kubeadm 快速部署K8S集群

1.1 安裝kubeadm環(huán)境準(zhǔn)備

1.1.1 環(huán)境需求

環(huán)境:centos 7.4 +
硬件需求:CPU>=2c ,內(nèi)存>=2G

1.1.2 環(huán)境機器列表

ip role software 備注
192.168.165.198 k8s-master kube-apiserver kube-schduler kube-controller-manager docker flannel kubelet
192.168.165.192 k8s-node2 kubelet kube-proxy docker flannel
192.168.165.193 k8s-node3 kubelet kube-proxy docker flannel
192.168.165.194 k8s-node4 kubelet kube-proxy docker flannel

1.1.3 環(huán)境初始化

  1. 關(guān)閉防火墻及selinux

注意:所有節(jié)點都要執(zhí)行

[root@localhost ~]# systemctl stop firewalld && systemctl disable firewalld
[root@localhost ~]#  sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config  && setenforce 0
setenforce: SELinux is disabled
  1. 關(guān)閉swap分區(qū)

注意:所有節(jié)點都要執(zhí)行

[root@localhost ~]# swapoff -a
[root@localhost ~]# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
  1. 分別在各個節(jié)點上設(shè)置主機名及配置hosts
[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.165.198 k8s-master
192.168.165.192 k8s-node2
192.168.165.193 k8s-node3
192.168.165.194 k8s-node4
  1. 內(nèi)核調(diào)整,將橋接的IPv4流量傳遞到iptables的鏈
[root@localhost ~]# cat > /etc/sysctl.d/k8s.conf << EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@localhost ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
* Applying /etc/sysctl.conf ...
  1. 設(shè)置系統(tǒng)時區(qū)并同步時間服務(wù)器
[root@localhost ~]# yum install -y ntpdate
已加載插件:fastestmirror
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                                                                        
extras                                                                                                                      
updates                                                                                                                     
(1/4): base/7/x86_64/group_gz                                                                                               
(2/4): extras/7/x86_64/primary_db                                                                                           
(3/4): base/7/x86_64/primary_db                                                                                             
(4/4): updates/7/x86_64/primary_db                                                                                          
正在解決依賴關(guān)系
--> 正在檢查事務(wù)
---> 軟件包 ntpdate.x86_64.0.4.2.6p5-29.el7.centos.2 將被 安裝
--> 解決依賴關(guān)系完成

依賴關(guān)系解決

============================================================================================================================
 Package                                                      架構(gòu)                                                        版
============================================================================================================================
正在安裝:
 ntpdate                                                      x86_64                                                      4.

事務(wù)概要
============================================================================================================================
安裝  1 軟件包

總下載量:87 k
安裝大?。?21 k
Downloading packages:
警告:/var/cache/yum/x86_64/7/base/packages/ntpdate-4.2.6p5-29.el7.centos.2.x86_64.rpm: 頭V3 RSA/SHA256 Signature, 密鑰 ID f
ntpdate-4.2.6p5-29.el7.centos.2.x86_64.rpm 的公鑰尚未安裝
ntpdate-4.2.6p5-29.el7.centos.2.x86_64.rpm                                                                                  
從 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 檢索密鑰
導(dǎo)入 GPG key 0xF4A80EB5:
 用戶ID     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 指紋       : 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 軟件包     : centos-release-7-6.1810.2.el7.centos.x86_64 (@anaconda)
 來自       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安裝    : ntpdate-4.2.6p5-29.el7.centos.2.x86_64                                                                      
  驗證中      : ntpdate-4.2.6p5-29.el7.centos.2.x86_64                                                                      

已安裝:
  ntpdate.x86_64 0:4.2.6p5-29.el7.centos.2                                                                                  

完畢!
[root@localhost ~]# ntpdate time.windows.com
 4 Aug 17:13:02 ntpdate[17303]: adjust time server 20.189.79.72 offset -0.018538 sec

