<tr id='9ei0e'><strong id='9ei0e'></strong><small id='9ei0e'></small><button id='9ei0e'></button><li id='9ei0e'><noscript id='9ei0e'><big id='9ei0e'></big><dt id='9ei0e'></dt></noscript></li></tr><ol id='9ei0e'><option id='9ei0e'><table id='9ei0e'><blockquote id='9ei0e'><tbody id='9ei0e'></tbody></blockquote></table></option></ol><u id='9ei0e'></u><kbd id='9ei0e'><kbd id='9ei0e'></kbd></kbd>
k8s安裝
centos7.9最小安裝版本
從零開始的k8s安裝
硬件配置要求
-
cpu >= 2核
-
硬盤 >= 20G
-
內存 >= 2G
-
節點數量建議為奇數(3, 5, 7, 9等)
以下命令出除特殊要求外,其余都建議在master主機執行。
本教程配置如下
| 機器名 | IP | 角色 | CPU | 內存 |
| centos01 | 192.168.109.121 | master | 4核 | 2G |
| centos02 | 192.168.109.122 | node | 4核 | 2G |
基礎準備(所有機器都要執行)
設置主機名,所有節點都執行
-
執行以下命令安裝必備插件
vim /etc/hosts #增加
192.168.109.121 centos01
192.168.109.122 centos02-
關閉防火墻,所有節點都執行
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/selinux/config #修改SELINUX的值 SELINUX=disabled-
關閉swap內存,所有節點都執行
free -h
sudo swapoff -a
sudo sed -i 's/.*swap.*/#&/' /etc/fstab-
關閉selinux
getenforce
cat /etc/selinux/config
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config-
配置網橋,所有節點都執行
修改參數
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1然后,加載如下兩個模塊,所有節點都執行
modprobe ip_vs_rr
modprobe br_netfilter生效配置
[root@centos01 opt]# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1-
安裝組件
# yum 更新
sudo yum update -y
# tab 命令補全
sudo yum install -y bash-completion
# wget
sudo yum install -y wget
# vim 編輯器
sudo yum install -y vim-enhanced
# 網絡工具
sudo yum install -y net-tools
# gcc 編譯器
sudo yum install -y gcc-
安裝docker
安裝 docker , Containerd
# 刪除 docker(如果有的話)
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安裝必備工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 加入 docker 源
sudo yum-config-manager --add-repo download.docker.com/linux/centos/docker-ce.repo
# 安裝 docker
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 安裝 containerd
sudo yum install -y containerd
vim /etc/containerd/config.toml
#SystemdCgroup的值改為true
SystemdCgroup = true
#由于國內下載不到registry.k8s.io的鏡像,修改sandbox_image的值為:
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
# 若下載不到containerd,執行「」中內容
「
wget github.com/containerd/containerd/releases/download/v1.7.2/containerd-1.7.2-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.7.2-linux-amd64.tar.gz
」
# 停止 containerd
sudo systemctl stop containerd.service
# 生成并修改配置文件
sudo cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
sudo containerd config default > $HOME/config.toml
sudo cp $HOME/config.toml /etc/containerd/config.toml
sudo sed -i "s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
sudo sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml
# 將 containerd 加入開機自啟
sudo systemctl enable --now containerd.service
# 啟動 docker
sudo systemctl start docker.service
# 將 docker 加入開機自啟
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep docker
# 設置 docker 鏡像加速
sudo mkdir -p /etc/docker
# 鏡像address換成你自己的鏡像address
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["xxxxx.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo docker info
sudo systemctl status docker.service
sudo systemctl status containerd.service-
添加國內鏡像倉庫
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
# 是否開啟本倉庫
enabled=1
# 是否檢查 gpg 簽名文件
gpgcheck=0
# 是否檢查 gpg 簽名文件
repo_gpgcheck=0
gpgkey=mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF-
安裝k8s
# 安裝 1.27.1 版本
sudo yum install -y kubelet-1.27.1 kubeadm-1.27.1 kubectl-1.27.1 --disableexcludes=kubernetes --nogpgcheck
# 安裝最新版本(生產環境不建議)
# sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes --nogpgcheck
systemctl daemon-reload
sudo systemctl restart kubelet
sudo systemctl enable kubelet-
啟動(master執行)
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.42.150 --kubernetes-version=v1.27.1
# --image-repository 鏡像加速address,一般不動
# --apiserver-advertise-address master 節點IP address,自己改
# --kubernetes-version kubernetes 版本,自己選擇的什么版本就改成什么版本
# 初始化失敗可以使用 kubeadm reset 重置
# 失敗原因多半是因為網絡問題,可以換個網絡試試-
初始化成功后執行(master執行)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config-
將node加入集群
# 執行成功后,會出現類似下列內容:
kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
--discovery-token-ca-cert-hash sha256:6dkl32klh34j5gkj2kl42kjlk452h42lh4l2h42l
# 將控制臺打印的這句復制到 node 節點主機上執行就行
# 如果忘記或者過期可以使用以下命令重新生成
kubeadm token create --print-join-command-
查看集群狀態(master 節點執行)
kubectl get nodes-
安裝網絡插件,可以選擇calico或flannel,這里選擇安裝flannel,僅在(master節點執行)
wget github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
# vim kube-flannel.yml
#修改Network項的值,改為和--pod-network-cidr一樣的值
"Network": "10.244.0.0/16"
#由于有時國內網絡的問題,需要修改image的value,把所有的docker.io改為dockerproxy.com#共需要修改3處,兩個值
image: dockerproxy.com/flannel/flannel:v0.22.0
image: dockerproxy.com/flannel/flannel-cni-plugin:v1.1.2
# 安裝
# kubectl apply -f kube-flannel.yml問題:
問題 1:安裝flannel失敗報如下
Back-off restarting failed container kube-flannel in pod kube-flannel
方法
部署flannel網絡插件時發現flannel一直處于CrashLoopBackOff狀態,查看日志提示沒有分配cidr
解決
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
增加參數:
--allocate-node-cidrs=true
--cluster-cidr=10.244.0.0/16
然后保存退出執行
systemctl restart kubelet如下
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-controller-manager
tier: control-plane
name: kube-controller-manager
namespace: kube-system
spec:
containers:
- command:
- kube-controller-manager
- --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
- --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
- --bind-address=127.0.0.1
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --cluster-name=kubernetes
- --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
- --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
- --controllers=*,bootstrapsigner,tokencleaner
- --kubeconfig=/etc/kubernetes/controller-manager.conf
- --leader-elect=true
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --root-ca-file=/etc/kubernetes/pki/ca.crt
- --service-account-private-key-file=/etc/kubernetes/pki/sa.key
- --use-service-account-credentials=true
- --allocate-node-cidrs=true
- --cluster-cidr=10.244.0.0/16問題2: 只部署單節點允許master節點部署pod
方法:
# 查看當前
kubectl describe nodes master |grep -E '(Roles|Taints)'
#允許,k8s分成control-plane和node兩種角色對應過去的master與work
kubectl taint node master node-role.kubernetes.io/control-plane-
#禁止master部署pod
kubectl taint nodes k8s node-role.kubernetes.io/master=true:NoSchedule參考資料:
-
blog.csdn.net/weixin_44084452/article/details/130797232
-
developer.volcengine.com/articles/7262266226414452755#heading21
-
zhuanlan.zhihu.com/p/532393808
-
blog.frognew.com/2021/08/relearning-k8s-02.html
