白话kubeadm安装K8S[集群](史上最K8S搭建教程)
sunican
帮助1人
前言
市面上很多k8s的安装工具,作为产品的设计者和推广者,K8S组织也知道自己的产品部署起来十分的困难,于是把开源爱好者写的工具kubeadmn收编为正规军,纳入到了自己的麾下。(关于kubeadm的博客,你可以看这篇《kubeadm探秘》)
为什么我们要用kubeadm来部署?因为kubeadm不仅直接相关的命令简单到只有两条,而且还可以放生产环境使用(这里有个前提,需要能很好的理解K8S的各个组件,处理好它们的关系,说人话就是能看得懂、玩得转)。
官方文档有中文教程,K8S最新版本1.26已经弃用了docker做自己的运行时,笔者还没有摸索出来怎么部署,这里就以老版本的1.18为例子来讲解
我的演示环境
系统:centos7.6
CPU:2核
内存:2G
最好是2核4G,20G硬盘,如果你想模拟更多的生产环境过程部署,比如jenkins、nginx、MySQL等,最好提升一下虚拟机配置,否则可能无法运行那么多的pod。
因为是演示环境,所以这里操作的是单节点。集群节点我会写备注
环境配置
[集群的node节点,这一步也需要执行]
-
# yum源改为阿里云
-
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
-
-
# vim配置
-
echo -e 'set paste
-
set expandtab
-
set ts=4' >> ~/.vimrc
-
-
# 一些工具
-
yum install net-tools vim telnet lsof -y
-
-
# k8s用阿里云源,这样速度快一些
-
echo '#k8s
-
[kubernetes]
-
name=Kubernetes
-
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
-
enabled=1
-
gpgcheck=0
-
'>/etc/yum.repos.d/kubernetes.repo
-
-
#
-
setenforce 0
-
sed -i 's/SELINUX=enforc.*/SELINUX=disabled/g' /etc/selinux/config
-
cat <<EOF > /etc/sysctl.d/k8s.conf
-
net.bridge.bridge-nf-call-ip6tables = 1
-
net.bridge.bridge-nf-call-iptables = 1
-
EOF
-
sysctl --system
-
-
# 关闭swap
-
swapoff -a
-
sed -ri 's/.*swap.*/#&/' /etc/fstab
-
free -m |grep Swap
-
# 关闭防火墙
-
systemctl stop firewalld && systemctl disable firewalld
部署 docker [集群的node节点,这一步也需要执行]
-
yum install -y yum-utils device-mapper-persistent-data lvm2
-
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
-
yum install -y docker-ce docker-ce-cli containerd.io
-
mkdir /etc/docker
-
cat > /etc/docker/daemon.json <<EOF
-
{
-
"registry-mirrors": ["https://6ijb8ubo.mirror.aliyuncs.com"],
-
"exec-opts": ["native.cgroupdriver=systemd"],
-
"log-driver": "json-file",
-
"log-opts": {
-
"max-size": "100m"
-
}
-
}
-
EOF
-
-
systemctl daemon-reload
-
systemctl restart docker.service
-
systemctl enable docker.service
-
docker info | grep "Cgroup Driver"
部署kubeadm
[集群的node节点,这一步也需要执行]
-
yum install -y kubelet-1.18.2 kubeadm-1.18.2 kubectl-1.18.2
-
systemctl enable kubelet && systemctl start kubelet
-
-
#查看需要依赖的镜像版本
-
kubeadm config images list
kubeadm 部署的时候默认从k8s.gcr.io拉取镜像,对于国内用户来说要么速度慢,要么无法下载,换成阿里云的镜像,如何换?笔者猜kubeadm理论上是调用了"docker pull"命令,那么就跟自己手动没什么区别。
-
# 通过这个命令可以获取到需要拉取的镜像名称
-
kubeadm config images list | awk -F'/' '/k8s.gcr.io/{print $2}'
-
cat > ~/pull_image.sh <<EOF
-
#!/bin/bash
-
for imageName in \$(kubeadm config images list | awk -F'/' '/k8s.gcr.io/{print \$2}') ; do
-
docker pull registry.cn-hangzhou.aliyuncs.com/谷歌_containers/\${imageName}
-
docker tag registry.cn-hangzhou.aliyuncs.com/谷歌_containers/\${imageName} k8s.gcr.io/\${imageName}
-
docker rmi registry.cn-hangzhou.aliyuncs.com/谷歌_containers/\${imageName}
-
done
-
EOF
看下已经拉取下来的镜像,k8s.gcr.io开头的都是刚刚拉取的镜像文件
kubeadm初始化 master
-
# kubeadm config print init-defaults > /opt/kubeadm-config.yaml
-
kubeadm init --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.18.2 2>&1 | tee kubeadm-init.log
这执行真一步的时候我遇到了报错,
-
[init] Using Kubernetes version: v1.18.2
-
[preflight] Running pre-flight checks
-
[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
-
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 23.0.1. Latest validated version: 19.03
-
[preflight] Pulling images required for setting up a Kubernetes cluster
-
