CENTOS7 安装kubernetes集群笔记
2019-10-23 本文已影响0人
黄大海
环境准备
- 确认官方推荐的centos版本和Docker版本官网链接
- 关闭防火墙
- systemctl stop firewalld
- systemctl disable firewalld
- 关闭swap
- swapoff -a
- vi /etc/fstab
- 注释掉swap相关行,如下
- #/dev/mapper/centos-swap
- cat /proc/swaps
- 确认文件是空的
- 关闭 SELinux
- setenforce 0
- sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
安装Docker
- 更新相关依赖
- yum -y update && yum -y upgrade
- yum install yum-utils device-mapper-persistent-data lvm2
- 添加Docker yum仓库(选阿里)
- 阿里
- yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- 官方
- yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- 安装docker-ce(注意替换成官方推荐的版本)
- yum update && yum install docker-ce-18.06.2.ce
- 配置docker daemon
-
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ] } EOF- systemctl daemon-reload
- systemctl restart docker
- systemctl enable docker #开机启动
安装kubernetes
-
添加kubernetes yum仓库(阿里),官方仓库参考
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF -
安装三套件
- yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
- systemctl enable --now kubelet
-
修改k8s配置
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF sysctl --system -
偷梁换柱,绕过安装过程中从墙外google拉镜像的问题
- 列出依赖镜像
- kubeadm config images list
- k8s.gcr.io/kube-apiserver:v1.12.2
- k8s.gcr.io/kube-controller-manager:v1.12.2
- k8s.gcr.io/kube-scheduler:v1.12.2
- k8s.gcr.io/kube-proxy:v1.12.2
- k8s.gcr.io/pause:3.1
- k8s.gcr.io/etcd:3.2.24
- k8s.gcr.io/coredns:1.2.2
- kubeadm config images list
- 列出依赖镜像
- 下载阿里镜像,替换前缀
-
cat ./pull.sh
for i in `kubeadm config images list`; do imageName=${i#k8s.gcr.io/} docker pull registry.aliyuncs.com/google_containers/$imageName docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName docker rmi registry.aliyuncs.com/google_containers/$imageName done; -
sh pull.sh
-
- 初始化集群
-
kubeadm init --kubernetes-version=$(kubeadm version -o short) --pod-network-cidr=10.244.0.0/16 # pod-network-cidr=10.244.0.0/16 这个网段是之后安装flannel中需要且定死的
-
完成后输出
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 10.168.1.124:6443 --token idxunz.zj551qd8fxtnwv2g \ --discovery-token-ca-cert-hash sha256:697ed215b32abd060d7902f2f588545c8ba0fd98478994e2814f71e31c777b9b-
这段最好保存,之后备用。
-
如果kubeXXX命令运行错误,则执行第一段
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
- 默认主节点不能部署,去除这一限制
- kubectl taint nodes --all node-role.kubernetes.io/master-
安装网络插件flannel(这个容易上手)
- 具体的连接可能会变化,参考官网
- kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
加入节点
- 新节点执行上面的操作直到安装完kubernets三套件。不需要执行初始化和安装flannel
- 偷梁换柱(不知道为何主节点安装flannal时可以正常拉取)
-
docker pull docker.io/mirrorgooglecontainers/pause:3.1
-
docker tag docker.io/mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
-
docker rmi docker.io/mirrorgooglecontainers/pause:3.1
-
docker pull quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
-
docker tag quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64
-
docker rmi quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
-
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.16.2
-
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.16.2 k8s.gcr.io/kube-proxy:v1.16.2
-
docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.16.2
- 把之前记录的命令拉出来执行
- kubeadm join 10.168.1.124:6443 --token idxunz.zj551qd8fxtnwv2g
--discovery-token-ca-cert-hash sha256:697ed215b32abd060d7902f2f588545c8ba0fd98478994e2814f71e31c777b9b
- 命令丢了?token失效过期了?
- 列出已经生成的token
- kubeadm token list
- 重新生成token
- kubeadm token create --print-join-command
如何查找问题,总有一款适合你
- 查看节点状态
- kubectl get nodes
- 查看服务和端口
- kubectl get services -A
- 查看POD
- kubectl get pods -A
- 查看pod配置(初始化错误也可以用这个查看)
- kubectl describe pod [PodName] --namespace=[PodNamespace]
- 查看日志
- kubectl logs -f [PodName]
- 下载image卡住了?重启下就好了
- systemctl restart kubelet
安装Dashboard
- 改配置
-
image换成阿里的
- image: registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64
-
修改端口映射type改成NodePort, 增开nodePort
apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 31620 selector: k8s-app: kubernetes-dashboard
-
安装
- kubectl apply -f kubernetes-dashboard.yaml
- kubectl replace --force -f kubernetes-dashboard.yaml#重装
-
账户权限
- 开账户
- kubectl create serviceaccount k8sadmin -n kube-system
- 赋权
- kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin
- 获得登录token
- kubectl get secret -n kube-system
- kubectl describe secret [TokenName] -n kube-system
- 以上合并为一行命令
- kubectl get secret -n kube-system | grep k8sadmin | cut -d " " -f1 | xargs -n 1 | xargs kubectl get secret -o 'jsonpath={.data.token}' -n kube-system | base64 --decode
- 开账户
-
打开https://ip:port, 必须加上https, 忽略安全提示
-
用token登录
安装WeaveScope
- 也需要改端口映射参考kubernetes-dashboard,或代理登录。
- wget https://cloud.weave.works/k8s/scope.yaml?k8s-version=$(kubectl version | base64 | tr -d '\n') -O scope.yaml
