centos8 安装k8s

一、准备工作

  • 系统:centos 8.1.1911 (最小化安装-开发工具)
  • 内存:2G ,cpu:2G(最小2G)

1. 配置hosts文件

cat /etc/hosts
master4 192.168.100.104
node5 192.168.100.105
node6 192.168.100.106

2. 各个节点互相通信

生成秘钥,并把公钥复制给其他主机

ssh-keygen -t rsa (一路回车)
#将公钥复制到主机
ssh-copy-id root@master4
ssh-copy-id root@node5
ssh-copy-id root@node6

3. 关闭防火墙firewalld

能关就关,防止各种意外的发生

systemctl disable firewall #永久启动关闭
systemctl stop firewall #本次关闭

部署dashboard时错误:
2020/09/11 07:33:02 Starting overwatch
2020/09/11 07:33:02 Using namespace: kubernetes-dashboard
2020/09/11 07:33:02 Using in-cluster config to connect to apiserver
2020/09/11 07:33:02 Using secret token for csrf signing
2020/09/11 07:33:02 Initializing csrf token from kubernetes-dashboard-csrf secret
panic: Get https://10.96.0.1:443/api/v1/namespaces/kubernetes-dashboard/secrets/kubernetes-dashboard-csrf: dial tcp 10.96.0.1:443: i/o timeout

goroutine 1 [running]:
github.com/kubernetes/dashboard/src/app/backend/client/csrf.(*csrfTokenManager).init(0xc000469d60)
	/home/travis/build/kubernetes/dashboard/src/app/backend/client/csrf/manager.go:40 +0x3b4
github.com/kubernetes/dashboard/src/app/backend/client/csrf.NewCsrfTokenManager(...)
	/home/travis/build/kubernetes/dashboard/src/app/backend/client/csrf/manager.go:65
github.com/kubernetes/dashboard/src/app/backend/client.(*clientManager).initCSRFKey(0xc000400f80)
	/home/travis/build/kubernetes/dashboard/src/app/backend/client/manager.go:494 +0xc7
github.com/kubernetes/dashboard/src/app/backend/client.(*clientManager).init(0xc000400f80)
	/home/travis/build/kubernetes/dashboard/src/app/backend/client/manager.go:462 +0x47
github.com/kubernetes/dashboard/src/app/backend/client.NewClientManager(...)
	/home/travis/build/kubernetes/dashboard/src/app/backend/client/manager.go:543
main.main()
	/home/travis/build/kubernetes/dashboard/src/app/backend/dashboard.go:105 +0x212
解决方案一:(这个在次重启还会有服务为:CrashLoopBackOff 查看日志也是连接pod的ip超时)
即使关闭了防火墙跨主机间容器、pod始终无法ping通(这里我在部署dashboard时,一直不成功)
[root@node5 ~]# iptables -P INPUT ACCEPT
[root@node5 ~]# iptables -P FORWARD ACCEPT
[root@node5 ~]# iptables -F
[root@node5 ~]# iptables -L -n

###方案二:https://www.cnblogs.com/2019peng/p/12932197.html

  • 报错的如下:
    这里就是因为上面这个IPtables的问题,当时在想firewall的也管了,selinux 也关了,为什么不通…排查了好久…哭…
pod log:  Error: 'dial tcp ip:port: getsockopt: connection timed out'

4. 关闭selinux

在主机上禁用SElinux,让容器可以读取主机文件系统(操作三台主机)

setenforce 0 #本次关闭
vim /etc/selinux/config #永久关闭
SELINUX=disabled #修改

5. 关闭swap

swapoff -a 
vim /etc/fstab 注释掉swap项

二、安装docker

1. 下载docker源

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo

2. 安装docker依赖

dnf -y install https://download.docker.com/linux/fedora/30/x86_64/stable/Packages/containerd.io-1.2.6-3.3.fc30.x86_64.rpm

