OS:centos8 kernel:4.18.0-147.8.1.el8_1.x86_64 IP: 192.168.37.128 k8s1 192.168.37.130 k8s2 192.168.37.131 k8s3 |
注意:安裝K8S需要Linux內(nèi)核3.10以上,不然會安裝失敗
2.使用kubeadm部署kubernetes集群方法
(主要使用在線安裝)
hostnamectl set-hostname k8s1 hostnamectl set-hostname k8s2 hostnamectl set-hostname k8s3 |
DEVICE=eth0 TYPE=Ethernet ONBOOT=yes BOOTPROTO=static IPADDR=192.168.37.XXX NETMASK=255.255.255.0 GATEWAY=192.168.37.2 |
cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 #install_add 192.168.37.129 k8s1 192.168.37.130 k8s2 192.168.37.131 k8s3 |
關閉firewalld systemctl stop firewalld systemctl disable firewalld firewall-cmd --state SELINUX配置(需要重啟主機) sed -ri s/SELINUX=enforcing/SELINUX=disabled/ /etc/selinux/config 永久關閉swap分區(qū)(使用kubeadm部署必須關閉swap分區(qū),修改配置文件后需要重啟操作系統(tǒng)) cat /etc/fstab # # /etc/fstab # Created by anaconda on Sun May 10 07:55:21 2020 # # Accessible filesystems, by reference, are maintained under /dev/disk/. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run systemctl daemon-reload to update systemd # units generated from this file. # /dev/mapper/cl-root / xfs defaults 0 0 UUID=ed5f7f26-6aef-4bb2-b4df-27e46ee612bf /boot ext4 defaults 1 2 /dev/mapper/cl-home /home xfs defaults 0 0 #/dev/mapper/cl-swap swap swap defaults 0 0 在swap文件系統(tǒng)對應的行,行首添加#表示注釋 #free -m total used free shared buff/cache available Mem: 1965 1049 85 9 830 771 Swap: 0 0 0 |
添加網(wǎng)橋過濾及地址轉(zhuǎn)發(fā) cat /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_ forward = 1 vm.swappiness = 0 加載br_netfilter模塊 modprobe br_netfilter 查看模塊 lsmod | grep br_netfilter 使配置文件生效 sysctl -p /etc/sysctl.d/k8s.conf |
安裝ipset及ipvsadm yum -y install ipset ipvsadm 在所有節(jié)點添加ipvs模塊(所有節(jié)點執(zhí)行) cat > /etc/sysconfig/modules/ipvs.modules < #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 EOF 加載并檢查模塊 chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4 |
配置docker yum源 wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/dockerce/linux/centos/docker-ce.repo 查看合適的docker版本,本次安裝最新的版本 yum list docker-ce.x86_64 --showduplicates | sort -r 安裝docker yum -y install docker |
1.主要修改ExecStart位置,修改默認docker存儲位置 cat /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com BindsTo=containerd.service After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd --graph /data/docker ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process [Install] WantedBy=multi-user.target 2.添加修改daemon.json文件,修改默認存儲驅(qū)動及國內(nèi)鏡像 cat /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "registry-mirrors": [ "https://registry.docker-cn.com", "http://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn" ] } 3.配置完后,重新reload json文件及重啟docker systemctl daemon-reload systemctl restart docker 使用docker info查看Registry Mirrors是不是修改成功 |
配置阿里云的yum K8S源(注意gpgkey位置要https對齊,不然源加載不出來) cat kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg 執(zhí)行安裝 yum -y install kubectl kubeadm kubelet |
主要配置kubelet,如果不配置可能會導致k8s集群無法啟動。為了實現(xiàn)docker使用的cgroupdriver與kubelet使用的 cgroup的一致性,建議修改如下文件內(nèi)容。 vim /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" 設置為開機自啟動即可,由于沒有生成配置文件,集群初始化后自動啟動 systemctl enable kubelet |