1.1.4 docker安裝

如果沒安裝wget,需要安裝yum install -y wget

[root@localhost ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
--2021-08-04 17:21:14--  https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
正在解析主機 mirrors.aliyun.com (mirrors.aliyun.com)... 113.96.109.93, 59.53.162.242, 124.225.134.243, ...
正在連接 mirrors.aliyun.com (mirrors.aliyun.com)|113.96.109.93|:443... 已連接。
已發(fā)出 HTTP 請求,正在等待回應(yīng)... 200 OK
長度:2081 (2.0K) [application/octet-stream]
正在保存至: “/etc/yum.repos.d/docker-ce.repo”

100%[=======================================================================================================================

2021-08-04 17:21:15 (154 MB/s) - 已保存 “/etc/yum.repos.d/docker-ce.repo” [2081/2081])

[root@localhost ~]# yum -y install docker-ce-18.06.1.ce-3.el7
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
docker-ce-stable                                                                                                            
(1/2): docker-ce-stable/7/x86_64/primary_db                                                                                 
(2/2): docker-ce-stable/7/x86_64/updateinfo                                                                                 
正在解決依賴關(guān)系
--> 正在檢查事務(wù)
---> 軟件包 docker-ce.x86_64.0.18.06.1.ce-3.el7 將被 安裝
--> 正在處理依賴關(guān)系 container-selinux >= 2.9,它被軟件包 docker-ce-18.06.1.ce-3.el7.x86_64 需要
--> 正在處理依賴關(guān)系 libcgroup,它被軟件包 docker-ce-18.06.1.ce-3.el7.x86_64 需要
--> 正在檢查事務(wù)
---> 軟件包 container-selinux.noarch.2.2.119.2-1.911c772.el7_8 將被 安裝
--> 正在處理依賴關(guān)系 policycoreutils-python,它被軟件包 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 需要
---> 軟件包 libcgroup.x86_64.0.0.41-21.el7 將被 安裝
--> 正在檢查事務(wù)
---> 軟件包 policycoreutils-python.x86_64.0.2.5-34.el7 將被 安裝
--> 正在處理依賴關(guān)系 policycoreutils = 2.5-34.el7,它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 setools-libs >= 3.3.8-4,它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 libsemanage-python >= 2.5-14,它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 audit-libs-python >= 2.1.3-4,它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 python-IPy,它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 libqpol.so.1(VERS_1.4)(64bit),它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 libqpol.so.1(VERS_1.2)(64bit),它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 libapol.so.4(VERS_4.0)(64bit),它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 checkpolicy,它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 libqpol.so.1()(64bit),它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在處理依賴關(guān)系 libapol.so.4()(64bit),它被軟件包 policycoreutils-python-2.5-34.el7.x86_64 需要
--> 正在檢查事務(wù)
---> 軟件包 audit-libs-python.x86_64.0.2.8.5-4.el7 將被 安裝
--> 正在處理依賴關(guān)系 audit-libs(x86-64) = 2.8.5-4.el7,它被軟件包 audit-libs-python-2.8.5-4.el7.x86_64 需要
---> 軟件包 checkpolicy.x86_64.0.2.5-8.el7 將被 安裝
---> 軟件包 libsemanage-python.x86_64.0.2.5-14.el7 將被 安裝
---> 軟件包 policycoreutils.x86_64.0.2.5-29.el7 將被 升級
---> 軟件包 policycoreutils.x86_64.0.2.5-34.el7 將被 更新
---> 軟件包 python-IPy.noarch.0.0.75-6.el7 將被 安裝
---> 軟件包 setools-libs.x86_64.0.3.3.8-4.el7 將被 安裝
--> 正在檢查事務(wù)
---> 軟件包 audit-libs.x86_64.0.2.8.4-4.el7 將被 升級
--> 正在處理依賴關(guān)系 audit-libs(x86-64) = 2.8.4-4.el7,它被軟件包 audit-2.8.4-4.el7.x86_64 需要
---> 軟件包 audit-libs.x86_64.0.2.8.5-4.el7 將被 更新
--> 正在檢查事務(wù)
---> 軟件包 audit.x86_64.0.2.8.4-4.el7 將被 升級
---> 軟件包 audit.x86_64.0.2.8.5-4.el7 將被 更新
--> 解決依賴關(guān)系完成

