k8s安装
0.前置工作0.1 设置hostsvi /etc/hosts加入以下内容127.0.0.1 vm2100.2 关闭防火墙systemctl stop firewalldsystemctl disable firewalld0.3 安装docker & 启动dockeryum install tencentos-release-docker-ceyum -y install docker-c
·
0.前置工作
0.1 设置hosts
vi /etc/hosts 加入以下内容 127.0.0.1 vm210
0.2 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
0.3 安装docker & 启动docker
yum install tencentos-release-docker-ce
yum -y install docker-ce
systemctl enable docker && systemctl start docker
0.4 设置yum源,下载kubelet
[root@VM-16-5-centos ~]# yum -y install kubeadm kubelet
Last metadata expiration check: 0:03:58 ago on Thu 07 Oct 2021 10:25:28 AM CST.
No match for argument: kubeadm
No match for argument: kubelet
Error: Unable to find a match: kubeadm kubelet
[root@VM-16-5-centos ~]# vi /etc/yum.repos.d/kubernetes.repo
[root@VM-16-5-centos ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
[root@VM-16-5-centos ~]# yum -y install kubeadm kubelet
Kubernetes 147 kB/s | 128 kB 00:00
Dependencies resolved.
=============================================================================================
Package Arch Version Repository Size
=============================================================================================
Installing:
kubeadm x86_64 1.22.2-0 kubernetes 9.3 M
kubelet x86_64 1.22.2-0 kubernetes 23 M
Installing dependencies:
conntrack-tools x86_64 1.4.4-10.tl3 TencentOS 203 k
cri-tools x86_64 1.13.0-0 kubernetes 5.1 M
kubectl x86_64 1.22.2-0 kubernetes 9.6 M
kubernetes-cni x86_64 0.8.7-0 kubernetes 19 M
libnetfilter_cthelper x86_64 1.0.0-15.tl3 TencentOS 23 k
libnetfilter_cttimeout x86_64 1.0.0-11.tl3 TencentOS 23 k
libnetfilter_queue x86_64 1.0.4-3.tl3 Updates 30 k
socat x86_64 1.7.3.3-2.tl3 TencentOS-AppStream 301 k
Transaction Summary
=============================================================================================
Install 10 Packages
Total download size: 67 M
Installed size: 313 M
Downloading Packages:
(1/10): libnetfilter_cttimeout-1.0.0-11.tl3.x86_64.rpm 1.1 MB/s | 23 kB 00:00
(2/10): libnetfilter_cthelper-1.0.0-15.tl3.x86_64.rpm 1.0 MB/s | 23 kB 00:00
(3/10): libnetfilter_queue-1.0.4-3.tl3.x86_64.rpm 2.4 MB/s | 30 kB 00:00
(4/10): conntrack-tools-1.4.4-10.tl3.x86_64.rpm 4.9 MB/s | 203 kB 00:00
(5/10): socat-1.7.3.3-2.tl3.x86_64.rpm 6.2 MB/s | 301 kB 00:00
(6/10): 14bfe6e75a9efc8eca3f638eb22c7e2ce759c67f95b43b16fae4 13 MB/s | 5.1 MB 00:00
(7/10): 994be6998becbaa99f3c42cd8f2299364fb6f5c597b5ba1eb5db 4.2 MB/s | 9.6 MB 00:02
(8/10): 80864433372b7120669c95335d54aedd2cb7e2002b41e5686e71 5.7 MB/s | 23 MB 00:04
(9/10): db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1 6.5 MB/s | 19 MB 00:02
(10/10): 601174c7fbdf37f053d43088913525758704610e8036f0afd42 1.8 MB/s | 9.3 MB 00:05
---------------------------------------------------------------------------------------------
Total 12 MB/s | 67 MB 00:05
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : kubectl-1.22.2-0.x86_64 1/10
Installing : cri-tools-1.13.0-0.x86_64 2/10
Installing : socat-1.7.3.3-2.tl3.x86_64 3/10
Installing : libnetfilter_queue-1.0.4-3.tl3.x86_64 4/10
Running scriptlet: libnetfilter_queue-1.0.4-3.tl3.x86_64 4/10
Installing : libnetfilter_cttimeout-1.0.0-11.tl3.x86_64 5/10
Running scriptlet: libnetfilter_cttimeout-1.0.0-11.tl3.x86_64 5/10
