使用二进制文件安装k8s
2021-06-26 本文已影响0人
阿汤哥_8d27
服务器信息
image.png
官网及下载地址
kubernetes官网:https://github.com/kubernetes/kubernetes/releases
安装版本1.21,下载地址在官网:https://dl.k8s.io/v1.21.1/kubernetes-server-linux-amd64.tar.gz
其他版本:https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG
配置yum源/etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
配置阿里yum源/etc/yum.repos.d/kubernetes.repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
Master上的etcd、kube-apiserver、kube-controller-manager、kube-scheduler服务
etcd服务
官网:https://github.com/coreos/etcd/releases
下载地址:https://github.com/etcd-io/etcd/releases/download/v3.5.0/etcd-v3.5.0-linux-amd64.tar.gz
cat <<EOF >/usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
[Service]
Type=simple
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd
[Install]
WantedBy=multi-user.target
EOF
#启动etcd服务,验证
mkdir -p /var/lib/etcd
systemctl daemon-reload
systemctl enable etcd.service
systemctl start etcd.service
systemctl status etcd
etcdctl member list
etcdctl endpoint health
生成k8s证书
mkdir -p /etc/kubernetes/cert
cd /etc/kubernetes/cert/
#创建CA证书和私钥相关的文件
openssl genrsa -out ca.key 2048
#/CN=master主机名,ca根证书文件
openssl req -x509 -new -nodes -key ca.key -subj "/CN=k8s-master" -days 5000 -out ca.crt
cat <<EOF >master_ssl.cnf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster.local
DNS.5 = k8s-master
IP.1 = 10.244.0.1
IP.2 = 43.132.164.159
EOF
#服务端证书文件
openssl genrsa -out server.key 2048
openssl req -new -key server.key -subj "/CN=k8s-master" -config master_ssl.cnf -out server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 5000 -extensions v3_req -extfile master_ssl.cnf -out server.crt
#客户端证书文件
openssl genrsa -out cs_client.key 2048
openssl req -new -key cs_client.key -subj "/CN=k8s-master" -config master_ssl.cnf -out cs_client.csr
openssl x509 -req -in cs_client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 5000 -out cs_client.crt
kube-apiserver 服务
mkdir -p /etc/kubernetes
#vi /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API server
After=network.target
[Service]
EnvironmentFile=-/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver $KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
cat <<EOF >/etc/kubernetes/apiserver
KUBE_API_ARGS="--etcd-servers=http://127.0.0.1:2379 --client-ca-file=/etc/kubernetes/cert/ca.crt --tls-private-key-file=/etc/kubernetes/cert/server.key --tls-cert-file=/etc/kubernetes/cert/server.crt --service-account-signing-key-file=/etc/kubernetes/cert/server.key --service-account-key-file=/etc/kubernetes/cert/server.key --service-account-issuer=https://kubernetes.default.svc --service-cluster-ip-range=10.244.0.0/16 --service-node-port-range=1-65535 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota --logtostderr=false --log-dir=/var/log/kubernetes --v=0 --allow-privileged=true"
EOF
systemctl enable kube-apiserver
systemctl start kube-apiserver
systemctl status kube-apiserver
安装controller-manager
#vi /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=-/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
cat <<EOF >/etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --service-account-private-key-file=/etc/kubernetes/cert/server.key --root-ca-file=/etc/kubernetes/cert/ca.crt --log-dir=/var/log/kubernetes --v=0"
EOF
cat <<EOF >/etc/kubernetes/kubeconfig
apiVersion: v1
kind: Config
users:
- name: system:kube-controller-manager
user:
client-certificate: /etc/kubernetes/cert/cs_client.crt
client-key: /etc/kubernetes/cert/cs_client.key
clusters:
- name: kubernetes
cluster:
certificate-authority: /etc/kubernetes/cert/ca.crt
server: https://43.132.164.159:6443
contexts:
- name: system:kube-controller-manager@kubernetes
context:
cluster: kubernetes
user: system:kube-controller-manager
current-context: system:kube-controller-manager@kubernetes
