近日通过kubeadm 安装 kubernetes v1.16.0,踩过不少坑,现记录下安装过程。
安装环境:
- 系 统:CentOS Linux release 7.6.1810
- Docker版本:18.09.8
- 所有服务器都能连接外网
一、环境准备
三台虚拟机信息如下:
| IP | 节点角色 | Hostname |
| 172.21.23.146 | master | master |
| 172.21.23.147 | worker | node1 |
| 172.21.23.148 | worker | node2 |
在所有节点上进行如下操作:
1、设置主机名
hostnamectl set-hostname master
设置其他两台worker节点主机名称时,可将 master 替换为正确的主机名node1、node2即可。
2、编辑 /etc/hosts 文件,添加域名解析。
cat <<EOF >>/etc/hosts 172.21.23.146 master 172.21.23.147 node1 172.21.23.148 node2 EOF
3、关闭防火墙、selinux和swap
systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config swapoff -a sed -i 's/.*swap.*/#&/' /etc/fstab
4、配置内核参数,将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf <<EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system
5、配置国内yum源
mkdir /etc/yum.repos.d/bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo yum clean all && yum makecache
配置国内Kubernetes源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
二、软件安装
1、安装Docker
请参考(Centos7.6离线安装docker)
修改docker cgroup driver为systemd
vim /etc/docker/daemon.json
{ "exec-opts": ["native.cgroupdriver=systemd"] }
重启docker:
systemctl restart docker
2、安装kubeadm
yum install -y kubeadm-1.16.0
三、制作离线镜像
在国内没有ke xue上网的条件下,需要通过国内镜像仓库去拉取镜像。我是先拉取镜像,修改镜像名称,最后安装kubernetes 的。
拉取镜像:
docker pull mirrorgooglecontainers/kube-apiserver-amd64:v1.16.0 docker pull mirrorgooglecontainers/kube-controller-manager-amd64:v1.16.0 docker pull mirrorgooglecontainers/etcd-amd64:3.3.15-0 docker pull mirrorgooglecontainers/kube-scheduler-amd64:v1.16.0 docker pull mirrorgooglecontainers/kube-proxy-amd64:v1.16.0 docker pull mirrorgooglecontainers/pause:3.1 docker pull coredns/coredns:1.6.2
修改镜像名称:
docker tag mirrorgooglecontainers/kube-apiserver-amd64:v1.16.0 k8s.gcr.io/kube-apiserver:v1.16.0 docker tag mirrorgooglecontainers/kube-controller-manager-amd64:v1.16.0 k8s.gcr.io/kube-controller-manager:v1.16.0 docker tag mirrorgooglecontainers/kube-scheduler-amd64:v1.16.0 k8s.gcr.io/kube-scheduler:v1.16.0 docker tag mirrorgooglecontainers/kube-proxy-amd64:v1.16.0 k8s.gcr.io/kube-proxy:v1.16.0 docker tag mirrorgooglecontainers/etcd-amd64:3.3.15-0 k8s.gcr.io/etcd:3.3.15-0 docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1 docker tag coredns/coredns:1.6.2 k8s.gcr.io/coredns:1.6.2
删除重复镜像:
docker rmi mirrorgooglecontainers/kube-apiserver-amd64:v1.16.0 docker rmi mirrorgooglecontainers/kube-controller-manager-amd64:v1.16.0 docker rmi mirrorgooglecontainers/etcd-amd64:3.3.15-0 docker rmi mirrorgooglecontainers/kube-scheduler-amd64:v1.16.0 docker rmi mirrorgooglecontainers/kube-proxy-amd64:v1.16.0 docker rmi mirrorgooglecontainers/pause:3.1 docker rmi coredns/coredns:1.6.2
四、部署Master节点
1、编写了一个给 kubeadm 用的 YAML 文件(名叫:kubeadm.yaml):
apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration controllerManager: ExtraArgs: horizontal-pod-autoscaler-use-rest-clients: "true" horizontal-pod-autoscaler-sync-period: "10s" node-monitor-grace-period: "10s" apiServer: ExtraArgs: runtime-config: "api/all=true" kubernetesVersion: "v1.16.0"
2、执行部署指令:
kubeadm init --config kubeadm.yaml
就可以完成 Kubernetes Master 的部署了,这个过程只需要几分钟。部署完成后,kubeadm 会生成一行指令:
kubeadm join 172.21.23.146:6443 --token 9uko4n.jf7d60ijcl35kz7p \ --discovery-token-ca-cert-hash sha256:c9a97e52ad4704598cbe494d879f940cfc38364ee0acda6e6f98f44d1717230c
这个 kubeadm join 命令,就是用来给这个 Master 节点添加更多工作节点(Worker)的命令。我们在后面部署 Worker 节点的时候马上会用到它,所以找一个地方把这条命令记录下来。
此外,kubeadm 还会提示我们第一次使用 Kubernetes 集群所需要的配置命令:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
而需要这些配置命令的原因是:Kubernetes 集群默认需要加密方式访问。所以,这几条命令,就是将刚刚部署生成的 Kubernetes 集群的安全配置文件,保存到当前用户的.kube 目录下,
kubectl 默认会使用这个目录下的授权信息访问 Kubernetes 集群。
3、部署网络插件
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
等待大概2-3分钟左右,查看Pod状态
[root@master ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-5644d7b6d9-fxx4g 1/1 Running 0 32m coredns-5644d7b6d9-k76m7 1/1 Running 0 32m etcd-master 1/1 Running 0 31m kube-apiserver-master 1/1 Running 0 31m kube-controller-manager-master 1/1 Running 0 30m kube-proxy-v8d7k 1/1 Running 0 32m kube-scheduler-master 1/1 Running 0 30m weave-net-xb6xs 1/2 Running 0 7m37s
五、部署Worker节点
部署worker节点很简单,只需执行部署 Master 节点时生成的 kubeadm join 指令:
kubeadm join 172.21.23.146:6443 --token 9uko4n.jf7d60ijcl35kz7p \ --discovery-token-ca-cert-hash sha256:c9a97e52ad4704598cbe494d879f940cfc38364ee0acda6e6f98f44d1717230c