kubeadm1.22.x 部署kubernetes集群
目前,国内kubernetes的源版本多为1.5.2,使用传统方式很难搭建最新版本的kubernetes集群。因此,本文介绍一下使用kubeadm搭建最新版本kubernetes集群。一、集群说明机器角色IP地址k8s-master 192.168.11.100k8s-node-1 192.168.11.110k8s-node-2 192.168.11.160二、相关软件本版说明软件 版本doc
本文使用kubeadm搭建最新版本kubernetes集群。
机器角色 IP地址
k8s-master 192.168.11.100
k8s-node-1 192.168.11.110
k8s-node-2 192.168.11.160
二、相关软件本版说明
软件 版本
docker 20.10.9
kubeadm 1.22.2
kubelet 1.22.2
kubectl 1.22.2
systemctl stop firewalld
systemctl disable firewalld
setenforce 0 # 临时关闭
sed -i 's/enforcing/disabled/g' /etc/selinux/config # 永久关闭
swapoff -a # 临时关闭
sed -ir 's/.*swap.*/#&/g' /etc/fstab # 永久关闭
hostnamectl set-hostname <hostname>
命令,将集群的三个节点分别命名为k8s-master、k8s-node-1、k8s-node-2
cat >> /etc/hosts << EOF
192.168.11.100 k8s-master
192.168.11.110 k8s-node-1
192.168.11.160 k8s-node-2
EOF
配置好的/etc/hosts文件如下图所示:
yum install ntpdate -y
ntpdate ntpdate cn.pool.ntp.org
# 常用的NTP时间服务器
cn.ntp.org.cn #中国
edu.ntp.org.cn #中国教育网
ntp1.aliyun.com #阿里云
ntp2.aliyun.com #阿里云
cn.pool.ntp.org #最常用的国内NTP服务器
3.7. 更新yum的docker源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cat >> /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
四、安装docker、kubeadm、kubectl、kubelet(在所有节点上操作)
yum install docker-ce docker-ce-cli -y
# 修改/etc/docker/daemon.json文件如下:
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"data-root": "/data/docker"
}
# 启动 docker
systemctl start docker
# 查看状态
systemctl status docker
# 设置开机启动
systemctl enable docker
yum install kubeadm、kubectl、kubelet -y
systemctl enable kubelet #设置开机自启动
五、配置kubernetes集群
kubeadm init \
--apiserver-advertise-address=192.168.11.100 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.22.2 \
--token-ttl 0 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.1.0.0/16
注意:(1)apiserver-advertise-address的ip地址必须为master节点的ip,根据实际情况确定
(2)kubernetes-version为对应的版本,根据实际情况确定
(3)pod-network-cidr为flannel网络格式
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a Pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join 192.168.11.100:6443 --token sr53ad.rnf7ya4cjci7m7wv \
--discovery-token-ca-cert-hash sha256:3a3d48ba22e50947891b97bff80d5c7e78238504977d2b313d88f39ac00939f8 --v=5
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f kube-flannel.yml
https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 如果coredns的pods不是running状态,则配置出现问题,可以使用如下命令查看相关报错信息(博主本人当时报disk-pressure,即磁盘占用率太高导致)
kubectl get events --namespace=kube-system
5.2 node节点加入kubernetes集群(各node节点都需要执行)
kubeadm join 192.168.11.100:6443 --token sr53ad.rnf7ya4cjci7m7wv \
--discovery-token-ca-cert-hash sha256:3a3d48ba22e50947891b97bff80d5c7e78238504977d2b313d88f39ac00939f8 --v=5
(2) 如果忘记或者超时可以重新生成token和sha256,命令如下:
[root@k8s-master ~]# kubeadm token create
c4jjui.bpppj490ggpnmi3u
[root@k8s-master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
c4jjui.bpppj490ggpnmi3u 22h 2020-07-21T14:37:12+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt|openssl rsa -pubin -outform der 2>/dev/null|openssl dgst -sha256 -hex|awk '{print $NF}'
c1df6d1ad77fbc0cbdf2bb3dccd5d87eac41b936a5f3fb944f2c14b79af4de55
(3) 当master节点执行kubeadm reset后,各node节点也必须执行kubeadm reset才能执行kubeadm join命令,否则报错 (博主吃过亏)
(4)如果报错,想看更多的报错信息可以在kubeadm join 命令后加--v=5参数,如下:
kubeadm join 192.168.11.100:6443 --token sr53ad.rnf7ya4cjci7m7wv \
--discovery-token-ca-cert-hash sha256:3a3d48ba22e50947891b97bff80d5c7e78238504977d2b313d88f39ac00939f8 --v=5
六、特别注意事项说明:
(1) docker安装后一定要修改/etc/docker/daemon.json文件,把"exec-opts"参数设置为["native.cgroupdriver=systemd"],请参考本博客的4.1节说明(所有节点都要修改,包括node节点)
(2)当master节点执行kubeadm reset后,各node节点也必须执行kubeadm reset才能执行kubeadm join命令,否则报错
(3)如果报configmaps is forbidden: User “system:anonymous” cannot list resource “configmaps” in API group “” in the namespace “default”,可以在master节点执行如下命令:
kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous
(4)更多报错信息可以参考博客:
1、部署手册 : Kubernetes 二进制部署手册 (收藏又不吃亏) - 硕一知道
2、Issues · kubernetes/kubernetes · GitHub
参考博客:
1、kubeadm部署kubernetes 1.22版本 - 羊脂玉净瓶 - 博客园
2、http://soiiy.com/java/13126.html
3、https://blog.csdn.net/qq_44895681/article/details/119539008
4、https://blog.csdn.net/weixin_45160178/article/details/106312426 5、https://github.com/kubernetes/kubernetes/issues
更多推荐
所有评论(0)