CentOS7 使用 kubeadm 搭建 kubernetes 集群（极速篇）

序言

本人在安装 k8s 的过程中曲折不断，故写下此文，让后人可以少走弯路。

这篇文章只描述如何从0开始快速搭建 k8s 集群，想更详细了解具体遇到问题的分析过程和解决方案，可阅读另一篇文章 —— CentOS7 使用 kubeadm 启动 kubernetes 集群（踩坑篇）

本人在认知、语言、技术及阅历等种种方面不足，如若文中有误，烦请告知，必将一一更正，邮箱 [email protected]。

建议

学习 Kubernetes（简称K8s） 之前，需要有 Linux 基础以及基本掌握 Docker 的使用，在天朝局域网环境下还额外需要科学上网技巧。

简介

Kubernetes  (通常称为 K8s ) 是用于自动部署、扩展和管理 容器化 （containerized）应用程序的 开源 系统 —— 复制于维基百科。

环境

系统及内核版本

CentOS Linux release 7.4.1708 (Core) 最小化安装

内核版本 3.10.0-693.el7.x86_64

系统位数 x86_64

Docker-CE

Client:

Version: 18.03.1-ce

API version: 1.37

Go version: go1.9.5

Git commit: 9ee9f40

Built: Thu Apr 26 07:20:16 2018

OS/Arch: linux/amd64

Experimental: false

Orchestrator: swarm

Server:

Engine:

Version: 18.03.1-ce

API version: 1.37 (minimum version 1.12)

Go version: go1.9.5

Git commit: 9ee9f40

Built: Thu Apr 26 07:23:58 2018

OS/Arch: linux/amd64

Experimental: false

kubeadm

kubeadm version: &version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

kubelet

Version: v1.10.2

kubectl

Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:22:21Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

文档

Kubernetes

https://kubernetes.io/docs/setup/independent/install-kubeadm/

Docker

https://docs.docker.com/install/linux/docker-ce/centos/

https://docs.docker.com/config/daemon/systemd/

安装

系统准备

1. 更新系统软件

yum -y upgrade

2.安装常用软件

yum -y install vim

3.设置代理

此代理地址是我局域网的一台机器，读者可自行更换，NO_PROXY 的 IP 则是本机的 IP

echo -e "export HTTP_PROXY=http://192.168.1.100:1080\nexport HTTPS_PROXY=http://192.168.1.100:1080\nexport NO_PROXY=192.168.19.150" >> /etc/profile

4.禁用 swap

sed -i "s/.*swap.*/# &/g" /etc/fstab

5.开放所需端口

firewall-cmd --zone=public --add-port=6443/tcp --permanent && firewall-cmd --zone=public --add-port=10250/tcp --permanent && firewall-cmd --reload

6.重启

reboot

安装 Docker-CE

1. 安装依赖软件

yum install -y yum-utils device-mapper-persistent-data lvm2

2.设置 yum 源

yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo

3.禁用 edge

yum-config-manager --disable docker-ce-edge

4.安装最新稳定版本

yum install -y docker-ce

5.开机启动 docker

systemctl enable docker && systemctl start docker

6.配置代理

mkdir -p /etc/systemd/system/docker.service.d

touch /etc/systemd/system/docker.service.d/http-proxy.conf

echo -e '[Service]\nEnvironment="HTTP_PROXY=http://192.168.1.100:1080"' > /etc/systemd/system/docker.service.d/http-proxy.conf

touch /etc/systemd/system/docker.service.d/https-proxy.conf

echo -e '[Service]\nEnvironment="HTTPS_PROXY=http://192.168.1.100:1080"' > /etc/systemd/system/docker.service.d/https-proxy.conf

systemctl daemon-reload && systemctl restart docker

查看 docker info

docker info | grep -i proxy

HTTP Proxy: http://192.168.1.100:1080

HTTPS Proxy: http://192.168.1.100:1080

安装 kubeadm，kubelet，kubectl

kubeadm —— 启动 k8s 集群的命令工具

kubelet —— 集群容器内的命令工具

kubectl —— 操作集群的命令工具

1.添加 kubernetes 的 yum 源

cat < /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch

enabled=1

gpgcheck=1

repo_gpgcheck=1

gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

EOF

2. 安装 kubeadm，kubelet，kubectl

yum install -y kubelet kubeadm kubectl

开机启动 kubelet

systemctl enable kubelet && systemctl start kubelet

修改 kubeadm 配置，使 kubelet 与 docker 的 cgroup-driver 一致为 cgruopfs

sed -i "s/cgroup-driver=systemd/cgroup-driver=cgroupfs/g" /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

重启 kubelet

systemctl daemon-reload && systemctl restart kubelet

3. 初始化集群

kubeadm init --ignore-preflight-errors=all --pod-network-cidr=192.168.0.0/16

等待初始化 k8s 集群成功

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node

as root:

kubeadm join 192.168.19.150:6443 --token i2yq5b.tpmy284orbzssb5a --discovery-token-ca-cert-hash sha256:f598777ca9d1f5bb7eee7e30e13cb41934473be0ec8bce9c917795e07156ae04

你还需要给集群部署一个 pod 网络，让 pod 内部服务之间可以相互通讯

https://kubernetes.io/docs/concepts/cluster-administration/addons/

我使用了 Calico ，根据官方文档，它需要以 192.168.0.0/16 网段来初始化

useradd k8s

mkdir -p /home/k8s/.kube

cp -i /etc/kubernetes/admin.conf /home/k8s/.kube/config

chown k8s:k8s /home/k8s/.kube/config

切换到 k8s 用户

su -l k8s

安装 Calico pod network

kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml

kubectl get nodes

NAME STATUS ROLES AGE VERSION

bogon NotReady master 8m v1.10.2

测试环境使用单机集群，可以使用如下命令，让 master 上也可以有 pod

kubectl taint nodes --all node-role.kubernetes.io/master-

kubeadm join 加入集群

注意：如果忘记了 token 的 hash，可以在没有 reset （k8s 相关容器没有被删除）的情况下再次执行 kubeadm init 获得，日志中的 token 是相同的

使用 root 用户执行:

kubeadm join 192.168.19.150:6443 --token i2yq5b.tpmy284orbzssb5a --discovery-token-ca-cert-hash sha256:f598777ca9d1f5bb7eee7e30e13cb41934473be0ec8bce9c917795e07156ae04 --ignore-preflight-errors=all

出现如下日志，则加入集群成功

[discovery] Successfully established connection with API Server "192.168.19.150:6443"

This node has joined the cluster:

* Certificate signing request was sent to master and a response

was received.

* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

执行 kubectl get nodes

NAME STATUS ROLES AGE VERSION

bogon Ready master 28m v1.10.2

删除节点

首先释放 bogon 节点资源

kubectl drain bogon --delete-local-data --force --ignore-daemonsets

删除 bogon 节点

kubectl delete node bogon

查看节点

kubectl get nodes

No resources found.

至此搭建 k8s 集群就大功告成了！