依賴關(guān)系解決

============================================================================================================================
 Package                                                             架構(gòu)                                                版本
============================================================================================================================
正在安裝:
 docker-ce                                                           x86_64                                              18.
為依賴而安裝:
 audit-libs-python                                                   x86_64                                              2.8
 checkpolicy                                                         x86_64                                              2.5
 container-selinux                                                   noarch                                              2:2
 libcgroup                                                           x86_64                                              0.4
 libsemanage-python                                                  x86_64                                              2.5
 policycoreutils-python                                              x86_64                                              2.5
 python-IPy                                                          noarch                                              0.7
 setools-libs                                                        x86_64                                              3.3
為依賴而更新:
 audit                                                               x86_64                                              2.8
 audit-libs                                                          x86_64                                              2.8
 policycoreutils                                                     x86_64                                              2.5

事務(wù)概要
============================================================================================================================
安裝  1 軟件包 (+8 依賴軟件包)
升級           ( 3 依賴軟件包)

總下載量:44 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/12): container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm                                                                
(2/12): audit-libs-2.8.5-4.el7.x86_64.rpm                                                                                   
(3/12): audit-libs-python-2.8.5-4.el7.x86_64.rpm                                                                            
(4/12): audit-2.8.5-4.el7.x86_64.rpm                                                                                        
(5/12): libcgroup-0.41-21.el7.x86_64.rpm                                                                                    
(6/12): libsemanage-python-2.5-14.el7.x86_64.rpm                                                                            
(7/12): python-IPy-0.75-6.el7.noarch.rpm                                                                                    
(8/12): policycoreutils-python-2.5-34.el7.x86_64.rpm                                                                        
(9/12): checkpolicy-2.5-8.el7.x86_64.rpm                                                                                    
(10/12): setools-libs-3.3.8-4.el7.x86_64.rpm                                                                                
(11/12): policycoreutils-2.5-34.el7.x86_64.rpm                                                                              
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-18.06.1.ce-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signa
docker-ce-18.06.1.ce-3.el7.x86_64.rpm 的公鑰尚未安裝
(12/12): docker-ce-18.06.1.ce-3.el7.x86_64.rpm                                                                              
----------------------------------------------------------------------------------------------------------------------------
總計                                                                                                                        
從 https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 檢索密鑰
導(dǎo)入 GPG key 0x621E9F35:
 用戶ID     : "Docker Release (CE rpm) <docker@docker.com>"
 指紋       : 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
 來自       : https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在更新    : audit-libs-2.8.5-4.el7.x86_64                                                                               
  正在更新    : policycoreutils-2.5-34.el7.x86_64                                                                           
  正在安裝    : libcgroup-0.41-21.el7.x86_64                                                                                
  正在安裝    : audit-libs-python-2.8.5-4.el7.x86_64                                                                        
  正在安裝    : setools-libs-3.3.8-4.el7.x86_64                                                                             
  正在安裝    : checkpolicy-2.5-8.el7.x86_64                                                                                
  正在安裝    : python-IPy-0.75-6.el7.noarch                                                                                
  正在安裝    : libsemanage-python-2.5-14.el7.x86_64                                                                        
  正在安裝    : policycoreutils-python-2.5-34.el7.x86_64                                                                    
  正在安裝    : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch                                                          
setsebool:  SELinux is disabled.
  正在安裝    : docker-ce-18.06.1.ce-3.el7.x86_64                                                                           
  正在更新    : audit-2.8.5-4.el7.x86_64                                                                                    
  清理        : policycoreutils-2.5-29.el7.x86_64                                                                           
  清理        : audit-2.8.4-4.el7.x86_64                                                                                    
  清理        : audit-libs-2.8.4-4.el7.x86_64                                                                               
  驗證中      : audit-libs-2.8.5-4.el7.x86_64                                                                               
  驗證中      : audit-2.8.5-4.el7.x86_64                                                                                    
  驗證中      : docker-ce-18.06.1.ce-3.el7.x86_64                                                                           
  驗證中      : libsemanage-python-2.5-14.el7.x86_64                                                                        
  驗證中      : policycoreutils-2.5-34.el7.x86_64                                                                           
  驗證中      : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch                                                          
  驗證中      : python-IPy-0.75-6.el7.noarch                                                                                
  驗證中      : checkpolicy-2.5-8.el7.x86_64                                                                                
  驗證中      : policycoreutils-python-2.5-34.el7.x86_64                                                                    
  驗證中      : audit-libs-python-2.8.5-4.el7.x86_64                                                                        
  驗證中      : setools-libs-3.3.8-4.el7.x86_64                                                                             
  驗證中      : libcgroup-0.41-21.el7.x86_64                                                                                
  驗證中      : policycoreutils-2.5-29.el7.x86_64                                                                           
  驗證中      : audit-libs-2.8.4-4.el7.x86_64                                                                               
  驗證中      : audit-2.8.4-4.el7.x86_64                                                                                    

