zoukankan      html  css  js  c++  java
  • 02kubeadm安装

    一. 环境准备

    K8S版本v1.19.03
    IP地址
    角色
    主机名
    系统
    CPU
    内存
    硬盘
    192.168.40.11
    master
    node-01.in.cn
    centos7
    8
    24G
    2TB
    192.168.40.12
    node
    node-02.in.cn
    centos7
    4
    32G
    1TB
    192.168.40.13
    node
    node-03.in.cn
    centos7
    4
    16G
    2TB
    • 操作系统: CentOS7.x
    • 硬件要求: CPU 2核以上,内存4GB以上, 硬盘30G以上
    • docker所在宿主机分区的格式必须是 ext2, ext3, ext4
    • 关闭防火墙
    • 关闭SELinux
    • 关闭swap
    • 所有节点部署docker, kubeadm, kubelet
    • 内网互通, hosts解析主机名
    • 私有仓库或者可以访问互联网,拉取镜像
    注意: 在所有节点执行以下操作
    1. 设置hosts
    cat << EOF >> /etc/hosts
    192.168.40.11 node-01.in.cn
    192.168.40.12 node-02.in.cn
    192.168.40.13 node-03.in.cn
    EOF
    2. 内核参数
    net.bridge.bridge-nf-call-ip6tables = 1 
    net.bridge.bridge-nf-call-iptables = 1
    net.bridge.bridge-nf-call-arptables = 1
    net.ipv4.ip_forward = 1
    3. 安装Docker
    #!/bin/bash
    
    ### Uninstall old versions
    yum remove -y docker docker-client docker-client-latest docker-common docker-latest \
    	docker-latest-logrotate docker-logrotate docker-engine
    
    ### Install required packages.
    yum install yum-utils device-mapper-persistent-data lvm2 -y
    
    ### Add Docker repository.
    yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    yum-config-manager --enable docker-ce-edge
    
    ## Install Docker CE.
    yum install docker-ce -y
    
    ## Create /etc/docker directory.
    mkdir -p /etc/docker
    
    # Setup daemon.
    cat > /etc/docker/daemon.json <<EOF
    {
      "registry-mirrors": ["https://bxba8hkt.mirror.aliyuncs.com"],
      "exec-opts": ["native.cgroupdriver=systemd"],
      "log-driver": "json-file",
      "log-opts": {
        "max-size": "100m"
      },
      "storage-driver": "overlay2",
      "storage-opts": [
        "overlay2.override_kernel_check=true"
      ]
    }
    EOF
    
    # Restart Docker
    systemctl daemon-reload
    systemctl restart docker
    systemctl enable docker
    4. 添加阿里云源
    cat <<EOF > /etc/yum.repos.d/kubernetes.repo
    [kubernetes]
    name=Kubernetes
    baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
    enabled=1
    gpgcheck=1
    repo_gpgcheck=1
    gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
    EOF
    5. 安装kubeadm, kubelet
    # 版本 v1.19.3
    yum install -y kubelet kubeadm kubectl
    rpm -ql kubelet
    rpm -ql kubeadm
    rpm -ql kubectl
    rpm -ql kubernetes-cni
    # init或者join时, 自动启动kubelet
    systemctl enable kubelet 

    二. 安装Master

    1. 手动下载镜像(网络不好时使用)
    kubeadm config images list|awk -F "/" '{print $2}'
    2. 下载脚本
    #!/bin/bash
    images=(
        kube-apiserver:v1.19.3
        kube-controller-manager:v1.19.3
        kube-scheduler:v1.19.3
        kube-proxy:v1.19.3
        pause:3.2
        etcd:3.4.13-0
        coredns:1.7.0
    )
    
