centos7使用kubeadm搭建一个k8s集群
centos7使用kubeadm搭建一个k8s集群简介kubeadm默认情况下并不会安装一个网络解决方案,所以用kubeadm安装完之后,需要自己来安装一个网络的插件。部署系统环境(准备工作)注意事项1、SWAP必须被关闭,否则kubelet会出错!2、集群的机器之间必须能通过网络互相通信3、2GB或者以上的RAM(否则将没有足够空间留给app)4、2核以上CPU各节点安...
·
centos7使用kubeadm搭建一个k8s集群
简介
kubeadm默认情况下并不会安装一个网络解决方案,所以用kubeadm安装完之后,需要自己来安装一个网络的插件。
部署
系统环境(准备工作)
各节点安装docker
此处不重复说明,详细安装步骤参考我另一篇博客 点此跳转
首先关闭selinux防火墙
vim /etc/sysconfig/selinux
把SELINUX改成disabled,然后保存退出。
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
关闭防火墙
# systemctl stop firewalld.service
# systemctl disable firewalld.service
禁用swap
关闭
swapoff -a
同时禁用
vim /etc/fstab
注释掉swap那行
#
# /etc/fstab
# Created by anaconda on Sun May 12 23:11:33 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=3755b261-d764-45cd-8806-f82c2aa7eb12 /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
#/dev/mapper/centos-swap swap swap defaults 0 0
查看swap使用确认关闭
free m
修改hosts文件 对应两台物理机
修改hosts
# vim /etc/hosts
添加映射(对应master节点和node节点)
192.168.1.223 k8s-master
192.168.1.50 node1
网络设置
k8s在RHEL/CentOS 7 系统上可能会路由失败,我们需要设置一下:
# vim /etc/sysctl.d/k8s.conf
修改为
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
并使它生效
# sysctl -p /etc/sysctl.d/k8s.conf
安装kubeadm
配置文件
安装kubeadm,kubelet和kubectl时因为需要访问google的库下载镜像源,我们这里设置一下访问阿里云的库
# vim /etc/yum.repos.d/kubernetes.repo
修改为
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
安装指定版本
# yum install -y kubelet-1.14.2 kubeadm-1.14.2 kubectl-v1.14.2
# systemctl enable kubelet && systemctl start kubelet
使用kubeadm初始化master节点
注意:国内网络环境需添加 --image-repository registry.aliyuncs.com/google_containers 下载需要的包源,也可以自行下载包源离线安装
这里我们用的是阿里云镜像的k8s包源
# kubeadm init --kubernetes-version=v1.14.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.1.223 --image-repository registry.aliyuncs.com/google_containers
初始化成功
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.1.223:6443 --token dlceft.lcix67fmvte12o8g \
--discovery-token-ca-cert-hash sha256:f0c3e0eb01b861d5db32bf5475a047eff720c021598aa4889e9fb4eb0aafb1c5
通过上面成功的提示可以看到,要开始使用集群,还需要一些配置
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
最下面的这行kubeadm join 是在子节点操作加入集群的方法,后面的sha256是kubenetes的token值,这个值默认为24小时有效时间,如果有需要可以自行百度配置永久token
# kubeadm join 192.168.1.223:6443 --token dlceft.lcix67fmvte12o8g \
--discovery-token-ca-cert-hash sha256:f0c3e0eb01b861d5db32bf5475a047eff720c021598aa4889e9fb4eb0aafb1c5
完成以上步骤后测试看一下
# kubectl get pods --all-namespaces
结果是
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-8686dcc4fd-h746r 0/1 CrashLoopBackOff 6 8m45s
kube-system coredns-8686dcc4fd-qm27q 0/1 CrashLoopBackOff 6 8m45s
kube-system etcd-k8s-master 1/1 Running 0 7m47s
kube-system kube-apiserver-k8s-master 1/1 Running 0 8m4s
kube-system kube-controller-manager-k8s-master 1/1 Running 0 8m6s
kube-system kube-proxy-h2zgr 1/1 Running 0 8m45s
kube-system kube-scheduler-k8s-master 1/1 Running 0 7m54s
可以看到coredns是没启动起来的,这是因为我们还没有安装network addon,部署k8s集群是不会帮你配置默认网络的,所以我们要安装一个network addon,kubeadm只支持CNI-based networks(不支持kubenet)
配置CNI
常见的network addon有很多 这里我们用Flannel,获取配置文件
# wget https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml
然后配置网络
# kubectl apply -f kube-flannel.yml
如果需要删除
# kubectl delete -f kube-flannel.yml
加入node节点
现在我们开始加入一些k8s节点到集群中
连接到我们的节点上,执行刚才kubeadm init时的最后一行,这行命令每个人都不一样,上面提到token值每个人不一样。
如果没记录下这里的token可以通过
生成一条永久token
# kubeadm token create --ttl 0
得到
m3gmnd.zg9pb04b5x53kjvw
查看所有token
# kubeadm token list
得到
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
fhwj8c.uhry37dwbxcfc742 20h 2019-06-11T23:20:46-04:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
m3gmnd.zg9pb04b5x53kjvw <forever> <never> authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
sn4x0i.8f8nfxjw6wtpzq9x 19h 2019-06-11T22:43:52-04:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
获取ca证书sha256编码hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
得到
929bd928ae4ee3c8bbbe1c911e920f0411c005892a8f18d1947171b8e391b8c3
最后node节点中执行
# kubeadm join 192.168.1.223:6443 --token dlceft.lcix67fmvte12o8g \
--discovery-token-ca-cert-hash sha256:f0c3e0eb01b861d5db32bf5475a047eff720c021598aa4889e9fb4eb0aafb1c5
然后我们回到master节点看一下node添加成没成功
# kubectl get nodes
可以看到node已经成功添加
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 35m v1.14.2
k8s1 NotReady <none> 12s v1.14.1
以上为阿里云在线安装
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献3条内容
所有评论(0)