preferences: {}
EOF
systemctl enable kube-controller-manager
systemctl start kube-controller-manager
systemctl status kube-controller-manager
安装kube-scheduler
#vi /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=-/etc/kubernetes/scheduler
ExecStart=/usr/bin/kube-scheduler $KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
cat <<EOF >/etc/kubernetes/scheduler
KUBE_SCHEDULER_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --logtostderr=false --log-dir=/var/log/kubernetes --v=0"
EOF
systemctl enable kube-scheduler
systemctl start kube-scheduler
systemctl status kube-scheduler
master分发ca文件到node节点
cd /etc/kubernetes/cert/
scp ca.crt k8s-node1:/etc/kubernetes/cert/
scp ca.key k8s-node1:/etc/kubernetes/cert/
node 安装docker
yum -y install docker
systemctl enable docker
systemctl start docker
systemctl status docker
mkdir -p /etc/kubernetes/cert
生成kubelet证书
cd /etc/kubernetes/cert
openssl genrsa -out kubelet_client.key 2048
openssl req -new -key kubelet_client.key -subj "/CN=43.132.158.54" -out kubelet_client.csr
openssl x509 -req -in kubelet_client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 5000 -out kubelet_client.crt
node安装kubelet
#vi /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet $KUBELET_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
mkdir -p /var/lib/kubelet
mkdir -p /etc/kubernetes
cat <<EOF >/etc/kubernetes/kubelet
KUBELET_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --hostname-override=43.132.158.54 --logtostderr=false --log-dir=/var/log/kubernetes --v=0"
EOF
cat <<EOF >/etc/kubernetes/kubeconfig
apiVersion: v1
kind: Config
users:
- name: default-auth
user:
client-certificate: /etc/kubernetes/cert/kubelet_client.crt
client-key: /etc/kubernetes/cert/kubelet_client.key
clusters:
- name: kubernetes
cluster:
certificate-authority: /etc/kubernetes/cert/ca.crt
server: https://43.132.164.159:6443
contexts:
- name: default-context
context:
cluster: kubernetes
namespace: default
user: default-auth
current-context: default-context
preferences: {}
EOF
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet
kubelet启动错误解决
#错误信息如下
E0630 19:37:16.179444 13614 server.go:292] "Failed to run kubelet" err="failed to run Kubelet: misconfiguration: kubelet cgroup driver: \"cgroupfs\" is different from docker cgroup driver: \"systemd\""
# 查看docker Cgroup Driver
[root@k8s-node1 ~]# docker info
#修改docker.service
vi /lib/systemd/system/docker.service
找到
--exec-opt native.cgroupdriver=systemd
修改为:
--exec-opt native.cgroupdriver=cgroupfs
# 重启docker
systemctl daemon-reload
systemctl restart docker
node安装kube-proxy
#vi /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-proxy Server
After=network.target
Requires=network.target
[Service]
EnvironmentFile=-/etc/kubernetes/kube-proxy
ExecStart=/usr/bin/kube-proxy $KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
cat <<EOF >/etc/kubernetes/kube-proxy
KUBE_PROXY_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --logtostderr=false --log-dir=/var/log/kubernetes --v=2"
EOF
systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy
master节点配置kubectl
mkdir /root/.kube
cat <<EOF >$HOME/.kube/config
apiVersion: v1
kind: Config
users:
- name: kubernetes-admin
user:
client-certificate: /etc/kubernetes/cert/cs_client.crt
client-key: /etc/kubernetes/cert/cs_client.key
clusters:
- name: kubernetes
cluster:
certificate-authority: /etc/kubernetes/cert/ca.crt
server: https://
contexts:
- name: kubernetes-admin@kubernetes
context:
cluster: kubernetes
user: kubernetes-admin
current-context: kubernetes-admin@kubernetes
preferences: {}
EOF
检查集群及节点状态
[root@k8s_master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
43.132.158.54 Ready <none> 8m10s v1.21.1
[root@k8s_master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true","reason":""}