[preflight] This might take a minute or two, depending on the speed of your internet connection
-
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
-
error execution phase preflight: [preflight] Some fatal errors occurred:
-
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.18.2: output: Error response from daemon: Get "https://k8s.gcr.io/v2/": dial tcp 142.250.157.82:443: i/o timeout
-
, error: exit status 1
-
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.18.2: output: Error response from daemon: Get "https://k8s.gcr.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
-
, error: exit status 1
-
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.18.2: output: Error response from daemon: Get "https://k8s.gcr.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
-
, error: exit status 1
-
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.18.2: output: Error response from daemon: Get "https://k8s.gcr.io/v2/": dial tcp 142.250.157.82:443: i/o timeout
-
, error: exit status 1
-
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
-
To see the stack trace of this error execute with --v=5 or higher
如果你到这里也报错了,请看上面截图的输出,kube.*组件版本号是不是也是v1.18.20?如果是的话,我感觉这里可能是正则匹配的问题, kubeadm出错了,没关系,手动tag一下把镜像改为1.18.2即可,就可以走通了。
接着往下:
-
mkdir -p $HOME/.kube
-
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
-
sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
kubectl get pod -A # 即可看到pod启动了
查看组件状态
kubectl get componentstatuses部署网络组件
为什么有pod状态为pending?这个是因为网络组件没有安装。
-
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
-
# 下载之后本地执行命令, 虚拟机无法下载的话,翻墙浏览器打开URL
-
kubectl apply -f kube-flannel.yml
不能下载的话,可以复制下面的内容
-
---
-
kind: Namespace
-
apiVersion: v1
-
metadata:
-
name: kube-flannel
-
labels:
-
pod-security.kubernetes.io/enforce: privileged
-
---
-
kind: ClusterRole
-
apiVersion: rbac.authorization.k8s.io/v1
-
metadata:
-
name: flannel
-
rules:
-
- apiGroups:
-
- ""
-
resources:
-
- pods
-
verbs:
-
- get
-
- apiGroups:
-
- ""
-
resources:
-
- nodes
-
verbs:
-
- get
-
- list
-
- watch
-
- apiGroups:
-
- ""
-
resources:
-
- nodes/status
-
verbs:
-
- patch
-
- apiGroups:
-
- "networking.k8s.io"
-
resources:
-
- clustercidrs
-
verbs:
-
- list
-
- watch
-
---
-
kind: ClusterRoleBinding
-
apiVersion: rbac.authorization.k8s.io/v1
-
metadata:
-
name: flannel
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: ClusterRole
-
name: flannel
-
subjects:
-
- kind: ServiceAccount
-
name: flannel
-
namespace: kube-flannel
-
---
-
apiVersion: v1
-
kind: ServiceAccount
-
metadata:
-
name: flannel
-
namespace: kube-flannel
-
---
-
kind: ConfigMap
-
apiVersion: v1
-
metadata:
-
name: kube-flannel-cfg
-
namespace: kube-flannel
-
labels:
-
tier: node
-
app: flannel
-
data:
-
cni-conf.json: |
-
{
-
"name": "cbr0",
-
"cniVersion": "0.3.1",
-
"plugins": [
-
{
-
"type": "flannel",
-
"delegate": {
-
"hairpinMode": true,
-
"isDefaultGateway": true
-
}
-
},
-
{
-
"type": "portmap",
-
"capabilities": {
-
"portMappings": true
-
}
-
}
-
]
-
}
-
net-conf.json: |
-
{
-
"Network": "10.244.0.0/16",
-
"Backend": {
-
"Type": "vxlan"
-
}
-
}
-
---
-
apiVersion: apps/v1
-
kind: DaemonSet
-
metadata:
-
name: kube-flannel-ds
-
namespace: kube-flannel
-
labels:
-
tier: node
-
app: flannel
-
spec:
-
selector:
-
matchLabels:
-
app: flannel
