kubeadm单集群部署k8s1.15.1flannel网络

说明

本次实验在Windows下的VMware进行
系统配置及初始化配置在所有的主机执行
容器镜像全部替换为国内可拉取的
pod网络采用flannel

实验环境

主机名	IP地址	角色	OS	CPU/MEM	网卡/模式	平台
k8s-master01	192.168.181.158	master	CentOS7.6	2C/2G	x1/NAT	VMware
k8s-node1	192.168.181.159	node1	CentOS7.6	2C/2G	x1/NAT	VMware
k8s-node2	192.168.181.160	node2	CentOS7.6	2C/2G	x1/NAT	VMware

初始配置

基本配置为三个主机都需要的操作

history格式设置

cat >> /etc/bashrc << "EOF"
# history actions record，include action time, user, login ip
HISTFILESIZE=4000
HISTSIZE=4000
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
if [ -z $USER_IP ]
thenUSER_IP=`hostname`
fi
HISTTIMEFORMAT="%F %T $USER_IP:`whoami` "
export HISTTIMEFORMAT
EOF

安装常用软件

yum install -y net-tools iproute lrzsz vim bash-completion wget tree bridge-utils unzip bind-utils git gcc

主机名设置

hostnamectl set-hostname k8s-master01
hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-node02

静态IP设置

设置静态IP，进行calico网络方案时，发现配置之后，ip有变化

cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="41e83853-95e3-4b09-861b-e36dd3ead61b"
DEVICE="ens33"
ONBOOT="yes"
# 根据主机ip设置
IPADDR="192.168.181.158"
PREFIX="24"
GATEWAY="192.168.181.2"
DNS1="202.96.128.166"
IPV6_PRIVACY="no"

重启网络

systemctl restart network

修改/etc/hosts

cat >> /etc/hosts << EOF
192.168.181.158 k8s-master01
192.168.181.159 k8s-node01
192.168.181.160 k8s-node02
EOF

关闭selinux

sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config && setenforce 0

时间同步

# 安装 chrony 服务，centos7.6默认自带了，没有的按如下安装
yum install -y chrony
systemctl start chronyd
systemctl enable chronyd

关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

关闭swap分区

sed -i '11s/\/dev/# \/dev/g' /etc/fstab
swapoff -a

yum源设置

mkdir /etc/yum.repos.d/ori
mv /etc/yum.repos.d/CentOS-* /etc/yum.repos.d/ori/
cat > /etc/yum.repos.d/CentOS-Base.repo << "EOF"
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#[base]
name=CentOS-$releasever - Base
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
EOF

安装epel并配置epel源

yum install -y epel-release
cat > /etc/yum.repos.d/epel.repo <<"EOF"
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/$basearch/debug
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/SRPMS
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
EOFyum clean all
yum makecache

升级内核

查看当前发行版和内核
```
[root@k8s-master01 ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[root@k8s-master01 ~]# uname -r
3.10.0-957.el7.x86_64
```
启用 ELRepo 仓库
```
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
```
查看可用内核包
```
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
```
安装最新内核
```
yum --enablerepo=elrepo-kernel install -y kernel-ml kernel-ml-devel kernel-ml-headers
```
查看已安装的内核
```
[root@k8s-master01 ~]# awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
0 : CentOS Linux (5.1.14-1.el7.elrepo.x86_64) 7 (Core)
1 : CentOS Linux (3.10.0-957.el7.x86_64) 7 (Core)
2 : CentOS Linux (0-rescue-8d615a05e5de49a08ca0e56b285958f7) 7 (Core)
```
设置启动内核，即就是编号为0的那个
```
grub2-set-default 0
sed -i 's/saved/0/g'  /etc/default/grub
```
关闭NUMA
```
sed -i 's/quiet/quiet numa=off/g' /etc/default/grub
```
重新生成grub2配置文件
```
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
```

配置IPVS内核

默认情况下，Kube-proxy将在kubeadm部署的集群中以iptables模式运行

需要注意的是，当内核版本大于4.19时，移除了nf_conntrack_ipv4模块，kubernetes官方建议使用nf_conntrack代替，否则报错无法找到nf_conntrack_ipv4模块

yum install -y ipset ipvsadm
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOFchmod +x /etc/sysconfig/modules/ipvs.modules
bash /etc/sysconfig/modules/ipvs.modules

配置内核参数

cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOFmodprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf

打开文件数

echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf

安装docker

wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce

docker配置修改和镜像加速

[ ! -d /etc/docker ] && mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"storage-driver": "overlay2","storage-opts": ["overlay2.override_kernel_check=true"],"registry-mirrors": ["https://uyah70su.mirror.aliyuncs.com"]
}
EOF
# 启动docker
systemctl daemon-reload && systemctl restart docker && systemctl enable docker

