Kubernetes安装配置指南(kubeadm工具安装)

Kubernetes安装配置指南(kubeadm工具安装)

安装 Kubernetes对软件和硬件的系统要求

  • cpu和内存
    master:至少2core4GB内存
    Node:根据需求而定

  • Linux操作系统(关闭防火墙和selinux)
    基于x86_64架构的各种Linux发行版本
    推荐redhat7或Centos7
    kernel版本3.10以上,推荐关闭交换空间的使用,swapoff -a,在/etc/fstab中注释掉swap的挂载。

  • etcd3.0版本及以上,推荐3.3版本
    etcd下载地址:
    https://github.com/etcd-io/etcd/releases/download/v3.3.13/etcd-v3.3.13-linux-amd64.tar.gz

  • Docker18.03版本及以上,推荐18.09版本
    docker下载地址:
    https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm

使用kubeadm工具快速安装Kubernetes集群

1.首先配置yum源
官方yum源的地址为https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64。如果无法访问官方yum源的地址,则也可以使用国内的一个yum源,地址为http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/,yum源的配置文件/ etc/yum.repos.d/kubernetes.repo的内容如下:

[root@common yum.repos.d]# cat /etc/yum.repos.d/kubernetes.repo  
[kubernetes]  
name=kubernetes  
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enable=1    
gpgcheck=0  

2.安装kubeadm和相关工具并启动kubelet服务

yum -y install kubelet kubeadm kubectl --disableexcludes=kubernetes  
systemctl enable docker && systemctl start docker  
systemctl enable kubelet && systemctl start kubelet  

3.拉取镜像

[root@common ~]# cat init-config.yaml  
apiVersion: kubeadm.k8s.io/v1beta1  
kind: ClusterConfiguration  
imageRepository: docker.io/dustise  
kubernetesVersion: v1.14.0  
networking:  
        podSubnet: "192.168.0.0/16"  
拉取镜像:kubeadm config images pull --config=init-config.yaml

4.运行kubeadm init命令安装Master
  至此,准备工作已就绪,执行kubeadm init命令即可一键安装Kubernetes的Master。在开始之前需要注意:kubeadm的安装过程不涉及网络插件(CNI)的初始化,因此kubeadm初步安装完成的集群不具备网络功能,任何Pod包括自带的CoreDNS都无法正常工作。而网络插件的安装往往对kubeadm init命令的参数有一定的要求。例如,安装Calico插件时需要指定–pod-network-cidr=192.168.0.0/16,详情可参考https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network。

接下来使用kubeadminit命令,使用前面创建的配置文件进行集群控制面的初始化:

kubeadm init --config=init-config.yaml

等待一段时间后,Kubernetes的Master安装成功,显示如下信息:

[bootstrap-token] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.10.10.2:6443 --token d5rwf4.334gsqh9iovly5g2 \
    --discovery-token-ca-cert-hash sha256:1585f8435e4fa11038e85541b6539498c6cca24b9ddf4fb9901a640b3ba45f9a 

按照提示执行下面的命令,复制配置文件到普通用户的home目录下:

[root@common ~]# mkdir -p $HOME/.kube
[root@common ~]# echo $HOME
/root
[root@common ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@common ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

这样就在Master上安装了Kubernetes,但在集群内还是没有可用的工作Node,并缺乏对容器网络的配置。这里需要注意kubeadminit命令执行完成后的最后几行提示信息,其中包含加入节点的指令(kubeadm join)和所需的Token。
可以看到其中生成了名为kubeadm-config的ConfigMap对象。

[root@common ~]# kubectl get -n kube-system configmap
NAME                                 DATA   AGE
coredns                              1      22m
extension-apiserver-authentication   6      22m
kube-proxy                           2      21m
kubeadm-config                       2      22m
kubelet-config-1.14                  1      22m

5.安装Node,加入集群
对于新节点的添加,系统准备和Kubernetesyum源的配置过程是一致的,在Node主机上执行下面的安装过程。
(1)安装kubeadm和相关工具:

yum -y install kubelet kubeadm kubectl --disableexcludes=kubernetes

启动服务:

systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet

(2)为kubeadm命令生成配置文件。创建文件join-config.yaml,内容如下:

[root@cfs-ctp ~]# cat join-config.yaml 
apiVersion: kubeadm.k8s.io/v1beta1
kind: JoinConfiguration
discovery:
        bootstrapToken:
                apiServerEndpoint: 10.2.7.60:6443
                token: d5rwf4.334gsqh9iovly5g2
                unsafeSkipCAVerification: true
        t1sBootstrapToken: d5rwf4.334gsqh9iovly5g2

其中,apiServerEndpoint的值来自Master服务器的地址,token和tlsBootstrapToken的值就来自于使用kubeadminit安装Master的最后一行提示信息。

(3) 执行kubeadm join命令,将本Node加入集群:

[root@cfs-ctp ~]# kubeadm join --config=join-config.yaml
[preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
    [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.03.1-ce. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

6.安装网络插件
执行 kubectl get nodes命令,会发现Kubernetes提示Master为NotReady状态,这是因为还没有安装CNI网络插件:

[root@common ~]# kubectl get nodes
NAME                   STATUS     ROLES    AGE     VERSION
cfs-ctp.jiuqi.com.cn   NotReady      9m12s   v1.14.0
common.localdomain     NotReady   master   60m     v1.14.0

安装网络插件:

[root@common ~]# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64| tr -d '\n')"
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.extensions/weave-net created


[root@common ~]# kubectl get nodes
NAME                   STATUS     ROLES    AGE   VERSION
cfs-ctp.jiuqi.com.cn   Ready         12m   v1.14.0
common.localdomain     NotReady   master   63m   v1.14.0
```
执行下面的命令,验证Kubernetes集群的相关Pod是否都正常创建并运行:
```
[root@common ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                         READY   STATUS    RESTARTS   AGE
kube-system   coredns-6897bd7b5-flm7x                      1/1     Running   0          69m
kube-system   coredns-6897bd7b5-njtxf                      1/1     Running   0          69m
kube-system   etcd-common.localdomain                      1/1     Running   0          68m
kube-system   kube-apiserver-common.localdomain            1/1     Running   0          68m
kube-system   kube-controller-manager-common.localdomain   1/1     Running   0          68m
kube-system   kube-proxy-nh6jv                             1/1     Running   0          18m
kube-system   kube-proxy-sj2z5                             1/1     Running   0          69m
kube-system   kube-scheduler-common.localdomain            1/1     Running   0          68m
kube-system   weave-net-4x7hf                              2/2     Running   0          6m21s
kube-system   weave-net-nhsts                              2/2     Running   0          6m21s
```
如果发现有状态错误的Pod,则可以执行kubectl --namespace=kube-system describe pod来查看错误原因,常见的错误原因是镜像没有下载完成。至此,通过kubeadm工具就实现了Kubernetes集群的快速搭建。如果安装失败,则可以执行kubeadm reset命令将主机恢复原状,重新执行kubeadm init命令,再次进行安装。

你可能感兴趣的:(Kubernetes)