1. 安裝環(huán)境:
- Centos 7.x86_x64
- 硬件配置: 2G或更多, 2核或更多, 30G或更多
- 拉取鏡像需要訪問(wèn)外網(wǎng)
2. 設(shè)備環(huán)境:
| 角色 | IP |
|---|---|
| k8s-master | 192.168.200.208 |
| k8s-node | 192.168.200.209 |
3. 所有節(jié)點(diǎn)初始化:
# 關(guān)閉防火墻
systemctl stop firewalld
systemctl disable firewalld
# 關(guān)閉selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 臨時(shí)
# 關(guān)閉swap
swapoff -a # 臨時(shí)
sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久
# 根據(jù)規(guī)劃設(shè)置主機(jī)名
hostnamectl set-hostname <hostname>
# 在master添加hosts
cat >> /etc/hosts << EOF
192.168.200.208 k8s-master
192.168.200.209 k8s-node1
EOF
# 將橋接的IPv4流量傳遞到iptables的鏈
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 生效
# 時(shí)間同步
yum install ntpdate -y
ntpdate time.windows.com
4. 所有節(jié)點(diǎn)安裝Docker:
$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
$ yum -y install docker-ce
$ systemctl enable docker && systemctl start docker
4.1 配置docker 鏡像源:
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["源URL"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
5. 安裝 kubeadm, kubectl, kubelet, 不加版本為最新版:
$ yum install -y kubelet-版本 kubeadm-版本 kubectl-版本
$ systemctl enable kubelet && systemctl start kubelet
6. 分別在master節(jié)點(diǎn)和 node節(jié)點(diǎn)配置:
6.1.1 在master節(jié)點(diǎn)上執(zhí)行初始化:
$ kubeadm init \
--apiserver-advertise-address= <master IP> \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.21.2 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
image-repository: 指定初始化時(shí)拉取的鏡像源
kubernetes-version: 指定版本
service-cidr = service的網(wǎng)段
-
pod-network-cidr = pod網(wǎng)段
注意: service-cidr,pod-network-cidr 和 宿主機(jī)網(wǎng)段不能重疊-
6.1.1.1 拉取鏡像時(shí)報(bào)錯(cuò):failed to pull image registry.aliyuncs.com/google_containers/coredns:v1.8.0, 解決辦法:
docker pull coredns/coredns:1.8.0 // 手動(dòng)拉取 再改標(biāo)簽 docker tag coredns/coredns:1.8.0 registry.aliyuncs.com/google_containers/coredns:v1.8.0 -
6.1.2 初始化成功后根據(jù)提示執(zhí)行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/confi
6.1.3 查看node節(jié)點(diǎn)加入的命名:
kubeadm token create --print-join-command
6.2 node節(jié)點(diǎn)加入集群, 根據(jù)master初始化成功后的提示, 復(fù)制到node節(jié)點(diǎn)執(zhí)行:
$ kubeadm join 192.168.1.11:6443 --token esce21.q6hetwm8si29qxwn \
--discovery-token-ca-cert-hash sha256:00603a05805807501d7181c3d60b478788408cfe6cedefedb1f97569708be9c5
6.2.1 加入集群報(bào)錯(cuò):
[ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
[ERROR Port-10250]: Port 10250 is in use
[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
kubeadm reset // reset后再重新加入
7. 部署網(wǎng)絡(luò)插件:
- k8s 提供了多種組網(wǎng)方案: finnel, calico等:
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
或
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
8. 測(cè)試kubernetes集群:
$ kubectl create deployment nginx --image=nginx
$ kubectl expose deployment nginx --port=80 --type=NodePort
$ kubectl get pod,svc
