本文共 8107 字,大约阅读时间需要 27 分钟。
标签: CentOS-7-安装Kubernetes-1.12.1
系统: CentOS-7 4.19.0-1.el7.elrepo.x86_64
Kubernetes:Kubernetes-1.12.1架构一台master一台node
xian使用命令cat /proc/sys/net/bridge/bridge-nf-call-iptables 查看值是否为1,如果为1则如下步骤不需要执行,否则请继续下面的步骤开启相关功能。
sed -i 7,9s/0/1/g /usr/lib/sysctl.d/00-system.conf
1.2加载netfilter模块(可以使用 lsmod | grep netfilter命令查看是否加载了模块)
modprobe br_netfilter
2.1.3使做的更改生效
sysctl -p /usr/lib/sysctl.d/00-system.conf
2.1修改文件
echo 'vm.swappiness = 0' >> /usr/lib/sysctl.d/00-system.conf
2.2使做的更改生效
sysctl -p /usr/lib/sysctl.d/00-system.conf
2.3关闭swap
swapoff -a
2.4注释掉“/etc/fstab”文件中关于swap的挂载代码 (关闭开机自动挂载)
更改前:/dev/mapper/cl-swap swap swap defaults 0 0更改后:#/dev/mapper/cl-swap swap swap defaults 0 0
echo -e '192.168.2.168 node1.ztpt.com\n192.168.2.162 node2.ztpt.com\n192.168.2.170 node3.ztpt.com' >> /etc/hosts
[root@node1 ~]# getenforce Disabled[root@node1 ~]# systemctl status firewalld● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1)[root@node1 ~]# systemctl status iptables● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled) Active: inactive (dead)
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装依赖
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
安装docker-ce
yum install -y docker-ce
设置docker服务开机启动
systemctl enable docker.service
设置docker-registry-mirrors地址(阿里云提供免费的镜像服务)
sudo tee /etc/docker/daemon.json <<-'EOF'{"registry-mirrors": ["https://kzflpq4b.mirror.aliyuncs.com"]}EOFsudo systemctl daemon-reloadsudo systemctl restart dockertee /etc/yum.repos.d/kubernets.repo << EOF[Kubernetes]name=kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg,https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg,https://mirrors.aliyun.com/kubernetes/yum/doc/apt-key.gpgEOF#创建yum元数据sudo yum makecache
安装kubelet、kubectl、kubeadm
注意:如果报密钥的问题请使用rpm --import命令手动倒入key,或者禁用gpgcheck yum install -y kubelet kubectl kubeadm
设置kubelet开启自启动
systemctl enable kubelet.service
#!/bin/sh#拉取镜像docker pull mirrorgooglecontainers/kube-apiserver:v1.12.1docker pull mirrorgooglecontainers/kube-controller-manager:v1.12.1docker pull mirrorgooglecontainers/kube-scheduler:v1.12.1docker pull mirrorgooglecontainers/kube-proxy:v1.12.1docker pull mirrorgooglecontainers/pause:3.1docker pull mirrorgooglecontainers/etcd:3.2.24docker pull coredns/coredns:1.2.2#修改标签docker tag mirrorgooglecontainers/kube-proxy:v1.12.1 k8s.gcr.io/kube-proxy:v1.12.1docker tag mirrorgooglecontainers/kube-scheduler:v1.12.1 k8s.gcr.io/kube-scheduler:v1.12.1docker tag mirrorgooglecontainers/kube-apiserver:v1.12.1 k8s.gcr.io/kube-apiserver:v1.12.1docker tag mirrorgooglecontainers/kube-controller-manager:v1.12.1 k8s.gcr.io/kube-controller-manager:v1.12.1docker tag mirrorgooglecontainers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24docker tag coredns/coredns:1.2.2 k8s.gcr.io/coredns:1.2.2docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1#删除无用镜像docker rmi mirrorgooglecontainers/kube-apiserver:v1.12.1docker rmi mirrorgooglecontainers/kube-controller-manager:v1.12.1docker rmi mirrorgooglecontainers/kube-scheduler:v1.12.1docker rmi mirrorgooglecontainers/kube-proxy:v1.12.1docker rmi mirrorgooglecontainers/pause:3.1docker rmi mirrorgooglecontainers/etcd:3.2.24docker rmi coredns/coredns:1.2.2
