centos7使用kubeadm安装k8s集群详细教程
发布网友
发布时间:2024-09-12 08:53
共1个回答
热心网友
时间:2024-09-12 23:34
centos7.6
k8s1.13.4
3台机器1台master2台worker
准备工作关闭swap执行swapoff临时关闭swap。重启后会失效,若要永久关闭,可以编辑/etc/fstab文件,将其中swap分区一行注释掉
至于为什么关闭这里有个说明:https://github.com/Kubernetes/kubernetes/issues/53533,亦有说影响性能的https://www.zhihu.com/question/374752553
关闭防火墙和selinux根据文档来的:https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
#将SELinux设置为permissive模式(相当于将其禁用)setenforce0sed-i's/^SELINUX=enforcing$/SELINUX=permissive/'/etc/selinux/config开放端口允许iptables检查桥接流量cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system安装docker(全部节点)安装#安装需要的工具yuminstall-yyum-utilsdevice-mapper-persistent-datalvm2#设置源yum-config-manager--add-repohttp://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#查看有哪些docker版本yumlistdocker-ce--showduplicates|sort-r#安装特定的版本yummakecachefast&&yuminstall-ydocker-ce-18.09.8-3.el7docker-ce-cli-18.09.8-3.el7containerd.io-1.2.0-3.el7#启动dockersystemctldaemon-reload&&systemctlrestartdocker#设置为开机启动systemctlenabledocker.service修改Docker默认存储位置systemctlstopdocker或者servicedockerstop#然后移动整个/var/lib/docker目录到目的路径:mv/var/lib/docker/home/data/dockerln-s/home/data/docker/var/lib/docker#reload配置文件systemctldaemon-reload#重启dockersystemctlrestartdocker.service#设置docker开机启动systemctlenabledocker//当然你也可以通过修改配置文件的方式vim/etc/docker/daemon.json{"registry-mirrors":["http://7e61f7f9.m.daocloud.io"],"graph":"/new-path/docker"}阿里云镜像加速#访问:https://cr.console.aliyun.com/cn-beijing/instances/mirrors#找到加速方法,如:sudomkdir-p/etc/dockersudotee/etc/docker/daemon.json<<-'EOF'{"registry-mirrors":["https://se35r65b.mirror.aliyuncs.com"]}EOFsudosystemctldaemon-reloadsudosystemctlrestartdocker安装kubeadm,kubelet和kubectl(master和worker都装)添加yum仓库创建/etc/yum.repos.d/kubernetes.repo,文件如下内容[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttps://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg安装kubeletkubectl和kubeadmyuminstall-ykubelet-1.13.4kubeadm-1.13.4kubectl-1.13.4kubernetes-cni-0.6.0systemctlenable--nowkubelet从阿里云手动摘取镜像执行kubeadmconfigimagespull查看到gcr.io的连接,如果拉取成功可以进入下一步。如果失败,说明无法访问grc.io。这时需要手动拉取镜像,可以执行下面的脚本,从阿里云拉取相应镜像
#!/bin/bashimages=(kube-apiserver:v1.13.4kube-controller-manager:v1.13.4kube-scheduler:v1.13.4kube-proxy:v1.13.4pause:3.1etcd:3.2.24coredns:1.2.6)forimageNamein${images[@]};dodockerpullregistry.cn-hangzhou.aliyuncs.com/google_containers/$imageNamedockertagregistry.cn-hangzhou.aliyuncs.com/google_containers/$imageNamek8s.gcr.io/$imageNamedone初始化(master)记得加入pod-network-cidr因为后面的网络组件用的是flannelkubeadminit--pod-network-cidr=10.244.0.0/16--image-repositoryregistry.aliyuncs.com/google_containers安装成功提示YourKubernetesmasterhasinitializedsuccessfully!Tostartusingyourcluster,youneedtorunthefollowingasaregularuser:mkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.kube/configsudochown$(id-u):$(id-g)$HOME/.kube/configYoushouldnowdeployapodnetworktothecluster.Run"kubectlapply-f[podnetwork].yaml"withoneoftheoptionslistedat:https://kubernetes.io/docs/concepts/cluster-administration/addons/Youcannowjoinanynumberofmachinesbyrunningthefollowingoneachnodeasroot:kubeadmjoin10.22.9.162:6443--tokene225cp.14g848dy4vpoas75--discovery-token-ca-cert-hashsha256:aaf9910fb2b94e8c2bc2aea0b2a08538796d8322331561ef1094bebe8a7a790f第一次使用Kubernetes集群所需要的配置命令cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system0这些配置命令的原因是:Kubernetes集群默认需要加密方式访问。所以,这几条命令,就是将刚刚部署生成的Kubernetes集群的安全配置文件,保存到当前用户的.kube目录下,kubectl默认会使用这个目录下的授权信息访问Kubernetes集群。如果不这么做的话,我们每次都需要通过exportKUBECONFIG环境变量告诉kubectl这个安全配置文件的位置。
