kubeadm: 主要用于提供安装kubernetes的辅助工具
master: nodes: 安装kubelet, kubeadm, docker, kubectl # kubectl仅master安装即可
master: kubeadm init 初始化集群主节点
nodes: kubeadm join 将node节点加入集群
Doc: https://github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.10.md
安装前配置
关闭iptables
和firewalld
$ systemctl stop iptables.service
$ systemctl disable iptables.service
$ systemctl stop firewalld.service
$ systemctl disable firewalld.service
基于主机名
master和nodes主机名添加至/etc/hosts
主机网络桥接设置
$ cat /proc/sys/net/bridge/bridge-nf-call-ip6tables
1
$ cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
安装kubernetes和docker
准备镜像源到/etc/yum.repos.d/
- docker-ce源
$ cd ; wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -P /etc/yum.repos.d/ $ yum list docker-ce --showduplicates |sort -r
- kubernetes源
$ (cat << EOF
[kubernetes]
name=Kubernets Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF
) > /etc/yum.repos.d/kubernetes.repo
wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
rpm --import yum-key.gpg
rpm --import rpm-package-key.gpg
yum repolist
安装kubernetes和docker
- 安装kublete、kubeadm、docker、kubectl kubectl仅master安装即可
$ yum install docker-ce-18.06.3 kubelet-1.12.0 kubeadm-1.12.0 kubectl-1.12.0
配置kubernetes和docker
docker添加代理,[service]下添加,为了翻墙更改docker默认拉取镜像的源[这一步仅仅是为了翻墙下载镜像]
$ vim /usr/lib/systemd/system/docker.service Environment="HTTPS_PROXY=http://www.ik8s.io:10080" Environment="NO_PROXY=127.0.0.0/8,172.16.0.0/16"
配置开机自动启动
systemctl enable docker kubelet systemctl daemon-reload systemctl start docker
禁用Swap功能
$ vim /etc/sysconfig/kubelet KUBELET_EXTRA_ATGS="--fail-swap-on=false"
Master初始化
kubeadm init --help; kubeadm init --kubernetes-version=v1.12.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
初始化参数
–apiserver-advertise-address:表示apiserver对外的地址是什么,默认是0.0.0.0
–apiserver-bind-port:表示apiserver的端口是什么,默认是6443
–cert-dir:加载证书的目录,默认在/etc/kubernetes/pki
–config:配置文件
–ignore-preflight-errors:在预检中如果有错误可以忽略掉,比如忽略 IsPrivilegedUser,Swap.等
–kubernetes-version:指定要初始化k8s的版本信息是什么
–pod-network-cidr :指定pod使用哪个网段,默认使用10.244.0.0/16
–service-cidr:指定service组件使用哪个网段,默认10.96.0.0/12
初始化产生信息
提示在master上执行,和加入master的命令[也可以指定–ignore-preflight-errors忽略Swap]
………………………………………………………………
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join 192.168.1.171:6443 --token r9105w.5r5je2vko3jyn8be --discovery-token-ca-cert-hash sha256:d7a99553b49b88d8933785fee033663adebd6d6909323cea6173d009ad66a7f8
- master继续执行
$ mkdir -p $HOME/.kube $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config $ sudo chown $(id -u):$(id -g) $HOME/.kube/config
- 若初始化失败:可先行下载镜像,下载脚本
$ cat pull-images.sh
#!/bin/bash
images=(kube-apiserver:v1.12.0 kube-controller-manager:v1.12.0 kube-scheduler:v1.12.0 kube-proxy:v1.12.0 pause:3.1 etcd:3.2.24 coredns:1.2.2)
for ima in ${images[@]}
do
docker pull registry.cn-shenzhen.aliyuncs.com/lurenjia/$ima
docker tag registry.cn-shenzhen.aliyuncs.com/lurenjia/$ima k8s.gcr.io/$ima
docker rmi -f registry.cn-shenzhen.aliyuncs.com/lurenjia/$ima
done
- 查看状态信息
$ kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy \{"health": "true"\}
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
master-01 NotReady master 40m v1.12.0
master01为未就绪状态,需要一个重要的网络插件flannel
安装flannel网络组件
- [参考] https://github.com/coreos/flannel
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml podsecuritypolicy.extensions/psp.flannel.unprivileged created clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.extensions/kube-flannel-ds-amd64 created daemonset.extensions/kube-flannel-ds-arm64 created daemonset.extensions/kube-flannel-ds-arm created daemonset.extensions/kube-flannel-ds-ppc64le created daemonset.extensions/kube-flannel-ds-s390x created
kubectl get -h
命令 | 注释 |
---|---|
kubectl get cs | 查看状态信息 cs=componentstatus |
kubectl get nodes | 查看node信息 |
kubectl get pods [-n kube-system -o wide] | 查看所有pod,-n 指定命名空间,-o wide 输出扩展信息 |
kubectl get ns | 查看所有命名空间 |