centos7 搭建 kubernetes1.16.7 集群 I

环境

三台 Centos 7 服务器：kube_1、kube_2、kube_3，配置：2核 4G

设置主机名称（*不改的话，加入work节点时会出大错，这个细节改了好久）

# 临时修改
hostname XXX

# 永久修改 （建议）
hostnamectl set-hostname xxx

关闭、禁用防火墙：

systemctl stop firewalld

systemctl disable firewalld

禁用SELINUX:

setenforce 0

禁用交换分区

swapoff -a 

修改 /etc/fstab 文件，将交换分区的文件系统注释掉，如下

# /dev/mapper/centos-swap swap                    swap    defaults        0 0

创建 /etc/sysctl.d/k8s.conf 文件，添加如下内容：

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

执行如下命令使修改生效：

modprobe br_netfilter

sysctl -p /etc/sysctl.d/k8s.conf

安装Docker

# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2

# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# Step 3: 更新并安装 Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce

# Step 4: 开启Docker服务
sudo service docker start

# Step 5: 设置开机启动
sudo systemctl enable docker

配置阿里云镜像加速器：

mkdir -p /etc/docker

tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://obww7jh1.mirror.aliyuncs.com"]    # 上自己的阿里云找自己的加速
}
EOF

systemctl daemon-reload

systemctl restart docker

安装 kubelet kubeadm kubectl

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum install -y kubelet-1.16.7 kubeadm-1.16.7 kubectl-1.16.7

systemctl enable --now kubelet

构建 Kubernetes 集群

1、初始化 Master 节点 kube1

kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers

• --pod-network-cidr ：后续安装 flannel 的前提条件，且值为 10.244.0.0/16, 参考资料
• --image-repository ：指定镜像仓库，这个好像已经不行了，用我的仓库   registry.cn-hangzhou.aliyuncs.com/wzllzw

输出日志：

[addons] Applied essential addon: CoreDNS

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.1.127:6443 --token yjscgl.eybl86olwr3g2ct9 
    --discovery-token-ca-cert-hash sha256:91f7982ff4ffb9099b5228449044483192b73d52932929674985ef595a769055 

从日志中，可以看出，要使用集群，需要执行如下命令：

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

 还需要部署一个 Pod Network 到集群中，此处选择 flannel ，因为要访问国外资源的缘故，这里另外处理

# 将 yml 文件下载到本地
[root@localhost ~]# wget https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
# 打开文件，将文件中所有 quay.io 修改为 quay-mirror.qiniu.com (https://blog.csdn.net/zsd498537806/article/details/85157560)

# 最后拉取镜像
[root@localhost ~]# kubectl apply -f kube-flannel.yml

至此，Master 节点初始化完毕，查看集群相关信息：

# 查看集群
[root@localhost ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.1.127:6443
KubeDNS is running at https://192.168.1.127:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

# 查看 node
[root@localhost ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE    VERSION
k8s-master   Ready    master   106m   v1.16.7
k8s-node1    Ready    <none>   102m   v1.16.7
k8s-node2    Ready    <none>   33m    v1.16.4

# 查看pod
[root@localhost ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   coredns-58cc8c89f4-955zb             1/1     Running   0          106m
kube-system   coredns-58cc8c89f4-bp746             1/1     Running   0          106m
kube-system   etcd-k8s-master                      1/1     Running   0          106m
kube-system   kube-apiserver-k8s-master            1/1     Running   0          105m
kube-system   kube-controller-manager-k8s-master   1/1     Running   0          105m
kube-system   kube-flannel-ds-amd64-ckdzv          1/1     Running   0          102m
kube-system   kube-flannel-ds-amd64-fvrmj          1/1     Running   0          105m
kube-system   kube-flannel-ds-amd64-m8557          1/1     Running   0          34m
kube-system   kube-proxy-6lgbv                     1/1     Running   0          34m
kube-system   kube-proxy-d8sxd                     1/1     Running   0          106m
kube-system   kube-proxy-v9xnz                     1/1     Running   0          102m
kube-system   kube-scheduler-k8s-master            1/1     Running   0          106m

* 如果初始化中遇到问题：

[root@localhost ~]# kubeadm reset

[root@localhost ~]# rm -rf /var/lib/cni/

[root@localhost ~]# rm -f $HOME/.kube/config

* 若出现 节点 NotReady,  coredns 为 pending （https://www.jianshu.com/p/d446121dbfc2）

[root@localhost ~]# kubectl get nodes

NAME          STATUS     ROLES    AGE     VERSION
k8s-master   NotReady   master   2m48s   v1.16.7

# 查看 Pods 信息
[root@localhost ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                            READY   STATUS    RESTARTS   AGE
kube-system   coredns-9d85f5447-4f65b                         0/1     Pending   0          63m
kube-system   coredns-9d85f5447-b2m6m                         0/1     Pending   0          63m
kube-system   etcd-localhost.localdomain                      1/1     Running   0          63m
kube-system   kube-apiserver-localhost.localdomain            1/1     Running   0          63m
kube-system   kube-controller-manager-localhost.localdomain   1/1     Running   0          63m
kube-system   kube-proxy-sz9ld                                1/1     Running   0          63m
kube-system   kube-scheduler-localhost.localdomain            1/1     Running   0          63m

 解决方法：安装CNI，安装CNI配置文件

$ mkdir -p /etc/cni/net.d
$ cat >/etc/cni/net.d/10-mynet.conf <<EOF
{
    "cniVersion": "0.2.0",
    "name": "mynet",
    "type": "bridge",
    "bridge": "cni0",
    "isGateway": true,
    "ipMasq": true,
    "ipam": {
        "type": "host-local",
        "subnet": "10.22.0.0/16",
        "routes": [
            { "dst": "0.0.0.0/0" }
        ]
    }
}
EOF
$ cat >/etc/cni/net.d/99-loopback.conf <<EOF
{
    "cniVersion": "0.2.0",
    "name": "lo",
    "type": "loopback"
}
EOF

这里两个配置一个是给容器塞一个网卡挂在网桥上的，另外一个配置负责撸(本地回环)

添加work节点

方式1 ：使用 kubeadm init时返回的信息加入 （在work节点中输入命令）

kubeadm join 192.168.1.127:6443 --token yjscgl.eybl86olwr3g2ct9 
    --discovery-token-ca-cert-hash sha256:91f7982ff4ffb9099b5228449044483192b73d52932929674985ef595a769055 

方式2 ：重新生成token

kubeadm token generate

kubeadm token create <generated-token> --print-join-command --ttl=24h

配置dns

一、DNS的临是修改。（重启后失效）
vim /etc/resolv.conf        //打开resolv.conf 文件

改为如下内容：

nameserver 8.8.8.8 #修改成你的主DNS

nameserver 8.8.7.7 #修改成你的备用DNS

 

二、DNS永久修改。（永久修改不失效）
vim /etc/resolvconf/resolv.conf.d/base //打开resolv.conf 文件

最后输入：

nameserver 8.8.8.8 #修改成你的主DNS

nameserver 8.8.7.7 #修改成你的备用DNS

raw.githubusercontent.com的IP访问呢不到（被污染）

# /etc/hosts 中加入 
199.232.68.133 raw.githubusercontent.com

参考：

kubernetes v1.16.x环境搭建 ：https://www.jianshu.com/p/832bcd89bc07   

彻底理解kubernetes CNI ：https://www.jianshu.com/p/d446121dbfc2 

gcr.io和quay.io拉取镜像失败 ：https://blog.csdn.net/zsd498537806/article/details/85157560