一、部署环境架构以及方式
一、环境准备
1、网络yum配置(阿里云yum源)
1 # CentOS-Base.repo 2 # 3 # The mirror system uses the connecting IP address of the client and the 4 # update status of each mirror to pick mirrors that are updated to and 5 # geographically close to the client. You should use this for CentOS updates 6 # unless you are manually picking other mirrors. 7 # 8 # If the mirrorlist= does not work for you, as a fall back you can try the 9 # remarked out baseurl= line instead. 10 # 11 # 12 13 [base] 14 name=CentOS-$releasever - Base - mirrors.aliyun.com 15 failovermethod=priority 16 baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ 17 http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/ 18 http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/ 19 gpgcheck=1 20 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 21 22 #released updates 23 [updates] 24 name=CentOS-$releasever - Updates - mirrors.aliyun.com 25 failovermethod=priority 26 baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ 27 http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/ 28 http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/ 29 gpgcheck=1 30 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 31 32 #additional packages that may be useful 33 [extras] 34 name=CentOS-$releasever - Extras - mirrors.aliyun.com 35 failovermethod=priority 36 baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ 37 http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/ 38 http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/ 39 gpgcheck=1 40 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 41 42 #additional packages that extend functionality of existing packages 43 [centosplus] 44 name=CentOS-$releasever - Plus - mirrors.aliyun.com 45 failovermethod=priority 46 baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/ 47 http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/ 48 http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/ 49 gpgcheck=1 50 enabled=0 51 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 52 53 #contrib - packages by Centos Users 54 [contrib] 55 name=CentOS-$releasever - Contrib - mirrors.aliyun.com 56 failovermethod=priority 57 baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/ 58 http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/ 59 http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/ 60 gpgcheck=1 61 enabled=0 62 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
2、docker yum源配置(阿里云)
1 [docker-ce-stable] 2 name=Docker CE Stable - $basearch 3 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable 4 enabled=1 5 gpgcheck=1 6 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 7 8 [docker-ce-stable-debuginfo] 9 name=Docker CE Stable - Debuginfo $basearch 10 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/stable 11 enabled=0 12 gpgcheck=1 13 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 14 15 [docker-ce-stable-source] 16 name=Docker CE Stable - Sources 17 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/stable 18 enabled=0 19 gpgcheck=1 20 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 21 22 [docker-ce-test] 23 name=Docker CE Test - $basearch 24 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/test 25 enabled=0 26 gpgcheck=1 27 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 28 29 [docker-ce-test-debuginfo] 30 name=Docker CE Test - Debuginfo $basearch 31 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/test 32 enabled=0 33 gpgcheck=1 34 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 35 36 [docker-ce-test-source] 37 name=Docker CE Test - Sources 38 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/test 39 enabled=0 40 gpgcheck=1 41 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 42 43 [docker-ce-nightly] 44 name=Docker CE Nightly - $basearch 45 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightly 46 enabled=0 47 gpgcheck=1 48 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 49 50 [docker-ce-nightly-debuginfo] 51 name=Docker CE Nightly - Debuginfo $basearch 52 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/nightly 53 enabled=0 54 gpgcheck=1 55 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 56 57 [docker-ce-nightly-source] 58 name=Docker CE Nightly - Sources 59 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/nightly 60 enabled=0 61 gpgcheck=1 62 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
