TL;DR;
科学上网,科学上网,科学上网,重要的事情说三次。如果不会科学上网,这篇文章就没有看下去的意义。作为一个技术人员如果不愿意折腾,很难有所作为。作为一个单纯的技术人员,最好把心思放在技术上,做到真正的科学上网。这里不会教如何科学上网,请大家自行摸索。
服务器
| 名称 | 操作系统 | 配置 | IP |
| master | CentOS 7 | 4核2G内存 | 192.168.132.132 |
| node1 | CentOS 7 | 2核2G内存 | 192.168.132.130 |
Master安装
1. 修改主机名为master。
hostnamectl set-hostname master
2. 关闭防火墙和selinux
systemctl stop firewalld
systemctl disable firewalld
vi /etc/selinux/config,将SELINUX=enforcing改为SELINUX=disabled,重启机器
3.安装docker
yum install -y docker
systemctl enable docker && systemctl start docker
docker info查看docker信息,记录docker的版本,以及cgroup信息:
Docker从1.13版本开始调整了默认的防火墙规则,禁用了iptables filter表中FOWARD链,这样会引起Kubernetes集群中跨Node的Pod无法通信,需要执行以下指令:
systemctl stop docker
iptables -P FORWARD ACCEPT
systemctl start docker
4. 设置net.bridge.bridge-nf-call-iptables
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
参考:https://kubernetes.io/docs/setup/independent/install-kubeadm/
5. 挂代理(科学上网)
export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118
export no_proxy="localhost, 192.168.132.132" #192.168.132.132为master主机IP
cat <<EOF >> /etc/sysconfig/docker
HTTP_PROXY='http://127.0.0.1:8118'
HTTPS_PROXY='http://127.0.0.1:8118'
EOF
systemctl restart docker
6. 安装kubeadm, kubelet, kubectl
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
7. 配置cgroup,使/etc/systemd/system/kubelet.service.d/10-kubeadm.conf中的cgroup的值和docker info中的cgroup一致。然后重启kubelet:
systemctl daemon-reload
systemctl restart kubelet
8.更新yum获取最新的kubeadm
yum update
9. 关闭系统的Swap:
swapoff -a
10. kubeadm init,这里选用Calico的网络,因此设置--pod-network-cidr=192.168.0.0/16。
kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=192.168.132.132
漫长等待,下载镜像会比较耗时,如果长时间没反应,而且没有下载镜像的话,可以kubeadm reset,重启kubelet,再kubeadm init 。直到成功,看到以下界面:
记录下加入节点的指令:kubeadm join ...
11. 设置kubelet config
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
12. 安装网络,这里使用Calico。
kubectl apply -f https://docs.projectcalico.org/v3.0/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml
Node安装
按照Master安装的1-9步骤进行安装。其中调整如下:
1. 修改主机名为nodex(这里是node1)。
hostnamectl set-hostname node1
5. 挂代理(科学上网)
export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118
export no_proxy="localhost, 192.168.132.132, 192.168.132.130" #192.168.132.132为master主机IP,192.168.132.130为node1主机IP
cat <<EOF >> /etc/sysconfig/docker
HTTP_PROXY='http://127.0.0.1:8118'
HTTPS_PROXY='http://127.0.0.1:8118'
EOF
systemctl restart docker
10. 执行安装Master时输出的kubeadm join ...
在Master上执行kubectl get nodes查看添加结果:
11. 给node打标签(可选)
kubectl label node node1 kubernetes.io/role=node
补充说明:拉取镜像有时会比较耗时,请耐心等待,相同的镜像可以考虑从master拷贝。
12. 部署一个nginx检查一下(可选)
nginx.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
namespace: default
spec:
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
nodeSelector:
kubernetes.io/role: node
containers:
- name: nginx
image: nginx:1.13
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
name: nginx
labels:
app: nginx
namespace: default
spec:
selector:
app: nginx
type: NodePort
ports:
- name: nginx
nodePort: 30000
port: 80
protocol: TCP
targetPort: 80
使用Node1的地址http://192.168.132.130:30000/进行访问:
参考资料
https://kubernetes.io/docs/setup/independent/install-kubeadm/
https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/