准备环境
本次实验以k8s 1.8版本为例:
kubelet-1.18.0-0:在集群中的每个节点上用来启动 Pod 和容器等
kubeadm-1.18.0-0:在集群中的每个节点上用来启动 Pod 和容器等
kubectl-1.18.0-0:用来与集群通信的命令行工具
docker-19.03.13-ce:k8s基于docker拉取镜像、启动服务
准备两台Linux服务器(CentOS系统):
控制节点:10.0.0.1,安装docker、kubelet、kubectl和kubeadm
worker节点:10.0.0.2,安装docker、kubelet、kubectl和kubeadm
控制节点操作
安装docker
sudo yum install dockersudo systemctl start docker
配置kubernetes镜像地址
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=http://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=http://packages.cloud.google.com/yum/doc/yum-key.gpg http://packages.cloud.google.com/yum/doc/rpm-package-key.gpgEOF
禁用SELinux,为了允许容器访问主机文件系统,这么操作是为了保证后续 Pod 网络工作正常
setenforce 0sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
Kubernetes 1.8开始要求关闭系统的Swap,如果不关闭,默认配置下kubelet将无法启动
swapoff -a
安装kubeadm、kubelet、kubectl
sudo yum install -y kubeadm-1.18.0-0 kubelet-1.18.0-0 kubectl-1.18.0-0 --disableexcludes=kubernetes
查看kubeadm是否安装成功
$ kubeadm versionkubeadm version: &version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T05:17:43Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
通过systemctl 启动kubelet
#启动kubeletsudo systemctl start kubelet#显示日志:Warning: kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units.# 重载所有修改过的配置文件sudo systemctl daemon-reload#开机启动kubeletsudo systemctl enable kubelet
必须保证kubelet安装成功,执行下面命令不能报错
$ kubelet version
初始化kubeadm
#重置kubeadm的初始化sudo kubeadm reset# –-pod-network-cidr:用于指定Pod的网络范围,物理机ip地址,10.99必须是存在的物理机ip地址# –-service-cidr:用于指定service的网络范围,虚拟ip地址# --feature-gates:在 Kubernetes 1.18 中,用 kubeadm 来安装 kube-dns 这一做法已经被废弃sudo kubeadm init --kubernetes-version=v1.18.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.1.0.0/16
执行初始化后,可以在初始化的日志中看到,需要在集群其他机器中执行的命令
Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 10.0.0.1:6443 --token wzghpa.mwvdt4ho0fn936dg \--discovery-token-ca-cert-hash sha256:aa101787f7398ac95755b1e61aa56c69cbf7205d5035184622ba8cad57abf3e1
在控制节点中配置kube相关的配置,并且export配置
mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configexport KUBECONFIG=$HOME/.kube/config
执行完上述命令后,通过kubectl version
查看kubectl 是否安装成功,能正常显示出Client Version和Server Version等信息,即表示kubectl 集群安装成功了,只是目前集群中只有控制节点
$ kubectl versionClient Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.0", GitCommit:"9e991415386e4cf155a24b1da15becaa390438d8", GitTreeState:"clean", BuildDate:"2020-03-25T14:58:59Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.0", GitCommit:"9e991415386e4cf155a24b1da15becaa390438d8", GitTreeState:"clean", BuildDate:"2020-03-25T14:50:46Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}
查看集群节点
#查看集群节点$ kubectl get nodeNAME STATUS ROLES AGE VERSIONmaster NotReady master 14h v1.18.0#查看命名空间$ kubectl get nsNAME STATUS AGEdefault Active 15hkube-node-lease Active 15hkube-public Active 15hkube-system Active 15h
kubectl 安装成功后,需要为集群部署flannel网络,执行完成以后,可以看到创建的一些配置
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlpodsecuritypolicy.policy/psp.flannel.unprivileged createdclusterrole.rbac.authorization.k8s.io/flannel createdclusterrolebinding.rbac.authorization.k8s.io/flannel createdserviceaccount/flannel createdconfigmap/kube-flannel-cfg createddaemonset.apps/kube-flannel-ds created
在命名空间kube-system中查看kube-flannel的pod是否启动成功