3、kubectl yum 配置
1 [kubernetes] 2 name=Kubernetes 3 baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ 4 enabled=1 5 gpgcheck=1 6 repo_gpgcheck=1 7 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
4、加载网络yum源
yum repolist
二、master安装组件
1、安装组件
yum install docker-ce kubelet kubeadm kubectl
1.1校验可能会报错
提前下载 wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
1.2下载组件kubectl
1 [root@master packages]# ll 2 total 63772 3 -rw-r--r-- 1 root root 5318270 Jan 4 2021 14bfe6e75a9efc8eca3f638eb22c7e2ce759c67f95b43b16fae4ebabde1549f3-cri-tools-1.13.0-0.x86_64.rpm 4 -rw-r--r-- 1 root root 9513430 Jul 17 05:03 23f7e018d7380fc0c11f0a12b7fda8ced07b1c04c4ba1c5f5cd24cd4bdfb304d-kubeadm-1.21.3-0.x86_64.rpm 5 -rw-r--r-- 1 root root 20970442 Jul 17 05:07 7e38e980f058e3e43f121c2ba73d60156083d09be0acc2e5581372136ce11a1c-kubelet-1.21.3-0.x86_64.rpm 6 -rw-r--r-- 1 root root 10005798 Jul 17 05:05 b04e5387f5522079ac30ee300657212246b14279e2ca4b58415c7bf1f8c8a8f5-kubectl-1.21.3-0.x86_64.rpm 7 -rw-r--r-- 1 root root 19487362 Jan 4 2021 db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1876bb18604ad-kubernetes-cni-0.8.7-0.x86_64.rpm
1.3下载容器组件
1 [root@master packages]# ll 2 total 105416 3 -rw-r--r-- 1 root root 31283812 Jul 20 05:15 containerd.io-1.4.8-3.1.el7.x86_64.rpm 4 -rw-r--r-- 1 root root 27902344 Jun 3 03:29 docker-ce-20.10.7-3.el7.x86_64.rpm 5 -rw-r--r-- 1 root root 34717572 Jun 3 03:29 docker-ce-cli-20.10.7-3.el7.x86_64.rpm 6 -rw-r--r-- 1 root root 9659320 Jun 3 03:29 docker-ce-rootless-extras-20.10.7-3.el7.x86_64.rpm 7 -rw-r--r-- 1 root root 4373740 Jun 3 03:29 docker-scan-plugin-0.8.0-3.el7.x86_64.rpm
三、启动容器
3.1写加速文件
1 [root@master docker]# cat daemon.json 2 { 3 "insecure-registries":["192.168.33.79:5000"], 4 "registry-mirrors": [ 5 "https://registry.docker-cn.com", 6 "http://hub-mirror.c.163.com", 7 "https://docker.mirrors.ustc.edu.cn" 8 ] 9 }
3.2启动docker
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl start docker
3.3查看docker 信息
1 [root@master docker]# docker info 2 Client: 3 Context: default 4 Debug Mode: false 5 Plugins: 6 app: Docker App (Docker Inc., v0.9.1-beta3) 7 buildx: Build with BuildKit (Docker Inc., v0.5.1-docker) 8 scan: Docker Scan (Docker Inc., v0.8.0) 9 10 Server: 11 Containers: 37 12 Running: 24 13 Paused: 0 14 Stopped: 13 15 Images: 20 16 Server Version: 20.10.7 17 Storage Driver: overlay2 18 Backing Filesystem: xfs 19 Supports d_type: true 20 Native Overlay Diff: true 21 userxattr: false 22 Logging Driver: json-file 23 Cgroup Driver: cgroupfs 24 Cgroup Version: 1 25 Plugins: 26 Volume: local 27 Network: bridge host ipvlan macvlan null overlay 28 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog 29 Swarm: inactive 30 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc 31 Default Runtime: runc 32 Init Binary: docker-init 33 containerd version: 7eba5930496d9bbe375fdf71603e610ad737d2b2 34 runc version: v1.0.0-0-g84113ee 35 init version: de40ad0 36 Security Options: 37 seccomp 38 Profile: default 39 Kernel Version: 3.10.0-862.11.6.el7.x86_64 40 Operating System: CentOS Linux 7 (Core) 41 OSType: linux 42 Architecture: x86_64 43 CPUs: 8 44 Total Memory: 7.638GiB 45 Name: master 46 ID: HGKJ:IOYV:VZ2Z:MBDV:3NPE:ISKU:JMDZ:TO67:LOFK:I6ZG:NSGF:G7XC 47 Docker Root Dir: /var/lib/docker 48 Debug Mode: false 49 HTTPS Proxy: http:www.ik8s.io:10080 50 No Proxy: 127.0.0.0/8 51 Registry: https://index.docker.io/v1/ 52 Labels: 53 Experimental: false 54 Insecure Registries: 55 192.168.33.79:5000 56 127.0.0.0/8 57 Registry Mirrors: 58 https://registry.docker-cn.com/ 59 http://hub-mirror.c.163.com/ 60 https://docker.mirrors.ustc.edu.cn/ 61 Live Restore Enabled: false
注意!!!
