CentOS7安装Kubernetes(K8S)
参考Kubnetes官方文档:https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/1. 配置阿里云k8s的镜像包#以下是配置阿里云的kubernetes镜像源包# cat <<EOF > /etc/yum.repos.d/kuberne...
·
参考Kubnetes官方文档:https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
1. 配置阿里云k8s的镜像包
#以下是配置阿里云的kubernetes镜像源包
# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2.安装k8s
#以下使安装kubernetes的组件
# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
#以下使设置开机启动和启动服务
# systemctl enable kubelet && systemctl start kubelet3.启动路由转发
#以下使配置转发路由参数
# cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
EOF
# sysctl --system #使参数生效
4。配置cgroup驱动程序和网易的镜像加速
# vi /etc/docker/daemon.json
{
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
# systemctl daemon-reload
# systemctl restart docker
# systemctl restart kubelet
5.禁止交换分区 的使用内存
# swapoff -a #临时禁止交换分区的使用内存
# free -m
6.编辑脚本pull和tag镜像(这里可以忽略)
# vi image_k8s.sh
#!/bin/bash
images=(kube-proxy-amd64:v1.17.0 kube-scheduler-amd64:v1.17.0 kube-controller-manager-amd64:v1.17.0 kube-apiserver-amd64:v1.17.0 etcd-amd64:3.4.3-0 coredns:1.6.5 pause-amd64:3.1)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
done
# vi tag_k8s.sh
#!/bin/bash
images=(kube-proxy:v1.17.0 kube-scheduler:v1.17.0 kube-controller-manager:v1.17.0 kube-apiserver:v1.17.0 etcd:3.4.3-0 coredns:1.6.5 pause:3.1)
images_old=(kube-proxy-amd64:v1.17.0 kube-scheduler-amd64:v1.17.0 kube-controller-manager-amd64:v1.17.0 kube-apiserver-amd64:v1.17.0 etcd-amd64:3.4.3-0 coredns:1.6.5 pause-amd64:3.1)
for imageName in ${images[@]} ; do
for imageName_old in ${images_old[@]};do
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName_old k8s.gcr.io/$imageName
done
done
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-controller-manager v1.17.0 da86e6ba6ca1 2 years ago 742kB
k8s.gcr.io/kube-proxy v1.17.0 da86e6ba6ca1 2 years ago 742kB
k8s.gcr.io/kube-scheduler v1.17.0 da86e6ba6ca1 2 years ago 742kB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 2 years ago 742kB
k8s.gcr.io/coredns 1.6.5 da86e6ba6ca1 2 years ago 742kB
k8s.gcr.io/etcd 3.4.3-0 da86e6ba6ca1 2 years ago 742kB
k8s.gcr.io/kube-apiserver v1.17.0 da86e6ba6ca1 2 years ago 742kB
7.初始化Master
# kubeadm init phase preflight #初始化预检
#以下是初始化Master
# kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.17.0 --apiserver-advertise-address 172.25.0.10 --pod-network-cidr=10.244.0.0/16 --cri-socket=/var/run/dockershim.sock --control-plane-endpoint 172.25.0.10:6443
8.发生初始化错误,需要重新初始化设置
# kubeadm reset #重新初始化设置9.root用户要运行
# export KUBECONFIG=/etc/kubernetes/admin.conf10.安装Pod网络
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml11.添加节点到集群
11-1.需要SSH服务
#以下是在Master节点操作
# ssh-keygen -t rsa -N ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3rYOl3qZMG29Ifh9BkDVMOk/f0kcoB23OPA76RvdX/s root@controller
The key's randomart image is:
+---[RSA 2048]----+
| .++ |
| ...+.. |
| . .= = .|
| ...= o |
| So o .= .|
| .+.+.+++o.|
| o===.=o++|
| ==.o.+.*|
| .oo +..E|
+----[SHA256]-----+
# ssh-copy-id -i .ssh/id_rsa.pub root@Master
# ssh-copy-id -i .ssh/id_rsa.pub root@worker1
# ssh-copy-id -i .ssh/id_rsa.pub root@worker2
11-2.在worker1和worker2注册到Cluster中
默认情况下,令牌会在24小时后过期。如果要在当前令牌过期后将节点加入集群,则可以通过在控制平面节点上运行以下命令来创建新令牌:
kubeadm token create#以下是在Master查看密钥
[root@Master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
6vzl4q.u8jpoagms4p9rgc6 23h 2019-12-24T17:40:01+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
#以下是在Master查看哈希256密钥
[root@Master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
> openssl dgst -sha256 -hex | sed 's/^.* //'
679d5623bb141e8b83de3a1aae863974763463e774666a435a10e819ab82ab7f
#以下是在从节点加入集群
[root@worker1 ~]# kubeadm join 172.25.0.10:6443 --token 6vzl4q.u8jpoagms4p9rgc6 \
--discovery-token-ca-cert-hash sha256:679d5623bb141e8b83de3a1aae863974763463e774666a435a10e819ab82ab7f
[root@worker2 ~]# kubeadm join 172.25.0.10:6443 --token 6vzl4q.u8jpoagms4p9rgc6 \
--discovery-token-ca-cert-hash sha256:679d5623bb141e8b83de3a1aae863974763463e774666a435a10e819ab82ab7f
11-3在Master节点查看
# kubectl get node
NAME STATUS ROLES AGE VERSION
worker1 Ready <none> 39m v1.17.0
Master Ready master 40m v1.17.0
worker2 Ready <none> 25m v1.17.0
12.对worker节点添加roles标签
# kubectl label node worker1 node-role.kubernetes.io/worker=worker
# kubectl label node worker2 node-role.kubernetes.io/worker=worker
# kubectl get node
NAME STATUS ROLES AGE VERSION
worker1 Ready worker 45m v1.17.0
Master Ready master 46m v1.17.0
worker2 Ready worker 31m v1.17.0
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
3
0- 0
已为社区贡献8条内容
所有评论(0)