已安裝:
  docker-ce.x86_64 0:18.06.1.ce-3.el7                                                                                       

作為依賴被安裝:
  audit-libs-python.x86_64 0:2.8.5-4.el7     checkpolicy.x86_64 0:2.5-8.el7        container-selinux.noarch 2:2.119.2-1.911c
  python-IPy.noarch 0:0.75-6.el7             setools-libs.x86_64 0:3.3.8-4.el7    

作為依賴被升級:
  audit.x86_64 0:2.8.5-4.el7                                                        audit-libs.x86_64 0:2.8.5-4.el7         

完畢!
[root@localhost ~]#  systemctl enable docker && systemctl start docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@localhost ~]# docker --version
Docker version 18.06.1-ce, build e68fc7a

1.1.5 添加kubernetes YUM軟件源

[root@localhost ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package
> EOF

1.1.6 安裝kubeadm,kubelet和kubectl

[root@localhost ~]# yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
kubernetes                                                                                                                  
kubernetes/primary                                                                                                          
kubernetes                                                                                                                  
正在解決依賴關(guān)系
--> 正在檢查事務(wù)
---> 軟件包 kubeadm.x86_64.0.1.15.0-0 將被 安裝
--> 正在處理依賴關(guān)系 kubernetes-cni >= 0.7.5,它被軟件包 kubeadm-1.15.0-0.x86_64 需要
--> 正在處理依賴關(guān)系 cri-tools >= 1.11.0,它被軟件包 kubeadm-1.15.0-0.x86_64 需要
---> 軟件包 kubectl.x86_64.0.1.15.0-0 將被 安裝
---> 軟件包 kubelet.x86_64.0.1.15.0-0 將被 安裝
--> 正在處理依賴關(guān)系 socat,它被軟件包 kubelet-1.15.0-0.x86_64 需要
--> 正在處理依賴關(guān)系 conntrack,它被軟件包 kubelet-1.15.0-0.x86_64 需要
--> 正在檢查事務(wù)
---> 軟件包 conntrack-tools.x86_64.0.1.4.4-7.el7 將被 安裝
--> 正在處理依賴關(guān)系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.1)(64bit),它被軟件包 conntrack-tools-1.4.4-7.el7.
--> 正在處理依賴關(guān)系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.0)(64bit),它被軟件包 conntrack-tools-1.4.4-7.el7.
--> 正在處理依賴關(guān)系 libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0)(64bit),它被軟件包 conntrack-tools-1.4.4-7.el7.x8
--> 正在處理依賴關(guān)系 libnetfilter_queue.so.1()(64bit),它被軟件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在處理依賴關(guān)系 libnetfilter_cttimeout.so.1()(64bit),它被軟件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
--> 正在處理依賴關(guān)系 libnetfilter_cthelper.so.0()(64bit),它被軟件包 conntrack-tools-1.4.4-7.el7.x86_64 需要
---> 軟件包 cri-tools.x86_64.0.1.13.0-0 將被 安裝
---> 軟件包 kubernetes-cni.x86_64.0.0.8.7-0 將被 安裝
---> 軟件包 socat.x86_64.0.1.7.3.2-2.el7 將被 安裝
--> 正在檢查事務(wù)
---> 軟件包 libnetfilter_cthelper.x86_64.0.1.0.0-11.el7 將被 安裝
---> 軟件包 libnetfilter_cttimeout.x86_64.0.1.0.0-7.el7 將被 安裝
---> 軟件包 libnetfilter_queue.x86_64.0.1.0.2-2.el7_2 將被 安裝
--> 解決依賴關(guān)系完成

