最详细kubernetes 安装

适合入门选手，大神勿喷。adm搭建kubernetes

centos7.6版本adm搭建kubernetes

由本人亲自测试，centos7.6版本adm搭建kubernetes，搭建了2天时间，其中也出了不少问题，按照我以下这个文档内容搭建绝无差错，
废话不多说，开干。

1、环境说明

系统	主机名	IP地址	组件
Centos7.6	k8s-master	10.2.52.82	Kubeadm、kubelet、kubectl、docker-ce
Centos7.6	k8s-node1	10.2.52.78	Kubeadm、kubelet、kubectl、docker-ce
Centos7.6	k8s-node2	10．2.52.76	Kubeadm、kubelet、kubectl、docker-ce

**`注：官方建议低配每台机器至少双核2G内存，主机网络可以访问internet一点要注意 如果硬件要求达不到初始化的时候会一直报错`**

2、环境配置

1、最小化安装的优化 在三台节点运行 如果你的系统有这些依赖可以选择不安装

[root@k8s-master ~]# yum -y install lshw pciutils gdisk system-storage-manager bash-completion zip unzip bzip2 tree tmpwatch pinfo man-pages nano vim-enhanced tmux screen net-tools psmisclsof sysstat yum-plugin-security yum-utils createrepo get wget curl eliks lynx lftp mailx mutt reync libaio make cmake gcc gcc-c++ zib zlib-devel open openssl-devel pcre pcre-devel

2、设置阿里云yum源

 [root@k8s-master ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@k8s-master ~]# rm -rf /var/cache/yum && yum makecache && yum -y update && yum -y autoremove
`注：网络条件不好，可以不用 update`

3、关闭防火墙

[root@k8s-master ~]# systemctl stop firewalld && systemctl disable firewalld

4、关闭SElinux机制

[root@k8s-master ~]# setenforce 0   
[root@k8s-master ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

5、关闭swap分区

[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

6、加载内核模块

[root@k8s-master ~]# vim /etc/sysconfig/modules/ipvs.modules

#!/bin/bash
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4

[root@k8s-master ~]# chmod +x /etc/sysconfig/modules/ipvs.modules 
[root@k8s-master ~]# /etc/sysconfig/modules/ipvs.modules

7、配置内核参数

[root@k8s-master ~]# vim /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
vm.swappiness=0

[root@k8s-master ~]# sysctl --system

3、安装docker 在三台节点上安装docker

1、首先卸载旧版  （可操作可不操作看实际情况）

[root@k8s-master ~]# yum remove docker \
> docker-client \
> docker-client-latest \
> docker-common \
> docker-latest \
> docker-latest-logrotate \
> docker-logrotate \
> docker-selinux \
> docker-engine-selinux \
> docker-engine

2、安装依赖包

[root@k8s-master ~]# yum -y install yum-utils device-mapper-persistent-data lvm2

3、设置安装源 这里我们设置阿里云的

[root@k8s-master ~]# yum-config-manager --add-repo \
> https://download.docker.com/linux/centos/docker-ce.repo

已加载插件：fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo

4、启动测试库(可选可不选)

[root@k8s-master ~]# yum-config-manager –enable docker-ce-edge
[root@k8s-master ~]# yum-config-manager –enable docker-ce-test

5、开始安装 这里我安装的是19.03

[root@k8s-master ~]# yum list docker-ce --showduplicates | sort -r
[root@k8s-master ~]# yum -y install docker-ce-19.03.5-3.el7

6、启动doker并设置开机自启

[root@k8s-master ~]# systemctl start docker
[root@k8s-master ~]# systemctl enable docker

7、将docker的镜像站改为国内的

[root@k8s-master ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
[root@k8s-master ~]# systemctl daemon-reload 
[root@k8s-master ~]# systemctl restart docker 
[root@k8s-master ~]# docker info     # 安装完成后可以查看docker版本信息以及镜像加速

4、安装kubeadm、kubectl、kubelet、

1、配置安装源 在三台节点上操作

[root@k8s-master ~]# cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2、安装依赖包 这里我安装的是16.0版本

使用kubeadm config print init-defaults > kubeadm-init.yaml 打印出默认配置，然后在根据自己的环境修改配置，尤其是镜像，在国外，默认的下不下来

[root@k8s-master ~]# yum -y install kubeadm-1.16.3 kubelet-1.16.3 kubectl-1.16.3
[root@k8s-master ~]# kubeadm config print init-defaults > kubeadm-init.yaml   	以下仅在master节点操作
[root@k8s-master ~]# vim kubeadm-init.yaml

