使用 kubeadm 在 CentOS 7 上安裝 kubernetes 1.7.3

1.準(zhǔn)備

準(zhǔn)備兩臺(tái) CentOS 7.3.1611 主機(jī)

1.1 系統(tǒng)配置

1.1.1 修改 hostname

hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2

1.1.2 修改 /etc/hosts

echo "10.211.55.51 k8s-node1" >> /etc/hosts
echo "10.211.55.52 k8s-node2" >> /etc/hosts

1.1.3 禁用防火墻

systemctl stop firewalld
systemctl disable firewalld

1.2 安裝 docker

2臺(tái)主機(jī)都要安裝

Docker versions 1.10.3, 1.11.2, 1.12.6 have been validated

目前 kubernetes 官方支持 docker 的最高版本為1.12.6圣蝎,所以這里安裝 1.12.6 版本的 docker

1.2.1 Add the yum repo

sudo tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF

1.2.2 Install the Docker package

yum install -y docker-engine-1.12.6
systemctl enable docker && systemctl start docker

2.安裝 kubectl kubeadm kubelet

2臺(tái)主機(jī)都要安裝

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
        https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubectl  kubelet kubeadm

修改 /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
將 Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=systemd"
改為 Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"
systemctl enable kubelet && systemctl start kubelet

3.使用 kubeadm init 初始化集群

Note: - In order for Network Policy to work correctly, you need to pass --pod-network-cidr=192.168.0.0/16 to kubeadm init - Calico works on amd64 only.

這里因?yàn)槲覀冎笠褂?calico,所以需要 --pod-network-cidr 參數(shù)

kubeadm init --pod-network-cidr=192.168.0.0/16


[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.3
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks
[preflight] Starting the kubelet service
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [k8s-node1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.211.55.51]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[apiclient] Created API client, waiting for the control plane to become ready
[apiclient] All control plane components are healthy after 128.500975 seconds
[token] Using token: b5bdde.b6a3e93dbd76a535
[apiconfig] Created RBAC rules
[addons] Applied essential addon: kube-proxy
[addons] Applied essential addon: kube-dns

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run (as a regular user):

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  http://kubernetes.io/docs/admin/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join --token b5bdde.b6a3e93dbd76a535 10.211.55.51:6443

4.安裝 pod network

這里我們使用 calico

kubectl apply -f https://docs.projectcalico.org/v2.4/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml

configmap "calico-config" created
daemonset "calico-etcd" created
service "calico-etcd" created
daemonset "calico-node" created
deployment "calico-policy-controller" created
clusterrolebinding "calico-cni-plugin" created
clusterrole "calico-cni-plugin" created
serviceaccount "calico-cni-plugin" created
clusterrolebinding "calico-policy-controller" created
clusterrole "calico-policy-controller" created
serviceaccount "calico-policy-controller" created

kubectl get pods --all-namespaces

NAMESPACE     NAME                                       READY     STATUS    RESTARTS   AGE
kube-system   calico-etcd-twsf9                          1/1       Running   0          2h
kube-system   calico-node-nmbcp                          2/2       Running   0          2h
kube-system   calico-node-st191                          2/2       Running   0          2h
kube-system   calico-policy-controller-336633499-km08x   1/1       Running   0          2h
kube-system   etcd-k8s-node1                             1/1       Running   0          2h
kube-system   kube-apiserver-k8s-node1                   1/1       Running   0          2h
kube-system   kube-controller-manager-k8s-node1          1/1       Running   0          2h
kube-system   kube-dns-2425271678-01qzj                  3/3       Running   3          2h
kube-system   kube-proxy-6rk7f                           1/1       Running   0          2h
kube-system   kube-proxy-xbv0b                           1/1       Running   0          2h
kube-system   kube-scheduler-k8s-node1                   1/1       Running   0          2h