Installing : libnetfilter_cthelper-1.0.0-15.tl3.x86_64 6/10
Running scriptlet: libnetfilter_cthelper-1.0.0-15.tl3.x86_64 6/10
Installing : conntrack-tools-1.4.4-10.tl3.x86_64 7/10
Running scriptlet: conntrack-tools-1.4.4-10.tl3.x86_64 7/10
Installing : kubernetes-cni-0.8.7-0.x86_64 8/10
Installing : kubelet-1.22.2-0.x86_64 9/10
Installing : kubeadm-1.22.2-0.x86_64 10/10
Running scriptlet: kubeadm-1.22.2-0.x86_64 10/10
Verifying : conntrack-tools-1.4.4-10.tl3.x86_64 1/10
Verifying : libnetfilter_cthelper-1.0.0-15.tl3.x86_64 2/10
Verifying : libnetfilter_cttimeout-1.0.0-11.tl3.x86_64 3/10
Verifying : libnetfilter_queue-1.0.4-3.tl3.x86_64 4/10
Verifying : socat-1.7.3.3-2.tl3.x86_64 5/10
Verifying : cri-tools-1.13.0-0.x86_64 6/10
Verifying : kubeadm-1.22.2-0.x86_64 7/10
Verifying : kubectl-1.22.2-0.x86_64 8/10
Verifying : kubelet-1.22.2-0.x86_64 9/10
Verifying : kubernetes-cni-0.8.7-0.x86_64 10/10
Installed:
conntrack-tools-1.4.4-10.tl3.x86_64 cri-tools-1.13.0-0.x86_64
kubeadm-1.22.2-0.x86_64 kubectl-1.22.2-0.x86_64
kubelet-1.22.2-0.x86_64 kubernetes-cni-0.8.7-0.x86_64
libnetfilter_cthelper-1.0.0-15.tl3.x86_64 libnetfilter_cttimeout-1.0.0-11.tl3.x86_64
libnetfilter_queue-1.0.4-3.tl3.x86_64 socat-1.7.3.3-2.tl3.x86_64
Complete!
0.5 设置selinux
[root@VM-16-5-centos ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
0.6 设置iptables
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
0.7 更改kubelet 参数
vi /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=--cgroup-driver=systemd
0.8 设置docker 参数
[root@VM-16-5-centos ~]# cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
systemctl daemon-reload
systemctl restart docker
systemctl restart kubelet
0.9 下载所需要的镜像
for i in `kubeadm config images list`; do
imageName=${i#k8s.gcr.io/}
docker pull registry.aliyuncs.com/google_containers/$imageName
docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
docker rmi registry.aliyuncs.com/google_containers/$imageName
done;
1.kubeadm init
[root@VM-32-15-centos ~]# kubeadm init --image-repository=registry.aliyuncs.com/google_containers
[init] Using Kubernetes version: v1.22.2
[preflight] Running pre-flight checks
[WARNING FileExisting-tc]: tc not found in system path
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local vm-32-15-centos] and IPs [10.96.0.1 172.16.32.15]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost vm-32-15-centos] and IPs [172.16.32.15 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost vm-32-15-centos] and IPs [172.16.32.15 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 10.507059 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.22" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node vm-32-15-centos as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node vm-32-15-centos as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: g9zyg0.b2ecakjvlvemevbh
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.16.32.15:6443 --token g9zyg0.b2ecakjvlvemevbh \
--discovery-token-ca-cert-hash sha256:ba933105f2babdaaac94e4aaf6a3b27fc9cb8343d8eadd97f4343d5fc3d21c9f
2. worker节点join master节点(worker节点也需要做步骤0中的前置工作):
kubeadm join 172.16.32.15:6443 --token g9zyg0.b2ecakjvlvemevbh --discovery-token-ca-cert-hash sha256:ba933105f2babdaaac94e4aaf6a3b27fc9cb8343d8eadd97f4343d5fc3d21c9f
更多推荐
已为社区贡献1条内容
所有评论(0)