依賴關(guān)系解決

============================================================================================================================
 Package                                                                  架構(gòu)                                              
============================================================================================================================
正在安裝:
 kubeadm                                                                  x86_64                                            
 kubectl                                                                  x86_64                                            
 kubelet                                                                  x86_64                                            
為依賴而安裝:
 conntrack-tools                                                          x86_64                                            
 cri-tools                                                                x86_64                                            
 kubernetes-cni                                                           x86_64                                            
 libnetfilter_cthelper                                                    x86_64                                            
 libnetfilter_cttimeout                                                   x86_64                                            
 libnetfilter_queue                                                       x86_64                                            
 socat                                                                    x86_64                                            

事務(wù)概要
============================================================================================================================
安裝  3 軟件包 (+7 依賴軟件包)

總下載量:64 M
安裝大?。?71 M
Downloading packages:
(1/10): conntrack-tools-1.4.4-7.el7.x86_64.rpm                                                                              
(2/10): 14bfe6e75a9efc8eca3f638eb22c7e2ce759c67f95b43b16fae4ebabde1549f3-cri-tools-1.13.0-0.x86_64.rpm                      
(3/10): 7143f62ad72a1eb1849d5c1e9490567d405870d2c00ab2b577f1f3bdf9f547ba-kubeadm-1.15.0-0.x86_64.rpm                        
(4/10): 3d5dd3e6a783afcd660f9954dec3999efa7e498cac2c14d63725fafa1b264f14-kubectl-1.15.0-0.x86_64.rpm                        
(5/10): libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm                                                                       
(6/10): libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm                                                                         
(7/10): libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm                                                                       
(8/10): socat-1.7.3.2-2.el7.x86_64.rpm                                                                                      
(9/10): 557c2f4e11a3ab262c72a52d240f2f440c63f539911ff5e05237904893fc36bb-kubelet-1.15.0-0.x86_64.rpm                        
(10/10): db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1876bb18604ad-kubernetes-cni-0.8.7-0.x86_64.rpm                 
----------------------------------------------------------------------------------------------------------------------------
總計                                                                                                                        
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安裝    : libnetfilter_cttimeout-1.0.0-7.el7.x86_64                                                                   
  正在安裝    : socat-1.7.3.2-2.el7.x86_64                                                                                  
  正在安裝    : kubectl-1.15.0-0.x86_64                                                                                     
  正在安裝    : cri-tools-1.13.0-0.x86_64                                                                                   
  正在安裝    : libnetfilter_queue-1.0.2-2.el7_2.x86_64                                                                     
  正在安裝    : libnetfilter_cthelper-1.0.0-11.el7.x86_64                                                                   
  正在安裝    : conntrack-tools-1.4.4-7.el7.x86_64                                                                          
  正在安裝    : kubernetes-cni-0.8.7-0.x86_64                                                                               
  正在安裝    : kubelet-1.15.0-0.x86_64                                                                                     
  正在安裝    : kubeadm-1.15.0-0.x86_64                                                                                     
  驗證中      : libnetfilter_cthelper-1.0.0-11.el7.x86_64                                                                   
  驗證中      : kubeadm-1.15.0-0.x86_64                                                                                     
  驗證中      : kubernetes-cni-0.8.7-0.x86_64                                                                               
  驗證中      : kubelet-1.15.0-0.x86_64                                                                                     
  驗證中      : libnetfilter_queue-1.0.2-2.el7_2.x86_64                                                                     
  驗證中      : cri-tools-1.13.0-0.x86_64                                                                                   
  驗證中      : kubectl-1.15.0-0.x86_64                                                                                     
  驗證中      : socat-1.7.3.2-2.el7.x86_64                                                                                  
  驗證中      : libnetfilter_cttimeout-1.0.0-7.el7.x86_64                                                                   
  驗證中      : conntrack-tools-1.4.4-7.el7.x86_64                                                                          