5.向 kubernetes 集群添加 node

kubeadm join --token 6161c7.47935395206b75fe 10.211.55.51:6443

[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[preflight] The system verification failed. Printing the output from the verification:
OS: Linux
KERNEL_VERSION: 3.10.0-514.el7.x86_64
CONFIG_NAMESPACES: enabled
CONFIG_NET_NS: enabled
CONFIG_PID_NS: enabled
CONFIG_IPC_NS: enabled
CONFIG_UTS_NS: enabled
CONFIG_CGROUPS: enabled
CONFIG_CGROUP_CPUACCT: enabled
CONFIG_CGROUP_DEVICE: enabled
CONFIG_CGROUP_FREEZER: enabled
CONFIG_CGROUP_SCHED: enabled
CONFIG_CPUSETS: enabled
CONFIG_MEMCG: enabled
CONFIG_INET: enabled
CONFIG_EXT4_FS: enabled (as module)
CONFIG_PROC_FS: enabled
CONFIG_NETFILTER_XT_TARGET_REDIRECT: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled (as module)
CONFIG_OVERLAY_FS: enabled (as module)
CONFIG_AUFS_FS: not set - Required for aufs.
CONFIG_BLK_DEV_DM: enabled (as module)
CGROUPS_CPU: enabled
CGROUPS_CPUACCT: enabled
CGROUPS_CPUSET: enabled
CGROUPS_DEVICES: enabled
CGROUPS_FREEZER: enabled
CGROUPS_MEMORY: enabled
[preflight] WARNING: docker service is not enabled, please run 'systemctl enable docker.service'
[preflight] Some fatal errors occurred:
    failed to get docker info: Cannot connect to the Docker daemon. Is the docker daemon running on this host?
    docker service is not active, please run 'systemctl start docker.service'
    /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`
[root@centos-7 ~]# systemctl enable docker && systemctl start docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@centos-7 ~]# kubeadm join --token 6161c7.47935395206b75fe 10.211.55.51:6443
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[discovery] Trying to connect to API Server "10.211.55.51:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.211.55.51:6443"
[discovery] Cluster info signature and contents are valid, will use API Server "https://10.211.55.51:6443"
[discovery] Successfully established connection with API Server "10.211.55.51:6443"
[bootstrap] Detected server version: v1.7.3
[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)
[csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request
[csr] Received signed certificate from the API server, generating KubeConfig...
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"

Node join complete:
* Certificate signing request sent to master and response
  received.
* Kubelet informed of new secure connection details.

Run 'kubectl get nodes' on the master to see this machine join.

