1、官网说明:

  1. Kubernetes 安装 kubeadm

  2. 使用kubeadm创建Kubernetes集群

2、准备工作

学习和练手,一切从简!

  1. 直接使用 root 身份

  2. 关闭防火墙
    systemctl stop firewalld
    systemctl disable firewalld
    setenforce 0

    sed -i ‘s/^SELINUX=enforcing$/SELINUX=disabled/’ /etc/selinux/config && setenforce 0

    或者 vim /etc/selinux/config 修改

  3. 关闭 swap
    swapoff -a

    vim /etc/fstab

     ## /etc/fstab# Created by anaconda on Mon Jun 28 23:11:04 2021## Accessible filesystems, by reference, are maintained under '/dev/disk'# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info#/dev/mapper/cl-root     /                       xfs     defaults        0 0UUID=0b4346b6-cee1-4abb-932e-0c1cb4cda404 /boot                   xfs     defaults        0 0/dev/mapper/cl-home     /home                   xfs     defaults        0 0# wzh 20211026 for k8s# /dev/mapper/cl-swap     swap                    swap    defaults        0 0

  4. 修改并加上所有节点主机名
    vim /etc/hosts

     127.0.0.1 centos7-141192.168.0.141 centos7-141192.168.0.142 centos7-142192.168.0.143 centos7-143192.168.0.144 centos7-144

  5. 验证
    free -m

                   total        used        free      shared  buff/cache   availableMem:           3789         193        2961           8         634        3350Swap:             0           0           0

3、安装 Docker

官方文档
Install Docker Engine on CentOS

简单摘录一下步骤:

  1. yum install -y yum-utils

  2. yum-config-manager
    –add-repo
    https://download.docker.com/linux/centos/docker-ce.repo

  3. yum install docker-ce docker-ce-cli containerd.io

  4. 设置 Docker 镜像,并设置cgroupDriver
    vim /etc/docker/daemon.json

     {"exec-opts":["native.cgroupdriver=systemd"],"registry-mirrors": ["https://2vgbfb0x.mirror.aliyuncs.com"]}

  5. 启动服务,并设置开机启动
    systemctl enable docker && systemctl start docker

  6. 验证 Docker
    docker run hello-world

4、安装kubectl、kubelet和kubeadm

配置yum源

 cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpghttps://packages.cloud.google.com/yum/doc/rpm-package-key.gpgEOF

yum install -y kubelet kubeadm kubectl

systemctl enable kubelet && systemctl start kubelet

5、master 节点执行初始化

  1. 配置初始化文件
    mkdir working && cd working

    kubeadm config print init-defaults > kubeadm-config.yaml

    vim kubeadm-config.yaml

    修改
    1). advertiseAddress: 192.168.0.141
    2). imageRepository: registry.aliyuncs.com/google_containers
    3). name: 改成 /etc/hosts 中设置好的主机名称

     apiVersion: kubeadm.k8s.io/v1beta3bootstrapTokens:- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authenticationkind: InitConfigurationlocalAPIEndpoint:advertiseAddress: 192.168.0.141bindPort: 6443nodeRegistration:criSocket: /var/run/dockershim.sockimagePullPolicy: IfNotPresentname: centos7-141taints: null---apiServer:timeoutForControlPlane: 4m0sapiVersion: kubeadm.k8s.io/v1beta3certificatesDir: /etc/kubernetes/pkiclusterName: kubernetescontrollerManager: {}dns: {}etcd:local:dataDir: /var/lib/etcdimageRepository: registry.aliyuncs.com/google_containerskind: ClusterConfigurationkubernetesVersion: 1.22.0networking:podSubnet: 10.244.0.0/16dnsDomain: cluster.local

  2. 预先拉取所需镜像
    kubeadm config images pull --config=kubeadm-config.yaml

      [config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.22.0[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.22.0[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.22.0[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.22.0[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.5[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.0-0[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.8.4

    这一步非必需,预先拉取可以提前发现失败的 images,提前修改为镜像方式获取
    只需要执行一次,可以 docker images 确认一下

  3. 初始化
    加上 tee kubeadm-init.log,方便后续查看 token 和初始化信息
    kubeadm init --config=kubeadm-config.yaml | tee kubeadm-init.log

     [init] Using Kubernetes version: v1.22.0[preflight] Running pre-flight checks[preflight] Pulling images required for setting up a Kubernetes cluster[preflight] This might take a minute or two, depending on the speed of your internet connection[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'...Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.0.141:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:57df376d612009f381bd3f3835464578666536080c6f779cffcf8bc90af10930