使用命令初始化master节点
kubeadm init --kubernetes-version=stable-1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
输出信息如下(保存好输出的信息,以后会用到):
Your Kubernetes master has initialized successfully!To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of machines by running the following on each nodeas root: kubeadm join 192.168.2.168:6443 --token j1v9o1.wxd0xz5mv1qgo6b1 --discovery-token-ca-cert-hash sha256:6ae6c734198b0a69e73c8d7b576e8692514e3aa642f9431d21234e86f35b316f
根据提示使用如下命令:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
安装flannel(这一步程序会自动下载镜像和运行pod,根据网络情况时间可能会有些慢,耐心等待!)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看节点信息
[root@node1 ~]# kubectl get nodeNAME STATUS ROLES AGE VERSIONnode1.ztpt.com NotReady master 6m45s v1.12.1
查看namespace
[root@node2 ~]# kubectl get namespaceNAME STATUS AGEdefault Active 12hkube-public Active 12hkube-system Active 12h
查看pod(查看pod注意READY列和STATUS列,如果有问题请查看pod日志和kubelet日志,具体命令查看文章下面内容,实在不行就重置初始化,重置命令也请查看文章下面内容)
[root@node1 ~]# kubectl get pods --namespace=kube-system -o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODEcoredns-576cbf47c7-5tgnm 1/1 Running 1 18h 10.244.0.47 node1.ztpt.comcoredns-576cbf47c7-r9fr6 1/1 Running 1 18h 10.244.0.46 node1.ztpt.com etcd-node1.ztpt.com 1/1 Running 1 18h 192.168.2.168 node1.ztpt.com kube-apiserver-node1.ztpt.com 1/1 Running 1 18h 192.168.2.168 node1.ztpt.com kube-controller-manager-node1.ztpt.com 1/1 Running 1 18h 192.168.2.168 node1.ztpt.com kube-flannel-ds-amd64-rx9jw 1/1 Running 1 18h 192.168.2.168 node1.ztpt.com kube-proxy-nnmpj 1/1 Running 1 18h 192.168.2.168 node1.ztpt.com kube-scheduler-node1.ztpt.com 1/1 Running 1 18h 192.168.2.168 node1.ztpt.com
首先要保证做了之前先决条件里的事情,并且保证master上所有的pod都属于正常状态
执行join命令因为被墙的原因,我们要将Master上的3个镜像导出到NODE节点上
k8s.gcr.io/kube-proxy v1.12.1 quay.io/coreos/flannel v0.10.0-amd64k8s.gcr.io/pause 3.1 导出命令 docker save 镜像名 > 镜像名.tar导入命令 docker load < 镜像名.tar我join的时候报错没有找到VIPS支持模块,最后使用命令modprobe命令加载ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs 模块后就好了
kubeadm join 192.168.2.168:6443 --token 1evrs8.iz8bl6l77jtal4na --discovery-token-ca-cert-hash sha256:fd509be1a3362afbff39ed807b5c25ef7a5034feb6876df1b76c0a0d8eb637db
#先将节点设置为维护模式(node2.ztpt.com是节点名称)kubectl drain node2.ztpt.com --delete-local-data --force --ignore-daemonsets#然后删除节点kubectl delete node node2.ztpt.com
kubeadm resetip link delete flannel.1ip link delete cni0rm -rf /var/lib/etcd/*
[root@node2 ~]# journalctl -u kubelet -f
[root@node2 ~]# kubectl logs -f kube-apiserver-node2.ztpt.com --namespace=kube-system#-f 是滚动输出,就像是tail -f中的-f一样#kube-apiserver-node2.ztpt.com是pod名字
kubeadm token create创建kubeadm token list查看,如果过期了还是得重新创建openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'查看吧!然后用新的token和ca-hash加入集群转载于:https://blog.51cto.com/wangxiaoke/2309457