我們使用centos7的系統,內核升級到5.5.4,爲什麼使用升級後的內核,這是因爲centos7.4的內核是3.10,在docker運行時,有內核bug,導致運行緩慢,出現一堆錯誤異常,可以查閱我另外一個博客文章。
一、安裝前的準備工作
1、系統版本如下:
- Linux cka61.xulinpeng.cn 5.5.4-1.el7.elrepo.x86_64 #1 SMP Thu Feb 13 18:09:18 EST 2020 x86_64 x86_64 x86_64 GNU/Linux
- 系統最低配置爲2核cpu,2GB內存,主機名稱和MAC地址不能有衝突。
2、iptables不能使用nftables,nftables和kubeadm不兼容,將形成重複的防火牆規則,導致kube-proxy不能正常工作。
update-alternatives --set iptables /usr/sbin/iptables-legacy
3、檢查端口沒有沒佔用
控制節點
Protocol Direction Port Range Purpose Used By
TCP Inbound 6443* Kubernetes API server All
TCP Inbound 2379-2380 etcd server client API kube-apiserver, etcd
TCP Inbound 10250 Kubelet API Self, Control plane
TCP Inbound 10251 kube-scheduler Self
TCP Inbound 10252 kube-controller-manager Self
工作節點
Protocol Direction Port Range Purpose Used By
TCP Inbound 10250 Kubelet API Self, Control plane
TCP Inbound 30000-32767 NodePort Services† All
4、安裝必須的工具包,可能會影響k8s正常工作,像nfs工具包不安裝將導致pv掛載nfs時出現錯誤異常。
yum install vim net-tools nfs-utils yum-utils device-mapper-persistent-data lvm2 nfs-utils
5、關閉系統防火牆、selinux
[root@cka60 ~]# systemctl stop firewalld && systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@cka60 ~]# setenforce 0
[root@cka60 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@cka60 ~]# swapoff -a
# /etc/fstab
# Created by anaconda on Mon Feb 17 21:07:54 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=d9c958a2-8f63-47c0-b2e5-1a0478b4b129 / xfs defaults 0 0
UUID=c7c6e317-9cbc-47a8-9491-73eb42af8dc7 /boot xfs defaults 0 0
#UUID=3ba5e597-0689-483f-9058-f58d1273c973 swap swap defaults 0 0
7、確保 在 sysctl 配置中的 net.bridge.bridge-nf-call-iptables 被設置爲 1,防止無法正確路由的問題
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
EOF
8、配置hosts文件
[root@cka60 etc]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.26.60 cka60
192.168.26.61 cka61
192.168.26.62 cka62
9、配置yum源
#配置docker安裝源
[root@cka60 yum.repos.d]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
添加kubernetes安裝源
cat >> /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
二、安裝docker
1、docker使用第9步中配置的yum源,最新版是19.03,如果使用centos7.4自帶的則是docker1.13版本較低。
[root@cka60 ~]# yum list docker-ce
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Available Packages
docker-ce.x86_64 3:19.03.6-3.el7 docker-ce-stable
[root@cka60 ~]# yum install docker-ce -y
2、安裝完畢後,啓動docker服務,並查看版本,檢查是不是正確。
[root@cka60 ~]# systemctl restart docker && systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@cka60 ~]# docker version
Client: Docker Engine - Community
Version: 19.03.6
API version: 1.40
Go version: go1.12.16
Git commit: 369ce74a3c
Built: Thu Feb 13 01:29:29 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.6
API version: 1.40 (minimum version 1.12)
Go version: go1.12.16
Git commit: 369ce74a3c
Built: Thu Feb 13 01:28:07 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683
3、配置docker國內鏡像加速地址,這個是使用阿里雲的加速器,國內其他的也可以。
cat /etc/docker/daemon.json
