关于k8s集群化部署,以下均是个人一步一步的完成部署,并且会罗列出在部署过程中遇到的各种问题及其解决方式。
一、环境准备。【环境准备阶段试用与master节点部署与work节点部署,即master和work节点全部都需要执行这些步骤】
1、关闭防火墙和禁用selinux。
systemctl stop firewalld
setenforce 0
2、安装YUM。
rm -rf /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sed -i '/aliyuncs/d' /etc/yum.repos.d/CentOS-Base.repo
yum makecache fast
yum install -y vim wget net-tools lrzsz
cd /etc/yum.repos.d
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3、配置镜像源。
# 配置源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
4、安装kubelet kubeadm kubectl,因为 k8s 每个版本对于docker版本是有硬性要求的,因此首先选择k8s和docker配套的版本号,根据自身所需要的根据版本号进行安装,否则因为配套不成功初始化会失败。
#查询当前镜像可安装的kubernetes版本号,执行以下命令
yum list --showduplicates | grep 'kubeadm\|kubectl\|kubelet'
#以下两种方式选择其一即可,最好指定版本号
#如果需要安装指定版本的kubernetes,则安装如下格式执行命令,以下命令安装的1.14.2版本
yum install -y kubelet-1.16.15-0 kubeadm-1.16.15-0 kubectl-1.16.15-0
# 安装,默认安装的最新版本kubernetes,不建议采用次操作,可以选择根据自己需求选择合适版本号
yum install -y kubelet kubeadm kubectl
5、查看k8s安装是否成功
#查询当前k8s版本号
kubectl version
如果遇到如下图所示的错误,则执行(仅仅在master)
#设置环境变量
export KUBECONFIG=/etc/kubernetes/admin.conf
6、开机启动kubelet
systemctl enable kubelet
7、关闭Swap。
swapoff -a
- 注释掉配置
8、安装docker,docker的具体安装步骤参见:https://www.jianshu.com/p/7d9ff93bc89e,https://www.jianshu.com/p/ca061c06d9c6。
#查看仓库中可安装的docker类型
yum list docker-ce --showduplicates | sort -r
#安装指定版本的docker, 例如以下是安装 18.03.1版本的docker
yum -y install docker-ce-18.06.3.ce-3.el7
#以下命令默认是安装docker最新版本
yum install docker-ce -y
#--------------------------------以下是docker其他操作,初始化成功则无需操作。
#docker删除操作,如果有需要,例如重新安装docker
yum remove docker docker-common docker-selinux docker-engine docer-io
#如果安装是吧,提示冲突,则执行以下命令,删除旧版本docker
yum erase docker-ce-18.03.1.ce-1.el7.centos
#然后再执行安装
yum -y install docker-ce-18.03.1.ce-1.el7.centos
- 启动docker
- 由于docker默认的加速器是国外的经常超时,所以需要配置一个阿里云的镜像加速器:
vim /etc/docker/daemon.json
daeman.json中输入以下内容:
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors":["https://m9r2r2uj.mirror.aliyuncs.com"],
"graph": "/mnt/docker-data",
"storage-driver": "overlay"
}
解析:
a、
{
"exec-opts": ["native.cgroupdriver=systemd"],
}
docker服务的Cgroup Driver
默认值为cgroupfs
,当我们用kubeadm初始化(init)的时候会出现如下警告:
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: [preflight] Some fatal errors occurred:
b、
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors":["https://m9r2r2uj.mirror.aliyuncs.com"],
}
由于docker默认的加速器是国外的经常超时,所以需要配置一个阿里云的镜像加速器:
c、
{
"graph": "/mnt/docker-data",
"storage-driver": "overlay"
}
以上命令是解决 system start docker/ service docker restart,docker启动失败,如下所示:
......docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details. .......
重启docker:
service docker restart
9、启动docker。
systemctl enable docker
systemctl start docker
10、kubeadm拉取镜像文件, k8s版本号根据自身情况进行选择,以下是配置了一个shell文件,也可单独运行命令行。
#!/bin/bash
k8sversion=v1.16.15
etcdversion=3.3.15-0
dnsversion=1.6.2
# k8s
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:$k8sversion
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:$k8sversion k8s.gcr.io/kube-apiserver:$k8sversion
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:$k8sversion
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:$k8sversion
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:$k8sversion k8s.gcr.io/kube-controller-manager:$k8sversion
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:$k8sversion
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:$k8sversion
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:$k8sversion k8s.gcr.io/kube-scheduler:$k8sversion
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:$k8sversion
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:$k8sversion
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:$k8sversion k8s.gcr.io/kube-proxy:$k8sversion
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:$k8sversion
# etcd
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:$etcdversion
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:$etcdversion k8s.gcr.io/etcd:$etcdversion
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:$etcdversion
# coredns
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$dnsversion
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$dnsversion k8s.gcr.io/coredns:$dnsversion
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$dnsversion
# pause
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
11、设置网桥,以下命令必须执行,否则安装master和work节点会报错。
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
二、安装master节点
1、、初始化集群,安装master节点
kubeadm init --pod-network-cidr 10.244.0.0/16
kubeadm 初始化参数介绍如下:
[root@k8s-master ~]# kubeadm init --help
Run this command in order to set up the Kubernetes master.
