CentOS7 安装部署k8s
1、官网说明:
Kubernetes 安装 kubeadm
使用kubeadm创建Kubernetes集群
2、准备工作
学习和练手,一切从简!
直接使用 root 身份
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
setenforce 0sed -i ‘s/^SELINUX=enforcing$/SELINUX=disabled/’ /etc/selinux/config && setenforce 0
或者 vim /etc/selinux/config 修改
关闭 swap
swapoff -avim /etc/fstab
## /etc/fstab# Created by anaconda on Mon Jun 28 23:11:04 2021## Accessible filesystems, by reference, are maintained under '/dev/disk'# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info#/dev/mapper/cl-root / xfs defaults 0 0UUID=0b4346b6-cee1-4abb-932e-0c1cb4cda404 /boot xfs defaults 0 0/dev/mapper/cl-home /home xfs defaults 0 0# wzh 20211026 for k8s# /dev/mapper/cl-swap swap swap defaults 0 0
修改并加上所有节点主机名
vim /etc/hosts127.0.0.1 centos7-141192.168.0.141 centos7-141192.168.0.142 centos7-142192.168.0.143 centos7-143192.168.0.144 centos7-144
验证
free -mtotal used free shared buff/cache availableMem: 3789 193 2961 8 634 3350Swap: 0 0 0
3、安装 Docker
官方文档
Install Docker Engine on CentOS
简单摘录一下步骤:
yum install -y yum-utils
yum-config-manager
–add-repo
https://download.docker.com/linux/centos/docker-ce.repoyum install docker-ce docker-ce-cli containerd.io
设置 Docker 镜像,并设置cgroupDriver
vim /etc/docker/daemon.json{"exec-opts":["native.cgroupdriver=systemd"],"registry-mirrors": ["https://2vgbfb0x.mirror.aliyuncs.com"]}
启动服务,并设置开机启动
systemctl enable docker && systemctl start docker验证 Docker
docker run hello-world
4、安装kubectl、kubelet和kubeadm
配置yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpghttps://packages.cloud.google.com/yum/doc/rpm-package-key.gpgEOF
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
5、master 节点执行初始化
配置初始化文件
mkdir working && cd workingkubeadm config print init-defaults > kubeadm-config.yaml
vim kubeadm-config.yaml
修改
1). advertiseAddress: 192.168.0.141
2). imageRepository: registry.aliyuncs.com/google_containers
3). name: 改成 /etc/hosts 中设置好的主机名称apiVersion: kubeadm.k8s.io/v1beta3bootstrapTokens:- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authenticationkind: InitConfigurationlocalAPIEndpoint:advertiseAddress: 192.168.0.141bindPort: 6443nodeRegistration:criSocket: /var/run/dockershim.sockimagePullPolicy: IfNotPresentname: centos7-141taints: null---apiServer:timeoutForControlPlane: 4m0sapiVersion: kubeadm.k8s.io/v1beta3certificatesDir: /etc/kubernetes/pkiclusterName: kubernetescontrollerManager: {}dns: {}etcd:local:dataDir: /var/lib/etcdimageRepository: registry.aliyuncs.com/google_containerskind: ClusterConfigurationkubernetesVersion: 1.22.0networking:podSubnet: 10.244.0.0/16dnsDomain: cluster.local
预先拉取所需镜像
kubeadm config images pull --config=kubeadm-config.yaml[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.22.0[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.22.0[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.22.0[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.22.0[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.5[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.0-0[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.8.4
这一步非必需,预先拉取可以提前发现失败的 images,提前修改为镜像方式获取
只需要执行一次,可以 docker images 确认一下初始化
加上 tee kubeadm-init.log,方便后续查看 token 和初始化信息
kubeadm init --config=kubeadm-config.yaml | tee kubeadm-init.log[init] Using Kubernetes version: v1.22.0[preflight] Running pre-flight checks[preflight] Pulling images required for setting up a Kubernetes cluster[preflight] This might take a minute or two, depending on the speed of your internet connection[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'...Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.0.141:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:57df376d612009f381bd3f3835464578666536080c6f779cffcf8bc90af10930
按照提示,root 身份简单设置
echo “export KUBECONFIG=/etc/kubernetes/admin.conf” >> /etc/profile
启动生效
#source /etc/profile大约1分钟后,确认所有服务健康状态:Healthy
kubectl get csWarning: v1 ComponentStatus is deprecated in v1.19+NAME STATUS MESSAGE ERRORscheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused controller-manager Healthy ok etcd-0 Healthy {"health":"true","reason":""}
我这里scheduler总是Unhealthy,手工修改以下 2 个文件
