1. 安装CRI-O
容器运行时接口Container Runtime Interface(CRI):这是一个插件接口,它让 kubelet(用于创建 pod 和启动容器的集群节点代理)有使用不同的兼容 OCI 的容器运行时的能力,而不需要重新编译 Kubernetes。在这项工作的基础上,CRI-O 项目([原名 OCID] 13)准备为 Kubernetes 提供轻量级的运行时。
CRI-O 允许你直接从 Kubernetes 运行容器,而不需要任何不必要的代码或工具。只要容器符合 OCI 标准,CRI-O 就可以运行它,去除外来的工具,并让容器做其擅长的事情:加速你的新一代原生云程序。
modprobe overlay modprobe br_netfilter # 创建kubernetes cri需要的网络参数 cat > /etc/sysctl.d/k8s.conf <<EOF net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF sysctl -p /etc/sysctl.d/k8s.conf # 安装必要组件 yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-115-release/x86_64/os/ # 安装CRI-O yum install --nogpgcheck cri-o # 启动CRI-O systemctl daemon-reload systemctl start crio
2. 安装containerd
cat > /etc/modules-load.d/containerd.conf <<EOF overlay br_netfilter EOF modprobe overlay modprobe br_netfilter # 安装所需的软件包 yum install yum-utils device-mapper-persistent-data lvm2 # 添加docker存储库 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo # 安装容器(会自动把docker升级到最新版) yum update --skip-broken && yum install containerd.io # 配置containerd mkdir -p /etc/containerd containerd config default > /etc/containerd/config.toml # 重启containerd systemctl restart containerd
3. 安装Kubernetes
关闭swap
swapoff -a vi /etc/fstab
注释swap
# /dev/mapper/cl-swap swap swap defaults 0 0
执行下面命令
mount -a echo "KUBELET_EXTRA_ARGS=--fail-swap-on=false" > /etc/sysconfig/kubelet
使用国内源安装
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0 systemctl enable kubelet && systemctl start kubelet
查看当前Kubernetes版本支持的Docker版本,可点击打开https://github.com/kubernetes/kubernetes
进入对应版本CHANGELOG-1.xx.md,查找docker关键就可以看到相关信息
4. 修改服务器系统环境变量
vi /etc/profile
在尾部添加下面配置
export KUBECONFIG=/etc/kubernetes/admin.conf
保存退出后,运行命令,让配置马上生效
source /etc/profile
5. 初始化Kubernetes
提交命令,加载所需的镜像,对Kubernetes进行初始化操作
kubeadm init --cri-socket /var/run/dockershim.sock --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.17.0 --pod-network-cidr=192.168.16.0/20 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
执行完初始化后,会生成加入节点的命令行,并打印出来
kubeadm join 192.168.xx.xxx:6443 --token ryotic.bt5ms3fx0tku0gxd --discovery-token-ca-cert-hash sha256:94014c7543fd0ff86a847959e3f8e149691d4665b7dbc1abdf3d28c9c0ebf75d
这样的命令,需要将它复制下来,后续添加容器到Kubernetes时需要用到
生成的这个令牌24小时内有效,过期后可以使用命令重新生成
如果忘记复制,可以使用下面命令重新打印出来
kubeadm token create –print-join-command
后续可能需要用到admin.conf生成密钥,按下面操作将配置复制到指定位置
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
6. 检查状态
kubectl get cs
显示下面信息就表示服务已正常启动了
NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-0 Healthy {"health":"true"}
输入命令
kubectl get nodes
显示
NAME STATUS ROLES AGE VERSION master Ready master 12m v1.17.0
检查全部节点运行状态
kubectl get pods --all-namespaces
可以查看到
NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-9d85f5447-hccsk 1/1 Pending 0 33m kube-system coredns-9d85f5447-jc7dd 1/1 Pending 0 33m kube-system etcd-master 1/1 Running 0 33m kube-system kube-apiserver-master 1/1 Running 0 33m kube-system kube-controller-manager-master 1/1 Running 0 33m kube-system kube-flannel-ds-amd64-gjp99 1/1 Running 0 11m kube-system kube-proxy-t8rrj 1/1 Running 0 33m kube-system kube-scheduler-master 1/1 Running 0 33m
coredns节点状态为Pending,这是因为还没有安装网络插件,按下面部署安装了Weave后,这两个状态就会显示Running
查看master节点的详细信息
kubectl describe node master
7. 安装集群网络Weave Net
下载weave.yaml文件
curl -L "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d ' ')" > weave.yaml
修改weave.yaml配置
vi weave.yaml
在配置文件中查找到“/home/weave/launch.sh”,在下面的env中添加IPALLOC_RANGE,具体如下
spec: containers: - name: weave command: - /home/weave/launch.sh env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: IPALLOC_RANGE value: 192.168.16.0/20
这里将会绑定IP分配范围为本地指定的范围,192.168.16.0/20这个值必须与初始化时的pod-network-cidr值一致,不然可能会导至服务出错
安装插件
kubectl apply -f weave.yaml
删除插件
kubectl delete -f weave.yaml
稍等一会,输入命令查看pod运行状态,就可以看到weave-net的状态处于Running中
kubectl get pod --all-namespaces -o wide
显示内容
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system coredns-9d85f5447-v9qld 1/1 Running 0 21m 10.244.0.3 master <none> <none> kube-system coredns-9d85f5447-z22vf 1/1 Running 0 21m 10.244.0.2 master <none> <none> kube-system etcd-master 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system kube-apiserver-master 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system kube-controller-manager-master 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system kube-proxy-gn9gv 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system kube-scheduler-master 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system weave-net-v97dl 2/2 Running 0 4m37s 192.168.10.161 master
查看当前docker镜像,也可以看到weave
docker images
docker镜像列表
REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-proxy v1.17.0 7d54289267dc 2 weeks ago 116MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.17.0 5eb3b7486872 2 weeks ago 161MB registry.aliyuncs.com/google_containers/kube-apiserver v1.17.0 0cae8d5cc64c 2 weeks ago 171MB registry.aliyuncs.com/google_containers/kube-scheduler v1.17.0 78c190f736b1 2 weeks ago 94.4MB weaveworks/weave-npc 2.6.0 5105e13e253e 7 weeks ago 34.9MB weaveworks/weave-kube 2.6.0 174e0e8ef23d 7 weeks ago 114MB registry.aliyuncs.com/google_containers/coredns 1.6.5 70f311871ae1 7 weeks ago 41.6MB registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 2 months ago 288MB registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 2 years ago 742kB
查看本机网络信息,会发现新增cni0和flannel.1两个网络节点
ifconfig
8. 重置服务
如果初始化出现问题,或需要恢复到初始状态重新配置,可以执行下列命令
kubeadm reset ifconfig cni0 down ifconfig flannel.1 down ifconfig weave down ip link delete cni0 ip link delete flannel.1 ip link delete weave rm -rf $HOME/.kube/config rm -rf /var/lib/cni/ rm -rf /var/lib/kubelet/* rm -rf /etc/kubernetes/ rm -rf /etc/cni/
除了清除kubernetes的这些数据外,还需要将对应的docker镜像删除,重新初始化才可能不会出错