{
"registry-mirrors":["https://ns2wtlx2.mirror.aliyuncs.com"]
}
三、安裝kubernetes集羣
1、安裝kubeadm和kubectl、kubelet
[root@cka60 docker]# kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:14:22Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@cka60 docker]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:12:12Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
kubelet就不要看版本了。直接設置爲服務就可以了
systemctl enable kubelet
2、裂變從節點
由於我是在虛擬機中安裝練習,而主節點、從節點以上步驟均一致,無需重複安裝,因此有個小技巧,可以從這一步,將虛擬機進行克隆,複製出從節點來,該節點爲master節點。
3、初始化主節點
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.17.0 --pod-network-cidr=10.244.0.0/16
--image-repository指定使用的倉庫地址,如果不指定國內倉庫,則下載鏡像非常緩慢,只能通過導入image的方式,導入節點倉庫,而我們指定了阿里的鏡像倉庫,不需要手工導入image。
--kubernetes-version指定安裝的版本
--pod-network-cidr集羣pod的ip地址範圍
其餘使用默認參數,結果大約有3~5分鐘
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.26.60:6443 --token 1cby7t.a7nngscv38au0a5v \
--discovery-token-ca-cert-hash sha256:bb84b80364c8ff7795cb33e3c1c1bb46078503d9a57f25045dd671c8dc991f02
至此說明已經安裝成功了。
4、加入從節點
從節點依次執行
kubeadm join 192.168.26.60:6443 --token 1cby7t.a7nngscv38au0a5v \
--discovery-token-ca-cert-hash sha256:bb84b80364c8ff7795cb33e3c1c1bb46078503d9a57f25045dd671c8dc991f02
一定要根據自己的機器去處理。
5、調整kubectl配置
要將kube的配置文件放到home目錄下,纔可以正常使用kubectl,否則出現端口錯誤提示
[root@cka61 ~]# kubectl get nodes
The connection to the server localhost:8080 was refused - did you specify the right host or port?
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
6、檢查節點狀態
可以看到節點都是NotReady狀態,進一步檢查pod的狀態,發現coredns節點沒啓動,錯誤信息爲node節點都被taint,真正原因是沒有安裝網絡插件。
[root@cka60 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
cka60.xulinpeng.cn NotReady master 3m2s v1.17.3
cka61.xulinpeng.cn NotReady <none> 90s v1.17.3
cka62.xulinpeng.cn NotReady <none> 15s v1.17.3
7、安裝網絡插件
我們安裝的網絡插件是flannel,如果安裝calico,需要將yaml文件中的pod地址端配置改一下,和kubeadm中配置的一致。
CALICO_IPV4POOL_CIDR
value: "192.168.0.0/16"
先將flannel的yaml文件下載下來,檢查一下使用的鏡像image
wget
https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
grep image kube-flannel.yml
image: quay.io/coreos/flannel:v0.11.0-amd64
image: quay.io/coreos/flannel:v0.11.0-amd64
image: quay.io/coreos/flannel:v0.11.0-arm64
image: quay.io/coreos/flannel:v0.11.0-arm64
image: quay.io/coreos/flannel:v0.11.0-arm
image: quay.io/coreos/flannel:v0.11.0-arm
image: quay.io/coreos/flannel:v0.11.0-ppc64le
image: quay.io/coreos/flannel:v0.11.0-ppc64le
image: quay.io/coreos/flannel:v0.11.0-s390x
image: quay.io/coreos/flannel:v0.11.0-s390x
只需要下載鏡像即可quay.io/coreos/flannel:v0.11.0-arm64,這個鏡像也在國外,即便使用代理下載也不是很容易,而國內需要去鏡像倉庫找,大部分需要註冊賬號才能使用,我把這個鏡像做成flannel-0.11.tar包,放到資源裏面,需要的時候,下載導入就可以了。
docker load -i flannel-0.11.tar
kubectl apply -f kube-flannel.yml
這時候再檢查node狀態,全部都正常了。
[root@cka60 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
cka60.xulinpeng.cn Ready master 19h v1.17.3
cka61.xulinpeng.cn Ready <none> 19h v1.17.3
cka62.xulinpeng.cn Ready <none> 19h v1.17.3