k8s安装
centos7.9最小安装版本
从零开始的k8s安装
硬件配置要求
-
cpu >= 2核
-
硬盘 >= 20G
-
内存 >= 2G
-
节点数量建议为奇数(3, 5, 7, 9等)
以下命令出除特殊要求外,其余都建议在master主机执行。
本教程配置如下
机器名 | IP | 角色 | CPU | 内存 |
centos01 | 192.168.109.121 | master | 4核 | 2G |
centos02 | 192.168.109.122 | node | 4核 | 2G |
基础准备(所有机器都要执行)
设置主机名,所有节点都执行
-
执行以下命令安装必备插件
vim /etc/hosts #增加
192.168.109.121 centos01
192.168.109.122 centos02
-
关闭防火墙,所有节点都执行
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/selinux/config #修改SELINUX的值 SELINUX=disabled
-
关闭swap内存,所有节点都执行
free -h
sudo swapoff -a
sudo sed -i 's/.*swap.*/#&/' /etc/fstab
-
关闭selinux
getenforce
cat /etc/selinux/config
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config
-
配置网桥,所有节点都执行
修改参数
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
然后,加载如下两个模块,所有节点都执行
modprobe ip_vs_rr
modprobe br_netfilter
生效配置
[root@centos01 opt]# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
-
安装组件
# yum 更新
sudo yum update -y
# tab 命令补全
sudo yum install -y bash-completion
# wget
sudo yum install -y wget
# vim 编辑器
sudo yum install -y vim-enhanced
# 网络工具
sudo yum install -y net-tools
# gcc 编译器
sudo yum install -y gcc
-
安装docker
安装 docker , Containerd
# 删除 docker(如果有的话)
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安装必备工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 加入 docker 源
sudo yum-config-manager --add-repo download.docker.com/linux/centos/docker-ce.repo
# 安装 docker
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 安装 containerd
sudo yum install -y containerd
vim /etc/containerd/config.toml
#SystemdCgroup的值改为true
SystemdCgroup = true
#由于国内下载不到registry.k8s.io的镜像,修改sandbox_image的值为:
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
# 若下载不到containerd,执行「」中内容
「
wget github.com/containerd/containerd/releases/download/v1.7.2/containerd-1.7.2-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.7.2-linux-amd64.tar.gz
」
# 停止 containerd
sudo systemctl stop containerd.service
# 生成并修改配置文件
sudo cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
sudo containerd config default > $HOME/config.toml
sudo cp $HOME/config.toml /etc/containerd/config.toml
sudo sed -i "s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
sudo sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml
# 将 containerd 加入开机自启
sudo systemctl enable --now containerd.service
# 启动 docker
sudo systemctl start docker.service
# 将 docker 加入开机自启
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep docker
# 设置 docker 镜像加速
sudo mkdir -p /etc/docker
# 镜像address换成你自己的镜像address
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["xxxxx.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo docker info
sudo systemctl status docker.service
sudo systemctl status containerd.service
-
添加国内镜像仓库
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
# 是否开启本仓库
enabled=1
# 是否检查 gpg 签名文件
gpgcheck=0
# 是否检查 gpg 签名文件
repo_gpgcheck=0
gpgkey=mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
-
安装k8s
# 安装 1.27.1 版本
sudo yum install -y kubelet-1.27.1 kubeadm-1.27.1 kubectl-1.27.1 --disableexcludes=kubernetes --nogpgcheck
# 安装最新版本(生产环境不建议)
# sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes --nogpgcheck
systemctl daemon-reload
sudo systemctl restart kubelet
sudo systemctl enable kubelet
-
启动(master执行)
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.42.150 --kubernetes-version=v1.27.1
# --image-repository 镜像加速address,一般不动
# --apiserver-advertise-address master 节点IP address,自己改
# --kubernetes-version kubernetes 版本,自己选择的什么版本就改成什么版本
# 初始化失败可以使用 kubeadm reset 重置
# 失败原因多半是因为网络问题,可以换个网络试试
-
初始化成功后执行(master执行)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
将node加入集群
# 执行成功后,会出现类似下列内容:
kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
--discovery-token-ca-cert-hash sha256:6dkl32klh34j5gkj2kl42kjlk452h42lh4l2h42l
# 将控制台打印的这句复制到 node 节点主机上执行就行
# 如果忘记或者过期可以使用以下命令重新生成
kubeadm token create --print-join-command
-
查看集群状态(master 节点执行)
kubectl get nodes
-
安装网络插件,可以选择calico或flannel,这里选择安装flannel,仅在(master节点执行)
wget github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
# vim kube-flannel.yml
#修改Network项的值,改为和--pod-network-cidr一样的值
"Network": "10.244.0.0/16"
#由于有时国内网络的问题,需要修改image的value,把所有的docker.io改为dockerproxy.com#共需要修改3处,两个值
image: dockerproxy.com/flannel/flannel:v0.22.0
image: dockerproxy.com/flannel/flannel-cni-plugin:v1.1.2
# 安装
# kubectl apply -f kube-flannel.yml
问题:
问题 1:安装flannel失败报如下
Back-off restarting failed container kube-flannel in pod kube-flannel
方法
部署flannel网络插件时发现flannel一直处于CrashLoopBackOff状态,查看日志提示没有分配cidr
解决
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
增加参数:
--allocate-node-cidrs=true
--cluster-cidr=10.244.0.0/16
然后保存退出执行
systemctl restart kubelet
如下
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-controller-manager
tier: control-plane
name: kube-controller-manager
namespace: kube-system
spec:
containers:
- command:
- kube-controller-manager
- --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
- --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
- --bind-address=127.0.0.1
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --cluster-name=kubernetes
- --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
- --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
- --controllers=*,bootstrapsigner,tokencleaner
- --kubeconfig=/etc/kubernetes/controller-manager.conf
- --leader-elect=true
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --root-ca-file=/etc/kubernetes/pki/ca.crt
- --service-account-private-key-file=/etc/kubernetes/pki/sa.key
- --use-service-account-credentials=true
- --allocate-node-cidrs=true
- --cluster-cidr=10.244.0.0/16
问题2: 只部署单节点允许master节点部署pod
方法:
# 查看当前
kubectl describe nodes master |grep -E '(Roles|Taints)'
#允许,k8s分成control-plane和node两种角色对应过去的master与work
kubectl taint node master node-role.kubernetes.io/control-plane-
#禁止master部署pod
kubectl taint nodes k8s node-role.kubernetes.io/master=true:NoSchedule
参考资料:
-
blog.csdn.net/weixin_44084452/article/details/130797232
-
developer.volcengine.com/articles/7262266226414452755#heading21
-
zhuanlan.zhihu.com/p/532393808
-
blog.frognew.com/2021/08/relearning-k8s-02.html