參考

  • 使用kubeadm安裝Kubernetes 1.7
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
  • 人面猴
    序言:七十年代末,一起剝皮案震驚了整個(gè)濱河市劫拢,隨后出現(xiàn)的幾起案子,更是在濱河造成了極大的恐慌耕渴,老刑警劉巖暇咆,帶你破解...
    沈念sama閱讀 222,252評(píng)論 6 516
  • 死咒
    序言:濱河連續(xù)發(fā)生了三起死亡事件低零,死亡現(xiàn)場(chǎng)離奇詭異实柠,居然都是意外死亡水泉,警方通過查閱死者的電腦和手機(jī),發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 94,886評(píng)論 3 399
  • 救了他兩次的神仙讓他今天三更去死
    文/潘曉璐 我一進(jìn)店門窒盐,熙熙樓的掌柜王于貴愁眉苦臉地迎上來草则,“玉大人,你說我怎么就攤上這事蟹漓】缓幔” “怎么了?”我有些...
    開封第一講書人閱讀 168,814評(píng)論 0 361
  • 道士緝兇錄:失蹤的賣姜人
    文/不壞的土叔 我叫張陵葡粒,是天一觀的道長份殿。 經(jīng)常有香客問我,道長塔鳍,這世上最難降的妖魔是什么? 我笑而不...
    開封第一講書人閱讀 59,869評(píng)論 1 299
  • ?港島之戀(遺憾婚禮)
    正文 為了忘掉前任呻此,我火速辦了婚禮轮纫,結(jié)果婚禮上,老公的妹妹穿的比我還像新娘焚鲜。我一直安慰自己掌唾,他們只是感情好,可當(dāng)我...
    茶點(diǎn)故事閱讀 68,888評(píng)論 6 398
  • 惡毒庶女頂嫁案:這布局不是一般人想出來的
    文/花漫 我一把揭開白布忿磅。 她就那樣靜靜地躺著糯彬,像睡著了一般。 火紅的嫁衣襯著肌膚如雪葱她。 梳的紋絲不亂的頭發(fā)上撩扒,一...
    開封第一講書人閱讀 52,475評(píng)論 1 312
  • 城市分裂傳說
    那天,我揣著相機(jī)與錄音吨些,去河邊找鬼搓谆。 笑死,一個(gè)胖子當(dāng)著我的面吹牛豪墅,可吹牛的內(nèi)容都是我干的泉手。 我是一名探鬼主播,決...
    沈念sama閱讀 41,010評(píng)論 3 422
  • 雙鴛鴦連環(huán)套:你想象不到人心有多黑
    文/蒼蘭香墨 我猛地睜開眼偶器,長吁一口氣:“原來是場(chǎng)噩夢(mèng)啊……” “哼斩萌!你這毒婦竟也來了缝裤?” 一聲冷哼從身側(cè)響起,我...
    開封第一講書人閱讀 39,924評(píng)論 0 277
  • 萬榮殺人案實(shí)錄
    序言:老撾萬榮一對(duì)情侶失蹤颊郎,失蹤者是張志新(化名)和其女友劉穎憋飞,沒想到半個(gè)月后,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體袭艺,經(jīng)...
    沈念sama閱讀 46,469評(píng)論 1 319
  • ?護(hù)林員之死
    正文 獨(dú)居荒郊野嶺守林人離奇死亡搀崭,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點(diǎn)故事閱讀 38,552評(píng)論 3 342
  • ?白月光啟示錄
    正文 我和宋清朗相戀三年,在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了猾编。 大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片瘤睹。...
    茶點(diǎn)故事閱讀 40,680評(píng)論 1 353
  • 活死人
    序言:一個(gè)原本活蹦亂跳的男人離奇死亡,死狀恐怖答倡,靈堂內(nèi)的尸體忽然破棺而出轰传,到底是詐尸還是另有隱情,我是刑警寧澤瘪撇,帶...
    沈念sama閱讀 36,362評(píng)論 5 351
  • ?日本核電站爆炸內(nèi)幕
    正文 年R本政府宣布获茬,位于F島的核電站,受9級(jí)特大地震影響倔既,放射性物質(zhì)發(fā)生泄漏恕曲。R本人自食惡果不足惜,卻給世界環(huán)境...
    茶點(diǎn)故事閱讀 42,037評(píng)論 3 335
  • 男人毒藥:我在死后第九天來索命
    文/蒙蒙 一渤涌、第九天 我趴在偏房一處隱蔽的房頂上張望佩谣。 院中可真熱鬧,春花似錦实蓬、人聲如沸茸俭。這莊子的主人今日做“春日...
    開封第一講書人閱讀 32,519評(píng)論 0 25
  • 一樁弒父案安皱,背后竟有這般陰謀
    文/蒼蘭香墨 我抬頭看了看天上的太陽调鬓。三九已至,卻和暖如春酌伊,著一層夾襖步出監(jiān)牢的瞬間腾窝,已是汗流浹背。 一陣腳步聲響...
    開封第一講書人閱讀 33,621評(píng)論 1 274
  • 情欲美人皮
    我被黑心中介騙來泰國打工居砖, 沒想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留燕锥,地道東北人。 一個(gè)月前我還...
    沈念sama閱讀 49,099評(píng)論 3 378
  • 代替公主和親
    正文 我出身青樓悯蝉,卻偏偏與公主長得像归形,于是被迫代替她去往敵國和親。 傳聞我的和親對(duì)象是個(gè)殘疾皇子鼻由,可洞房花燭夜當(dāng)晚...
    茶點(diǎn)故事閱讀 45,691評(píng)論 2 361

推薦閱讀更多精彩內(nèi)容