一、准备工作
--------------------------------------【准备工作】-------------------------------------------------
1.配置虚拟机网络
2.镜像源配置
mkdir /etc/yum.repos.d/bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
yum -y update
3.关闭防火墙
systemctl stop firewalld & systemctl disable firewalld
4.关闭selinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
5.关闭swap
swapoff -a
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
#查看swap是否被注释掉
cat /etc/fstab
# 用top查看swap情况,会看到swap的使用为0
#刷新swap使之生效
sysctl -p
6.设置路由
yum install -y bridge-utils.x86_64
modprobe br_netfilter # 加载br_netfilter模块,使用lsmod查看开启的模块
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 重新加载所有配置文件
7.修改主机名,其他节点类似,可设为master,node1,node2
hostnamectl set-hostname centos-master
cat <<EOF >>/etc/hosts
192.168.214.128 centos-master
EOF
二、docker-ce 安装
------------------------------------【docker安装】-------------------------------------------------
1.配置docker镜像源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache
2.安装合适的docker版本
# 查看docker-ce版本
yum list docker-ce --showduplicates | sort -r
#停止并删除已有的docker
systemctl stop docker && systemctl disable docker
yum remove docker-ce docker-ce-cli
3.安装指定版本的docker-ce,建议安装18.09
yum -y install docker-ce-18.09.9
4.启动docker服务并激活开机启动
systemctl start docker & systemctl enable docker
5.配置docker镜像源:
touch /etc/docker/daemon.json
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://r0p1k0cb.mirror.aliyuncs.com"]
}
systemctl daemon-reload
systemctl restart docker
6.运行第一个docker容器
docker run hello-world
# 查看docker版本
docker version
7.貌似会把上面的配置冲掉,可不做!
修改docker cgroup驱动,与k8s一致,使用systemd
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
systemctl restart docker # 重启使配置生效
三、k8s安装
------------------------------------【k8s安装】-----------------------------------------------------------------
1.配置k8s yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2.在master节点安装kubelet kubeadm kubectl,其他节点也需要
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
3.开机启动kubelet
systemctl enable --now kubelet
四、k8s初始化开始
------------------------------------【k8s初始化】----------------------------------------------------------------
开始前,建议,先做一个快照,便于随时恢复!!!
- 在master进行k8s集群初始化 (注意:Centos最低要求,2核2G,否则初始化失败。)
//定义POD的网段为:10.244.0.0/16,注意:这里指定网段后,需要在kube-flannel.yml 文件中保持一致。api server地址就是master本机IP地址
kubeadm init --kubernetes-version=1.17.3 --apiserver-advertise-address=192.168.214.128 --image-repository registry.aliyuncs.com/google_containers --service-cidr=192.1.0.0/16 --pod-network-cidr=10.244.0.0/16
//成功结果如下:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
【注意】: 记录生成的最后部分内容,此内容需要在后面会用到,其它节点加入k8s集群时执行。
kubeadm join 192.168.214.128:6443 --token wuhe1t.2prgpopmvd7eqdsx
--discovery-token-ca-cert-hash sha256:26ab9402953c65f7de57543e7dc7590a1ab1847ce13774e4e4f5ea4eed242093
1.1 执行以下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
说明:如果kubeadm init失败,想重新init,可以重置:
kubeadm reset
rm -rf $HOME/.kube //需要手动删除文件夹
2.在master节点部署flannel网络
方法一:(网络通畅的情况下运行)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
// 如果上述命令由于网络无法连接失败,可尝试:
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
注意:需要修改该文件,若要修改网段,需要kubeadm –pod-network-cidr=和这里同步,修改network项。
vim kube-flannel.yml
net-conf.json: |
64 {
65 "Network": "10.244.0.0/16", # 注意:这里的配置,要和kubeadm init中指定的一致!!!
