k8s kubeadm 集群部署
k8s 集群 容器镜像准备
使用kubeadm部署k8s集群,所以k8s集群的所有核心组件均以pod运行、
需要准备镜像,不然初始化的时候会自动下载,时间会很长。
所有用到的镜像,已经上传到百度云中
链接:https://pan.baidu.com/s/1LjApqxw44q-xX–05Rs8pw
提取码:6666
# 查看所需要的镜像
kubeadm config images list
W0804 17:55:12.248884 13607 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
k8s.gcr.io/kube-apiserver:v1.18.6
k8s.gcr.io/kube-controller-manager:v1.18.6
k8s.gcr.io/kube-scheduler:v1.18.6
k8s.gcr.io/kube-proxy:v1.18.6
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.7
kubeadm config images list >> image.list
# 修改image.list,改为脚本
可能会因为网络问题而找不到响应的镜像,我们可以去国内可以访问的docker镜像源下载,然后修改tag
#!/bin/bash
img_list='k8s.gcr.io/kube-apiserver:v1.18.6
k8s.gcr.io/kube-controller-manager:v1.18.6
k8s.gcr.io/kube-scheduler:v1.18.6
k8s.gcr.io/kube-proxy:v1.18.6
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.7'
for img in ${img_list}
do
docker pull $img
done
#!/bin/bash
img_list='kubesphere/kube-apiserver:v1.18.6
kubesphere/kube-controller-manager:v1.18.6
kubesphere/kube-scheduler:v1.18.6
kubesphere/kube-proxy:v1.18.6
kubesphere/pause:3.2
docker pull mirrorgcrio/etcd:3.4.3-0
coredns/coredns:1.6.7'
for img in ${img_list}
do
docker pull $img
done
docker tag kubesphere/kube-apiserver:v1.18.6 k8s.gcr.io/kube-apiserver:v1.18.6
docker tag kubesphere/kube-controller-manager:v1.18.6 k8s.gcr.io/kube-controller-manager:v1.18.6
docker tag kubesphere/kube-scheduler:v1.18.6 k8s.gcr.io/kube-scheduler:v1.18.6
docker tag kubesphere/kube-proxy:v1.18.6 k8s.gcr.io/kube-proxy:v1.18.6
docker tag kubesphere/pause:3.2 k8s.gcr.io/pause:3.2
docker tag mirrorgcrio/etcd:3.4.3 k8s.gcr.io/etcd:3.4.3-0
docker tag coredns/coredns:1.6.7 k8s.gcr.io/coredns:1.6.7
docker save k8s.gcr.io/kube-apiserver:v1.18.6 -o kube-apiserver_v1.18.6.tar
docker save k8s.gcr.io/kube-controller-manager:v1.18.6 -o kube-controller-manager_v1.18.6.tar
docker save k8s.gcr.io/kube-scheduler:v1.18.6 -o kube-scheduler_v1.18.6.tar
docker save k8s.gcr.io/kube-proxy:v1.18.6 -o kube-proxy_v1.18.6.tar
docker save k8s.gcr.io/pause:3.2 -o pause_3.2.tar
docker save k8s.gcr.io/etcd:3.4.3-0 -o etcd_3.4.3-0.tar
docker save k8s.gcr.io/coredns:1.6.7 -o coredns_1.6.7.tar
docker load -i kube-apiserver_v1.18.6.tar
docker load -i kube-controller-manager_v1.18.6.tar
docker load -i kube-scheduler_v1.18.6.tar
docker load -i kube-proxy_v1.18.6.tar
docker load -i pause_3.2.tar
docker load -i etcd_3.4.3-0.tar
docker load -i coredns_1.6.7.tar
worker节点 不需要全部的镜像,只需要以下两个镜像
kube-proxy
pause
docker load -i xxx
k8s 集群初始化
# 在master节点操作
# 指定k8s版本 pod网络 和 apiserver地址为当前master的ip
kubeadm init --kubernetes-version=v1.18.6 --pod-network-cidr=172.16.0.0/16 --apiserver-advertise-address=192.168.56.100
初始化成功,如果失败了,调整镜像或者配置,重启 kubeadm 即可 sudo kubeadm reset
[root@master1 ~]# kubeadm init --kubernetes-version=v1.18.6 --pod-network-cidr=172.16.0.0/16 --apiserver-advertise-address=192.168.56.100
W0805 04:54:47.572575 6614 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.18.6
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [master1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.56.100]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [master1 localhost] and IPs [192.168.56.100 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [master1 localhost] and IPs [192.168.56.100 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
W0805 04:54:52.181396 6614 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[control-plane] Creating static Pod manifest for "kube-scheduler"
W0805 04:54:52.182423 6614 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 23.015400 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.18" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master1 as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node master1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 419shm.tyxdhbuymbaaujfr
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
# kubeadm init 成功信息
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.56.100:6443 --token 419shm.tyxdhbuymbaaujfr \
--discovery-token-ca-cert-hash sha256:1d496f3d960a14dae56cc689847866f10354bef455d80815374b73a24b46557d
按照返回的提示信息执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
安装网络插件
wget https://docs.projectcalico.org/v3.15/manifests/calico.yaml
vim calico.yaml
# 大概在3580行,取消注释,将ip修改为我们指定的 172.16.0.0/16
- name: CALICO_IPV4POOL_CIDR
value: "172.16.0.0/16"
kubectl apply -f calico.yaml
# kubectl get nodes Ready 则准备好了, 如果没有事先导入calico镜像,这个会很久
安装完毕网络 加入集群(卡在这里,加入不了)
kubeadm join 192.168.56.100:6443 --token 419shm.tyxdhbuymbaaujfr \
--discovery-token-ca-cert-hash sha256:1d496f3d960a14dae56cc689847866f10354bef455d80815374b73a24b46557d
验证集群可用
# 查看节点 , Ready 则准备好了
kubectl get nodes
master1 Ready master 5h41m v1.18.6