$ kubectl get pod -n kube-system | grep kube-flannelkube-flannel-ds-hgkk6 0/1 Init:ImagePullBackOff 0 15m
看到kube-flannel没有启动成功,原因是kube-flannel的镜像没有下载下来,需要手动下载对应的kube-flannel版本
$ wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
将kube-flannel.yml下载到服务器上后,查看yml中使用的flannel版本
$ cat kube-flannel.ymlcontainers:- name: kube-flannelimage: quay.io/coreos/flannel:v0.13.1-rc2
看到kube-flannel使用的镜像是quay.io/coreos/flannel:v0.13.1-rc2,通过docker命令下载镜像
$ sudo docker pull quay.io/coreos/flannel:v0.13.1-rc2$ sudo docker image ls | grep flannelquay.io/coreos/flannel v0.13.1-rc2 dee1cac4dd20 7 weeks ago 64.3MB
flannel镜像下载下来后,kube-flannel的pod就自动启动成功了
$ kubectl get pod -n kube-system | grep kube-flannelkube-flannel-ds-hgkk6 1/1 Running 0 6m
添加worker节点
安装docker
sudo yum install dockersudo systemctl start docker
配置kubernetes镜像地址
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=http://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=http://packages.cloud.google.com/yum/doc/yum-key.gpg http://packages.cloud.google.com/yum/doc/rpm-package-key.gpgEOF
禁用SELinux,为了允许容器访问主机文件系统,这么操作是为了保证后续 Pod 网络工作正常
setenforce 0sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
Kubernetes 1.8开始要求关闭系统的Swap,如果不关闭,默认配置下kubelet将无法启动
swapoff -a
安装kubeadm、kubelet
sudo yum install -y kubeadm-1.18.0-0 kubelet-1.18.0-0 --disableexcludes=kubernetes
通过systemctl 启动kubelet
#启动kubeletsudo systemctl start kubelet#显示日志:Warning: kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units.# 重载所有修改过的配置文件sudo systemctl daemon-reload#开机启动kubeletsudo systemctl enable kubelet
接下来,需要将worker服务器,加入到k8s集群中,在worker节点服务器执行命令
$ sudo kubeadm join 10.0.0.1:6443 --token wzghpa.mwvdt4ho0fn936dg \--discovery-token-ca-cert-hash sha256:aa101787f7398ac95755b1e61aa56c69cbf7205d5035184622ba8cad57abf3e1
如果执行过程中,出现以下错误信息
[preflight] Some fatal errors occurred:/var/lib/kubelet is not empty[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`
则需要重置kubeadm,重置后,会删除/var/lib/kubelet下面的一些文件
$ sudo kubeadm reset
重置以后,重新执行kubeadm join命令,将worker节点加入到集群中
$ sudo kubeadm join 10.0.0.1:6443 --token wzghpa.mwvdt4ho0fn936dg \--discovery-token-ca-cert-hash sha256:aa101787f7398ac95755b1e61aa56c69cbf7205d5035184622ba8cad57abf3e1#日志输出[preflight] Starting the kubelet service[discovery] Trying to connect to API Server "10.0.0.1:6443"[discovery] Created cluster-info discovery client, requesting info from "https://10.0.0.1:6443"[discovery] Requesting info from "https://10.0.0.1:6443" again to validate TLS against the pinned public key[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.0.0.1:6443"[discovery] Successfully established connection with API Server "10.0.0.1:6443"[bootstrap] Detected server version: v1.18.4[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)Node join complete:* Certificate signing request sent to master and responsereceived.* Kubelet informed of new secure connection details.Run 'kubectl get nodes' on the master to see this machine join
到此位置,就将worker节点加入了集群,最后到控制节点去执行命令,即可看到集群中的node节点
$ kubectl get nodesNAME STATUS ROLES AGE VERSIONnode1 Ready <none> 17s v1.18.0master Ready master 19h v1.18.0
若后续还需要向集群里添加服务器,则按照worker节点安装
的流程操作即可
文章转载自算法技术猿,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
