单机部署K8S
2022-06-09 本文已影响0人
pilisiyang
初始化 linux
- 关闭selinux
setenforce 0 && sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
- 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
- 设置hostname
在/etc/hosts 最后一行加上 ip master
- 关闭 swap
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
- 修改内核参数和模块
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
#使内核参数配置生效
sysctl --system
modprobe br_netfilter
lsmod | grep br_netfilter
安装docker
- 安装docker-ce
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
- 换成国内docker仓库
cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn"
],
"insecure-registries": ["192.168.1.10:5000"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl restart docker
安装kubernetes
- 配置kubernetes yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
- 安装Kubernetes基础服务
yum install -y kubelet-1.22.8 kubeadm-1.22.8 kubectl-1.22.8
systemctl start kubelet
systemctl enable kubelet.service
- 初始化k8s
kubeadm init --kubernetes-version=1.22.8 --image-repository registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.1.55 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 --v=5
systemctl enable kubelet && systemctl start kubelet
- 初始化kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
- 使 kubectl 可以自动补充
source <(kubectl completion bash)
- 安装 calico 网络
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
默认k8s的master节点是不能跑pod的业务,需要执行以下命令解除限制
kubectl taint nodes --all node-role.kubernetes.io/master-
提示 [kubelet-check] It seems like the kubelet isn't running or healthy.
QQ截图20220428164216.png
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.
执行命令tail /var/log/messages查看原因:
docker和 kubelet 服务中的 cgroup 驱动不一致
修改 /etc/docker/daemon.json,加入 "exec-opts": ["native.cgroupdriver=systemd"]
修改后启动仍然报错, node_container_manager_linux.go:61] "Failed to create cgroup" err="Cannot set property TasksAccounting, or unknown property." cgroupName=[kubepods]
QQ截图20220428164216.png
使用 yum update systemd 更新
提示 [ERROR FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already exists
这是由于上次安装失败到导致的,执行 kubeadm reset 重置