通过网桥转发的IP数据包会iptables规则过滤,而这两个选项将阻止过滤,Netfilter是默认情况下启用了桥梁,如果不阻止会导致严重的混乱
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
四、启动kubelet
4.1设置开机自启
systemctl enable kubelet
systemctl enable docker
4.2下拉初始化软件包(脚本)
1 set -o errexit 2 set -o nounset 3 set -o pipefail 4 5 ##这里定义版本,按照上面得到的列表自己改一下版本号 6 7 KUBE_VERSION=v1.21.3 8 KUBE_PAUSE_VERSION=3.4.1 9 ETCD_VERSION=3.4.13-0 10 DNS_VERSION=v1.8.0 11 12 ##这是原始仓库名,最后需要改名成这个 13 GCR_URL=k8s.gcr.io 14 15 ##这里就是写你要使用的仓库 16 DOCKERHUB_URL=aiotceo 17 18 ##这里是镜像列表,新版本要把coredns改成coredns/coredns 19 images=( 20 kube-proxy:${KUBE_VERSION} 21 kube-scheduler:${KUBE_VERSION} 22 kube-controller-manager:${KUBE_VERSION} 23 kube-apiserver:${KUBE_VERSION} 24 pause:${KUBE_PAUSE_VERSION} 25 etcd:${ETCD_VERSION} 26 coredns/coredns:${DNS_VERSION} 27 ) 28 29 ##这里是拉取和改名的循环语句 30 for imageName in ${images[@]} ; do 31 docker pull $DOCKERHUB_URL/$imageName 32 docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName 33 docker rmi $DOCKERHUB_URL/$imageName 34 done
4.3初始化kubeadm
初始化时需要加镜像来源: --image-repository=registry.aliyuncs.com/google_containers(这个是我自己的阿里云镜像仓库)
查看k8版本 :
1 [root@node ~]# kubectl version 2 Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.3", GitCommit:"ca643a4d1f7bfe34773c74f79527be4afd95bf39", GitTreeState:"clean", BuildDate:"2021-07-15T21:04:39Z", GoVersion:"go1.16.6", Compiler:"gc", Platform:"linux/amd64"}
初始化
1 kubeadm init --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.21.3 --service-cidr=10.96.0.0/12
五、创建登陆配置
5.1 创建kube目录,添加kubectl配置
1 mkdir -p $HOME/.kube; 2 3 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config; 4 5 sudo chown $(id -u):$(id -g) $HOME/.kube/config
六、安装网络
6.1添加网络组件(flannel)
组件flannel可以通过https://github.com/coreos/flannel中获取,此处也有介绍怎么安装,也可以自己在网上找网络镜像安装(最好到官网下载网络yaml文件)
1 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
七、node安装组件
1、安装组件
yum install docker-ce kubelet kubeadm kubectl
1.1校验可能会报错
提前下载 wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
八、启动容器
1写加速文件
root@master:/k8s/pod/image/harbor# cat /etc/docker/daemon.json { "registry-mirrors": ["https://7hgbbnxx.mirror.aliyuncs.com"], "insecure-registries":["master:5000","192.168.27.141:8093"] }
2启动docker
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl start docker
注意!!!
通过网桥转发的IP数据包会iptables规则过滤,而这两个选项将阻止过滤,Netfilter是默认情况下启用了桥梁,如果不阻止会导致严重的混乱
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
kubeadm 生成 token
查看
kubeadm token create --print-join-command
生成新的token
[root@k8s-master ~]# kubeadm token create iuv3h7.9yhwvfm9f3phpfcl [root@k8s-master ~]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS iuv3h7.9yhwvfm9f3phpfcl 23h 2019-05-14T10:26:50+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
获取ca证书sha256编码hash值
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' 91ca783858fbe9806560e8253ec47fe734addba3c8ee64ddbeace077a5101aee
node加入到master
kubeadm join 192.168.1.110:6443 --token wgrs62.vy0trlpuwtm5jd75 --discovery-token-ca-cert-hash sha256:6e947e63b176acf976899483d41148
--ignore-preflight-errors=Swap
注意:join需要以下软件
遇到的问题
vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.21.3 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap #在初始化时加入--ignore选项