目录
[1. 修改host](#1. 修改host)
[2. 时间同步](#2. 时间同步)
[3. 禁用firewalled](#3. 禁用firewalled)
[4. 禁用selinux](#4. 禁用selinux)
[5. 禁用swap](#5. 禁用swap)
[6. 网桥设置](#6. 网桥设置)
[7. docker安装](#7. docker安装)
[8. 安装k8s](#8. 安装k8s)
[9. 异性操作](#9. 异性操作)
[10. 配置flannel](#10. 配置flannel)
1. 修改host
bash
cat >> /etc/hosts << EOF
172.16.188.175 master
172.16.188.176 node1
172.16.188.177 node2
EOF
cat /etc/hosts
2. 时间同步
bash
systemctl start chronyd && systemctl enable chronyd
date
3. 禁用firewalled
bash
systemctl stop firewalld && systemctl disable firewalld
4. 禁用selinux
bash
setenforce 0 && sed -i 's/ASELINUX=,*/SELINUX=disabled/' /etc/selinux/config
5. 禁用swap
- 临时关闭,重启失效
bash
swapoff -a
- 永久关闭
bash
swapoff -a && sed -i '/ swap / s/^\(.*\)$/# \1/g' /etc/fstab
默认情况下,K8s为了追求高性能,不建议使用交换分区,为此它要求每个节点禁用swap,否则各个节点中的kubelet无法运行
6. 网桥设置
bash
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system
7. docker安装
bash
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum -y install docker-ce
systemctl enable docker&& systemctl start docker
docker -v
设置
daemon.json
bashmkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "exec-opts":["native.cgroupdriver=systemd"], "registry-mirror": [ "https://ne62ahv7.mirror.aliyuncs.com", "https://registry.docker-cn.com", "https://docker.mirrors.ustc.edu.cn", "http://hub-mirror.c.163.com" ] } EOF systemctl daemon-reload && systemctl restart docker
8. 安装k8s
- 镜像
bash
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key-gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
cat /etc/yum.repos.d/kubernetes.repo
- 安装
bash
yum -y install kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17
systemctl enable kubelet
journalctl -xefu kubelet
9. 异性操作(不同节点之间执行不同命令)
- 设置hostname
bash
# 不同主机上执行
hostnamectl set-hostname master
hostnamectl set-hostname node1
hostnamectl set-hostname node2
执行完之后建议重启
bashreboot
- 初始化kubernetes
bash
# 只在主节点执行
kubeadm init \
--apiserver-advertise-address=172.16.188.175 \
--image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version=v1.23.17 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
执行结果不要关掉
[init] Using Kubernetes version: v1.23.17
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.7. Latest validated version: 20.10
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master] and IPs [10.96.0.1 172.16.188.175]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master] and IPs [172.16.188.175 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master] and IPs [172.16.188.175 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 5.504881 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.23" in namespace kube-system with the configuration for the kubelets in the cluster
NOTE: The "kubelet-config-1.23" naming of the kubelet ConfigMap is deprecated. Once the UnversionedKubeletConfigMap feature gate graduates to Beta the default name will become just "kubelet-config". Kubeadm upgrade will handle this transition transparently.
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: bh0p19.4bdguik2fp3y81mv
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown (id -u):(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.16.188.175:6443 --token bh0p19.4bdguik2fp3y81mv \
--discovery-token-ca-cert-hash sha256:2327aff6edc65a0ccf11d09ffed3890cf560b56ddde13c47a88026c6e525a0c9
- 环境配置
普通用户
bash
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u) :$(id -g) $HOME/.kube/config
root用户
bash
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
10. 配置flannel
- 只限master节点
flannel (['ˈflænl]) 和calico(['kælɪkoʊ]) 都是用于k8s节点之间容器网络通信的一个k8s组件,flanne可以为不同node节点的分配不同的子网,实现容器间的跨机通信,从而实现整个kubenets层级通信。
下载
bash
cd /opt
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
上传
bash
kubectl apply -f /opt/kube-flannel.yml
- 其他节点
设置hostname
bash
# 前面执行过,可以跳过
hostnamectl set-hostname node1
执行kubeadm join命令,该命令是master节点 初始化k8s时生成的
bash
kubeadm join 172.16.188.175:6443 --token bh0p19.4bdguik2fp3y81mv \
--discovery-token-ca-cert-hash sha256:2327aff6edc65a0ccf11d09ffed3890cf560b56ddde13c47a88026c6e525a0c9
上面命令中token默认有效期为24小时,过期后可以在master节点执行kubeadm token create --print-join-command重新创建token
环境配置
bash
echo "export KUBECONFIG=/etc/kubernetes/kubelet.conf" >> /etc/profile
source /etc/profile
验证
bash
kubectl get no
以上内容总结自:如何在Centos7中安装Kubernetes_哔哩哔哩_bilibili
关联可参考信息