Centos7安装K8S

Centos7安装K8S

---

安装过程中没有出现的错误可以往下

根据以前一些博主写的博客，在小阳翻了不下几十篇博客之后，我果断是放弃了，于是找到了官网地址，然后也有坑

1. 关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

2. 关闭 selinux(2，3根据自己情况选择哈)

sed -i 's/enforcing/disabled/' /etc/selinux/config 这个是永久关闭
setenforce 0 临时关闭是这个哟

3、关闭 swap

swapoff -a # 临时关闭
vim /etc/fstab # 永久关闭

#注释掉 /dev/mapper/centos-swap swap swap defaults 0 0 这行
然后呢
systemctl reboot #重启生效
free ‐m #查看下swap交换区是否都为0，如果都为0则swap关闭成功

4.给三台机器分别设置主机名

hostnamectl set‐hostname 主机名称

第一台：k8s-master 第二台：k8s-node1 第三台：k8s-node2

5.在 k8s-master机器添加hosts，注意ip地址哟

cat >> /etc/hosts << EOF
192.168.2.64 k8s-master
192.168.2.59 k8s-node1
192.168.2.51 k8s-node2
EOF

6.将桥接的IPv4流量传递到iptables

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

需要让它生效哈
sysctl --system

7.设置时间

yum install ntpdate -y
ntpdate -u ntp.api.bz
出现
21 Mar 17:07:17 ntpdate[3124]: adjust time server 114.118.7.161 offset 0.013776 sec
即为成功注意我的日期为2022年3月21日，日期和你自己对上即可

8. yum源切换与yum k8s

此处有bug切记别着急复制粘贴，请往下看

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl ------ 坑在这呢
systemctl enable kubelet && systemctl start kubelet #开机启动kubelet

ps: 由于官网未开放同步方式, 可能会有索引gpg检查失败的情况, 这时请用 yum install -y --nogpgcheck kubelet kubeadm kubectl 安装<<<<<<<<<这是官网写的字体老小了

这是报的错

https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for kubernetes
Trying other mirror.


 One of the configured repositories failed (Kubernetes),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=kubernetes ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable kubernetes
        or
            subscription-manager repos --disable=kubernetes

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=kubernetes.skip_if_unavailable=true

failure: repodata/repomd.xml from kubernetes: [Errno 256] No more mirrors to try.

这是正确的配置

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y --nogpgcheck kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

此处需要注意(9、10)均在k8s-master机器上执行指令

9.初始化

ip为master的ip地址，其次注意版本，剩下的无需改动

kubeadm init --apiserver-advertise-address=192.168.2.64 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16

这行执行的话需要注意至少两个cpu，就是红色框框里面的数字是个2就行

改完之后呢，有报错了/(ㄒoㄒ)/~~

[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.
	Unfortunately, an error has occurred:
		timed out waiting for the condition
	This error is likely caused by:
		- The kubelet is not running
		- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)
	If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
		- 'systemctl status kubelet'
		- 'journalctl -xeu kubelet'
	Additionally, a control plane component may have crashed or exited when started by the container runtime.
	To troubleshoot, list all containers using your preferred container runtimes CLI.
	Here is one example how you may list all Kubernetes containers running in docker:
		- 'docker ps -a | grep kube | grep -v pause'
		Once you have found the failing container, you can inspect its logs with:
		- 'docker logs CONTAINERID'
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher

处理办法详见<<<此处有个超链接

当初始化完成之后出现红色框框即为初始化成功，下面的绿色框框为下来所需要执行的指令

10.配置 kubectl 命令工具

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

然后验证一下
kubectl get nodes

安装 Pod 网络插件
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
不成功的话
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kubeflannel.yml

那么此处需要在node节点的两台机器上执行这一行指令，这个指令就是上图初始化完成蓝色框框中的

kubeadm join 192.168.2.64:6443 --token bxtr03.7ekvjxxyx57dh2nz --discovery-token-ca-cert-hash sha256:5f41464af9fab2003b357d445a9927445e3ad540872b01e07bb3e85995a30e65

本小阳此处是报错了的

解决第一个error为以下指令
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
地址: https://blog.csdn.net/m0_47219942/article/details/110873272

剩下两个问题主要是内核版本过低导致的，详细可见CentOS7升级内核并启用BBR

此时已是开始搭建的一周后了，因为总是忘记，此时报的错误

error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "bxtr03"

Token过期，那么此时需要重新生成

https://blog.csdn.net/YouMing_Li/article/details/117553658

此时再次执行

kubeadm reset

之后重新加入主节点之后

此时的报错含义为

kubelet没有运行  
kubelet是不健康的，因为节点在某种程度上配置错误(需要禁用cgroups)  

此处结局方案，原文链接

然后呢

kubectl get nodes

上面红色框中的NotReady状态解决，链接

下面开始测试

kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc -o wide

执行完需要注意端口号

完了之后三台机器都可以通过此端口访问到

此时已经完了哈