使用 kubeadm 在 CentOS 7 上安裝 kubernetes 1.7.3

1.準(zhǔn)備

準(zhǔn)備兩臺(tái) CentOS 7.3.1611 主機(jī)

1.1 系統(tǒng)配置

1.1.1 修改 hostname

hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2

1.1.2 修改 /etc/hosts

echo "10.211.55.51 k8s-node1" >> /etc/hosts
echo "10.211.55.52 k8s-node2" >> /etc/hosts

1.1.3 禁用防火墻

systemctl stop firewalld
systemctl disable firewalld

1.2 安裝 docker

2臺(tái)主機(jī)都要安裝

Docker versions 1.10.3, 1.11.2, 1.12.6 have been validated

目前 kubernetes 官方支持 docker 的最高版本為1.12.6,所以這里安裝 1.12.6 版本的 docker

1.2.1 Add the yum repo

sudo tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF

1.2.2 Install the Docker package

yum install -y docker-engine-1.12.6
systemctl enable docker && systemctl start docker

2.安裝 kubectl kubeadm kubelet

2臺(tái)主機(jī)都要安裝

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
        https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubectl  kubelet kubeadm

修改 /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
將 Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=systemd"
改為 Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"
systemctl enable kubelet && systemctl start kubelet

3.使用 kubeadm init 初始化集群

Note: - In order for Network Policy to work correctly, you need to pass --pod-network-cidr=192.168.0.0/16 to kubeadm init - Calico works on amd64 only.

這里因?yàn)槲覀冎笠褂?calico,所以需要 --pod-network-cidr 參數(shù)

kubeadm init --pod-network-cidr=192.168.0.0/16


[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.3
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks
[preflight] Starting the kubelet service
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [k8s-node1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.211.55.51]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[apiclient] Created API client, waiting for the control plane to become ready
[apiclient] All control plane components are healthy after 128.500975 seconds
[token] Using token: b5bdde.b6a3e93dbd76a535
[apiconfig] Created RBAC rules
[addons] Applied essential addon: kube-proxy
[addons] Applied essential addon: kube-dns

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run (as a regular user):

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  http://kubernetes.io/docs/admin/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join --token b5bdde.b6a3e93dbd76a535 10.211.55.51:6443

4.安裝 pod network

這里我們使用 calico

kubectl apply -f https://docs.projectcalico.org/v2.4/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml

configmap "calico-config" created
daemonset "calico-etcd" created
service "calico-etcd" created
daemonset "calico-node" created
deployment "calico-policy-controller" created
clusterrolebinding "calico-cni-plugin" created
clusterrole "calico-cni-plugin" created
serviceaccount "calico-cni-plugin" created
clusterrolebinding "calico-policy-controller" created
clusterrole "calico-policy-controller" created
serviceaccount "calico-policy-controller" created

kubectl get pods --all-namespaces

NAMESPACE     NAME                                       READY     STATUS    RESTARTS   AGE
kube-system   calico-etcd-twsf9                          1/1       Running   0          2h
kube-system   calico-node-nmbcp                          2/2       Running   0          2h
kube-system   calico-node-st191                          2/2       Running   0          2h
kube-system   calico-policy-controller-336633499-km08x   1/1       Running   0          2h
kube-system   etcd-k8s-node1                             1/1       Running   0          2h
kube-system   kube-apiserver-k8s-node1                   1/1       Running   0          2h
kube-system   kube-controller-manager-k8s-node1          1/1       Running   0          2h
kube-system   kube-dns-2425271678-01qzj                  3/3       Running   3          2h
kube-system   kube-proxy-6rk7f                           1/1       Running   0          2h
kube-system   kube-proxy-xbv0b                           1/1       Running   0          2h
kube-system   kube-scheduler-k8s-node1                   1/1       Running   0          2h

5.向 kubernetes 集群添加 node

kubeadm join --token 6161c7.47935395206b75fe 10.211.55.51:6443

[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[preflight] The system verification failed. Printing the output from the verification:
OS: Linux
KERNEL_VERSION: 3.10.0-514.el7.x86_64
CONFIG_NAMESPACES: enabled
CONFIG_NET_NS: enabled
CONFIG_PID_NS: enabled
CONFIG_IPC_NS: enabled
CONFIG_UTS_NS: enabled
CONFIG_CGROUPS: enabled
CONFIG_CGROUP_CPUACCT: enabled
CONFIG_CGROUP_DEVICE: enabled
CONFIG_CGROUP_FREEZER: enabled
CONFIG_CGROUP_SCHED: enabled
CONFIG_CPUSETS: enabled
CONFIG_MEMCG: enabled
CONFIG_INET: enabled
CONFIG_EXT4_FS: enabled (as module)
CONFIG_PROC_FS: enabled
CONFIG_NETFILTER_XT_TARGET_REDIRECT: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled (as module)
CONFIG_OVERLAY_FS: enabled (as module)
CONFIG_AUFS_FS: not set - Required for aufs.
CONFIG_BLK_DEV_DM: enabled (as module)
CGROUPS_CPU: enabled
CGROUPS_CPUACCT: enabled
CGROUPS_CPUSET: enabled
CGROUPS_DEVICES: enabled
CGROUPS_FREEZER: enabled
CGROUPS_MEMORY: enabled
[preflight] WARNING: docker service is not enabled, please run 'systemctl enable docker.service'
[preflight] Some fatal errors occurred:
    failed to get docker info: Cannot connect to the Docker daemon. Is the docker daemon running on this host?
    docker service is not active, please run 'systemctl start docker.service'
    /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`
[root@centos-7 ~]# systemctl enable docker && systemctl start docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@centos-7 ~]# kubeadm join --token 6161c7.47935395206b75fe 10.211.55.51:6443
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[discovery] Trying to connect to API Server "10.211.55.51:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.211.55.51:6443"
[discovery] Cluster info signature and contents are valid, will use API Server "https://10.211.55.51:6443"
[discovery] Successfully established connection with API Server "10.211.55.51:6443"
[bootstrap] Detected server version: v1.7.3
[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)
[csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request
[csr] Received signed certificate from the API server, generating KubeConfig...
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"

Node join complete:
* Certificate signing request sent to master and response
  received.
* Kubelet informed of new secure connection details.

Run 'kubectl get nodes' on the master to see this machine join.

參考

  • 使用kubeadm安裝Kubernetes 1.7
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容