vim /etc/kubernetes/manifests/kube-scheduler.yaml
vim /etc/kubernetes/manifests/kube-controller-manager.yaml删除或者注释掉 - --port=0
重启kubelet服务生效
systemctl restart kubelet再等1分钟
kubectl get csWarning: v1 ComponentStatus is deprecated in v1.19+NAME STATUS MESSAGE ERRORscheduler Healthy ok etcd-0 Healthy {"health":"true","reason":""} controller-manager Healthy ok
如果发生错误,随时 kubeadm reset 再重来
确认 configmap 配置状态
kubectl get -n kube-system configmapNAME DATA AGEcoredns 1 9m54sextension-apiserver-authentication 6 10mkube-flannel-cfg 2 43skube-proxy 2 9m54skube-root-ca.crt 1 9m43skubeadm-config 1 9m56skubelet-config-1.22 1 9m56s
6、master节点安装pod网络
获取 kube-flannel.yml
curl -o kube-flannel.yml https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
把yml文件中的所有的quay.io改为quay.mirrors.ustc.edu.cn
sed -i 's/quay.io/quay.mirrors.ustc.edu.cn/g' kube-flannel.yml
或者
sed -i 's/quay.io/quay-mirror.qiniu.com/g' kube-flannel.yml
生成 flannel 插件pod
kubectl apply -f kube-flannel.ymlWarning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+podsecuritypolicy.policy/psp.flannel.unprivileged createdclusterrole.rbac.authorization.k8s.io/flannel createdclusterrolebinding.rbac.authorization.k8s.io/flannel createdserviceaccount/flannel createdconfigmap/kube-flannel-cfg createddaemonset.apps/kube-flannel-ds created
确认配置正确
kubectl get -n kube-system configmapNAME DATA AGEcoredns 1 9m54sextension-apiserver-authentication 6 10mkube-flannel-cfg 2 43skube-proxy 2 9m54skube-root-ca.crt 1 9m43skubeadm-config 1 9m56skubelet-config-1.22 1 9m56s
确认所有的Pod都处于Running状态
kubectl get pod -n kube-systemNAME READY STATUS RESTARTS AGEcoredns-7f6cbbb7b8-wb7xf 1/1 Running 0 12mcoredns-7f6cbbb7b8-ww5z4 1/1 Running 0 12metcd-centos7-141 1/1 Running 7 12mkube-apiserver-centos7-141 1/1 Running 1 12mkube-controller-manager-centos7-141 1/1 Running 1 (12m ago) 12mkube-flannel-ds-bvvq6 1/1 Running 0 3m31skube-proxy-8f8bq 1/1 Running 0 12mkube-scheduler-centos7-141 1/1 Running 3 (12m ago) 12m
6、worker节点join
每一个节点服务器也和 master 主节点一样安装 Docker、kubectl、kubelet和kubeadm
如果master 重新init,则work节点join之前先执行 kubeadm reset
按照 master 初始化的输出提示加入集群
kubeadm join 192.168.0.141:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:57df376d612009f381bd3f3835464578666536080c6f779cffcf8bc90af10930
返回结果大致如下
[preflight] Running pre-flight checks[preflight] Reading configuration from the cluster...[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"[kubelet-start] Starting the kubelet[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...This node has joined the cluster:* Certificate signing request was sent to apiserver and a response was received.* The Kubelet was informed of the new secure connection details.Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
如果没有记住刚才的 token , master 主机 # cat kubeadm-init.log 可以找到
或者 kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
abcdef.0123456789abcdef 23h 2021-11-10T08:01:53Z authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
如果超过 24 小时没有 join ,token 过期,需要在 master 重新获取 token
kubeadm token create8mfiss.yvbnl8m319ysiflh
验证node和 Pod状态,全部为Running
kubectl get nodesNAME STATUS ROLES AGE VERSIONcentos7-141 Ready control-plane,master 30m v1.22.2centos7-143 Ready <none> 7m48s v1.22.2centos7-144 Ready <none> 2m22s v1.22.2
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGEkube-system coredns-7f6cbbb7b8-wb7xf 1/1 Running 0 28mkube-system coredns-7f6cbbb7b8-ww5z4 1/1 Running 0 28mkube-system etcd-centos7-141 1/1 Running 7 29mkube-system kube-apiserver-centos7-141 1/1 Running 1 29mkube-system kube-controller-manager-centos7-141 1/1 Running 1 (28m ago) 28mkube-system kube-flannel-ds-b5sg8 1/1 Running 0 47skube-system kube-flannel-ds-bl9vr 1/1 Running 0 6m13skube-system kube-flannel-ds-bvvq6 1/1 Running 0 19mkube-system kube-proxy-8f8bq 1/1 Running 0 28mkube-system kube-proxy-j679n 1/1 Running 0 47skube-system kube-proxy-qczzf 1/1 Running 0 6m13skube-system kube-scheduler-centos7-141 1/1 Running 3 (28m ago) 28m
7、部署dashboard
dashboard官方仓库
另外写一个博文
k8s 配置dashboard
8、错误处理
[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp [::1]:10248: connect: connection refused.