    按照提示,root 身份简单设置

    echo “export KUBECONFIG=/etc/kubernetes/admin.conf” >> /etc/profile

    启动生效
    #source /etc/profile

  4. 大约1分钟后,确认所有服务健康状态:Healthy
    kubectl get cs

     Warning: v1 ComponentStatus is deprecated in v1.19+NAME                 STATUS      MESSAGE                                                                                       ERRORscheduler            Unhealthy   Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused   controller-manager   Healthy     ok                                                                                            etcd-0               Healthy     {"health":"true","reason":""}

    我这里scheduler总是Unhealthy,手工修改以下 2 个文件

    vim /etc/kubernetes/manifests/kube-scheduler.yaml
    vim /etc/kubernetes/manifests/kube-controller-manager.yaml

    删除或者注释掉 - --port=0

    重启kubelet服务生效
    systemctl restart kubelet

    再等1分钟
    kubectl get cs

     Warning: v1 ComponentStatus is deprecated in v1.19+NAME                 STATUS    MESSAGE                         ERRORscheduler            Healthy   ok                              etcd-0               Healthy   {"health":"true","reason":""}   controller-manager   Healthy   ok

    如果发生错误,随时 kubeadm reset 再重来

  5. 确认 configmap 配置状态
    kubectl get -n kube-system configmap

     NAME                                 DATA   AGEcoredns                              1      9m54sextension-apiserver-authentication   6      10mkube-flannel-cfg                     2      43skube-proxy                           2      9m54skube-root-ca.crt                     1      9m43skubeadm-config                       1      9m56skubelet-config-1.22                  1      9m56s

6、master节点安装pod网络

  1. 获取 kube-flannel.yml

     curl  -o  kube-flannel.yml  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

把yml文件中的所有的quay.io改为quay.mirrors.ustc.edu.cn

sed  -i  's/quay.io/quay.mirrors.ustc.edu.cn/g'   kube-flannel.yml

或者

sed  -i  's/quay.io/quay-mirror.qiniu.com/g'   kube-flannel.yml

  1. 生成 flannel 插件pod
    kubectl apply -f kube-flannel.yml

     Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+podsecuritypolicy.policy/psp.flannel.unprivileged createdclusterrole.rbac.authorization.k8s.io/flannel createdclusterrolebinding.rbac.authorization.k8s.io/flannel createdserviceaccount/flannel createdconfigmap/kube-flannel-cfg createddaemonset.apps/kube-flannel-ds created

    1. 确认配置正确
      kubectl get -n kube-system configmap

       NAME                                 DATA   AGEcoredns                              1      9m54sextension-apiserver-authentication   6      10mkube-flannel-cfg                     2      43skube-proxy                           2      9m54skube-root-ca.crt                     1      9m43skubeadm-config                       1      9m56skubelet-config-1.22                  1      9m56s

    2. 确认所有的Pod都处于Running状态
      kubectl get pod -n kube-system

       NAME                                  READY   STATUS    RESTARTS      AGEcoredns-7f6cbbb7b8-wb7xf              1/1     Running   0             12mcoredns-7f6cbbb7b8-ww5z4              1/1     Running   0             12metcd-centos7-141                      1/1     Running   7             12mkube-apiserver-centos7-141            1/1     Running   1             12mkube-controller-manager-centos7-141   1/1     Running   1 (12m ago)   12mkube-flannel-ds-bvvq6                 1/1     Running   0             3m31skube-proxy-8f8bq                      1/1     Running   0             12mkube-scheduler-centos7-141            1/1     Running   3 (12m ago)   12m

6、worker节点join

  1. 每一个节点服务器也和 master 主节点一样安装 Docker、kubectl、kubelet和kubeadm

    如果master 重新init,则work节点join之前先执行 kubeadm reset

  2. 按照 master 初始化的输出提示加入集群

     kubeadm join 192.168.0.141:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:57df376d612009f381bd3f3835464578666536080c6f779cffcf8bc90af10930

    返回结果大致如下

     [preflight] Running pre-flight checks[preflight] Reading configuration from the cluster...[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"[kubelet-start] Starting the kubelet[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...This node has joined the cluster:* Certificate signing request was sent to apiserver and a response was received.* The Kubelet was informed of the new secure connection details.Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

如果没有记住刚才的 token , master 主机 # cat kubeadm-init.log 可以找到
或者 kubeadm token list

TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
abcdef.0123456789abcdef   23h         2021-11-10T08:01:53Z   authentication,signing   <none>                                                     system:bootstrappers:kubeadm:default-node-token