到这一步完成之后可以打虚拟机快照保存状态了

安装 kubelet、kubeadm 和 kubectl

kubelet 运行在 Cluster 所有节点上，负责启动 Pod 和容器。
kubeadm 用于初始化 Cluster。
kubectl 是 Kubernetes 命令行工具。通过 kubectl 可以部署和管理应用，查看各种资源，创建、删除和更新各种组件。

# 添加阿里云yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 默认安装最新版本，此处为1.15.1
yum install -y kubeadm kubelet kubectl
systemctl enable kubelet && systemctl start kubelet

启用kubectl命令的自动补全功能

# 安装并配置bash-completion
yum install -y bash-completion
echo 'source /usr/share/bash-completion/bash_completion' >> /etc/profile
source /etc/profile
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc

到这一步可以打一个快照，方便后续进行flannel网络测试

初始化Master

使用kubeadm config print init-defaults可以打印集群初始化默认的使用的配置

这里采用命令行方式初始化，注意默认镜像仓库由于在国外，不能访问，这里指定为阿里云镜像仓库

需要注意这里使用的网络方案是flannel，注意CIDR

# kubernetes-version版本和前面安装的kubelet和kubectl一致
[root@k8s-master01 ~]# kubeadm init --apiserver-advertise-address 192.168.181.158 --kubernetes-version="v1.15.1" --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers | tee kubeadm-init.log

初始化完成之后，底部会有节点加入master方法提示，其他两个节点复制执行即可加入master节点

配置kubectl命令

无论在master节点或node节点，要能够执行kubectl命令必须进行以下配置
root用户配置

cat << EOF >> ~/.bashrc
export KUBECONFIG=/etc/kubernetes/admin.conf
EOF
source ~/.bashrc

普通用户配置

 mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config

等集群配置完成后，可以在master节点和node节点进行以上配置，以支持kubectl命令。针对node节点复制master节点/etc/kubernetes/admin.conf到本地。
查看集群状态
配置完成后在任意主机上查看

kubectl get nodes
kubectl get pod -n kube-system
kubectl get cs

由于未安装网络插件，coredns处于pending状态，node处于notready状态。

安装flannel网络

Kubernetes 支持多种网络方案，这里我们先使用 flannel。

这里要注意，默认的flannel配置文件拉取镜像在国外，国内拉取失败，很多网上文章没注意这一步，导致flannel部署失败

# master安装flannel
[root@k8s-master ~]# mkdir k8s
wget -P k8s/ https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
sed -i 's#quay.io#quay-mirror.qiniu.com#g' k8s/kube-flannel.yml
kubectl apply -f k8s/kube-flannel.yml

加入node节点

节点加入master，从初始化输出或kubeadm-init.log中获取命令

kubeadm join 192.168.181.158:6443 --token l3ofhh.ebsctxgnlub8mwei \--discovery-token-ca-cert-hash sha256:c9bbe567f213051ebed76b0ac217f231356a4a6078245b01498f83ce8b9a73c1

移除node节点

# 需要移除的k8s-node2节点执行
kubectl drain k8s-node2 --delete-local-data --force --ignore-daemonsets
kubectl delete node k8s-node2
kubeadm reset
ifconfig cni0 down
ip link delete cni0
ifconfig flannel.1 down
ip link delete flannel.1
rm -rf /var/lib/cni/
# k8s-master01 执行
kubectl delete node k8s-node2
# 执行完之后，要重新加入可以按前面的步骤执行添加node和配置kubectl命令
# 集群初始化如果遇到问题（例如CNI问题），k8s-node2可以使用下面的命令进行清理，执行之后还未解决，那么在k8s-master01节点继续执行如下语句
kubeadm reset
systemctl stop kubelet
systemctl stop docker
rm -rf /var/lib/cni/
rm -rf /var/lib/kubelet/*
rm -rf /etc/cni/
ifconfig cni0 down
ifconfig flannel.1 down
ifconfig docker0 down
ip link delete cni0
ip link delete flannel.1
##重启kubelet
systemctl restart kubelet
##重启docker
systemctl restart docker

信息查看

kubectl get nodes
kubectl get pods -n kube-system
kubectl get pods --all-namespaces
# 查看日志
journalctl --since 12:00:00 -u kubelet

测试DNS

kubectl run curl --image=radial/busyboxplus:curl -it
# 进入应用后，解析DNS，这里一定是可以解析出默认DNS，否则后续pod启动无法分配ip
nslookup kubernetes.default

kube-proxy开启ipvs

kubectl get configmap kube-proxy -n kube-system -o yaml > kube-proxy-configmap.yaml
sed -i 's/mode: ""/mode: "ipvs"/' kube-proxy-configmap.yaml
kubectl apply -f kube-proxy-configmap.yaml
rm -f kube-proxy-configmap.yaml
kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'

或者用以下方法也可以修改，修改ConfigMap的kube-system/kube-proxy中的config.conf，mode: "ipvs"

kubectl edit configmap kube-proxy -n kube-system
kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'

查看IPVS配置

yum install -y ipvsadm
ipvsadm -ln

转载于:https://www.cnblogs.com/AutoSmart/p/11260829.html