CentOs7部署K8s

环境

centOs7（一台master, 几台node都可以，2CPU 4G内存 400G硬盘）
Docker  docker-ce-18.06.1.ce-3.el7
kubernetes   v1.23.5
crictl-v1.23.0
socat

基础配置

1. 关闭防火墙、selinux、SWAP

systemctl stop firewalld && systemctl disable firewalld && setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab

2. 内核开启网络支持

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p /etc/sysctl.conf

3. 设置 /etc/hosts

cat <<EOF >  /etc/hosts
192.168.100.2 zbf001
192.168.100.3 zbf002
EOF

一、Docker部署

// 1.安装Docker源
yum install -y wget && wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
 
// 2.安装Docker
yum -y install docker-ce-18.06.1.ce-3.el7
 
// 3.开启自启和启动
systemctl enable docker && systemctl start docker
 
// 4.查看版本
docker --version

二、安装最新版本k8s

# 查找最新版本
curl -sSL https://dl.k8s.io/release/stable.txt
wget -q https://dl.k8s.io/v1.23.5/kubernetes-server-linux-amd64.tar.gz
tar -zxf kubernetes-server-linux-amd64.tar.gz
ls kubernetes/server/bin/ | grep -E 'kubeadm|kubelet|kubectl'
#可以看到在 server/bin/ 目录下有我们所需要的全部内容，将我们所需要的 kubeadm kubectl kubelet 等都移动至 /usr/bin 目录下
mv kubernetes/server/bin/kube{adm,ctl,let} /usr/bin/
kubeadm version
kubectl version --client
kubelet --version
#为了在生产环境中保障各组件的稳定运行，同时也为了便于管理，我们增加对 kubelet 的 systemd 的配置，由 systemd 对服务进行管理。
cat <<'EOF' > /etc/systemd/system/kubelet.service
[Unit]
Description=kubelet: The Kubernetes Agent
Documentation=http://kubernetes.io/docs/
 
[Service]
ExecStart=/usr/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
 
[Install]
WantedBy=multi-user.target
EOF

mkdir -p /etc/systemd/system/kubelet.service.d
cat <<'EOF' > /etc/systemd/system/kubelet.service.d/kubeadm.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
EOF

# 设置开机自启
systemctl enable kubelet

# 此时，我们的前期准备已经基本完成，可以使用 kubeadm 来创建集群了。别着急，在此之前，我们还需要安装两个工具，名为crictl 和 socat。
# Kubernetes v1.23.5 对应 crictl-v1.23.0
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.23.0/crictl-v1.23.0-linux-amd64.tar.gz
tar zxvf crictl-v1.23.0-linux-amd64.tar.gz
mv crictl /usr/bin/
sudo yum install -y socat

#解决：需要安装conntrack-tools
yum -y install socat conntrack-tools


#解决：Docker是用yum安装的，docker的cgroup驱动程序默认设置为systemd。默认情况下Kubernetes cgroup为system，我们需要更改Docker cgroup驱动
cat <<'EOF' > /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# 重启docker
systemctl restart docker

三、初始化master（只有这一个步骤仅master执行）

# 启动master
kubeadm init \
--apiserver-advertise-address=192.168.100.2  \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.5 \
--service-cidr=192.168.0.0/16 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all

#按照初始化后的提示信息执行以下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

#master完成

四、node加入到master

# master节点生成token
kubeadm token create --print-join-command

# 复制到node中执行
kubeadm join 10.20.10.235:6443 --token h5oegb.ops4pu6ynhmixhwh \
--discovery-token-ca-cert-hash  sha256:c058feb51154138d0783cb8403970e5463aa2301f791217b8c3a1e658cfbebbf

# node完成

五、安装 通信组件 flannel 或者 calico

1.安装

mkdir ~/kubernetes-flannel && cd ~/kubernetes-flannel
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
kubectl get nodes

2.报错解决

# 查看节点状态
kubectl get nodes
# 发现master的状态一直是NotReady
# 查看日志
journalctl -f -u kubelet
会报错：
"Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"

# 解决：删除/opt/cni/bin目录，然后下载应用cni
rm -rf /opt/cni/bin
sudo mkdir -p /opt/cni/bin
cd /opt/cni/bin
下载 https://github.com/containernetworking/plugins/releases/tag/v0.8.6
文件名：cni-plugins-linux-amd64-v0.8.6.tgz
# 解压到/opt/cni/bin
tar -zxvf cni-plugins-linux-amd64-v0.8.6.tgz

# 然后查看状态会变为Ready
kubectl get nodes

3.node也要完成这一步（强调）

# node中是不能执行kubectl命令的。参考下文中“维护”的node节点执行kubectl命令，如何执行kubectl命令，最终的效果是journalctl -f -u kubelet不再报错
journalctl -f -u kubelet

# 主节点查看状态 node也会变成ready
kubectl get nodes

六、维护

1.master和node重置

kubeadm reset
#重置之后 master执行init, node执行join

2.master删除节点

#驱逐节点
kubectl cordon zbf002
#设置节点不可调度
kubectl  drain zbf002 --ignore-daemonsets
#删除节点 
kubectl delete node zbf002

3. node节点执行kubectl命令

# 主节点拷贝文件admin.conf
scp /etc/kubernetes/admin.conf [email protected]:/etc/kubernetes/

# node节点上配置环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile

七、相关报错和解决记录(可忽略)

#错误信息：
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR FileExisting-conntrack]: conntrack not found in system path
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

#解决：需要安装conntrack-tools
yum -y install socat conntrack-tools

#错误信息
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.

#解决：Docker是用yum安装的，docker的cgroup驱动程序默认设置为systemd。默认情况下Kubernetes cgroup为system，我们需要更改Docker cgroup驱动
cat <<'EOF' > /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

# 重启docker
systemctl restart docker
# 重新初始化 kubeadm 
kubeadm reset

八、参考资料

https://blog.csdn.net/qq_36002737/article/details/123678418