使用 kubeadm 创建集群帮助文档
如果您需要以下几点,该工具是很好的选择:kubeadm
- 一种简单的方法,让你尝试 Kubernetes,可能是第一次。
- 现有用户自动设置群集并测试其应用程序的一种方式。
- 其他生态系统和/或安装程序工具中的构建块,具有更大的 范围。
kubeadm 创建k8s1.18集群
- (一)安装要求
- (二)准备环境
- (三)所有节点安装docker/kubeadm/kubelet
- 1.安装docker
- 2.添加阿里云YUM软件源
- 3.kubeadm,kubelet和kubectl
- 4.克隆k8snode1及k8snode2
- 5.部署kubeadm master
- 6.加入kubernets node
- 7.部署CNI网络插件
- 8.测试kubernetes集群
(一)安装要求
-
一台或多台机器,操作系统 CentOS7.x-86_x64
-
硬件配置:2GB或更多RAM,2个CPU或更多,硬盘40GB或更多
可以访问外网,可以远程连接,需要拉取镜像,如果服务器不能上网,需要提前下载镜像并导入节点 -
在快速部署k8s(1.18)集群,采用前期准备操作在k8smaster上面完成,在需要分节点操作后以k8smaster克隆出k8snode1及k8snode2这两个节点。
| 操作系统 | IP | 主机名 |
|---|---|---|
| CentOS7.x-86_x64 | 10.0.0.50 | k8s-master |
| CentOS7.x-86_x64 | 10.0.0.51 | k8s-node1 |
| CentOS7.x-86_x64 | 10.0.0.51 | k8s-node2 |
(二)准备环境
创建一个虚拟机k8smaster进入开启虚拟机:
关闭防火墙
# systemctl stop firewalld
# systemctl disable firewalld (关闭防火墙,并设置开机不自启)
关闭SELinux(最好设置永久关闭)
# selinux sed -i 's/enforcing/disabled/' /etc/selinux/config
临时关闭
# setenforce 0
关闭swap
临时
# swapoff -a
永久
# sed -ri 's/.*swap.*/#&/' /etc/fstab
- 根据规划设置主机名:hostnamectl set-hostname (k8smaster)
# hostnamectl set-hostname k8smaster
- 在master中添加hosts
# cat >> /etc/hosts << EOF
10.0.0.50 k8smaster
10.0.0.51 k8snode1
10.0.0.52 k8snode2
EOF检测:
通过命令:
# ping k8smaster
# ping k8snode1
# ping k8snode2
来测试是否设置好静态名称解析
或者通过指令: 查看cat /etc/hosts 文件里是否有三个指令
- 将桥接的IPv4流量传递到iptables的链
# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
生效
# sysctl --system
时间同步
# yum install ntpdate -y
# ntpdate time.windows.com
(三)所有节点安装docker/kubeadm/kubelet
1.安装docker
# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo $ yum -y install docker-ce-18.06.1.ce-3.el7
启动docker
# systemctl enable docker && systemctl start docker
# docker --version (查看插件版本)
Docker version 18.06.1-ce, build e68fc7a个人加速器配备,进入阿里云(容器镜像服务 (aliyun.com))镜像加速器选择centos复制加速器地址
# mkdir -p /etc/docker
# tee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": ["https://x02mrg1w.mirror.aliyuncs.com"]
}
EOF
# systemctl daemon-reload
# systemctl restart docker
2.添加阿里云YUM软件源
# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
3.kubeadm,kubelet和kubectl
# yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
# systemctl enable kubelet
4.克隆k8snode1及k8snode2
完成如上操作后就可以克隆出k8snode1及k8snode2这两个节点了!!!
5.部署kubeadm master
在10.0.0.50(master)执行:
# kubeadm init \ --apiserver-advertise-address=10.0.0.50 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.18.0 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16
6.加入kubernets node
在10.0.0.51/52(k8snode1和k8snode2)执行,
向集群添加新节点,执行在kubeadm init输出的kubeadm join命令:
# kubeadm join 10.0.0.50:6443 --token esce21.q6hetwm8si29qxwn
报错!!!
# echo 1 > /proc/sys/net/ipv4/ip_forward
# kubeadm init
执行完这两个命令后
检测:swap 命令(free -t)
防火墙是否关闭: systemctl status firewalld;
如果没有关闭则输入systemctl stop firewalld;systemctl disable firewalld
输入getenforce 状态为disable(标黄)
sysctl --system
如果还是执行不成功则使用命令kubeadm reset 清空数据,再进行如上的步骤
默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,操作如下:在master节点操作如下: kubeadm token create --print-join-command
7.部署CNI网络插件
Centos无法访问外网
本质错误是vim /etc/sysconfig/network-scripts/ifcfg-ens33 配置文件中的错误,网关的错误,子网掩码错误则会导致无法ping通内网。
# wget
https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8smaster NotReady master 117m v1.18.0 
# kubeadm token create --print-join-command# kubectl apply -fhttps://raw.githubusercontent.com/coreos/fl annel/master/Documentation/kube-flannel.yml namespace/kube-flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE 119m
coredns-7ff77c879f-dfl52 0/1 Pending
coredns-7ff77c879f-pmqvz 0/1 Pending 119m
etcd-k8smaster kube-apiserver-k8smaster1/11/1 Runn ing Running120m120m
kube-controller-manager-k8smaster 1/1 Running 120m
kube-proxy-24kdh 1/1 Running Running 72s
kube-proxy-h8p4d 1/1 2m31s
kube-proxy-w6bfp 1/1 Running 119m
kube-scheduler-k8smaster 1/1 Running 120m # curl -fsSL https://addons.kuboard.cn/kuboard/kuboard-static-
# sh kuboard.sh current ip address is 10.0.0.50 create file /root/kuboard-sa.yaml# kubectl get pods -n kube-system
NAME coredns-7ff77c879f-dfl521/1 READY STATUS Running RESTARTS AGE121m
coredns-7ff77c879f-pmqvz 1/1 Running 121m
etcd-k8smaster 1/1 Running 121m
kube-apiserver-k8smaster 1/1 Running 0 121m
kube-proxy-24kdh kube-controller-manager-k8smaster1/11/1 Running Running121m2m28s
kube-proxy-h8p4d 1/1 Running Running 3m47s
kube-proxy-w6bfp 1/1 121m
kube-scheduler-k8smaster 1/1 Running 121m # kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8smaster Ready master 121m v1.18.0
k8snode1 Ready <none> 4m15s v1.18.0
k8snode2 Ready <none> 2m56s v1.18.0
查看到各项状态都是run、ready的模式的状态则可以进入:http:\10.0.0.50
用户名: admin
密 码: Kuboard123
新建一个集群
8.测试kubernetes集群
在Kubernetes集群中创建一个pod,验证是否正常运行:
# kubectl create deployment nginx --image=nginx
# kubectl expose deployment nginx --port=80 --type=NodePort //检测、验证
# kubectl get pod,svc //创建pod
访问网址:http:/10.0.0.51:31696 访问nginx
