1.Kubernetes 架构图
2.Kubernetes 环境准备
1⃣️关闭防火墙:
systemctl stop firewalld && systemctl disable firewalld
2⃣️关闭selinux:
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
3⃣️关闭swap:
#临时
swapoff -a
#永久关闭swap分区
sudo sed -ri 's/.*swap.*/#&/' /etc/fstab
4⃣️添加主机名与IP对应关系(记得设置主机名):
cat /etc/hosts
10.211.55.3 k8s-master
10.211.55.4 k8s-node1
10.211.55.6 k8s-node2
10.211.55.7 k8s-node3
5⃣️将桥接的IPv4流量传递到iptables的链:
cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF
sysctl --system
3.所有节点安装Docker/kubeadm/kubelet
Kubernetes默认CRI(容器运行时)为Docker,因此先安装Docker。
1⃣️安装Docker:
sudo su
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce-18.06.1.ce-3.el7
systemctl enable docker && systemctl start docker
docker --version
2⃣️添加阿里云YUM软件源:
[root@k8s-master yum.repos.d]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
3⃣️安装kubeadm,kubelet和kubectl
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
4.部署Kubernetes Master
1⃣️由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。
kubeadm init --apiserver-advertise-address=10.211.55.3 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
执行init后:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.211.55.3:6443 --token eehcsb.r8tnvj7ov436x63q \
--discovery-token-ca-cert-hash sha256:583f343b5d55ff96c5a83ccc82444de3c0313adf135d8a980507932aa2f51e1d
如果出错,执行:
kubeadm reset
#kubeadm详细用法可查看kubeadm --help
2⃣️使用kubectl工具:
[root@k8s-master yum.repos.d]# mkdir -p $HOME/.kube
[root@k8s-master yum.repos.d]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master yum.repos.d]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@k8s-master yum.repos.d]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 8m33s v1.17.0
另外, 提示我们还需要创建网络,并且让其他节点执行kubeadm join...加入集群。
5.创建网络
如果不创建网络,查看pod状态时,可以看到kube-dns组件是阻塞状态,集群时不可用的:
[root@k8s-master yum.repos.d]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-9d85f5447-n9kkd 0/1 Pending 0 25m
coredns-9d85f5447-s9ms2 0/1 Pending 0 25m
etcd-k8s-master 1/1 Running 0 25m
kube-apiserver-k8s-master 1/1 Running 0 25m
kube-controller-manager-k8s-master 1/1 Running 0 25m
kube-proxy-94wtc 1/1 Running 0 5m41s
kube-proxy-h8q8h 1/1 Running 0 5m45s
kube-proxy-kxmxt 1/1 Running 0 25m
kube-proxy-nxtpq 1/1 Running 0 5m44s
kube-scheduler-k8s-master 1/1 Running 0 25m
网络创建有问题,未完,明日解决再更新...