1.Kubernetes 架构图
2.Kubernetes 环境准备
1?? 关闭防火墙:
systemctl stop firewalld && systemctl disable firewalld
2?? 关闭 selinux:
- sed -i 's/enforcing/disabled/' /etc/selinux/config
- setenforce 0
3?? 关闭 swap:
- # 临时
- swapoff -a
- # 永久关闭 swap 分区
- sudo sed -ri 's/.*swap.*/#&/' /etc/fstab
4?? 添加主机名与 IP 对应关系 (记得设置主机名):
- cat /etc/hosts
- 10.211.55.3 k8s-master
- 10.211.55.4 k8s-node1
- 10.211.55.6 k8s-node2
- 10.211.55.7 k8s-node3
5?? 将桥接的 IPv4 流量传递到 iptables 的链:
- cat> /etc/sysctl.d/k8s.conf << EOF.NET.bridge.bridge-nf-call-ip6tables = 1.NET.bridge.bridge-nf-call-iptables = 1 EOF
- sysctl --system
3. 所有节点安装 Docker/kubeadm/kubelet
Kubernetes 默认 CRI(容器运行时) 为 Docker, 因此先安装 Docker.
1?? 安装 Docker:
- sudo su
- wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
- yum -y install docker-ce-18.06.1.ce-3.el7
- systemctl enable docker && systemctl start docker
- docker --version
2?? 添加阿里云 YUM 软件源:
- [[email protected] yum.repos.d]# cat /etc/yum.repos.d/kubernetes.repo
- [kubernetes]
- name=Kubernetes
- baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
- enabled=1
- gpgcheck=0
- repo_gpgcheck=0
- gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
- http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
3?? 安装 kubeadm,kubelet 和 kubectl
- yum install -y kubelet kubeadm kubectl
- systemctl enable kubelet && systemctl start kubelet
4. 部署 Kubernetes Master
1?? 由于默认拉取镜像地址 k8s.gcr.io 国内无法访问, 这里指定阿里云镜像仓库地址.
kubeadm init --apiserver-advertise-address=10.211.55.3 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
执行 init 后:
- Your Kubernetes control-plane has initialized successfully!
- To start using your cluster, you need to run the following as a regular user:
- mkdir -p $HOME/.kube
- sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
- sudo chown $(id -u):$(id -g) $HOME/.kube/config
- You should now deploy a pod network to the cluster.
- Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
- https://kubernetes.io/docs/concepts/cluster-administration/addons/
- Then you can join any number of worker nodes by running the following on each as root:
- kubeadm join 10.211.55.3:6443 --token eehcsb.r8tnvj7ov436x63q --discovery-token-ca-cert-hash sha256:583f343b5d55ff96c5a83ccc82444de3c0313adf135d8a980507932aa2f51e1d
如果出错, 执行:
- kubeadm reset
- #kubeadm 详细用法可查看 kubeadm --help
2?? 使用 kubectl 工具:
- [[email protected] yum.repos.d]# mkdir -p $HOME/.kube
- [[email protected] yum.repos.d]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
- [[email protected] yum.repos.d]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
- [[email protected] yum.repos.d]# kubectl get nodes
- NAME STATUS ROLES AGE VERSION
- k8s-master NotReady master 8m33s v1.17.0
另外, 提示我们还需要创建网络, 并且让其他节点执行 kubeadm join... 加入集群.
5. 创建网络
如果不创建网络, 查看 pod 状态时, 可以看到 kube-dns 组件是阻塞状态, 集群时不可用的:
- [[email protected] yum.repos.d]# kubectl get pod -n kube-system
- NAME READY STATUS RESTARTS AGE
- coredns-9d85f5447-n9kkd 0/1 Pending 0 25m
- coredns-9d85f5447-s9ms2 0/1 Pending 0 25m
- etcd-k8s-master 1/1 Running 0 25m
- kube-apiserver-k8s-master 1/1 Running 0 25m
- kube-controller-manager-k8s-master 1/1 Running 0 25m
- kube-proxy-94wtc 1/1 Running 0 5m41s
- kube-proxy-h8q8h 1/1 Running 0 5m45s
- kube-proxy-kxmxt 1/1 Running 0 25m
- kube-proxy-nxtpq 1/1 Running 0 5m44s
- kube-scheduler-k8s-master 1/1 Running 0 25m
网络创建有问题, 未完, 明日解决再更新...
来源: http://www.bubuko.com/infodetail-3327025.html