K8s安装(一)
一.系统配置修改
1.禁用swap
swapoff -a
同时把/etc/fstab包含swap那行记录删掉。
2.关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
3.禁用Selinux
apt install selinux-utils
setenforce 0
4.安装kubectl,kubelet,kubeadm
在Master和Node节点分别执行如下操作
4.1添加Kubernetes软件源
# docker 和 k8s 镜像源
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/docker-k8s.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable
EOF
4.2安装
apt-get update && apt-get install -y kubelet kubeadm kubectl
systemctl enable kubelet
5.配置Master
在/etc/profile 下面增加如下环境变量
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> ~/.bashrc
source ~/.bashrc
重起kubelet
systemctl daemon-reload
systemctl restart kubelet
6.在master节点上执行
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.0.102 --kubernetes-version=v1.18.2 --ignore-preflight-errors=Swap
–pod-network-cidr是指配置节点中的pod的可用IP地址,此为内部IP
–apiserver-advertise-address 为master的IP地址
–kubernetes-version 通过kubectl version 可以查看到
不幸的是报错, k8s.gcr.io 被墙了,镜像下载失败
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.13.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
........
根据报错信息,在国内网站站上找到相关的镜像(docker需要配置阿里云的镜像仓库)
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.2 k8s.gcr.io/kube-controller-manager:v1.18.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.2 k8s.gcr.io/kube-scheduler:v1.18.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.2 k8s.gcr.io/kube-proxy:v1.18.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7 k8s.gcr.io/coredns:1.6.7
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.2 k8s.gcr.io/kube-apiserver:v1.18.2
重新执行
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.0.102 --kubernetes-version=v1.18.2 --ignore-preflight-errors=Swap
执行kubeadm init集群初始化时遇到:
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd".
[警告IsDockerSystemdCheck]:检测到“cgroupfs”作为Docker cgroup驱动程序。 推荐的驱动程序是“systemd”
所以我们更换一下驱动。
解决方法:修改docker
在/etc/docker下创建daemon.json并编辑:
mkdir /etc/docker/daemon.json
加入以下内容:
{
"exec-opts":["native.cgroupdriver=systemd"]
}
重启docker
systemctl restart docker
systemctl status docker
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join 192.168.0.102:6443 --token nyd3pc.c3q6l7ltpol4i3yw \
--discovery-token-ca-cert-hash sha256:cd8755a732355f6fd89c129644f39ea17a7af655545f3a0e3c0ca1b5b5309788
在安装完Master节点后,查看节点信息( kubectl get nodes)会发现节点的状态为noready。查看noready的原因发现是由于cni插件没有配置。其实这是由于还没有配置网络。可以配置多种网络,这里作者选用最长远的fannel网络进行配置。
kubectl apply -f https://gitee.com/fffqqql/k8s/blob/master/kube-flannel.yml
7.配置node
在各个node节点执行如下命令(对应master配置返回的 kubeadm join命令),加入master集群
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.0.102 --kubernetes-version=v1.18.2 --ignore-preflight-errors=Swap
在master查看nodes状态,Node的状态为NotReady
root@wangcf-k8s-m:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
wangcf-k8s-m Ready master 20m v1.13.2
wangcf-k8s-n1 NotReady <none> 8m21s v1.13.2
wangcf-k8s-n2 NotReady <none> 2m40s v1.13.2
查看pod状态,部分服务没有正常启动,原因是各个node也缺少镜像,需要手动下载,按照在master手动下载镜像的方式
root@wangcf-k8s-m:~# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-86c58d9df4-hpbbh 0/1 ContainerCreating 0 18m
kube-system coredns-86c58d9df4-qj56q 0/1 ContainerCreating 0 18m
kube-system etcd-wangcf-k8s-m 1/1 Running 2 17m
kube-system kube-apiserver-wangcf-k8s-m 1/1 Running 2 17m
kube-system kube-controller-manager-wangcf-k8s-m 1/1 Running 2 17m
kube-system kube-flannel-ds-amd64-bskks 0/1 Init:0/1 0 2m34s
kube-system kube-flannel-ds-amd64-rdnw2 1/1 Running 0 2m34s
kube-system kube-flannel-ds-amd64-sdbxj 0/1 Init:0/1 0 55s
kube-system kube-proxy-6h6rv 0/1 ContainerCreating 0 55s
kube-system kube-proxy-fsfwq 0/1 ContainerCreating 0 6m36s
kube-system kube-proxy-z7dqx 1/1 Running 2 18m
kube-system kube-scheduler-wangcf-k8s-m 1/1 Running 2 17m
9.K8S部署mysql学习
新建mysql-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: mysql-rc
labels:
name: mysql-rc
spec:
replicas: 1
selector:
name: mysql-pod
template:
metadata:
labels:
name: mysql-pod
spec:
containers:
- name: mysql
image: mysql
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "password"
10.创建mysql-svc.yaml
创建mysql-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: mysql-svc
labels:
name: mysql-svc
spec:
type: NodePort
ports:
- port: 3306
protocol: TCP
targetPort: 3306
name: http
nodePort: 30000
selector:
name: mysql-pod
11.安装
k8s 执行文件,下载mysql镜像和运行mysqlr容器
[root@k8s-master ~]# kubectl create -f mysql-rc.yaml
replicationcontroller "mysql-rc" created
[root@k8s-master ~]# kubectl create -f mysql-svc.yaml
service "mysql-svc" created
在其中一台node节点上看到mysql容器实例已启动
root@wangcf-k8s-n1:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
338cd4b675ab mysql "docker-entrypoint.s…" 15 hours ago Up 15 hours k8s_mysql_mysql-rc-d5zht_default_f55914bc-1a49-
进入容器看到mysql的版本为 8.0.13
root@wangcf-k8s-n1:~# docker exec -it 338cd4b675ab bash
root@mysql-rc-d5zht:/# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 23
Server version: 8.0.13 MySQL Community Server - GPL
设置root远程访问
$mysql -u root -p
Enter password:
mysql> use mysql;
mysql> GRANT ALL ON *.* TO 'root'@'%';
Query OK, 0 rows affected (0.04 sec)
mysql> ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
Query OK, 0 rows affected (0.01 sec)
最后在mysql客户端连接mysql容器实例
IP:(任意master或node节点IP)
用户名:root
密码:password 【设置的密码】
端口:30000 【设置的端口】