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
-groups:
-system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
-signing
-authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.2.52.82 masterIP
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master
taints:
-effect: NoSchedule
key: node-role.kubernetes.io/master
—apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers 修改阿里镜像站
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
— apiVersion: kubeproxy.config.k8s.io/v1beta2 —这里的结尾要跟第一行的一致/v1beta2
kind: KubeProxyConfiguration 下边这两个照着复制就行 不用动
mode: “ipvs”
保存退出

3、可以预下载镜像 (可选)

[root@k8s-master ~]# kubeadm config images pull --config kubeadm-init.yaml
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.3
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.3
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.3
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.3
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2

4、初始化master节点 如果没有下载镜像直接初始化也会帮你下载镜像

[root@k8s-master ~]# systemctl start kubelet
[root@k8s-master ~]# systemctl enable kubelet
[root@k8s-master ~]# kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers

> `//10.244.0.0/16是flannel网络的默认网段`

Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user: 要开始你的集群需要运行一下的常规输入↓
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root: 然后，您可以通过在每个工作节点上作为根运行以下操作来加入任意数量的工作节点
kubeadm join 10.2.52.82:6443 --token p7exsh.awfefqpk2uyi94r0 \ --discovery-token-ca-cert-hash sha256:50a60f77508f78d95f58c7964c31dd5f46876f97d899f13fd8c3d6cd0424986c

5、为kubectl准备kubeconfig文件

kubectl默认会在执行的用户家目录下面的.kube目录下寻找config文件。这里是将在初始化时[kubeconfig]步骤生成的admin.conf拷贝到.kube/config

[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
> `在该配置文件中，记录了API Server的访问地址，所以后面直接执行kubectl命令就可以正常连接到API Server中`

6、验证master各组件运行状态

[root@k8s-master ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-67c766df46-knvl2 0/1 Pending 0 2m33s
kube-system coredns-67c766df46-z25c2 0/1 Pending 0 2m33s
kube-system etcd-k8s-master 1/1 Running 0 106s
kube-system kube-apiserver-k8s-master 1/1 Running 0 100s
kube-system kube-controller-manager-k8s-master 1/1 Running 0 101s
kube-system kube-proxy-87dlk 1/1 Running 0 98s
kube-system kube-proxy-c5nrd 1/1 Running 0 2m32s
kube-system kube-proxy-g7tgd 1/1 Running 0 91s
kube-system kube-scheduler-k8s-master 1/1 Running 0 99s
[root@k8s-master ~]# kubectl get cs
NAME AGE
scheduler
controller-manager
etcd-0
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 30s v1.16.3

看到这不要慌NotReady是正常状态k8s在高版本就已经修改了状态需要安装网路插件才可以看到Ready

7、配置node节点

[root@node1 ~]# kubeadm join 10.2.52.82:6443 --token lqmlb4.5jqqfpl9wxjb35u8 \
>     --discovery-token-ca-cert-hash sha256:93c0299550578b6d4b9c1c1c8127904ab64b253df6a7b613906d32b6ca970564
[root@k8s-node2 ~]# kubeadm join 10.2.52.82:6443 --token lqmlb4.5jqqfpl9wxjb35u8 \
>     --discovery-token-ca-cert-hash sha256:93c0299550578b6d4b9c1c1c8127904ab64b253df6a7b613906d32b6ca970564 

看见这段话表示成功：
This node has joined the cluster:

• Certificate signing request was sent to apiserver and a response was received.
• The Kubelet was informed of the new secure connection details.
  Run ‘kubectl get nodes’ on the control-plane to see this node join the cluster

回到master节点看看node信息

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS     ROLES    AGE    VERSION
k8s-master   NotReady   master   2m1s   v1.16.3
k8s-node2    NotReady   <none>   39s    v1.16.3
node1        NotReady   <none>   46s    v1.16.3

好 我们来安装网络插件
目前最流行的Kubernetes网络插件有Flannel、Calico、Canal、Weave这里选择使用flannel
主要还是看公司需求，公司没需求，看个人

在master节点上执行，执行完成后需要等flannel的pods运行起来

[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

podsecuritypolicy.extensions/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.extensions/kube-flannel-ds-amd64 created
daemonset.extensions/kube-flannel-ds-arm64 created
daemonset.extensions/kube-flannel-ds-arm created
daemonset.extensions/kube-flannel-ds-ppc64le created
daemonset.extensions/kube-flannel-ds-s390x created
启动时间比较长 需要你耐心等待

我们再来查看节点状态 Ready 完成了

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   `Ready`    master   20m     v1.16.3
k8s-node1    `Ready`    <none>   10m     v1.16.3
k8s-node2    `Ready`   <none>   8m16s   v1.16.3