum clean all && \
yum makecache fast
时间同步
systemctl start chronyd
systemctl enable chronyd
# 设置
timedatectl set-timezone Asia/Shanghai
# 设置完时区后,强制同步下系统时钟
chronyc -a makestep
关闭防火墙,清理防火墙规则,设置默认转发策略
systemctl stop firewalld
systemctl disable firewalld
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat
iptables -P FORWARD ACCEPT
关闭 swap 分区
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
禁用selinux
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
修改linux的内核参数
cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 重新加载
sysctl -p
配置ipvs功能
#在kubernetes中service有两种代理模型,一种是基于iptables的,一种是基于ipvs的
#两者比较的话,ipvs的性能明显要高一些,但是如果要使用它,需要手动载入ipvs模块
# 1 安装ipset和ipvsadm
yum install ipset ipvsadmin -y
# 2 添加需要加载的模块写入脚本文件
cat <<EOF > /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
# 3 为脚本文件添加执行权限
chmod +x /etc/sysconfig/modules/ipvs.modules
# 4 执行脚本文件
/bin/bash /etc/sysconfig/modules/ipvs.modules
# 5 查看对应的模块是否加载成功
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
安装docker
yum install docker-ce docker-ce-cli containerd.io -y
mkdir -p /etc/docker/
touch /etc/docker/daemon.json
cat <<EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://kn0t2bca.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
为什么要修改docker的cgroup driver
1、什么是cgroups?
cgroups(Control Groups) 是 linux 内核提供的一种机制
它可以限制、记录任务组所使用的物理资源
它是内核附加在程序上的hook,
使程序运行时对资源的调度触发相应的钩子,
达到资源追踪和限制资源使用的目的
2、cgroupfs是什么?
docker默认的Cgroup Driver是cgroupfs
cgroupfs是cgroup为给用户提供的操作接口而开发的虚拟文件系统类型,
它和sysfs,proc类似,可以向用户展示cgroup的hierarchy,通知kernel用户对cgroup改动
对cgroup的查询和修改只能通过cgroupfs文件系统来进行
3、为什么要修改为使用systemd?
Kubernetes 推荐使用 systemd 来代替 cgroupfs
因为systemd是Kubernetes自带的cgroup管理器, 负责为每个进程分配cgroups,
但docker的cgroup driver默认是cgroupfs,这样就同时运行有两个cgroup控制管理器,
当资源有压力的情况时,有可能出现不稳定的情况
如果不修改配置,会在kubeadm init时有提示:
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver.
The recommended driver is "systemd".
Please follow the guide at https://kubernetes.io/docs/setup/cri/
未修改的
[root@123 ~]# docker info | grep Cgroup
Cgroup Driver: cgroupfs
已经修改的
[root@k8s-master ~]# docker info | grep Cgroup
Cgroup Driver: systemd
安装kubernetes组件
cat > /etc/yum.repos.d/kubernetes.repo << 'EOF'
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 查看kubelet kubeadm kubectl版本,你可以找到你所需要的版本
yum list kubelet kubeadm kubectl --showduplicates | sort -r
yum install kubeadm kubelet kubectl -y
# 安装1.21.3
# 最新版的rancher(2.6)只支持k8s(1.21.3)
yum install kubeadm-1.21.3-0 kubelet-1.21.3-0 kubectl-1.21.3-0 -y
yum install kubeadm-1.21.0-0 kubelet-1.21.0-0 kubectl-1.21.0-0 -y
systemctl enable kubelet.service
准备集群镜像
#kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers
--config string
#kubeadm 配置文件的路径。
--cri-socket string
#要连接的 CRI 套接字的路径。如果为空,则 kubeadm 将尝试自动检测此值;仅当安装了多个 CRI 或具有非标准 CRI 插槽时,才使用此选项。
--feature-gates string
#一系列键值对(key=value),用于描述各种特征。可选项是:
#IPv6DualStack=true|false (ALPHA - 默认值=false)
-h, --help
#pull 操作的帮助命令
--image-repository string #默认值:"k8s.gcr.io"
#选择用于拉取控制平面镜像的容器仓库
--kubernetes-version string #默认值:"stable-1"
#为控制平面选择一个特定的 Kubernetes 版本。
# 指定版本下载镜像
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=1.21.0
# coredns/coredns:1.8.4 这个比较特殊
# 注意这个coredns版本,上面的kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers
# 的命令可以查看
docker pull coredns/coredns:1.8.4
docker tag coredns/coredns:1.8.4 registry.aliyuncs.com/google_containers/coredns:v1.8.4
# 1.20.0对应的coredns是1.8.0
docker pull coredns/coredns:1.8.0
docker tag coredns/coredns:1.8.0 registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0
集群初始化
# 下面的操作只需要在master节点上执行即可
# 创建集群
kubeadm init --kubernetes-version=1.21.0 \
--apiserver-advertise-address=10.10.1.32 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 下面的操作只需要在node节点上执行即可
kubeadm join 10.10.1.32:6443 --token e1bgo8.c4uw288lide0262t \
--discovery-token-ca-cert-hash sha256:020dee3c16db69eecb921c78da154cf5d9f52424d1cd7a984907471bf095e686
# 如果加入集群报错
#kubeadm init /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