66 "Backend": {
67 "Type": "vxlan"
68 }
69 }
输入ip route show验证,是否显示10.244.0.0/16,如果失败,docker images请查看镜像是否完整。是否有flannel相关的镜像,版本是否正确。
可手动执行:
docker pull quay.io/coreos/flannel:v0.11.0-amd64
docker images //查看
注意: 如果失败unchanged,则使用生产不能运行这一步,所有的pod都会运行不了,失去通信
kubectl delete -f kube-flannel.yml
kubectl apply -f kube-flannel.yml
3.将master节点作为工作节点,k8s集群默认不会将Pod调度到master上
kubectl taint nodes --all node-role.kubernetes.io/master-
4.加入node节点,在centos-node1节点执行上面步骤中保存的k8s join命令,这个命令在kubeadm init时生成。如果忘记,可以执行kubeadm token list 查看。
kubeadm join 192.168.214.128:6443 --token pxu31z.6yjf0vih086oe4lr
--discovery-token-ca-cert-hash sha256:a5a5def277ae5f1a07e77ceb99978fa0c2a7dc67b150121117cfb9e9de533ef2
//如果token过期,可以重新生成token:
# kubeadm token create
424mp7.nkxx07p940mkl2nd
# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
d88fb55cb1bd659023b11e61052b39bbfe99842b0636574a16c76df186fd5e0d
kubeadm join 192.168.214.128:6443 –-token pxu31z.6yjf0vih086oe4lr --discovery-token-ca-cert-hash sha256:a5a5def277ae5f1a07e77ceb99978fa0c2a7dc67b150121117cfb9e9de533ef2
说明:如果想删除节点,可执行
kubectl get node
kubectl delete node centos-node-02
5.验证集群是否正常
//若提示notReady则表示节点尚未准备好,可能正在执行其他初始化操作,等待全部变为Ready即可
kubectl get nodes
6.建议查看所有pod状态,运行:
kubectl get pods -n kube-system // 全部Running则表示集群正常
【排错】:
查看pod状态
kubectl get pod --all-namespaces
查看Pod具体情况
kubectl describe pod kube-flannel-ds-amd64-969xq --namespace=kube-system
排错日志:
journalctl -f # 当前输出日志
journalctl -f -u kubelet # 只看当前的kubelet进程日志
7.查看所有pods
kubectl get pods -n kube-system
8.kubelet 启动状态
systemctl status kubelet
systemctl restart docker && systemctl restart kubelet
9.移除节点
kubectl get node
kubectl delete node centos-node-02
10.重置
kubeadm reset
rm -rf $HOME/.kube //需要手动删除文件夹
11.查看pod状态
kubectl get pod --all-namespaces
12.查看Pod具体情况
kubectl describe pod kube-flannel-ds-amd64-969xq --namespace=kube-system
13.dashboard安装
a.下载文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
b.修改文件
158 type: NodePort
159 ports:
160 - port: 443
161 targetPort: 8443
162 nodePort: 30001
c.//dashboard-rbac.yaml文件,可自建,内容如下:
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard
subjects:
- kind: ServiceAccount
name: dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
d.执行如下命令
sudo kubectl apply -f kubernetes-dashboard.yaml
sudo kubectl apply -f dashboard-rbac.yaml
e.详情:
https://juejin.im/post/5d089f49f265da1baa1e7611#heading-23
f.获取token
kubectl -n kube-system describe $(kubectl -n kube-system
get secret -n kube-system -o name | grep namespace) | grep token
g.谷歌浏览器登录
mkdir key && cd key
#生成证书
openssl genrsa -out dashboard.key 2048
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.246.200'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#删除原有的证书secret
kubectl delete secret kubernetes-dashboard-certs -n kube-system
#创建新的证书secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system
#查看pod
kubectl get pod -n kube-system
#重启pod
kubectl delete pod <pod name> -n kube-system
--------------------------------------------------------------------------------------------------------
## 下载镜像需要一定时间,看pod处于running表示安装成功
kubectl get pod -n kube-system |grep kubernetes-dashboard
如果没有运行,使用kubectl describe pod kubernetes-dashboard-f65fc699b-62wn8 --namespace=kube-system ,查看具体失败原因,很大一部分原因是拉去镜像失败,可手动拉取docker pull xxx:xx,具体镜像名称,可在该文件中查看,kubernetes-dashboard.yaml,可以修改替换镜像地址。
例如,我改了以下内容:
109 spec:
110 containers:
111 - name: kubernetes-dashboard
112 image: siriuszg/kubernetes-dashboard-amd64:v1.10.1 //原有的镜像,手动无法下载
--------------------------------------【其他问题记录】--------------------------------------------------
四、其他问题
k8s部署失败的常见原因:
http://dockone.io/article/2247
k8s其他安装方法:
离线安装:https://www.jianshu.com/p/ae9f20b42064?utm_campaign=haruki&utm_content=note&utm_medium=reader_share&utm_source=weixin&from=singlemessagehttps://www.jianshu.com/p/ae9f20b42064?utm_campaign=haruki&utm_content=note&utm_medium=reader_share&utm_source=weixin&from=singlemessage
Rancher https://rancher.com/
自动化部署集群 https://github.com/gjmzj/kubeasz
配置Calico网络:
https://mp.weixin.qq.com/s/WsY9z56Xtc4p7L5oM1tkuw
dockerhub地址:
https://hub.docker.com/ //查找相应的镜像
docker images 结果如下:
五、相关链接
https://juejin.im/post/5d60d11051882513cb48ff20
https://zhuanlan.zhihu.com/p/96084545
https://juejin.im/post/5d60d11051882513cb48ff20
https://segmentfault.com/a/1190000013903445#item-1-14