如果超过 24 小时没有 join ,token 过期,需要在 master 重新获取 token

kubeadm token create8mfiss.yvbnl8m319ysiflh

  1. 验证node和 Pod状态,全部为Running
    kubectl get nodes

     NAME          STATUS   ROLES                  AGE     VERSIONcentos7-141   Ready    control-plane,master   30m     v1.22.2centos7-143   Ready    <none>                 7m48s   v1.22.2centos7-144   Ready    <none>                 2m22s   v1.22.2

    kubectl get pods --all-namespaces

     NAMESPACE     NAME                                  READY   STATUS    RESTARTS      AGEkube-system   coredns-7f6cbbb7b8-wb7xf              1/1     Running   0             28mkube-system   coredns-7f6cbbb7b8-ww5z4              1/1     Running   0             28mkube-system   etcd-centos7-141                      1/1     Running   7             29mkube-system   kube-apiserver-centos7-141            1/1     Running   1             29mkube-system   kube-controller-manager-centos7-141   1/1     Running   1 (28m ago)   28mkube-system   kube-flannel-ds-b5sg8                 1/1     Running   0             47skube-system   kube-flannel-ds-bl9vr                 1/1     Running   0             6m13skube-system   kube-flannel-ds-bvvq6                 1/1     Running   0             19mkube-system   kube-proxy-8f8bq                      1/1     Running   0             28mkube-system   kube-proxy-j679n                      1/1     Running   0             47skube-system   kube-proxy-qczzf                      1/1     Running   0             6m13skube-system   kube-scheduler-centos7-141            1/1     Running   3 (28m ago)   28m

7、部署dashboard

dashboard官方仓库

另外写一个博文
k8s 配置dashboard

8、错误处理

  1. [kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp [::1]:10248: connect: connection refused.

    给 Docker 设置 cgroupDriver
    vim /etc/docker/daemon.json

     {"exec-opts":["native.cgroupdriver=systemd"],"registry-mirrors": ["https://2vgbfb0x.mirror.aliyuncs.com"]}

    systemctl daemon-reload
    systemctl restart docker
    systemctl restart kubelet

  2. This error is likely caused by:
    - The kubelet is not running

    重启kubelet 后查看kubelet status
    遇到奇怪的错误: failed to run Kubelet: unable to load bootstrap kubecon…r directory

     ...11月 10 16:39:04 centos7-189 kubelet[14277]: E1110 16:39:04.095861   14277 server.go:294] "Failed to run kubelet" err="failed to run Kubelet: unable to load bootstrap kubecon...r directory"11月 10 16:39:04 centos7-189 systemd[1]: kubelet.service: main process exited, code=exited, status=1/FAILURE11月 10 16:39:04 centos7-189 systemd[1]: Unit kubelet.service entered failed state.11月 10 16:39:04 centos7-189 systemd[1]: kubelet.service failed.Hint: Some lines were ellipsized, use -l to show in full.

    因为这个电脑来回折腾,之前作为 worker node ,后来又实用普通 user 安装配置过!也许有什么遗留没有清理干净?

    cat: /var/lib/kubelet/kubeadm-flags.env: 没有那个文件或目录
    这个文件是 kubeadm init 生成的
    所以,重新 kubeadm reset 后 执行 # kubeadm init --config=kubeadm-config.yaml | tee kubeadm-init.log

    重新 安装kubectl、kubelet和kubeadm
    他自己就恢复了?怎么回事?因为我重装了?

    /var/lib/kubelet/kubeadm-flags.env 现在创建了
    cat /var/lib/kubelet/kubeadm-flags.env

     KUBELET_KUBEADM_ARGS="--network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.5"

    很多地方说 Drop-In: /usr/lib/systemd/system/kubelet.service.d
    └─10-kubeadm.conf 这个文件里面加上 --cgroup-driver=systemd,如下:

       Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --cgroup-driver=systemd"

    但是,这次没有加 --cgroup-driver=systemd ,也是 ok 的!

  3. 服务器关机后再开机,发现 coredns 状态 ContainerCreating ,kube-flannel-ds-k8cgb 状态 CrashLoopBackOff ,只好kubeadm reset 后重来,发生以下错误


    [ERROR FileContent–proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
    [preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors=...

    需要配置 ipv4 转发
    vim /etc/sysctl.d/k8s.conf

     net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1

    设置生效
    sysctl -p /etc/sysctl.d/k8s.conf

  4. worker 节点 join 发生 bridge-nf-call-iptables contents are not set to 1 错误

    I1115 10:16:17.248205 14547 checks.go:432] validating if the connectivity type is via proxy or direct
    [preflight] Some fatal errors occurred:
    [ERROR FileContent–proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
    [preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors=...
    error execution phase preflight

[root@centos7-185 ~]# kubeadm reset
之后再来设置
[root@centos7-185 ~]# echo “1” >/proc/sys/net/bridge/bridge-nf-call-iptables
确认
[root@centos7-185 ~]# cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
重新 join , ok!

