此处不讲解k8s的的一些信息,如有需要请参考https://blog.csdn.net/atlansi/article/details/80849927
以kubeadm方式安装k8s,所有的服务组件,都会被运行在pod中,容器中,
运行为物理机的守护进程的方式,在上面的连接中,操作比较繁琐
双网卡0网段对外
主机名 | IP | 角色 |
---|---|---|
C7-1 | 192.168.8.70 192.168.0.9 | master |
C7-2 | 192.168.8.71 192.168.0.11 | node1 |
C7-3 | 192.168.8.72 192.168.0.12 | node2 |
[root@C7-1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.71 C7-2
192.168.8.72 C7-3
192.168.8.70 C7-1
[root@C7-1 ~]# scp /etc/hosts root@C7-2:/etc/hosts
[root@C7-1 ~]# scp /etc/hosts root@C7-3:/etc/hosts
[root@C7-1 ~] hwclock -s
[root@C7-2 ~] hwclock -s
[root@C7-3 ~] hwclock -s
[root@C7-1 ~]# date
Tue Feb 26 06:55:28 EST 2019
[root@C7-2 ~]# date
Tue Feb 26 06:55:28 EST 2019
[root@C7-3 ~]# date
Tue Feb 26 06:55:28 EST 2019
[root@C7-1 ~] systemctl stop firewalld && setenforce 0
[root@C7-2 ~] systemctl stop firewalld && setenforce 0
[root@C7-3 ~] systemctl stop firewalld && setenforce 0
[root@C7-1 ~] yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@C7-1 ~] cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl docker-ce
systemctl enable kubelet && systemctl start kubelet
[root@C7-2 ~] yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@C7-2 ~] cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl docker-ce
systemctl enable kubelet && systemctl start kubelet
[root@C7-3 ~] yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@C7-3 ~] cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl docker-ce
systemctl enable kubelet && systemctl start kubelet
[root@C7-1 ~] cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false" #K8S默认不允许Swap,此处是让初始化的时候可以通过
[root@C7-1 ~] systemctl start docker && systemctl restart kubelet && systemctl enable docker
[root@C7-1 ~] cat /proc/sys/net/bridge/bridge-nf-call-ip6tables
1
[root@C7-1 ~] cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
#一定要保证上面两部的结果 都是1 如不是使用echo "1” > 覆盖过去(注意双引号)
[root@C7-1 ~] cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxxxx.mirror.aliyuncs.com"]
}
#上述使用阿里云的加速器,前往阿里云免费开通
[root@C7-1 ~] systemctl daemon-reload
[root@C7-1 ~] systemctl restart docker
#使配置生效
[root@C7-1 ~] kubeadm init --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
#忽略Swap的报错信息
#此处如果是卡在镜像下载不下来,使用下个小节的脚本,注意版本号要根据上述命令的报错,进行指定
[root@C7-1 ~]# cat bash.sh
#!/bin/bash
images=( kube-apiserver:v1.13.3 kube-controller-manager:v1.13.3 kube-scheduler:v1.13.3 kube-proxy:v1.13.3 )
for imageName in ${images[@]} ; do
docker pull mirrorgooglecontainers/$imageName
docker tag mirrorgooglecontainers/$imageName k8s.gcr.io/$imageName
done
上面的脚本只能下载数组中的组件,切版本号,需要根据自己的情况更改,余下服务使用下面的脚本
[root@C7-1 ~]# cat bash2.sh
#!/bin/bash
images=( pause:3.1 etcd:3.2.24 coredns:1.2.6 )
for imageName in ${images[@]} ; do
docker pull keveon/$imageName
docker tag keveon/$imageName k8s.gcr.io/$imageName
done
上述镜像全部下载完成在重新初始化
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
[root@C7-1 ~] rm -rf {/etc/kubernetes/manifests/kube-apiserver.yaml,/etc/kubernetes/manifests/kube-controller-manager.yaml,/etc/kubernetes/manifests/kube-scheduler.yaml,/etc/kubernetes/manifests/etcd.yaml}
[root@C7-1 ~] kubeadm init --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
#出现如下字样,表示成功,他是最后一行注意了!!!!!
