K8S最新版1.13.3简单安装方式kubeadm

K8S使用kubeadm安装

  • 1.环境介绍和准备
    • 1.2环境准备
      • 1.2.1 主机名映射(三台都做)
      • 1.2.2 时间同步
      • 1.2.3 关闭防火墙以及selinux
      • 1.2.4 yum源docker,k8s(三台都做)
  • 初始化集群
  • 下载k8s用到的镜像
  • 重新初始化
  • 安装fannel网络插件
  • 配置Node节点加入集群
  • 验证阶段

1.环境介绍和准备

此处不讲解k8s的的一些信息,如有需要请参考https://blog.csdn.net/atlansi/article/details/80849927

以kubeadm方式安装k8s,所有的服务组件,都会被运行在pod中,容器中,
运行为物理机的守护进程的方式,在上面的连接中,操作比较繁琐

双网卡0网段对外

主机名 IP 角色
C7-1 192.168.8.70 192.168.0.9 master
C7-2 192.168.8.71 192.168.0.11 node1
C7-3 192.168.8.72 192.168.0.12 node2

1.2环境准备

1.2.1 主机名映射(三台都做)

[root@C7-1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.71 C7-2
192.168.8.72 C7-3
192.168.8.70 C7-1
[root@C7-1 ~]# scp /etc/hosts root@C7-2:/etc/hosts
[root@C7-1 ~]# scp /etc/hosts root@C7-3:/etc/hosts

1.2.2 时间同步

[root@C7-1 ~] hwclock -s
[root@C7-2 ~] hwclock -s
[root@C7-3 ~] hwclock -s
[root@C7-1 ~]# date
Tue Feb 26 06:55:28 EST 2019
[root@C7-2 ~]# date
Tue Feb 26 06:55:28 EST 2019
[root@C7-3 ~]# date
Tue Feb 26 06:55:28 EST 2019

1.2.3 关闭防火墙以及selinux

[root@C7-1 ~] systemctl stop firewalld && setenforce 0
[root@C7-2 ~] systemctl stop firewalld && setenforce 0
[root@C7-3 ~] systemctl stop firewalld && setenforce 0

1.2.4 yum源docker,k8s(三台都做)

[root@C7-1 ~] yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@C7-1 ~] cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl docker-ce
systemctl enable kubelet && systemctl start kubelet

[root@C7-2 ~] yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@C7-2 ~] cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl docker-ce
systemctl enable kubelet && systemctl start kubelet


[root@C7-3 ~] yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@C7-3 ~] cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl docker-ce
systemctl enable kubelet && systemctl start kubelet

初始化集群

[root@C7-1 ~] cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false" #K8S默认不允许Swap,此处是让初始化的时候可以通过
[root@C7-1 ~] systemctl start docker && systemctl restart kubelet && systemctl enable docker


[root@C7-1 ~] cat /proc/sys/net/bridge/bridge-nf-call-ip6tables
1
[root@C7-1 ~] cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
#一定要保证上面两部的结果 都是1 如不是使用echo "1” > 覆盖过去(注意双引号)

[root@C7-1 ~] cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://xxxxxx.mirror.aliyuncs.com"]
}
#上述使用阿里云的加速器,前往阿里云免费开通

[root@C7-1 ~] systemctl daemon-reload
[root@C7-1 ~] systemctl restart docker
#使配置生效

[root@C7-1 ~] kubeadm init  --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap 
#忽略Swap的报错信息


#此处如果是卡在镜像下载不下来,使用下个小节的脚本,注意版本号要根据上述命令的报错,进行指定

下载k8s用到的镜像

[root@C7-1 ~]# cat bash.sh 
#!/bin/bash
images=( kube-apiserver:v1.13.3 kube-controller-manager:v1.13.3 kube-scheduler:v1.13.3 kube-proxy:v1.13.3  )
for imageName in ${images[@]} ; do
	docker pull mirrorgooglecontainers/$imageName
  	docker tag mirrorgooglecontainers/$imageName k8s.gcr.io/$imageName
done

上面的脚本只能下载数组中的组件,切版本号,需要根据自己的情况更改,余下服务使用下面的脚本

[root@C7-1 ~]# cat bash2.sh
#!/bin/bash
images=( pause:3.1 etcd:3.2.24 coredns:1.2.6  )
for imageName in ${images[@]} ; do
	docker pull keveon/$imageName
  	docker tag keveon/$imageName k8s.gcr.io/$imageName
done

上述镜像全部下载完成在重新初始化

重新初始化

注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式
注意运行成功后,屏幕上最后一行至关重要,一定要好好保存,那是node节点加入集群的方式

[root@C7-1 ~] rm -rf {/etc/kubernetes/manifests/kube-apiserver.yaml,/etc/kubernetes/manifests/kube-controller-manager.yaml,/etc/kubernetes/manifests/kube-scheduler.yaml,/etc/kubernetes/manifests/etcd.yaml}
[root@C7-1 ~] kubeadm init  --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap

#出现如下字样,表示成功,他是最后一行注意了!!!!!
kubeadm join 192.168.0.9:6443 --token ugghxd.2xdc95gtlcg9mwwk --discovery-token-ca-cert-hash sha256:a6a450806b3e18c1eb27112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68