1.執(zhí)行kubeadm config images list 查看K8S集群需要的docker鏡像 kubeadm config images list k8s.gcr.io/kube-apiserver:v1.18.2 k8s.gcr.io/kube-controller-manager:v1.18.2 k8s.gcr.io/kube-scheduler:v1.18.2 k8s.gcr.io/kube-proxy:v1.18.2 k8s.gcr.io/pause:3.2 k8s.gcr.io/etcd:3.4.3-0 k8s.gcr.io/coredns:1.6.7 2.使用docker pull方式拉取以上鏡像(拉取阿里云鏡像) docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7 3.查看已下載的鏡像 docker iamges REPOSITORY TAG IMAGE ID CREATED SIZE calico/node latest 7695a13607d9 7 days ago 263MB calico/cni latest c6f3d2c436a7 7 days ago 225MB haproxy latest c033852569f1 3 weeks ago 92.4MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.18.2 0d40868643c6 4 weeks ago 117MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.18.2 6ed75ad404bd 4 weeks ago 173MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.18.2 a3099161e137 4 weeks ago 95.3MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.18.2 ace0a8c17ba9 4 weeks ago 162MB osixia/keepalived latest d04966a100a7 2 months ago 72.9MB registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 3 months ago 683kB registry.cn-hangzhou.aliyuncs.com/google_containers/coredns 1.6.7 67da37a9a360 3 months ago 43.8MB registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 6 months ago 288MB calico/pod2daemon-flexvol v3.9.0 aa79ce3237eb 8 months ago 9.78MB calico/cni v3.9.0 56c7969ed8e6 8 months ago 160MB calico/kube-controllers v3.9.0 f5cc48269a09 8 months ago 50.4MB |
worker節(jié)點只要kube-proxy/pause這兩個鏡像則可(其他worker節(jié)點執(zhí)行以下命令) docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 拉取后執(zhí)行 docker images查看 |
kubeadm init --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --pod-network-cidr=172.16.0.0/16 --apiserver-advertise-address=192.168.37.128 輸出日志如下: I0920 13:31:38.444013 59901 version.go:252] remote version is much newer: v1.19.2; falling back to: stable-1.18 W0920 13:31:40.534993 59901 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io] [init] Using Kubernetes version: v1.18.9 [preflight] Running pre-flight checks [WARNING FileExisting-tc]: tc not found in system path [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using kubeadm config images pull [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Starting the kubelet [certs] Using certificateDir folder "/etc/kubernetes/pki" [certs] Generating "ca" certificate and key [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [k8s1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.37.128] [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "front-proxy-ca" certificate and key [certs] Generating "front-proxy-client" certificate and key [certs] Generating "etcd/ca" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving cert is signed for DNS names [k8s1 localhost] and IPs [192.168.37.128 127.0.0.1 ::1] [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [k8s1 localhost] and IPs [192.168.37.128 127.0.0.1 ::1] [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "sa" key and public key [kubeconfig] Using kubeconfig folder "/etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "kubelet.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [control-plane] Using manifest folder "/etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" W0920 13:33:01.598426 59901 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC" [control-plane] Creating static Pod manifest for "kube-scheduler" W0920 13:33:01.606176 59901 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC" [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests" [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s [apiclient] All control plane components are healthy after 19.504561 seconds [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config-1.18" in namespace kube-system with the configuration for the kubelets in the cluster [upload-certs] Skipping phase. Please see --upload-certs [mark-control-plane] Marking the node k8s1 as control-plane by adding the label "node-role.kubernetes.io/master=" [mark-control-plane] Marking the node k8s1 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule] [bootstrap-token] Using