    for imageName in ${images[@]};do
    	docker pull mirrorgooglecontainers/$imageName  
    	docker tag  mirrorgooglecontainers/$imageName registry.aliyuncs.com/google_containers/$imageName  
    	docker rmi  mirrorgooglecontainers/$imageName
    done
    3. 初始化Master
    kubeadm init \
        --apiserver-advertise-address 192.168.40.11 \
        --image-repository registry.aliyuncs.com/google_containers \
        --kubernetes-version v1.19.3 \
        --service-cidr=10.96.0.0/12 \
        --pod-network-cidr=10.244.0.0/16 
    • apiserver-advertise-address: 指定用Master的哪个地址与Cluster的其他节点通信
    • image-repository: 指定镜像地址, 默认值是k8s.gcr.io
    • kubernetes-version: 指定kubenets版本号, 默认值会导致从网络上获取最新版本号
    • service-cidr: 指定service的网络范围
    • pod-network-cidr: 指定Pod的网络范围
    4. 使用kubectl
    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
    # 启用kubectl命令的自动补全功能
    echo "source <(kubectl completion bash)" >> ~/.bashrc 
    5. 安装网络插件
    # 添加hosts解析
    199.232.68.133 raw.githubusercontent.com
    # 下载yaml
    wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    # 应用
    kubectl apply -f kube-flannel.yml
    6. 查看pod(大概等待2分钟)
    kubectl get pods -n kube-system
    --- output
    NAME                                    READY   STATUS    RESTARTS   AGE
    coredns-6d56c8448f-6f7f2                1/1     Running   0          2m31s
    coredns-6d56c8448f-w7vkd                1/1     Running   0          2m31s
    etcd-node-01.in.cn                      1/1     Running   0          2m39s
    kube-apiserver-node-01.in.cn            1/1     Running   0          2m39s
    kube-controller-manager-node-01.in.cn   1/1     Running   0          2m39s
    kube-flannel-ds-p9sdl                   1/1     Running   0          26s
    kube-proxy-69qnj                        1/1     Running   0          2m31s
    kube-scheduler-node-01.in.cn            1/1     Running   0          2m39
    6. 卸载Master
    # 卸载网络插件
    kubectl delete -f kube-flannel.yml
    ifconfig cni0 down && ip link delete cni0
    ifconfig flannel.1 down && ip link delete flannel.1
    rm -rf /var/lib/cni
    rm -f /etc/cni/net.d/*
    ### 重置iptables
    iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
    
    kubeadm reset
    rm -fr $HOME/.kube
    systemctl stop kubepods.slice
    yum remove -y kubelet kubeadm kubectl
    systemctl daemon-reload
    # .bashrc 删除source <(kubectl completion bash)

    三. 添加Node

    1. 添加node
    kubeadm join 192.168.40.11:6443 --token v5lnvk.nmcnl24les4cumci \
        --discovery-token-ca-cert-hash sha256:ddfe030df98fe66ff880ae1ce4675bb4aad29eeb11ca5e1d701f854a6449bc71
    # 查看日志
    journalctl -f
    2. 清理node
    # master执行
    ### 排除node上的pod
    kubectl drain node-02.in.cn --delete-local-data --force --ignore-daemonsets
    # node02执行
    kubeadm reset
    ### 删除网络插件
    ifconfig flannel.1 down && ip link delete flannel.1
    rm -f /etc/cni/net.d/*
    ### 重置iptables
    iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
    rm -fr /etc/kubernetes/pki
    
    systemctl stop kubepods.slice
    yum remove -y kubelet kubeadm kubectl
    systemctl daemon-reload
    # master 执行
    kubectl delete nodes node-02.in.cn
    3. 再次加入node
    # master 节点获取token
    kubeadm token list
    openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
    # node节点
    yum install -y kubelet kubeadm kubectl
    systemctl enable kubelet 
    systemctl start kubelet 
    kubeadm join 192.168.40.11:6443 --token v5lnvk.nmcnl24les4cumci \
        --discovery-token-ca-cert-hash sha256:ddfe030df98fe66ff880ae1ce4675bb4aad29eeb11ca5e1d701f854a6449bc71

    四. 故障解决

    1. kubelet 启动不了
    Failed to start ContainerManager failed to initialize top level QOS containers: failed to update top level Burstable QOS cgroup : failed to set supported cgroup subsystems for cgroup [kubepods burstable]: failed to find subsystem mount for required subsystem: pids
    解决方法
    方法一:编辑 kubelet 配置文件
    vim /etc/sysconfig/kubelet
    KUBELET_EXTRA_ARGS="--feature-gates=SupportPodPidsLimit=false,SupportNodePidsLimit=false"

    五. 测试集群

    kubectl create deployment nginx --image=nginx
    kubectl expose deployment nginx --port=80 --type=NodePort
    kubectl get pod, svc

  • 相关阅读:
    文言文
    【我回来了】TO DO LIST
    AFO
    [DP]
    [CF1221F]Choose a Square
    关于博主(2)
    自我介绍( 并不?
    老年选手的复健之路
    CSP/NOIP 2019 游记
    CSP前模板复习
  • 原文地址:https://www.cnblogs.com/g-root/p/ffc3094f95b6aeade7ba1c504810926b.html
Copyright © 2011-2022 走看看