服务器准备:
1、 10.0.2.5 2核3G master
2、 10.0.2.6 2核2G node
一、关闭swap交换区
vi /etc/fstab 注释掉 swap行, 临时关闭: swapoff -a
free -m 查看swap的状态
二、禁用SELinux
vi /etc/sysconfig/selinux 将SELINUX=enforcing修改为SELINUX=disabled 临时关闭: setenforce 0
三、关闭firewalld
systemctl disable firewalld
systemctl stop firewalld
四、安装docker,并且启动docker,配置cgroupdriver为systemd
1、前提条件 CentOS7以上版本, linux内核需要3.10以上
# uname -r
3.10.0-1062.el7.x86_64
1、卸载旧版本:
docker的旧版本叫 docker 或 docker-engine,如果安装了则卸载掉,把相关的依赖也卸载掉
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
2、安装
yum update
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(如果 yum-config-manager: command not found, 执行 yum -y install yum-utils)
yum makecache fast
yum -y install docker-ce 如果提示 No package docker-ce available. 则reboot 后重新执行
service docker start 也可以 systemctl start docker
systemctl enable docker 设置开机自启动
docker info
docker -v 或 docker version
vi /etc/docker/daemon.json 添加下面的内容
{
"registry-mirrors": ["https://reg-mirror.qiniu.com/","https://registry.docker-cn.com","http://hub-mirror.c.163.com"]
, "exec-opts": ["native.cgroupdriver=systemd"]
}
service docker restart
五、启用 bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
六、安装kubernetes master
1、修改hostname和域名映射
# 查看当前的hostname
hostname 或hostnamectl
# 修改hostname
hostnamectl set-hostname k8s-master # master节点的主机名
# vi /etc/hosts 添加
10.0.2.5 k8s-master kube-apiserver
10.0.2.6 k8s-node1
# reboot 修改hostname需要重启系统
2、配置k8s yum源
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
yum makecache fast
3、安装kubelet和kubeadm:
yum install kubelet kubeadm --disableexcludes=kubernetes
4、启动kubelet服务
kubeadm将使用kubelet服务以容器的方式部署和启动Kubernetes的主要服务,所以需要先启动kubelet服务。
systemctl enable kubelet & systemctl start kubelet
此时kubelet的状态,还是启动失败,通过journalctl -xeu kubelet能看到error信息;只有当执行了kubeadm init后才会启动成功。
5、获取配置,拉取相关镜像
拉取默认的配置
kubeadm config print init-defaults > init-config.yaml
vi init-config.yaml
advertiseAddress: 1.2.3.4 改成master的真实ip 10.0.2.5
imageRepository: k8s.gcr.io 改成 registry.aliyuncs.com/google_containers
kubernetes镜像拉取:
kubeadm config images pull --config=init-config.yaml
运行kubeadm init安装master节点
kubeadm init --config=init-config.yaml
最后提示如下
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.2.5:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:90489d258bb3254596c2e9ff54d3a7d214299b4a712a459b97a6b549efdfed0e
根据提示配置环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
# kubectl get node
NAME STATUS ROLES AGE VERSION
node NotReady control-plane,master 3m52s v1.22.4
当加入node节点时,需要查看token,可以执行以下指令:
kubeadm token list
当token过期时,可以创建新的永久token:
# kubeadm token create --ttl 0 #创建永久的token
返回 43ilet.ke2va6a0ja4ed2n8
# 获取ca证书sha256编码hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
返回 (stdin)= f7cb2c94078cbbd7873f9b317013168a97393c69925d73127dc90b9f1b50d83f
# node 节点加入
kubeadm join 10.0.2.5:6443 --token 43ilet.ke2va6a0ja4ed2n8 --discovery-token-ca-cert-hash sha256:f7cb2c94078cbbd7873f9b317013168a97393c69925d73127dc90b9f1b50d83f
# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
43ilet.ke2va6a0ja4ed2n8 <forever> <never> authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
七、安装kubernetes node
先操作前面的一~五
1、修改hostname和域名映射
# 查看当前的hostname
hostname 或hostnamectl
# 修改hostname
hostnamectl set-hostname k8s-node1 # master节点的主机名
# vi /etc/hosts 添加
10.0.2.5 k8s-master kube-apiserver
10.0.2.6 k8s-node1
# reboot 修改hostname需要重启系统
2、配置k8s yum源
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
yum makecache fast
3、安装kubelet和kubeadm:
yum install kubelet kubeadm --disableexcludes=kubernetes
运行以下命令,并设置开机启动:
systemctl enable kubelet && systemctl start kubelet
执行join命令 (即前面master init成功后的提示内容, 如果token过期了需要重新create token, master章节要介绍)
kubeadm join 10.0.2.5:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:90489d258bb3254596c2e9ff54d3a7d214299b4a712a459b97a6b549efdfed0e
从master复制admin.conf 然后配置环境变量
scp root@10.0.2.5:/etc/kubernetes/admin.conf ~
echo "export KUBECONFIG=~/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-node1 NotReady <none> 10m v1.22.4
node NotReady control-plane,master 82m v1.22.4
4、安装网络插件 Calico CNI
kubectl apply -f "https://docs.projectcalico.org/manifests/calico.yaml"
稍等一会儿,重新执行
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-node1 Ready <none> 14m v1.22.4
node Ready control-plane,master 85m v1.22.4
完毕。