kubeadm join 192.168.0.9:6443 --token ugghxd.2xdc95gtlcg9mwwk --discovery-token-ca-cert-hash sha256:a6a450806b3e18c1eb27112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68
**无特别情况,上述初始化指令,成功初始化,返回结果,近期补充,注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
[root@C7-1 ~] mkdir -p $HOME/.kube
[root@C7-1 ~] cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@C7-1 ~] kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health": "true"}
#此指令可以判读master节点各组件,是否良好运行,apiserver是否故障,取决于上述命令,能否出现结果
[root@C7-1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
c7-1 NoReady master 31s v1.13.3
#此处STATUS为NoReady是应为还没有配置集群网络
[root@C7-1 ~] kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@C7-1 ~] docker image ls
quay.io/coreos/flannel v0.11.0-amd64 ff281650a721 4 weeks ago 52.6MB
[root@C7-1 ~] kubectl get nodes
NAME STATUS ROLES AGE VERSION
c7-1 Ready master 2m v1.13.3
至此k8s的master节点已经安装完成
由于上述已经装好了相关的组件,此处直接使用
现在master上把需要的东西准备一下
[root@C7-1 ~] scp /etc/sysconfig/kubelet C7-2:/etc/sysconfig
[root@C7-1 ~] scp /etc/sysconfig/kubelet C7-3:/etc/sysconfig
[root@C7-1 ~] scp /etc/docker/daemon.json C7-2:/etc/docker/
[root@C7-1 ~] scp /etc/docker/daemon.json C7-3:/etc/docker/
#下方是为Node节点准备需要的组件镜像
[root@C7-1 ~] mkdir ./mycluster/ && docker save k8s.gcr.io/kube-proxy:v1.13.3 > ./mycluster/pro.tar
[root@C7-1 ~] docker save quay.io/coreos/flannel:v0.11.0-amd64 > ./mycluster/fan.tar
[root@C7-1 ~] docker save k8s.gcr.io/pause:3.1 > ./mycluster/pau.tar
[root@C7-1 ~] scp -r mycluster/ root@C7-2:/root
[root@C7-1 ~] scp -r mycluster/ root@C7-3:/root
上述都是在为Node节点准备环境,下方开始真正操作
[root@C7-2 ~]# systemctl restart docker && systemctl enable docker && systemctl restart kubelet && systemctl enable kubelet
[root@C7-2 ~] docker load < ./mycluster/pau.tar
[root@C7-2 ~] docker load < ./mycluster/fan.tar
[root@C7-2 ~] docker load < ./mycluster/pro.tar
[root@C7-2 ~]# kubeadm join 192.168.0.9:6443 --token ugghxd.2xdc95gtlcg9mwwk --discovery-token-ca-cert-hash sha256:a6a450806b3e18c1eb27112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68
112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68 --ignore-preflight-errors=Swap
[preflight] Running pre-flight checks
[WARNING Swap]: running with swap on is not supported. Please disable swap
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.09.2. Latest validated version: 18.06
[discovery] Trying to connect to API Server "192.168.0.9:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.0.9:6443"
[discovery] Requesting info from "https://192.168.0.9:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.0.9:6443"
[discovery] Successfully established connection with API Server "192.168.0.9:6443"
[join] Reading configuration from the cluster...
[join] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.13" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "c7-2" as an annotation
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the master to see this node join the cluster.
node2操作如下
[root@C7-3 ~]# systemctl restart docker && systemctl enable docker && systemctl restart kubelet && systemctl enable kubelet
[root@C7-3 ~] docker load < ./mycluster/pau.tar
[root@C7-3 ~] docker load < ./mycluster/fan.tar
[root@C7-3 ~] docker load < ./mycluster/pro.tar
[root@C7-3 ~]# kubeadm join 192.168.0.9:6443 --token ugghxd.2xdc95gtlcg9mwwk --discovery-token-ca-cert-hash sha256:a6a450806b3e18c1eb27112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68
112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68 --ignore-preflight-errors=Swap
[preflight] Running pre-flight checks
[WARNING Swap]: running with swap on is not supported. Please disable swap
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.09.2. Latest validated version: 18.06
[discovery] Trying to connect to API Server "192.168.0.9:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.0.9:6443"
[discovery] Requesting info from "https://192.168.0.9:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.0.9:6443"
[discovery] Successfully established connection with API Server "192.168.0.9:6443"
[join] Reading configuration from the cluster...
[join] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.13" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "c7-2" as an annotation
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the master to see this node join the cluster.
[root@C7-1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
c7-1 Ready master 10m v1.13.3
c7-2 Ready <none> 2m v1.13.3
c7-3 Ready <none> 1m v1.13.3
结果如上,即表示集群搭建成功