# 解决
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
# 看到下面的就OK了
#Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
安装网络插件
# 下面操作依旧只在master节点执行即可,插件使用的是DaemonSet的控制器,它会在每个节点上都运行
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#先提前下载镜像 quay.io/coreos/flannel:v0.14.0 (推荐)
#也可以修改仓库
#修改文件中quay.io仓库为quay-mirror.qiniu.com
kubectl apply -f kube-flannel.yml
kubectl get node
查看运行的容器
# master
# 删除了 PORTS NAMES
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
8941130dcb84 registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 2 minutes ago Up 2 minutes
45455b382d26 36c4ebbc9d97 "/usr/local/bin/kube…" 10 minutes ago Up 10 minutes
20bb8115b7c3 registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 10 minutes ago Up 10 minutes
730c0caf2a86 f30469a2491a "kube-apiserver --ad…" 11 minutes ago Up 11 minutes
4ffd71e3e6fb 6e002eb89a88 "kube-controller-man…" 11 minutes ago Up 11 minutes
f19872d5a8dd aca5ededae9c "kube-scheduler --au…" 11 minutes ago Up 11 minutes
847c669dc906 004811815584 "etcd --advertise-cl…" 11 minutes ago Up 11 minutes
a20f864edefb registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 11 minutes ago Up 11 minutes
ff8699c1582d registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 11 minutes ago Up 11 minutes
29c4e1061a1a registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 11 minutes ago Up 11 minutes
be9efb9ffe19 registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 11 minutes ago Up 11 minutes
[root@master ~]#
# node1
[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
c8627e91dcca registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 3 minutes ago Up 3 minutes
d581c5c463f1 registry.aliyuncs.com/google_containers/kube-proxy "/usr/local/bin/kube…" 10 minutes ago Up 10 minutes
5fc4c1275fd0 registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 10 minutes ago Up 10 minutes
[root@node1 ~]#
# node2
[root@node2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
3e2f67f82347 registry.aliyuncs.com/google_containers/kube-proxy "/usr/local/bin/kube…" 2 minutes ago Up 2 minutes
c36f7974ba9a registry.aliyuncs.com/google_containers/pause:3.5 "/pause" 3 minutes ago Up 3 minutes
[root@node2 ~]#
# 不全是running,有问题
[root@master ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f6cbbb7b8-4rvlc 0/1 Pending 0 26m
coredns-7f6cbbb7b8-rbrcq 0/1 Pending 0 26m
etcd-master 1/1 Running 0 26m
kube-apiserver-master 1/1 Running 0 26m
kube-controller-manager-master 1/1 Running 0 26m
kube-flannel-ds-7vtpz 0/1 Init:ImagePullBackOff 0 17m
kube-flannel-ds-pblmf 0/1 Init:ImagePullBackOff 0 17m
kube-flannel-ds-vx4mk 0/1 Init:ImagePullBackOff 0 17m
kube-proxy-6hwkc 1/1 Running 0 24m
kube-proxy-r877c 1/1 Running 0 24m
kube-proxy-sj86d 1/1 Running 0 26m
kube-scheduler-master 1/1 Running 0 26m
kubectl describe pod coredns-7f6cbbb7b8-4rvlc --namespace=kube-system
kubectl describe pod kube-flannel-ds-tm4wz --namespace=kube-system
# Failed to pull image "quay.io/coreos/flannel:v0.14.0": rpc error: code = Unknown desc = context canceled
# 修改镜像也没用,镜像下载失败
# 可以选择在云主机下载,然后打包镜像
#docker save -o flannel.tar quay.io/coreos/flannel:v0.14.0
#docker load -i flannel.tar
kubectl apply -f kube-flannel.yml
kubectl get pods -n kube-system
# 如果还发现有Init:ImagePullBackOff
# 先删除
kubectl delete -f kube-flannel.yml
kubectl apply -f kube-flannel.yml
# 最后
[root@master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f6cbbb7b8-4rvlc 1/1 Running 0 94m
coredns-7f6cbbb7b8-rbrcq 1/1 Running 0 94m
etcd-master 1/1 Running 0 95m
kube-apiserver-master 1/1 Running 0 95m
kube-controller-manager-master 1/1 Running 0 95m
kube-flannel-ds-4mxb4 1/1 Running 0 12s
kube-flannel-ds-kqt7b 1/1 Running 0 12s
kube-flannel-ds-nsm87 1/1 Running 0 12s
kube-proxy-6hwkc 1/1 Running 0 93m
kube-proxy-r877c 1/1 Running 0 93m
kube-proxy-sj86d 1/1 Running 0 95m
kube-scheduler-master 1/1 Running 0 95m
[root@master ~]#
浙公网安备 33010602011771号