k8s安装-学习环境

目录

环境准备

配置hosts

关闭防火墙

关闭交换分区

调整swappiness参数

关闭setlinux

Ipv4转发

时钟同步

安装Docker

配置Yum源

安装

配置

启动

日志

安装k8s

配置Yum源

Master节点

安装

初始化

配置kubectl

部署CNI网络插件

Node节点

检查

---

环境准备

准备两台机器centos7.9

192.168.11.120 dt01 master 2c2g

192.168.11.121 dt02 node 1c1g

配置hosts

vi /etc/hosts

192.168.11.120 dt01

192.168.11.121 dt02

或执行命令

hostnamectl set-hostname <hostname>

指定ip和host，防止后续安装k8s无法找到唯一ip报错could not be reached

关闭防火墙

systemctl stop firewalld

systemctl disable firewalld

关闭交换分区

swapoff -a #临时关闭

编辑文件，注释掉swap一行

vi /etc/fstab

|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| /dev/mapper/centos_dt02-root / xfs defaults 0 0 UUID=4ce225e3-cb11-4c0c-8ab5-70c6571a0d11 /boot xfs defaults 0 0 #/dev/mapper/centos_dt02-swap swap swap defaults 0 0 |

验证，swap显示都是0

free -h

调整swappiness参数

echo 0 > /proc/sys/vm/swappiness # 临时生效

vi /etc/sysctl.conf #永久生效

vm.swappiness=0

sysctl -p #立即生效

关闭setlinux

临时

setenforce 0

永久

vi /etc/selinux/config

SELINUX=disabled

Ipv4转发

临时

sysctl -w net.ipv4.ip_forward=1

echo 1 > /proc/sys/net/ipv4/ip_forward

永久生效

vi /etc/sysctl.conf

net.ipv4.ip_forward=1

sysctl -p

vi /etc/sysconfig/network

FORWARD_IPV4=YES

systemctl restart network

时钟同步

yum install ntpdate -y

ntpdate time.windows.com

安装Docker

Yum方式

配置Yum源

安装yum源管理工具

yum install yum-utils -y

添加docker阿里的yum源

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

安装

yum -y install docker-ce-18.06.1.ce-3.el7

配置

vi /etc/docker/daemon.json

{

"registry-mirrors": ["http://hub-mirror.c.163.com"]

}

启动

systemctl daemon-reload #加载配置文件

systemctl status docker #检查dead

systemctl enable docker #开机自启

systemctl restart docker #启动docker

systemctl status docker #检查running

如果systemctl status docker时有

则vi /etc/sysctl.conf 添加

net.bridge.bridge-nf-call-ip6tables=1

net.bridge.bridge-nf-call-iptables=1

sysctl -p

systemctl restart docker

systemctl status docker

日志

journalctl -u docker

安装k8s

使用kubeadm

配置Yum源

|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF |

Master节点

安装

yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0

systemctl enable kubelet

初始化

执行集群初始化，红色部分按需修改

kubeadm init --apiserver-advertise-address=192.168.11.120 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.18.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16

记下最后的输出部分

kubeadm join 192.168.11.120:6443 --token ye402k.feh90nl0r4exomu3 \

--discovery-token-ca-cert-hash sha256:94d891942ae40f97e14314c431527c640ba44f52d4db52a5f2d3a59c53e7c9ae

默认token有效期为24小时，当过期之后，该token就不可用了。这时就需要重新创建token，操作如下：

kubeadm token create --print-join-command

配置kubectl

|-------------------------------------------------------------------------------------------------------------------------------|
| mkdir -p HOME/.kube sudo cp -i /etc/kubernetes/admin.conf HOME/.kube/config sudo chown (id -u):(id -g) $HOME/.kube/config |

部署CNI网络插件

提供的yml文件见顶部关联资源或

链接: https://pan.baidu.com/s/1W97_qMC4-9PGozmHiVdGMg?pwd=lijw

因githup访问不稳定性，直接上传文件kube-flannel.yaml

kubectl apply -f kube-flannel.yaml

注：直接安装插件

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube

flannel.yml

root@dt01 yml\]# kubectl get node NAME STATUS ROLES AGE VERSION dt01 Ready master 91m v1.18.0 ### Node节点 yum install -y kubelet-1.18.0 kubeadm-1.18.0 systemctl enable kubelet 在node节点上执行master节点标记的输出部分 kubeadm join 192.168.11.120:6443 --token ye402k.feh90nl0r4exomu3 \\ --discovery-token-ca-cert-hash sha256:94d891942ae40f97e14314c431527c640ba44f52d4db52a5f2d3a59c53e7c9ae 如果卡住并报错 error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "e1n4kn" To see the stack trace of this error execute with --v=5 or higher 检查token是否过期或防火墙是否关闭 ### 检查 \[root@dt01 yml\]# kubectl get nodes NAME STATUS ROLES AGE VERSION dt01 Ready master 145m v1.18.0 dt02 Ready \ 31m v1.18.0 如果节点不是Ready状态则需要耐心等待10分钟左右 创建一个pod kubectl create deployment nginx --image=nginx kubectl expose deployment nginx --port=80 --type=NodePort kubectl get pod,svc -o wide  http://NodeIP:NodePort NodeIP 可以是集群中任一个节点IP 可以使用命令修改nodePort端口 kubectl edit service nginx