K8s集群安装--最新版 Kubernetes 1.14.1
前言
网上有很多关于k8s安装的文章,但是我参照一些文章安装时碰到了不少坑。今天终于安装好了,故将一些关键点写下来与大家共享。
我安装是基于ss客户端的,鉴于ss有些敏感,故不做说明。
环境说明
Centos
cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
Docker
| hostname | ip | 环境说明 |
|---|---|---|
| k8master | 192.168.2.38 | 笔记本电脑 8G i3-5005U |
| node3 | 192.168.2.23 | exsi下 2G E3-1226 v3 |
代理设置
~/.bash_profile # 当前用户
/etc/profile # 系统级
在最后加入
export proxy="http://192.168.2.38:8118"
export http_proxy=$proxy
export https_proxy=$proxy
export ftp_proxy=$proxy
export no_proxy="localhost, 127.0.0.1, ::1"
source /etc/profile # 使生效
/etc/yum.conf
在最后加入
# Proxy
proxy=http://192.168.2.38:8118/
也可
echo "proxy=http://192.168.2.38:8118/" >> /etc/yum.conf
/etc/wgetrc
在最后加入
# Proxy
http_proxy=http://192.168.2.38:8118/
ftp_proxy=http://192.168.2.38:8118/
docker安装
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager
--add-repo
https://download.docker.com/linux/centos/docker-ce.repo
docker 设置代理
mkdir -p /etc/systemd/system/docker.service.d
nano /etc/systemd/system/docker.service.d/http-proxy.conf
# 添加
[Service]
Environment="HTTP_PROXY=http://192.168.2.38:8118/" "HTTPS_PROXY=http://192.168.2.38:8118/"
更新配置
systemctl daemon-reload
重启服务
systemctl restart docker
k8s安装
关闭swap
执行swapoff临时关闭swap。
swapoff -a
重启后会失效,若要永久关闭,可以编辑/etc/fstab文件,将其中swap分区一行注释掉
nano /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0
添加yum仓库
nano /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
关闭firewalld
systemctl stop firewalld
systemctl disable firewalld
关闭SELinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
修改sysctl内核参数
nano /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
sysctl --system
安装kubeadm, kubelet and kubectl
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable --now kubelet
拉取镜像
说明:执行kubeadm需配置docker代理才能访问gcr.io
kubeadm config images pull
安装pod网络插件
yum insatll flanneld
初始化集群master
kubeadm init --pod-network-cidr=10.244.0.0/16
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.2.38:6443 --token vxoj3n.5tiw4y9c4chppagz
--discovery-token-ca-cert-hash sha256:f844a1934f1ed2399468f7037bb8605c112eab89bcdf5a4dea9cbd89e6906261
记录并保存屏幕文字,后续worker节点将用到。
执行以下命令配置kubectl,作为普通用户管理集群并在集群上工作
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
获取pods列表
kubectl get pods --all-namespaces
查看集群的健康状态
kubectl get cs
worker节点加入
操作同master节点,直到初始化集群master这一步(worker节点不用初始化)
kubeadm join 192.168.2.38:6443 --token vxoj3n.5tiw4y9c4chppagz
--discovery-token-ca-cert-hash sha256:f844a1934f1ed2399468f7037bb8605c112eab89bcdf5a4dea9cbd89e6906261
然后等待几分钟
部署dashboard
注意项
获取登录dashboard的token
kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name |grep namespace)|grep token
kubernetes nodes notready的处理
systemctl restart docker