一. 环境准备
K8S版本v1.19.03
IP地址 | 角色 | 主机名 | 系统 | CPU | 内存 | 硬盘 |
192.168.40.11 | master | node-01.in.cn | centos7 | 8 | 24G | 2TB |
192.168.40.12 | node | node-02.in.cn | centos7 | 4 | 32G | 1TB |
192.168.40.13 | node | node-03.in.cn | centos7 | 4 | 16G | 2TB |
- 操作系统: CentOS7.x
- 硬件要求: CPU 2核以上,内存4GB以上, 硬盘30G以上
- docker所在宿主机分区的格式必须是 ext2, ext3, ext4
- 关闭防火墙
- 关闭SELinux
- 关闭swap
- 所有节点部署docker, kubeadm, kubelet
- 内网互通, hosts解析主机名
- 私有仓库或者可以访问互联网,拉取镜像
注意: 在所有节点执行以下操作
1. 设置hosts
cat << EOF >> /etc/hosts
192.168.40.11 node-01.in.cn
192.168.40.12 node-02.in.cn
192.168.40.13 node-03.in.cn
EOF2. 内核参数
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.ipv4.ip_forward = 13. 安装Docker
#!/bin/bash
### Uninstall old versions
yum remove -y docker docker-client docker-client-latest docker-common docker-latest \
docker-latest-logrotate docker-logrotate docker-engine
### Install required packages.
yum install yum-utils device-mapper-persistent-data lvm2 -y
### Add Docker repository.
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum-config-manager --enable docker-ce-edge
## Install Docker CE.
yum install docker-ce -y
## Create /etc/docker directory.
mkdir -p /etc/docker
# Setup daemon.
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://bxba8hkt.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
# Restart Docker
systemctl daemon-reload
systemctl restart docker
systemctl enable docker4. 添加阿里云源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF5. 安装kubeadm, kubelet
# 版本 v1.19.3
yum install -y kubelet kubeadm kubectl
rpm -ql kubelet
rpm -ql kubeadm
rpm -ql kubectl
rpm -ql kubernetes-cni
# init或者join时, 自动启动kubelet
systemctl enable kubelet 二. 安装Master
1. 手动下载镜像(网络不好时使用)
kubeadm config images list|awk -F "/" '{print $2}'2. 下载脚本
#!/bin/bash
images=(
kube-apiserver:v1.19.3
kube-controller-manager:v1.19.3
kube-scheduler:v1.19.3
kube-proxy:v1.19.3
pause:3.2
etcd:3.4.13-0
coredns:1.7.0
)
for imageName in ${images[@]};do
docker pull mirrorgooglecontainers/$imageName
docker tag mirrorgooglecontainers/$imageName registry.aliyuncs.com/google_containers/$imageName
docker rmi mirrorgooglecontainers/$imageName
done3. 初始化Master
kubeadm init \
--apiserver-advertise-address 192.168.40.11 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.19.3 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 - apiserver-advertise-address: 指定用Master的哪个地址与Cluster的其他节点通信
- image-repository: 指定镜像地址, 默认值是k8s.gcr.io
- kubernetes-version: 指定kubenets版本号, 默认值会导致从网络上获取最新版本号
- service-cidr: 指定service的网络范围
- pod-network-cidr: 指定Pod的网络范围
4. 使用kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 启用kubectl命令的自动补全功能
echo "source <(kubectl completion bash)" >> ~/.bashrc 5. 安装网络插件
# 添加hosts解析
199.232.68.133 raw.githubusercontent.com
# 下载yaml
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 应用
kubectl apply -f kube-flannel.yml6. 查看pod(大概等待2分钟)
kubectl get pods -n kube-system
--- output
NAME READY STATUS RESTARTS AGE
coredns-6d56c8448f-6f7f2 1/1 Running 0 2m31s
coredns-6d56c8448f-w7vkd 1/1 Running 0 2m31s
etcd-node-01.in.cn 1/1 Running 0 2m39s
kube-apiserver-node-01.in.cn 1/1 Running 0 2m39s
kube-controller-manager-node-01.in.cn 1/1 Running 0 2m39s
kube-flannel-ds-p9sdl 1/1 Running 0 26s
kube-proxy-69qnj 1/1 Running 0 2m31s
kube-scheduler-node-01.in.cn 1/1 Running 0 2m396. 卸载Master
# 卸载网络插件
kubectl delete -f kube-flannel.yml
ifconfig cni0 down && ip link delete cni0
ifconfig flannel.1 down && ip link delete flannel.1
rm -rf /var/lib/cni
rm -f /etc/cni/net.d/*
### 重置iptables
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
kubeadm reset
rm -fr $HOME/.kube
systemctl stop kubepods.slice
yum remove -y kubelet kubeadm kubectl
systemctl daemon-reload
# .bashrc 删除source <(kubectl completion bash)三. 添加Node
1. 添加node
kubeadm join 192.168.40.11:6443 --token v5lnvk.nmcnl24les4cumci \
--discovery-token-ca-cert-hash sha256:ddfe030df98fe66ff880ae1ce4675bb4aad29eeb11ca5e1d701f854a6449bc71
# 查看日志
journalctl -f2. 清理node
# master执行
### 排除node上的pod
kubectl drain node-02.in.cn --delete-local-data --force --ignore-daemonsets
# node02执行
kubeadm reset
### 删除网络插件
ifconfig flannel.1 down && ip link delete flannel.1
rm -f /etc/cni/net.d/*
### 重置iptables
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
rm -fr /etc/kubernetes/pki
systemctl stop kubepods.slice
yum remove -y kubelet kubeadm kubectl
systemctl daemon-reload
# master 执行
kubectl delete nodes node-02.in.cn3. 再次加入node
# master 节点获取token
kubeadm token list
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
# node节点
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet
systemctl start kubelet
kubeadm join 192.168.40.11:6443 --token v5lnvk.nmcnl24les4cumci \
--discovery-token-ca-cert-hash sha256:ddfe030df98fe66ff880ae1ce4675bb4aad29eeb11ca5e1d701f854a6449bc71四. 故障解决
1. kubelet 启动不了
Failed to start ContainerManager failed to initialize top level QOS containers: failed to update top level Burstable QOS cgroup : failed to set supported cgroup subsystems for cgroup [kubepods burstable]: failed to find subsystem mount for required subsystem: pids解决方法
方法一:编辑 kubelet 配置文件
vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--feature-gates=SupportPodPidsLimit=false,SupportNodePidsLimit=false"五. 测试集群
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod, svc