**无特别情况,上述初始化指令,成功初始化,返回结果,近期补充,注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**
**注意运行成功后,屏幕上最后一行至关重要,一定要好好保存**



[root@C7-1 ~] mkdir -p $HOME/.kube
[root@C7-1 ~] cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@C7-1 ~] kubectl get cs 
NAME                 STATUS    MESSAGE              ERROR
controller-manager   Healthy   ok                   
scheduler            Healthy   ok                   
etcd-0               Healthy   {"health": "true"} 
#此指令可以判读master节点各组件,是否良好运行,apiserver是否故障,取决于上述命令,能否出现结果
[root@C7-1 ~]# kubectl get nodes
NAME   STATUS   ROLES    AGE     VERSION
c7-1   NoReady    master   31s   v1.13.3
#此处STATUS为NoReady是应为还没有配置集群网络

安装fannel网络插件

[root@C7-1 ~]  kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@C7-1 ~] docker image ls
quay.io/coreos/flannel                           v0.11.0-amd64       ff281650a721        4 weeks ago         52.6MB
[root@C7-1 ~] kubectl get nodes
NAME   STATUS   ROLES    AGE     VERSION
c7-1   Ready    master   2m   v1.13.3

至此k8s的master节点已经安装完成

配置Node节点加入集群

由于上述已经装好了相关的组件,此处直接使用
现在master上把需要的东西准备一下

[root@C7-1 ~] scp /etc/sysconfig/kubelet C7-2:/etc/sysconfig
[root@C7-1 ~] scp /etc/sysconfig/kubelet C7-3:/etc/sysconfig
[root@C7-1 ~] scp /etc/docker/daemon.json C7-2:/etc/docker/
[root@C7-1 ~] scp /etc/docker/daemon.json C7-3:/etc/docker/

#下方是为Node节点准备需要的组件镜像
[root@C7-1 ~] mkdir ./mycluster/ && docker save k8s.gcr.io/kube-proxy:v1.13.3  >  ./mycluster/pro.tar
[root@C7-1 ~] docker save quay.io/coreos/flannel:v0.11.0-amd64  >  ./mycluster/fan.tar
[root@C7-1 ~] docker save k8s.gcr.io/pause:3.1  >  ./mycluster/pau.tar
[root@C7-1 ~] scp -r mycluster/ root@C7-2:/root
[root@C7-1 ~] scp -r mycluster/ root@C7-3:/root

上述都是在为Node节点准备环境,下方开始真正操作

[root@C7-2 ~]# systemctl restart docker && systemctl enable docker && systemctl restart kubelet && systemctl  enable kubelet
[root@C7-2 ~] docker load < ./mycluster/pau.tar
[root@C7-2 ~] docker load < ./mycluster/fan.tar
[root@C7-2 ~] docker load < ./mycluster/pro.tar

[root@C7-2 ~]# kubeadm join 192.168.0.9:6443 --token ugghxd.2xdc95gtlcg9mwwk --discovery-token-ca-cert-hash sha256:a6a450806b3e18c1eb27112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68
112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68 --ignore-preflight-errors=Swap
[preflight] Running pre-flight checks
	[WARNING Swap]: running with swap on is not supported. Please disable swap
	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.09.2. Latest validated version: 18.06
[discovery] Trying to connect to API Server "192.168.0.9:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.0.9:6443"
[discovery] Requesting info from "https://192.168.0.9:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.0.9:6443"
[discovery] Successfully established connection with API Server "192.168.0.9:6443"
[join] Reading configuration from the cluster...
[join] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.13" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "c7-2" as an annotation

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

node2操作如下

[root@C7-3 ~]# systemctl restart docker && systemctl enable docker && systemctl restart kubelet && systemctl  enable kubelet
[root@C7-3 ~] docker load < ./mycluster/pau.tar
[root@C7-3 ~] docker load < ./mycluster/fan.tar
[root@C7-3 ~] docker load < ./mycluster/pro.tar

[root@C7-3 ~]# kubeadm join 192.168.0.9:6443 --token ugghxd.2xdc95gtlcg9mwwk --discovery-token-ca-cert-hash sha256:a6a450806b3e18c1eb27112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68
112b77a85e7552fd4bfa36fe22d55b4ecc1bab11ed68 --ignore-preflight-errors=Swap
[preflight] Running pre-flight checks
	[WARNING Swap]: running with swap on is not supported. Please disable swap
	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.09.2. Latest validated version: 18.06
[discovery] Trying to connect to API Server "192.168.0.9:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.0.9:6443"
[discovery] Requesting info from "https://192.168.0.9:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.0.9:6443"
[discovery] Successfully established connection with API Server "192.168.0.9:6443"
[join] Reading configuration from the cluster...
[join] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.13" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "c7-2" as an annotation

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

验证阶段

[root@C7-1 ~]# kubectl get nodes
NAME   STATUS   ROLES    AGE     VERSION
c7-1   Ready    master   10m   v1.13.3
c7-2   Ready    <none>   2m    v1.13.3
c7-3   Ready    <none>   1m   v1.13.3

结果如上,即表示集群搭建成功

你可能感兴趣的:(Docker,Linux,kubernetes)