已安裝:
  kubeadm.x86_64 0:1.15.0-0                                                              kubectl.x86_64 0:1.15.0-0          

作為依賴被安裝:
  conntrack-tools.x86_64 0:1.4.4-7.el7 cri-tools.x86_64 0:1.13.0-0 kubernetes-cni.x86_64 0:0.8.7-0 libnetfilter_cthelper.x86

完畢!
[root@localhost ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service

2.1 部署Kubernetes Master

master初始化

[root@k8s-master ~]# kubeadm init --apiserver-advertise-address=192.168.165.198 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.15.0 --service-cidr=10.1.0.0/16
[init] Using Kubernetes version: v1.15.0
[preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'

報錯了,出現(xiàn)[WARNING IsDockerSystemdCheck],是由于docker的Cgroup Driver和kubelet的Cgroup Driver不一致導(dǎo)致的,此處選擇修改docker的和kubelet一致

編輯文件/usr/lib/systemd/system/docker.service, 修改ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd


[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
# ExecStart=/usr/bin/dockerd
ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

重啟docker,可以看到docker info | grep Cgroup的輸出變成了systemd

[root@k8s-master ~]# docker info | grep Cgroup
Cgroup Driver: cgroupfs
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart docker
[root@k8s-master ~]# vi /usr/lib/systemd/system/docker.service
[root@k8s-master ~]# vi /usr/lib/systemd/system/docker.service
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart docker
[root@k8s-master ~]# docker info | grep Cgroup
Cgroup Driver: systemd

再次執(zhí)行,可以看到已經(jīng)執(zhí)行成功

[root@k8s-master ~]# kubeadm init --apiserver-advertise-address=192.168.165.198 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.15.0 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.15.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.165.198 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.165.198 127.0.0.1 ::1]
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.1.0.1 192.168.165.198]
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 15.005161 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.15" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s-master as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node k8s-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 283bmn.5s8oey15nquac4mw
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.165.198:6443 --token 283bmn.5s8oey15nquac4mw \
    --discovery-token-ca-cert-hash sha256:b4e5d42f49230d88eeed7f7af3c49d6f2f3d1c1146df1640545636e8490e3175 
[root@k8s-master ~]#

根據(jù)提示操作,如果需要回退init,可以kubeadm reset,同時要刪除$HOME/.kube/config和/var/lib/etcd,再次執(zhí)行kubeadm init即可

[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@k8s-master ~]#

在其他子節(jié)點執(zhí)行下面命令即可加入集群,如果執(zhí)行出錯,可以加上 --v=2查看具體報錯信息

[root@k8s-node3 ~]# kubeadm join 192.168.165.198:6443 --token m8x4sa.ohcpv36ddk5dlivb   --discovery-token-ca-cert-hash sha256:98aa44463bafe37f911b91d87b550574ef255ad665ffa62b23ebe71cd65a6519
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@k8s-node3 ~]#

添加完節(jié)點后,可以通過kubectl get node查看當(dāng)前節(jié)點,發(fā)現(xiàn)報錯了,原因:kubernetes master沒有與本機綁定,集群初始化的時候沒有綁定,此時設(shè)置在本機的環(huán)境變量即可解決問題,如果在其他節(jié)點也出現(xiàn)了同樣的報錯,可以將/etc/kubernetes/admin.conf通過scp復(fù)制到其他節(jié)點,再設(shè)置環(huán)境變量即可解決

[root@k8s-master ~]# kubectl  get node
The connection to the server localhost:8080 was refused - did you specify the right host or port?