给 Docker 设置 cgroupDriver
vim /etc/docker/daemon.json{"exec-opts":["native.cgroupdriver=systemd"],"registry-mirrors": ["https://2vgbfb0x.mirror.aliyuncs.com"]}
systemctl daemon-reload
systemctl restart docker
systemctl restart kubeletThis error is likely caused by:
- The kubelet is not running重启kubelet 后查看kubelet status
遇到奇怪的错误: failed to run Kubelet: unable to load bootstrap kubecon…r directory...11月 10 16:39:04 centos7-189 kubelet[14277]: E1110 16:39:04.095861 14277 server.go:294] "Failed to run kubelet" err="failed to run Kubelet: unable to load bootstrap kubecon...r directory"11月 10 16:39:04 centos7-189 systemd[1]: kubelet.service: main process exited, code=exited, status=1/FAILURE11月 10 16:39:04 centos7-189 systemd[1]: Unit kubelet.service entered failed state.11月 10 16:39:04 centos7-189 systemd[1]: kubelet.service failed.Hint: Some lines were ellipsized, use -l to show in full.
因为这个电脑来回折腾,之前作为 worker node ,后来又实用普通 user 安装配置过!也许有什么遗留没有清理干净?
cat: /var/lib/kubelet/kubeadm-flags.env: 没有那个文件或目录
这个文件是 kubeadm init 生成的
所以,重新 kubeadm reset 后 执行 # kubeadm init --config=kubeadm-config.yaml | tee kubeadm-init.log重新 安装kubectl、kubelet和kubeadm
他自己就恢复了?怎么回事?因为我重装了?/var/lib/kubelet/kubeadm-flags.env 现在创建了
cat /var/lib/kubelet/kubeadm-flags.envKUBELET_KUBEADM_ARGS="--network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.5"
很多地方说 Drop-In: /usr/lib/systemd/system/kubelet.service.d
└─10-kubeadm.conf 这个文件里面加上 --cgroup-driver=systemd,如下:Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --cgroup-driver=systemd"
但是,这次没有加 --cgroup-driver=systemd ,也是 ok 的!
服务器关机后再开机,发现 coredns 状态 ContainerCreating ,kube-flannel-ds-k8cgb 状态 CrashLoopBackOff ,只好kubeadm reset 后重来,发生以下错误
…
[ERROR FileContent–proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with--ignore-preflight-errors=...
需要配置 ipv4 转发
vim /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1
设置生效
sysctl -p /etc/sysctl.d/k8s.confworker 节点 join 发生 bridge-nf-call-iptables contents are not set to 1 错误
…
I1115 10:16:17.248205 14547 checks.go:432] validating if the connectivity type is via proxy or direct
[preflight] Some fatal errors occurred:
[ERROR FileContent–proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with--ignore-preflight-errors=...
error execution phase preflight
[root@centos7-185 ~]# kubeadm reset
之后再来设置
[root@centos7-185 ~]# echo “1” >/proc/sys/net/bridge/bridge-nf-call-iptables
确认
[root@centos7-185 ~]# cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
重新 join , ok!