master节点生成其他节点加入的方式cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system1部署flannel网络组件cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system2查看状态cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system3master节点配置删除master节点默认污点taint:污点的意思。如果一个节点被打上了污点,那么pod是不允许运行在这个节点上面的默认情况下集群不会在master上调度pod,如果偏想在master上调度Pod,可以执行如下操作:
cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system4加入集群(worker)利用之前master初始化的信息加入集群
cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system5加入成功后在master查看集群状态
cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system6安装DashboardUI(master)获得配置文件cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system7手动获取镜像cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system8修改配置文件(ports部分)cat<<EOF|sudotee/etc/modules-load.d/k8s.confbr_netfilterEOFcat<<EOF|sudotee/etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsudosysctl--system9运行并查看状态#安装需要的工具yuminstall-yyum-utilsdevice-mapper-persistent-datalvm2#设置源yum-config-manager--add-repohttp://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#查看有哪些docker版本yumlistdocker-ce--showduplicates|sort-r#安装特定的版本yummakecachefast&&yuminstall-ydocker-ce-18.09.8-3.el7docker-ce-cli-18.09.8-3.el7containerd.io-1.2.0-3.el7#启动dockersystemctldaemon-reload&&systemctlrestartdocker#设置为开机启动systemctlenabledocker.service0登录#安装需要的工具yuminstall-yyum-utilsdevice-mapper-persistent-datalvm2#设置源yum-config-manager--add-repohttp://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#查看有哪些docker版本yumlistdocker-ce--showduplicates|sort-r#安装特定的版本yummakecachefast&&yuminstall-ydocker-ce-18.09.8-3.el7docker-ce-cli-18.09.8-3.el7containerd.io-1.2.0-3.el7#启动dockersystemctldaemon-reload&&systemctlrestartdocker#设置为开机启动systemctlenabledocker.service1完全清除或卸载K8sThisagistforquickuninstallkubernetesIftheclusterisnode,Firstdeleteitfrommaster
#安装需要的工具yuminstall-yyum-utilsdevice-mapper-persistent-datalvm2#设置源yum-config-manager--add-repohttp://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#查看有哪些docker版本yumlistdocker-ce--showduplicates|sort-r#安装特定的版本yummakecachefast&&yuminstall-ydocker-ce-18.09.8-3.el7docker-ce-cli-18.09.8-3.el7containerd.io-1.2.0-3.el7#启动dockersystemctldaemon-reload&&systemctlrestartdocker#设置为开机启动systemctlenabledocker.service2Thenremovekubeadmcompletely
#安装需要的工具yuminstall-yyum-utilsdevice-mapper-persistent-datalvm2#设置源yum-config-manager--add-repohttp://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#查看有哪些docker版本yumlistdocker-ce--showduplicates|sort-r#安装特定的版本yummakecachefast&&yuminstall-ydocker-ce-18.09.8-3.el7docker-ce-cli-18.09.8-3.el7containerd.io-1.2.0-3.el7#启动dockersystemctldaemon-reload&&systemctlrestartdocker#设置为开机启动systemctlenabledocker.service3参考:
https://www.yinxiang.com/everhub/note/f420816c-2019-47a1-8dcd-7b3ade25ac1f
https://blog.51cto.com/3241766/2405624
https://juejin.cn/post/6844904161759199240#heading-25