token: alu9wy.79pfunrsnxgvle0b [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace [kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.37.128:6443 --token alu9wy.79pfunrsnxgvle0b --discovery-token-ca-cert-hash sha256:8bc468f16a049ea94b4659bc2c58a6ddb5b4a2a53eff98051442363d585e3358 參數(shù)解釋: --image-repository 因為是從阿里云拉取的docker鏡像,需要指定倉庫來啟動 --pod-network-cidr 指定pod內(nèi)部的tcp網(wǎng)絡 --apiserver-advertise-address 本機綁定的IP地址 執(zhí)行完后,根據(jù)提示信息執(zhí)行步驟 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config |
通過docker pull拉取calico鏡像 docker pull calico/node docker pull calico/cni docker pull calico/pod2daemon-flexvol docker pull calico/kube-controllers 下載calico.yml文件 wget https://docs.projectcalico.org/manifests/calico.yaml |
在配置文件中autodetect標簽下添加以下(一定要注意使用空格,不能使用tab,yml是強格式文件) - name: IP_AUTODETECTION_METHOD value: "interface=ens.*" ---對應本機IP地址的網(wǎng)卡名稱 修改cidr的地址為172(K8S初始化時指定的pod網(wǎng)絡地址,如初始化為其他IP,則修改對應IP) - name: CALICO_IPV4POOL_CIDR value: "172.16.0.0/16" 修改完后,應用 kubectl apply -f calico.yml |
kubeadm join 192.168.37.128:6443 --token alu9wy.79pfunrsnxgvle0b --discovery-token-ca-cert-hash sha256:8bc468f16a049ea94b4659bc2c58a6ddb5b4a2a53eff98051442363d585e3358 執(zhí)行完后,在master節(jié)點使用kubectl get nodes查看K8S集群狀態(tài) NAME STATUS ROLES AGE VERSION k8s1 Ready master 3d6h v1.18.2 k8s2 Ready k8s3 Ready 查看集群信息 kubectl get cs NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-0 Healthy {"health":"true"} 這樣一個K8S集群就搭建完了 |
下面來說說離線安裝,一般生產(chǎn)庫是沒有連接外網(wǎng)的,則需要通過離線方式進行安裝
1.離線安裝主要通過保存上面的docker鏡像,然后上傳到?jīng)]有網(wǎng)絡的地方進行加載 保存docker鏡像,主要為docker save -o命令 如 docker save -o calico_node.tar calico/node:latest 加載docker鏡像,主要為docker load -i命令 如 docker load -i calico-node.tar 2.而離線K8S二進制包可以使用如下方式保存在本地,把所有下載的都上傳至內(nèi)網(wǎng)中進行安裝,避免缺少依賴包而從裝失敗 yumdownloader --resolve kubelet kubeadm kubectl 3.離線安裝步驟 離線安裝步驟與在線安裝初始化K8S一致,不再贅述. |
1. 執(zhí)行kubectl命令報錯 Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes") 解決: 這個為admin.conf文件不一致導致,可把$HOME/.kube文件刪除,再從/etc/kubernetes/admin.conf拷貝到該目錄即可 rm -rf $HOME/.kube mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config 2.kubelet日志里面報錯 Failed to get system container stats for “/system.slice/docker.service”: failed to get cgroup stats for “/system.slice/docker.service”: failed to get container info for “/system.slice/docker.service”: unknown container “/system.slice/docker.service” 解決: 受低版本的操作系統(tǒng)影響,cgroup-driver參數(shù)應該通過kubelet 的配置指定配置文件來配置 編輯kubelet文件 vim /etc/sysconfig/kubelet 添加參數(shù) --kubelet-cgroups=/systemd/system.slice 重啟kubelet systemctl restart kubelet |
文章版權歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請注明本文地址:http://systransis.cn/yun/130035.html
摘要:如果這不起作用,請將驅(qū)動程序移到下方,并且不要在配置文件中提供任何驅(qū)動程序路徑參考鏈接多數(shù)原因是文件渠道文件配置出錯,檢查一下管道配置文件里面的建議不要使用,會報錯誤重新配置了權限還是報錯,暫時沒找到原因,所以換了個用戶就行了Centos8安裝Docker 1.更新一下yum [root@VM-24-9-centos ~]# yum -y update 2.安裝cont...
摘要:前言前些日子了解到這樣一個協(xié)議,可以在上達到即時通訊的效果,但網(wǎng)上并不能很方便地找到一篇目前版本的在下正確實現(xiàn)這個協(xié)議的博客。 前言 前些日子了解到mqtt這樣一個協(xié)議,可以在web上達到即時通訊的效果,但網(wǎng)上并不能很方便地找到一篇目前版本的在node下正確實現(xiàn)這個協(xié)議的博客。 自己搗鼓了一段時間,理解不深刻,但也算是基本能夠達到使用目的。 本文目的為對MQTT有需求的學習者提供一定程...
摘要:節(jié)點資源預留導致的浪費。虛擬節(jié)點實現(xiàn)了和這兩大容器產(chǎn)品的無縫對接,豐富了集群的彈性能力。單個虛擬節(jié)點計算資源理論無上限,無需擔心容量問題。通過虛擬節(jié)點及,可以用最小的資源成本,來應對高峰期的任務壓力,提升整體任務效率。隨著云原生概念的深入人心,越來越多的企業(yè)開始著手基于容器相關技術來部署其應用,Serverless也開始在企業(yè)IT基礎構建中發(fā)揮出越來越重要的作用。UCloud 先后推出了開箱...
閱讀 1356·2023-01-11 13:20
閱讀 1707·2023-01-11 13:20
閱讀 1215·2023-01-11 13:20
閱讀 1906·2023-01-11 13:20
閱讀 4165·2023-01-11 13:20
閱讀 2757·2023-01-11 13:20
閱讀 1402·2023-01-11 13:20
閱讀 3671·2023-01-11 13:20