k8s 中文社区
k8s 官方文档
Docker 官方文档
一、 环境准备
# master 节点
172.16.62.120
# node1 节点
172.16.62.77
# node2 节点
172.16.62.78
二、 基础设置
1.验证 MAC 地址和 product_uuid 对于每个节点都是唯一的
# 查看 mac
ip link / ifconfig -a
# 检查 product_uuid
sudo cat /sys/class/dmi/id/product_uuid
- 设置主机名 hostname
# 设置主节点主机名
hostnamectl set-hostname master
# 设置 node1 主机名
hostnamectl set-hostname node1
# 设置 node2 主机名
hostnamectl set-hostname node2
- 设置DNS解析
# 添加 /etc/hosts
vim /etc/hosts
172.16.62.120 master
172.16.62.77 node1
172.16.62.78 node2
4.关闭防火墙、selinux和swap
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
5.配置内核参数,将桥接的IPv4流量传递到iptables的链
cat/vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
sysctl --system
6.配置国内Kubernetes源
cat/vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
注:也可以配置国内yum源,国内docker源
三、软件安装
1.安装 Container Runtime 1.k8s 文档 2.docker 文档
注:选择主流的 docker,每个节点都需要安装,docker服务为容器运行提供计算资源,是所有容器运行的基本平台
# Master Node1 Node2 节点 安装Docker
# Install required packages.
1.yum install yum-utils device-mapper-persistent-data lvm2
# Add Docker repository.
2.yum-config-manager --add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# Install Docker CE.
3.yum update && yum install \
containerd.io-1.2.10 \
docker-ce-19.03.4 \
docker-ce-cli-19.03.4
# Create /etc/docker directory.
4.mkdir /etc/docker
# Setup daemon.
5.cat/vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
6.mkdir -p /etc/systemd/system/docker.service.d
# Restart Docker
systemctl daemon-reload
systemctl restart docker
# run hello-world
docker run hello-world
# 补充:docker 辅助命令
# 启动
systemctl start docker
# 守护进程重启
sudo systemctl daemon-reload
# 重启docker服务
systemctl restart docker
# 重启docker服务
sudo service docker restart
# 关闭docker
service docker stop
# 关闭docker
systemctl stop docker
2..安装kubeadm、kubelet、kubectl
注:每个节点都需要安装。Kubelet负责与其他节点集群通信,并进行本节点Pod和容器生命周期的管理。Kubeadm是Kubernetes的自动化部署工具,降低了部署难度,提高效率。Kubectl是Kubernetes集群管理工具
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet
四.部署 master 节点
注:仅在 master 节点操作
- 在master进行Kubernetes集群初始化
# 版本信息 kubectl version 查询
kubeadm init --kubernetes-version=1.17.1 \
--apiserver-advertise-address=172.16.62.120 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=172.16.0.0/16 \
--pod-network-cidr=10.244.0.0/16
定义POD的网段为: 10.244.0.0/16, api server地址就是master本机IP地址。
由于kubeadm 默认从官网k8s.grc.io下载所需镜像,国内无法访问,因此需要通过--image-repository指定阿里云镜像仓库地址,很多新手初次部署都卡在此环节无法进行后续配置。
集群初始化成功后返回如下信息:
记录生成的最后部分内容,此内容需要在其它节点加入Kubernetes集群时执行。
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
# Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.16.62.120:6443 --token 4m78tv.xjhrpamweyda7ya0 \
--discovery-token-ca-cert-hash sha256:c05ae406919442d23c14a5a3f4c5ebe530bde038e7939e6e495e13eecb596051
2.配置kubectl工具(使用返回信息中的命令)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 不配置可能会配置 flannel 出错
export KUBECONFIG=$HOME/.kube/config
kubectl get nodes
kubectl get cs
查看nodes状态 master NotReady
[root@master /]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady master 45m v1.17.1
查看日志
journalctl -f
master kubelet[11390]: W0121 14:34:18.158125 11390 cni.go:237] Unable to update cni config: no networks found in /etc/cni/net.d
master kubelet[11390]: E0121 14:34:19.199378 11390 kubelet.go:2183] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
解决:
原因:kubelet 参数多了 network-plugin=cni,但卻沒安裝 cni,需要把 network-plugin=cni 的参数移除。
可能在以下两个文档中的其中一個:
/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
/var/lib/kubelet/kubeadm-flags.env
vim kubeadm-flags.env
#KUBELET_KUBEADM_ARGS="--cgroup-driver=systemd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.1"
KUBELET_KUBEADM_ARGS="--cgroup-driver=systemd --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.1"
# 改完重启服务:
1.systemctl daemon-reload
2.systemctl restart kubelet
3.部署flannel网络
kubectl apply -f kube-flannel.yml
出错 :
# 问题是网络插件配置不对
# 下载 flannel yml 文件
wget https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
# 修改:
apiVersion: apps/v1
# 添加:
spec:
selector:
matchLabels:
tier: node
app: flannel
五、加入node节点
注:在所有node节点上进行如下操作
执行如下命令,使所有node节点加入Kubernetes集群
# kubeadm init 返回结果
kubeadm join 172.16.62.120:6443 --token 4m78tv.xjhrpamweyda7ya0 \
--discovery-token-ca-cert-hash sha256:c05ae406919442d23c14a5a3f4c5ebe530bde038e7939e6e495e13eecb596051
查看集群nodes kubectl get nodes
状态为 Ready
说明集群状态良好。