1、环境介绍
master:192.168.21.10
node01:192.168.21.11
node02:192.168.21.12
2、准备工作(所有节点都要操作)
2.1、修改三台机器的主机名
hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-node02
2.2、关闭selinux
setenforce 0 #临时修改
永久生效(修改后重启机器生效)
vim /etc/sysconfig/selinux
写入
SELINUX=enforcing改为SELINUX=disabled
2.3、修改hosts
vim /etc/hosts
添加三台机器的路由(master点修改好后,可以通过scp拷贝到node节点)
关闭iptables和firewalld
2.4、修改yum源(master和node节点都需要配置)
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo #下载docker源码包
vim /etc/yum.repo.d/kubernetes.repo
写入
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
enabled=1
保存退出
yum repolist #检查是否有可用软件包
2.5、关闭swap分区
vim /etc/fstab(注释掉swap分区)
保存并退出
swapoff -a #vim后执行
3、master节点
3.1、yum安装docker和kubernetes组建
yum install docker-ce kubeadm kubectl kubelet #安装docker和k8s组建
3.2、设置开机自启
systemctl daemon-reload
systemctl start docker #启动docker
systemctl enable docker && systemctl enable kubelet #设置开机自启
3.3、下载master节点需要的镜像
因为k8s.gcr.io访问不了,需要手动下载镜像
k8s.gcr.io/kube-apiserver:v1.16.2
k8s.gcr.io/kube-controller-manager:v1.16.2
k8s.gcr.io/kube-scheduler:v1.16.2
k8s.gcr.io/kube-proxy:v1.16.2
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2
quay.io/coreos/flannel:v0.11.0-amd64
下载镜像并替换成k8s源
docker pull bluersw/kube-apiserver:v1.16.2
docker tag bluersw/kube-apiserver:v1.16.2 k8s.gcr.io/kube-apiserver:v1.16.2
docker pull bluersw/kube-controller-manager:v1.16.2
docker tag bluersw/kube-controller-manager:v1.16.2 k8s.gcr.io/kube-controller-manager:v1.16.2
docker pull bluersw/kube-scheduler:v1.16.2
docker tag bluersw/kube-scheduler:v1.16.2 k8s.gcr.io/kube-scheduler:v1.16.2
docker pull bluersw/kube-proxy:v1.16.2
docker tag bluersw/kube-proxy:v1.16.2 k8s.gcr.io/kube-proxy:v1.16.2
docker pull bluersw/pause:3.1
docker tag bluersw/pause:3.1 k8s.gcr.io/pause:3.1
docker pull bluersw/etcd:3.3.15-0
docker tag bluersw/etcd:3.3.15-0 k8s.gcr.io/etcd:3.3.15-0
docker pull bluersw/coredns:1.6.2
docker tag bluersw/coredns:1.6.2 k8s.gcr.io/coredns:1.6.2
docker pull bluersw/flannel:v0.11.0-amd64
docker tag bluersw/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64
docker images #查看本地可用镜像
3.4、移除多余的镜像
docker rmi bluersw/kube-apiserver:v1.16.2
docker rmi bluersw/kube-controller-manager:v1.16.2
docker rmi bluersw/kube-scheduler:v1.16.2
docker rmi bluersw/kube-proxy:v1.16.2
docker rmi bluersw/pause:3.1
docker rmi bluersw/etcd:3.3.15-0
docker rmi bluersw/coredns:1.6.2
docker rmi bluersw/flannel:v0.11.0-amd64
3.5、kubeadm init初始化
kubeadm init --kubernetes-version=v1.16.2 --apiserver-advertise-address=192.168.0.4 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.1.0.0/16
- kubernetes-version #指定k8s版本
- apiserver-advertise-address #指定apiserver网段
- pod-network-cidr=10.244.0.0/16 #Pod 中间网络通讯我们用flannel,flannel要求是10.244.0.0/16,这个IP段就是Pod的IP段
- service-cidr=10.1.0.0/16 #Service(服务)网段
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[警告IsDockerSystemdCheck]:检测到“cgroupfs”作为Docker cgroup驱动程序。 推荐的驱动程序是“systemd”
解决办法:更换驱动
vim/etc/docker/daemon.json #没有就创建一个
写入
{
"exec-opts":["native.cgroupdriver=systemd"]
}
systemctl daemon-reload #检查配置文件
systemctl restart docker #重启docker
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.4. Latest validated version: 18.09
error execution phase preflight: [preflight] Some fatal errors occurred:
警告:16.2最大支持的docker版本是18.09,而我装的是19.03,这个可以忽略
[ERROR NumCPU]: the number of available CPUs 1 is less than the required 2
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
error:最小安装需要2个cpu,而现在只有一个
解决办法:关闭虚拟机,升级虚拟机配置
重新初始化后,又有新的错误
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
解决办法:echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
重新初始化
- kubernetes初始化成功
- 如果不是管理员,需要给使用kubernetes的用户,执行如上命令(我使用的root用户)
- 加入k8s集群命令
kubeadm join 192.168.21.10:6443 --token pmkpvr.wp2vqip3wqvzaz5w \
--discovery-token-ca-cert-hash sha256:6ba303d71f378813565833215c0b3337a50ceb78b2fdcaf4241def659af66565
4、配置node节点,加入集群(node1/node2)
4.1、前置工作
- 关闭swap分区
- 配置docker和kubelet开机自启
- 更换docker驱动程序为systemd
4.2、现在node节点需要的镜像并替换源
k8s.gcr.io/pause:3.1
k8s.gcr.io/kube-proxy:v1.16.2
quay.io/coreos/flannel:v0.11.0-amd64
docker pull bluersw/kube-proxy:v1.16.2
docker tag bluersw/kube-proxy:v1.16.2 k8s.gcr.io/kube-proxy:v1.16.2
docker pull bluersw/pause:3.1
docker tag bluersw/pause:3.1 k8s.gcr.io/pause:3.1
docker pull bluersw/flannel:v0.11.0-amd64
docker tag bluersw/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64
下载完后删除不需要的镜像
docker rmi bluersw/kube-proxy:v1.16.2
docker rmi bluersw/flannel:v0.11.0-amd64
docker rmi bluersw/pause:3.1
4.3、加入k8s集群
kubeadm join 192.168.21.10:6443 --token pmkpvr.wp2vqip3wqvzaz5w --discovery-token-ca-cert-hash sha256:6ba303d71f378813565833215c0b3337a50ceb78b2fdcaf4241def659af66565
5、master安装flannel
官网推荐,kubernetes1.7以上可使用如下命令安装
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
(但是这个网址需要翻墙,国内访问不了,我是翻墙先把文件下载下来,然后手动安装)
6、检查
kubectl get nodes #查看当前集群,所有的节点
kubectl get -A pods -o wide #查看当前集群所有的pod信息
kubectl get pods -n kube-system #查看所有名称空间