9 、images 被墙时使用国内镜像地址替换
在应用yaml文件创建资源时,将文件中镜像地址进行内容替换即可:
1.k8s.gcr.io 地址替换
registry.cn-hangzhou.aliyuncs.com/google_containers
或者
registry.aliyuncs.com/google_containers
或者
mirrorgooglecontainers
quay.io 地址替换
quay-mirror.qiniu.comgcr.io 地址替换
registry.aliyuncs.com
CentOS7 安装部署k8s相关推荐
- centos7.8 安装部署 k8s 集群
centos7.8 安装部署 k8s 集群 文章目录 centos7.8 安装部署 k8s 集群 环境说明 Docker 安装 k8s 安装准备工作 Master 节点安装 k8s 版本查看 安装 k ...
- RKE安装部署K8S集群、Rancher
服务器准备:三台虚拟机(master:1,node:2:这里选用的阿里云ECS) OS hostname 内网IP Centos7 joker-master-1 172.27.31.149 Cento ...
- Centos7安装部署BookStack
Centos7安装部署BookStack 参考文章链接: 1.安装epel-release 2.安装nginx 3.下载php-fpm以及所需依赖组件 4.配置PHP 5.更改php-fpm配置文件 ...
- Centos7安装部署免费confluence wiki
Confluence是一个专业的企业知识管理与协同软件, 也可以用于构建企业wiki.使用简单, 但它强大的编辑和站点管理特征能够帮助团队成员之间共享信息. 文档协作.集体讨论,信息推送. Cento ...
- 记一次 Centos7 安装部署 gogs-v0.12.1
一.基本信息 Gogs 的目标是打造一个最简单.最快速和最轻松的方式搭建自助 Git 服务.使用 Go 语言开发使得 Gogs 能够通过独立的二进制分发,并且支持 Go 语言支持的 所有平台,包括 L ...
- Centos7安装部署免费confluence wiki(知识库)详细操作步骤
Centos7安装部署免费confluence wiki(知识库)详细操作步骤 前言:confluence是团队协作软件,改变团队工作方式,作为现代化办公不可缺少的工具 wiki所需的安装包: 链接: ...
- Elasticsearch系列之:Centos7安装部署Elasticsearch详细步骤
Elasticsearch系列之:Centos7安装部署Elasticsearch详细步骤 一.下载ElasticSearch安装包 二.创建ES数据存储目录 三.创建ES所属用户 四.配置用户的打开 ...
- Centos7 安装部署Kubernetes(k8s)集群过程
1.系统环境 服务器版本 docker软件版本 CPU架构 CentOS Linux release 7.9 Docker version 20.10.12 x86_64 2.前言 如下图描述了软件部 ...
- kubeadm安装部署k8s(1)
2 K8s 安装部署 2.1 安装方式 2.1.1 部署工具 使用批量部署工具(anbile / slatstack).手动二进制.kebeadm.apt-get/yum 等方式安装.以守护进程的方式 ...
- centos7安装部署gitlab
参考文章:centos7部署gitlab - 星尘yuan - 博客园 一.Gitlab介 1.1 gitlab信息 GitLab是利用Ruby on Rails一个开源的版本管理系统,实现一个自托管 ...
最新文章
- Graphic Device
- C语言 条件编译(if )
- linux 自动安装mysql_linux安装mysql教程
- HTML语法初探(一)
- Python GIL 系列之再谈Python的GIL
- 移动应用广告盈利-KeyMob移动广告聚合平台
- FastNetMon 使用笔记
- 数学建模编程用c语言,C程序设计一百例--用c语言解决数学建模问题.doc
- centos6.5安装自动化工具ansible和图形化工具tower
- python下利用百度图像识别接口识别超过十万种物品和场景
- grunt html模块化管理插件,grunt模块化配置
- 完美解决:调用sklearn出现诸如ImportError: cannot import name ‘LogisticR‘ from ‘sklearn.linear_model‘ (D:\Progr
- 北京大学计算机考研资料汇总
- python 对中文文件求交集、并集、差集
- 【FFmpeg+Qt开发】转码流程 H.264 转(mov、mp4、avi、flv)等视频格式 示例详解
- 复盘MWC2017:不可错过的NFV产业链三件大事
- docker学习至docker-compose
- Fedora的U盘无法格式化
- MybatisPlus入门(涉及大部分常用操作)
- Tanner L-Edit 系列教程:01 软件安装 - 附资源包