[root@k8s-master ~]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile 
[root@k8s-master ~]# source /etc/profile
[root@k8s-master ~]# kubectl  get node
NAME         STATUS     ROLES    AGE   VERSION
k8s-master   NotReady   master   13h   v1.15.0

安裝網(wǎng)絡(luò)插件

只需要在master安裝

[root@k8s-master ~]# wget https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml
[root@k8s-master ~]# ps -ef|grep flannel
root       913   890  0 14:22 ?        00:00:01 /opt/bin/flanneld --ip-masq --kube-subnet-mgr
root     10725 16706  0 14:42 pts/0    00:00:00 grep --color=auto flannel

到此位置,搭建已完成

測試k8s集群

root@k8s-master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@k8s-master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed

[root@k8s-master ~]# kubectl get pods,svc
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-554b9c67f9-pnc5g   1/1     Running   0          4m26s

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.1.0.1     <none>        443/TCP        18h
service/nginx        NodePort    10.1.1.157   <none>        80:30755/TCP   4m8s
[root@k8s-master ~]# curl http://192.168.165.198:30755
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a >nginx.org</a>.<br/>
Commercial support is available at
<a >nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

如上所示,已經(jīng)能訪問到nginx了

PS:由于在之前,我漏掉了一個步驟,沒有指定--pod-network-cidr=10.244.0.0/16,導(dǎo)致安裝flannel持續(xù)報錯,花費好多時間查找

[root@k8s-master ~]# kubeadm init --apiserver-advertise-address=192.168.165.198 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.15.0 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16

如果未指定--pod-network-cidr=10.244.0.0/16,則會出現(xiàn)下列報錯

[root@k8s-master ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                 READY   STATUS              RESTARTS   AGE
kube-system   coredns-bccdc95cf-rd6w2              0/1     ContainerCreating   0          17h
kube-system   coredns-bccdc95cf-rkrtm              0/1     ContainerCreating   0          17h
kube-system   etcd-k8s-master                      1/1     Running             0          17h
kube-system   kube-apiserver-k8s-master            1/1     Running             0          17h
kube-system   kube-controller-manager-k8s-master   1/1     Running             0          17s
kube-system   kube-flannel-ds-amd64-h4gj5          0/1     CrashLoopBackOff    39         3h1m
kube-system   kube-flannel-ds-amd64-qv52d          0/1     CrashLoopBackOff    39         3h1m
kube-system   kube-flannel-ds-amd64-tddjl          0/1     Error               40         3h1m
kube-system   kube-flannel-ds-amd64-z2gbl          0/1     CrashLoopBackOff    39         3h1m
kube-system   kube-proxy-4zkbp                     1/1     Running             0          3h22m
kube-system   kube-proxy-lrgz7                     1/1     Running             0          17h
kube-system   kube-proxy-nrxdd                     1/1     Running             0          3h4m
kube-system   kube-proxy-vws6d                     1/1     Running             0          3h23m
kube-system   kube-scheduler-k8s-master            1/1     Running             0          17h

查看其具體日志發(fā)現(xiàn),報錯為Error registering network: failed to acquire lease: node "k8s-node3" pod cidr not assigned