9 、images 被墙时使用国内镜像地址替换

在应用yaml文件创建资源时,将文件中镜像地址进行内容替换即可:
1.k8s.gcr.io 地址替换
  registry.cn-hangzhou.aliyuncs.com/google_containers
  或者
  registry.aliyuncs.com/google_containers
  或者
  mirrorgooglecontainers

  1. quay.io 地址替换
    quay-mirror.qiniu.com

  2. gcr.io 地址替换
    registry.aliyuncs.com

CentOS7 安装部署k8s相关推荐

  1. centos7.8 安装部署 k8s 集群

    centos7.8 安装部署 k8s 集群 文章目录 centos7.8 安装部署 k8s 集群 环境说明 Docker 安装 k8s 安装准备工作 Master 节点安装 k8s 版本查看 安装 k ...

  2. RKE安装部署K8S集群、Rancher

    服务器准备:三台虚拟机(master:1,node:2:这里选用的阿里云ECS) OS hostname 内网IP Centos7 joker-master-1 172.27.31.149 Cento ...

  3. Centos7安装部署BookStack

    Centos7安装部署BookStack 参考文章链接: 1.安装epel-release 2.安装nginx 3.下载php-fpm以及所需依赖组件 4.配置PHP 5.更改php-fpm配置文件 ...

  4. Centos7安装部署免费confluence wiki

    Confluence是一个专业的企业知识管理与协同软件, 也可以用于构建企业wiki.使用简单, 但它强大的编辑和站点管理特征能够帮助团队成员之间共享信息. 文档协作.集体讨论,信息推送. Cento ...

  5. 记一次 Centos7 安装部署 gogs-v0.12.1

    一.基本信息 Gogs 的目标是打造一个最简单.最快速和最轻松的方式搭建自助 Git 服务.使用 Go 语言开发使得 Gogs 能够通过独立的二进制分发,并且支持 Go 语言支持的 所有平台,包括 L ...

  6. Centos7安装部署免费confluence wiki(知识库)详细操作步骤

    Centos7安装部署免费confluence wiki(知识库)详细操作步骤 前言:confluence是团队协作软件,改变团队工作方式,作为现代化办公不可缺少的工具 wiki所需的安装包: 链接: ...

  7. Elasticsearch系列之:Centos7安装部署Elasticsearch详细步骤

    Elasticsearch系列之:Centos7安装部署Elasticsearch详细步骤 一.下载ElasticSearch安装包 二.创建ES数据存储目录 三.创建ES所属用户 四.配置用户的打开 ...

  8. Centos7 安装部署Kubernetes(k8s)集群过程

    1.系统环境 服务器版本 docker软件版本 CPU架构 CentOS Linux release 7.9 Docker version 20.10.12 x86_64 2.前言 如下图描述了软件部 ...

  9. kubeadm安装部署k8s(1)

    2 K8s 安装部署 2.1 安装方式 2.1.1 部署工具 使用批量部署工具(anbile / slatstack).手动二进制.kebeadm.apt-get/yum 等方式安装.以守护进程的方式 ...

  10. centos7安装部署gitlab

    参考文章:centos7部署gitlab - 星尘yuan - 博客园 一.Gitlab介 1.1 gitlab信息 GitLab是利用Ruby on Rails一个开源的版本管理系统,实现一个自托管 ...

最新文章

  1. Graphic Device
  2. C语言 条件编译(if )
  3. linux 自动安装mysql_linux安装mysql教程
  4. HTML语法初探(一)
  5. Python GIL 系列之再谈Python的GIL
  6. 移动应用广告盈利-KeyMob移动广告聚合平台
  7. FastNetMon 使用笔记
  8. 数学建模编程用c语言,C程序设计一百例--用c语言解决数学建模问题.doc
  9. centos6.5安装自动化工具ansible和图形化工具tower
  10. python下利用百度图像识别接口识别超过十万种物品和场景
  11. grunt html模块化管理插件,grunt模块化配置
  12. 完美解决:调用sklearn出现诸如ImportError: cannot import name ‘LogisticR‘ from ‘sklearn.linear_model‘ (D:\Progr
  13. 北京大学计算机考研资料汇总
  14. python 对中文文件求交集、并集、差集
  15. 【FFmpeg+Qt开发】转码流程 H.264 转(mov、mp4、avi、flv)等视频格式 示例详解
  16. 复盘MWC2017:不可错过的NFV产业链三件大事
  17. docker学习至docker-compose
  18. Fedora的U盘无法格式化
  19. MybatisPlus入门(涉及大部分常用操作)
  20. Tanner L-Edit 系列教程:01 软件安装 - 附资源包

热门文章

  1. jmeter简单实践(九)
  2. php写接口时应该用return还是echo返回数据
  3. Xtrabackup2.4.8备份、还原、恢复Mysql5.7.19实操
  4. ORACLE TRUNC()函数
  5. Web开发之django(二Admin)
  6. HTML5笔记:跨域通讯、多线程、本地存储和多图片上传技术
  7. 插值和空间分析(二)_变异函数分析(R语言)
  8. BackBone及其实例探究
  9. linux网络 (二):无线网络操作
  10. 意大利面条:面向过程的代码模型