Kubernetes
K8s作为一个容器编排工具,非常的高效、强大,但由于不能KX上网或者没有3个以上的物理机,导致实践起来很困难。这里总结在Windows下Vagrant/Centos7.2环境下1个master节点2个worker节点的安装过程。 (部分参考自k8s中文社区)
k8s Dashboard配置参考:https://segmentfault.com/a/11...
一、 准备Vagrant下三个Centos7.2实例,配置如下:
-
Centos7.2实例配置
IP地址 节点角色 内存最小值 192.168.33.10 master >=2G 192.168.33.11 worker >=1G 192.168.33.12 worker >=1G
二、在master/node1/node2节点上安装kubelet、kubeadm、kubectl
-
设置主机名hostname,master节点设置主机名为master,另外两个分别设置为node1/node2
hostnamectl set-hostname master -
修改/etc/hosts 文件
cat <<EOF >>/etc/hosts 192.168.33.10 master 192.168.33.11 node1 192.168.33.12 node2 EOF -
关闭firewalld、selinux、swap
systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config swapoff -a sed -i 's/.*swap.*/#&/' /etc/fstab -
配置内核参数,将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf <<EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system -
配置相关yum源为tencent
yum源配置:yum install -y wget mkdir /etc/yum.repos.d/bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo yum clean all && yum makecachek8s源配置:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOFdocker源配置:
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo -
安装docker-ce
安装docker: yum install -y docker-ce-18.06.1.ce-3.el7 systemctl enable docker && systemctl start docker 配置cgroup为systemd: 修改/etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"] } 重启docker: systemctl daemon-reload systemctl restart docker -
安装kubeadm、kubelet、kubectl
安装: yum install -y kubelet-1.14.2 kubeadm-1.14.2 kubectl-1.14.2 配置cgroup为systemd: /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf 修改: Environment="KUBELET_KUBECONFIG_ARGS增加 --cgroup-driver=systemd 添加一行 Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" 重启kubelet: systemctl daemon-reload systemctl restart kubelet systemctl enable kubelet kubeadm config print init-defaults
三、配置master节点
-
master节点集群初始化
kubeadm init --kubernetes-version=1.14.2 --apiserver-advertise-address=192.168.33.10 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 -
记录生成token和秘钥,在worker节点加入时需要此信息
kubeadm join 192.168.33.10:6443 --token iqtrsg.zbd6laamt4vxhopd --discovery-token-ca-cert-hash sha256:0fd40075be0ebe14e6eb04ad2d0b26229551eba1f5f32bbeb064acad687aca36 -
配置kubectl工具
mkdir -p /root/.kube cp /etc/kubernetes/admin.conf /root/.kube/config kubectl get nodes -
应用flannel网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
四、workers加入master节点
-
node1/node2分别加入master(这里为master节点初始化成功后返回的信息,如果忘记参考文章最下面的FYI)
kubeadm join 192.168.33.10:6443 --token iqtrsg.zbd6laamt4vxhopd --discovery-token-ca-cert-hash sha256:0fd40075be0ebe14e6eb04ad2d0b26229551eba1f5f32bbeb064acad687aca36
五、检查集群状态
kubectl get nodes 
如果节点状态为NotReady, 进行reboot尝试
FYI:
-
忘记token怎么加入k8s集群? 生成新的token和秘钥
master节点:kubeadm token create --ttl 0 kubeadm token list openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'worker节点:
kubeadm join 10.167.11.153:6443 --token o4avtg.65ji6b778nyacw68 --discovery-token-ca-cert-hash sha256:2cc3029123db737f234186636330e87b5510c173c669f513a9c0e0da395515b0 -
安装的过程如遇到失败,重置kubeadm
kubeadm reset ifconfig cni0 down ip link delete cni0 ifconfig flannel.1 down ip link delete flannel.1 rm -rf /var/lib/cni/
Created by 苏亚强(sueeing@126.com) on 2019/8/10.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。