本文将带领读者一起, 参照着Kubernetes官方文档, 对其安装部署进行讲解. Kubernetes更新迭代很快, 书上、网上等教程可能并不能适用于新版本, 但官方文档能.
阅读这篇文章你能收获到:
- 如何阅读Kubernetes官方安装指南并搭建一个Kubernetes环境.
- Kubernetes安装过程中的注意事项.
- 避过常见的坑.
阅读本文你需要:
- 熟悉Linux命令.
- 知道Kubernetes是用来干什么的 (不然装它干啥(ಥ_ಥ)).
- 知道Docker
- 中文文档
文档连接
https://kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin
序号 | 名称 | 数量 | 配置 |
---|---|---|---|
1 | 服务器 | 2 | 2C4G |
预先安装好了两台虚拟机, centos7(CPUx2, 内存2.5G). 并在路由器上固定了这两个虚拟机的IP地址.
[root@k8s-master ~]$ vim /etc/hostname # 修改hostname
[root@k8s-master ~]$ vim /etc/hosts # 将本机IP指向hostname
[root@k8s-master ~]$ reboot -h # 重启(可以做完全部前期准备后再重启)
# in k8s-master
[root@k8s-master ~]$ cat /etc/hostname
k8s-master
[root@k8s-master ~]$ cat /etc/hosts | grep k8s
10.33.30.92 k8s-master
10.33.30.91 k8s-worker
# in k8s-worker
[root@k8s-worker ~]$ cat /etc/hostname
k8s-worker
[root@k8s-worker ~]$ cat /etc/hosts | grep k8s
10.33.30.92 k8s-master
10.33.30.91 k8s-worker
[root@k8s-master ~]$ systemctl stop firewalld # 关闭服务
[root@k8s-master ~]$ systemctl disable firewalld # 禁用服务
修改 vim /etc/selinux/config, 设置 SELINUX=disabled. 重启机器.
[root@k8s-master ~]$ sestatus # 查看SELinux状态
SELinux status: disabled
文档链接: Before you begin
Swap disabled. You MUST disable swap in order for the kubelet to work properly.
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin
编辑/etc/fstab, 将swap注释掉. 重启机器.
[root@k8s-master ~]$ vim /etc/fstab
#/dev/mapper/cl-swap swap swap defaults 0 0
文档链接(Get Docker Engine - Community for CentOS):
https://docs.docker.com/install/linux/docker-ce/centos/
Docker官方文档对安装步骤描述已经足够详细, 过程并不复杂, 本文便不再赘述.
# step 1: 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新并安装 Docker-CE
yum makecache fast
yum install -y docker-ce-18.09.9-3.el7 docker-ce-cli-18.09.9-3.el7 containerd.io
配置Docker
文档地址(Container runtimes):
https://kubernetes.io/docs/setup/production-environment/container-runtimes/#docker
修改/etc/docker/daemon.json为如下内容:
{
"registry-mirrors": ["https://xxxxxxxx.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
[root@k8s-master ~]$ systemctl enable docker
[root@k8s-master ~]$ systemctl start docker
文档地址(Installing kubeadm, kubelet and kubectl):
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl
由于国内网络原因, 官方文档中的地址不可用, 本文替换为阿里云镜像地址, 执行以下代码即可:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF
[root@k8s-master ~]$ yum -y install kubeadm-1.18.3 kubelet-1.18.3 kubectl-1.18.3 --disableexcludes=kubernetes
[root@k8s-master ~]$ systemctl enable kubelet && systemctl start kubelet
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
:::info
注意: 至此, 以上的全部操作, 在Worker机器上也需要执行. 注意hostname等不要相同.
:::
[root@k8s-master ~]$ kubeadm config print init-defaults > kubeadm-init.yaml
该文件有两处需要修改:
修改完毕后文件如下:
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.33.30.92
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.15.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
[root@k8s-master ~]$ kubeadm config images pull --config kubeadm-init.yaml
[root@k8s-master ~]$ kubeadm init --config kubeadm-init.yaml
等待执行完毕后, 会输出如下内容:
...
Your Kubernetes control-plane has initialized successfully!
...
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.33.30.92:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:2883b1961db36593fb67ab5cd024f451b934fc0e72e2fa3858dda3ad3b225837
最后两行需要保存下来, kubeadm join …是worker节点加入所需要执行的命令.
接下来配置环境, 让当前用户可以执行kubectl命令:
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
测试一下: 此处的NotReady是因为网络还没配置.
[root@k8s-master kubernetes]$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 3m25s v1.15.3
文档地址(Instructions):
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#instructions
下载描述文件
[root@k8s-master ~]$ wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
[root@k8s-master ~]$ cat kubeadm-init.yaml | grep serviceSubnet:
serviceSubnet: 10.96.0.0/12
打开calico.yaml, 将192.168.0.0/16修改为10.96.0.0/12
需要注意的是, calico.yaml中的IP和kubeadm-init.yaml需要保持一致, 要么初始化前修改kubeadm-init.yaml, 要么初始化后修改calico.yaml.
执行kubectl apply -f calico.yaml初始化网络.
此时查看node信息, master的状态已经是Ready了.
[root@k8s-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 8m21s v1.18.3
k8s-worker Ready <none> 3m46s v1.18.3