[root@k8s-master ~]# kubectl logs kube-flannel-ds-amd64-h4gj5 
Error from server (NotFound): pods "kube-flannel-ds-amd64-h4gj5" not found
[root@k8s-master ~]# kubectl logs kube-flannel-ds-amd64-h4gj5 -n kube-system
I0805 06:17:12.825680       1 main.go:514] Determining IP address of default interface
I0805 06:17:12.826441       1 main.go:527] Using interface with name ens192 and address 192.168.165.193
I0805 06:17:12.826499       1 main.go:544] Defaulting external address to interface address (192.168.165.193)
I0805 06:17:13.020546       1 kube.go:126] Waiting 10m0s for node controller to sync
I0805 06:17:13.020895       1 kube.go:309] Starting kube subnet manager
I0805 06:17:14.021040       1 kube.go:133] Node controller sync successful
I0805 06:17:14.021153       1 main.go:244] Created subnet manager: Kubernetes Subnet Manager - k8s-node3
I0805 06:17:14.021176       1 main.go:247] Installing signal handlers
I0805 06:17:14.021348       1 main.go:386] Found network config - Backend type: vxlan
I0805 06:17:14.021504       1 vxlan.go:120] VXLAN config: VNI=1 Port=0 GBP=false DirectRouting=false
E0805 06:17:14.022070       1 main.go:289] Error registering network: failed to acquire lease: node "k8s-node3" pod cidr not assigned
I0805 06:17:14.022189       1 main.go:366] Stopping shutdownHandler...

上述報錯是指未指定pod cidr,需要vim /etc/kubernetes/manifests/kube-controller-manager.yaml
command中增加兩個參數(shù):
--allocate-node-cidrs=true
--cluster-cidr=10.244.0.0/16

[root@k8s-master ~]# vi /etc/kubernetes/manifests/kube-controller-manager.yaml 

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-controller-manager
    tier: control-plane
  name: kube-controller-manager
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-controller-manager
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --bind-address=127.0.0.1
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
    - --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
    - --controllers=*,bootstrapsigner,tokencleaner
    - --kubeconfig=/etc/kubernetes/controller-manager.conf
    - --leader-elect=true
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --root-ca-file=/etc/kubernetes/pki/ca.crt
    - --service-account-private-key-file=/etc/kubernetes/pki/sa.key
    - --use-service-account-credentials=true
    - --allocate-node-cidrs=true 
    - --cluster-cidr=10.244.0.0/16
    image: registry.aliyuncs.com/google_containers/kube-controller-manager:v1.15.0

再執(zhí)行systemctl restart kubelet,即可看到全部都變成了raedy的狀態(tài)

[root@k8s-master ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   coredns-bccdc95cf-rd6w2              1/1     Running   0          18h
kube-system   coredns-bccdc95cf-rkrtm              1/1     Running   0          18h
kube-system   etcd-k8s-master                      1/1     Running   0          18h
kube-system   kube-apiserver-k8s-master            1/1     Running   0          18h
kube-system   kube-controller-manager-k8s-master   1/1     Running   0          5m42s
kube-system   kube-flannel-ds-amd64-h4gj5          1/1     Running   41         3h7m
kube-system   kube-flannel-ds-amd64-qv52d          1/1     Running   40         3h7m
kube-system   kube-flannel-ds-amd64-tddjl          1/1     Running   42         3h7m
kube-system   kube-flannel-ds-amd64-z2gbl          1/1     Running   40         3h7m
kube-system   kube-proxy-4zkbp                     1/1     Running   0          3h27m
kube-system   kube-proxy-lrgz7                     1/1     Running   0          18h
kube-system   kube-proxy-nrxdd                     1/1     Running   0          3h10m
kube-system   kube-proxy-vws6d                     1/1     Running   0          3h28m
kube-system   kube-scheduler-k8s-master            1/1     Running   0          18h

安裝結(jié)束后一些配置文件路徑:

[root@k8s-master manifests]# pwd
/etc/kubernetes/manifests
[root@k8s-master manifests]# ls
etcd.yaml  kube-apiserver.yaml  kube-controller-manager.yaml  kube-scheduler.yaml

參考

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容