3. 安装docker
docker-ee:企业版
docker-ce:社区版

dnf -y install docker-ce

4. 启动docker

systemctl start|stop|restart|status docker #启动|停止|重启|状态

5. 配置阿里云的docker加速器

mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://75iv024r.mirror.aliyuncs.com"]
}
EOF

sudo systemctl daemon-reload
sudo systemctl restart docker

到此docker安装完成

二、安装kubernetes

1. 添加阿里的k8s源

cat /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

systemctl enable kubelet #开机自启kubalet,但是现在别启动,因为还未初始化

2. 初始化kubernetes集群

  • :版本:1.18;-apiserver:就是master的地址;image:指定阿里云的仓库;service:server的ip;–pod-network-cidr=10.244.0.0/16 如要使用flannel网络插件,就一定要指定这个网段,因为flannel使用的这个网段
kubeadm init --kubernetes-version=1.18.0 --apiserver-advertise-address=192.168.100.104 --image-repository registry.aliyuncs.com/google_containers  --pod-network-cidr=10.244.0.0/16
  • 遇到错误
1、[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. Therecommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
2、[ERROR NumCPU]: the number of available CPUs 1 is less than the required 2
  • 解决方法

问题一

vim /etc/docker/daemon.json
{
 }, #json格式注意这个“,”号
{
         "exec-opts":["native.cgroupdriver=systemd"]
}
这个配置完还是有这个警告,不影响使用...咳咳,先过

问题二:
咳咳,我使用的vmware,升级内存即可(最小2G)
启动kubelet

  • 等待push镜像

在这里插入图片描述按照提示执行

  • master4
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
  • node5-6
kubeadm join 192.168.100.104:6443 --token ujju93.mk0eg9onkvbf9yc8 \
    --discovery-token-ca-cert-hash sha256:760258b5e9fbbd28d15ac9a60cd69c4303fab94f013beedfe17a157f5c8d82a3
  • master

kubectl get nodes #这里的NotReady是因为还没有网络的pod
在这里插入图片描述
3. 部署网络插件

  • 在master服务器上部署flannel网络组件

https://github.com/coreos/flannel

  • 执行此命令,会自动在线获取部署清单,并基于此清单下载镜像,启动并部署flannel

master4

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

遇到错误

The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port?

解决
在https://www.ipaddress.com/查询raw.githubusercontent.com的真实IP。

vim /etc/hosts
199.232.28.133 raw.githubusercontent.com  #ip改成实际查到的ip地址
  • 查看镜像,下载了此镜像
[root@master4 ~]# docker images
REPOSITORY                                                        TAG                 IMAGE ID            CREATED             SIZE
registry.aliyuncs.com/google_containers/kube-proxy                v1.18.0             43940c34f24f        4 months ago        117MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.18.0             a31f78c7c8ce        4 months ago        95.3MB
registry.aliyuncs.com/google_containers/kube-apiserver            v1.18.0             74060cea7f70        4 months ago        173MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.18.0             d3e55153f52f        4 months ago        162MB
quay.io/coreos/flannel     `下载了此镜像`                           v0.12.0-amd64       4e9f801d2217        5 months ago        52.8MB
registry.aliyuncs.com/google_containers/pause                     3.2                 80d28bedfe5d        6 months ago        683kB
registry.aliyuncs.com/google_containers/coredns                   1.6.7               67da37a9a360        6 months ago        43.8MB
registry.aliyuncs.com/google_containers/etcd                      3.4.3-0             303ce5db0e90        10 months ago       288MB
  1. 完成
  • 在次查看node
[root@master4 ~]# kubectl get nodes
NAME      STATUS   ROLES    AGE   VERSION
master4   Ready    master   56m   v1.18.8
node5     Ready    <none>   38m   v1.18.8
node6     Ready    <none>   38m   v1.18.8
  • 查看k8s集群的命名空间
[root@master4 ~]# kubectl get ns
NAME              STATUS   AGE
default           Active   51m
kube-node-lease   Active   51m
kube-public       Active   51m
kube-system       Active   51m   #系统级别的pod都在kube-system名称空间中
  • 如果有新节点加入,但忘记了token,执行以下命令查询
kubeadm token create --print-join-command

执行命令kubectl get pod --all-namespaces检查状态

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