-
template:
-
metadata:
-
labels:
-
tier: node
-
app: flannel
-
spec:
-
affinity:
-
nodeAffinity:
-
requiredDuringSchedulingIgnoredDuringExecution:
-
nodeSelectorTerms:
-
- matchExpressions:
-
- key: kubernetes.io/os
-
operator: In
-
values:
-
- linux
-
hostNetwork: true
-
priorityClassName: system-node-critical
-
tolerations:
-
- operator: Exists
-
effect: NoSchedule
-
serviceAccountName: flannel
-
initContainers:
-
- name: install-cni-plugin
-
image: docker.io/flannel/flannel-cni-plugin:v1.1.2
-
#image: docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.2
-
command:
-
- cp
-
args:
-
- -f
-
- /flannel
-
- /opt/cni/bin/flannel
-
volumeMounts:
-
- name: cni-plugin
-
mountPath: /opt/cni/bin
-
- name: install-cni
-
image: docker.io/flannel/flannel:v0.21.2
-
#image: docker.io/rancher/mirrored-flannelcni-flannel:v0.21.2
-
command:
-
- cp
-
args:
-
- -f
-
- /etc/kube-flannel/cni-conf.json
-
- /etc/cni/net.d/10-flannel.conflist
-
volumeMounts:
-
- name: cni
-
mountPath: /etc/cni/net.d
-
- name: flannel-cfg
-
mountPath: /etc/kube-flannel/
-
containers:
-
- name: kube-flannel
-
image: docker.io/flannel/flannel:v0.21.2
-
#image: docker.io/rancher/mirrored-flannelcni-flannel:v0.21.2
-
command:
-
- /opt/bin/flanneld
-
args:
-
- --ip-masq
-
- --kube-subnet-mgr
-
resources:
-
requests:
-
cpu: "100m"
-
memory: "50Mi"
-
securityContext:
-
privileged: false
-
capabilities:
-
add: ["NET_ADMIN", "NET_RAW"]
-
env:
-
- name: POD_NAME
-
valueFrom:
-
fieldRef:
-
fieldPath: metadata.name
-
- name: POD_NAMESPACE
-
valueFrom:
-
fieldRef:
-
fieldPath: metadata.namespace
-
- name: EVENT_QUEUE_DEPTH
-
value: "5000"
-
volumeMounts:
-
- name: run
-
mountPath: /run/flannel
-
- name: flannel-cfg
-
mountPath: /etc/kube-flannel/
-
- name: xtables-lock
-
mountPath: /run/xtables.lock
-
volumes:
-
- name: run
-
hostPath:
-
path: /run/flannel
-
- name: cni-plugin
-
hostPath:
-
path: /opt/cni/bin
-
- name: cni
-
hostPath:
-
path: /etc/cni/net.d
-
- name: flannel-cfg
-
configMap:
-
name: kube-flannel-cfg
-
- name: xtables-lock
-
hostPath:
-
path: /run/xtables.lock
-
type: FileOrCreate
这个时候各节点就正常了
加入node节点
打开之前的文件 $HOME/.kube/config,放到node节点相同的位置
-
# 将主节点的内容拷贝一下,粘贴到下面的文件
-
vi ~/.kube/config
-
-
# 去主节点查看 kubeadm-init.log 内容,重点是最后的一行
-
kubeadm join 172.16.11.23:6443 --token hwrdb3.qnjvvmgi3mose4ts --discovery-token-ca-cert-hash sha256:a26c63dab6c5936041c5aade8ef7e7d99f91ee4723b476e1fbda39153ae6a58b
FAQ
-
pod coredns 状态异常
答:检查一下firewalld状态 "systemctl status firewalld.service",看看是不是之前的步骤中,忘记了执行关闭防火墙这一步。
-
node节点显示NotReady,并且describe之后显示:Node node06 status is now: NodeHasSufficientPID
答:检查一下,node节点要执行的步骤是否有遗漏操作,导致node节点没有docker镜像。你可以通过命令"docker images"来检查。
欢迎小伙伴就部署中碰到的问题与我交流
你可能会想看这些文章
这篇好文章是转载于:学新通技术网
- 版权申明: 本站部分内容来自互联网,仅供学习及演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,请提供相关证据及您的身份证明,我们将在收到邮件后48小时内删除。
- 本站站名: 学新通技术网
- 本文地址: /boutique/detail/tanhibckhi
系列文章
更多
同类精品
更多
-
photoshop保存的图片太大微信发不了怎么办
PHP中文网 06-15 -
word里面弄一个表格后上面的标题会跑到下面怎么办
PHP中文网 06-20 -
photoshop扩展功能面板显示灰色怎么办
PHP中文网 06-14 -
《学习通》视频自动暂停处理方法
HelloWorld317 07-05 -
TikTok加速器哪个好免费的TK加速器推荐
TK小达人 10-01 -
Android 11 保存文件到外部存储,并分享文件
Luke 10-12 -
微信公众号没有声音提示怎么办
PHP中文网 03-31 -
excel下划线不显示怎么办
PHP中文网 06-23 -
excel打印预览压线压字怎么办
PHP中文网 06-22 -
微信运动停用后别人还能看到步数吗
PHP中文网 07-22