Usage:
kubeadm init [flags]
Flags:
--apiserver-advertise-address string API Server监听的IP地址,默认是0.0.0.0
--apiserver-bind-port int32 API Server监听的端口 (default 6443)
--apiserver-cert-extra-sans strings Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.
--cert-dir string 保存和存储证书的路径。(default "/etc/kubernetes/pki")
--config string kubeadm配置文件的路径。 警告:配置文件的使用是实验性的。
--cri-socket string 指定要连接的CRI套接字。 (default "/var/run/dockershim.sock")
--dry-run Don't apply any changes; just output what would be done.
--feature-gates string A set of key=value pairs that describe feature gates for various features. Options are:
Auditing=true|false (ALPHA - default=false)
CoreDNS=true|false (default=true)
DynamicKubeletConfig=true|false (ALPHA - default=false)
SelfHosting=true|false (ALPHA - default=false)
StoreCertsInSecrets=true|false (ALPHA - default=false)
-h, --help help for init
--ignore-preflight-errors strings 预检查时忽略哪些错误。Example: 'IsPrivilegedUser,Swap'. 值为“all”时,忽略所有检查到的错误。
--kubernetes-version string 指定Kubernetes版本。 (default "stable-1.11")
--node-name string Specify the node name.
--pod-network-cidr string 指定Pod网络的IP地址范围。 如果设置,控制平面将自动为每个节点分配CIDR。
--service-cidr string Service网络使用的IP地址范围。 (default "10.96.0.0/12")
--service-dns-domain string Use alternative domain for services, e.g. "myorg.internal". (default "cluster.local")
--skip-token-print Skip printing of the default bootstrap token generated by 'kubeadm init'.
--token string The token to use for establishing bidirectional trust between nodes and masters. The format is [a-z0-9]{6}\.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef
--token-ttl duration The duration before the token is automatically deleted (e.g. 1s, 2m, 3h). If set to '0', the token will never expire (default 24h0m0s)
Global Flags:
-v, --v Level log level for V logs
如果出现以下信息,则代表master部署成功:
#出现这行信息代表 master节点部署成功
Your Kubernetes control-plane has initialized successfully!
#启动集群,则还需要执行以下3条语句
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
#以下命令,是说将node节点增加到master,构成集群中的一个节点,请保存本语句(token等),以在增加node的时候使用
kubeadm join 192.168.95.129:6443 --token i9ocw1.twi5llxnf4crvnli \
--discovery-token-ca-cert-hash sha256:b7c3c48d252b3fc3a56d47abea26d824ebd67ae1bf81e28f4292188a8fbc55f7
2、执行以下3条语句。
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
3、执行 kubectl get nodes 如果出现以下提示,则也是执行以上3条语句
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kubernetes”)
如果是执行了kubeadm reset清除集群的所有配置,进行重新部署出现以上问题,则首先需要执行以下语句,然后再执行以上3条语句。
rm -rf $HOME/.kube
4、安装flannel插件(网络插件),hosts与hostname均增加以下配置
- 设置flannel的镜像源(国外镜像源可能拉不下来)
vim /etc/hosts
#以下是增加的配置数据
#199.232.4.133 raw.githubusercontent.com
#199.232.68.133 raw.githubusercontent.com
- 安装flannel插件执行以下命令
# 获取flannel部署文件.
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 部署:
kubectl apply -f kube-flannel.yml
- 配置服务端口(修改服务端口范围)
vim /etc/kubernetes/manifests/kube-apiserver.yaml
---
...
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
# Add by cynen 2020-10-12
- --service-node-port-range=80-32767
...
重启kubelet。
systemctl daemon-reload && systemctl restart kubelet
三、部署work节点
- 执行第一部分master与work节点公共部分。
- 执行以下命令。
kubeadm join 172.16.8.31:6443 --token ro7gjw.yj1fbi9r94kvipov --discovery-token-ca-cert-hash sha256:aecb44fd1a67ca0f800ec337e7c45991a62d7fbc4d08876b723549cbd6312e8f
-
如果出现以下截图的异常,则重新生成token
#token会过期,有效期为5分钟
kubeadm token create --print-join-command
异常截图:
四、集群搭建成功。