環(huán)境準備工作
主機名 操作系統(tǒng) IP地址
master Centos 7.2-x86_64 10.199.187.176
node1 Centos 7.2-x86_64 10.199.187.177
node2 Centos 7.2-x86_64 10.199.187.178
關(guān)閉CentOS7自帶的防火墻服務
systemctl disable firewalld
systemctl stop firewalld
修改主機名
//10.199.187.176節(jié)點執(zhí)行
[root@localhost ~]# hostnamectl set-hostname master
//10.199.187.177節(jié)點執(zhí)行
[root@localhost ~]# hostnamectl set-hostname node1
//10.199.187.178節(jié)點執(zhí)行
[root@localhost ~]# hostnamectl set-hostname node2
關(guān)閉SElinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
關(guān)閉swap
swapoff -a # 關(guān)閉swap
sed -ri '/[#]*swap/s@^@#@' /etc/fstab # 取消開機掛載swap
添加kubernate yum源
vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
安裝docker并設置開機啟動
yum install -y docker
systemctl enable docker
安裝kubelet kubeadm kubectl
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
kubeadm:快速創(chuàng)建集群的工具
kubelet:這是一個需要在所有集群中機器上安裝的組件,它用于執(zhí)行開啟Pod和容器等操作须板。
kubectl:與集群通信的命令行工具碰镜,官方提供的CLI。
開機啟動kubelet
systemctl enable --now kubelet
網(wǎng)絡相關(guān)設置
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
echo '1' > /proc/sys/net/ipv4/ip_forward
初始化
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --service-cidr=10.199.187.0/24 --pod-network-cidr=192.168.3.0/16 --kubernetes-version=v1.18.3
或者
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=10.199.187.176 --pod-network-cidr=192.168.3.0/16 --kubernetes-version=v1.18.3
--service-cidr 與其他網(wǎng)絡平面的交互地址
--apiserver-advertise-address 指定與其它節(jié)點通信的接口
--pod-network-cidr 指定pod網(wǎng)絡子網(wǎng)习瑰,使用fannel網(wǎng)絡必須使用這個CIDR
初始化成功后绪颖,顯示
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.199.187.176:6443 --token 5qoq4l.d93m61ae11cbefze \
--discovery-token-ca-cert-hash sha256:e8231966b98f13efd7afbdd6a89e32a3440435c67c56f0f194226edfd435d596
按照提示執(zhí)行命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
然后給集群安裝一個Pod網(wǎng)絡組件
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
這里使用Calico
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
執(zhí)行kubectl get nodes命令,等待master的狀態(tài)從NotReady變成Ready
默認情況下甜奄,集群不會在Master節(jié)點上部署Pod柠横。如果你想要允許集群在Master上部署Pod,可以執(zhí)行以下命令课兄,這樣即使只有一臺node節(jié)點牍氛,也可以正常使用集群
kubectl taint nodes --all node-role.kubernetes.io/master-
加入工作節(jié)點
kubeadm init成功后會顯示有關(guān)kubeadm join
kubeadm join 10.199.187.176:6443 --token 5qoq4l.d93m61ae11cbefze \
--discovery-token-ca-cert-hash sha256:e8231966b98f13efd7afbdd6a89e32a3440435c67c56f0f194226edfd435d596
如果token過期,可以重新生成
kubeadm token create --print-join-command
查詢集群Pod工作狀態(tài)
[root@master ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-76d4774d89-6kp2x 1/1 Running 3 42h
kube-system calico-node-bnppg 1/1 Running 2 42h
kube-system calico-node-kg5kg 1/1 Running 1 42h
kube-system calico-node-qfkh2 1/1 Running 1 42h
kube-system coredns-7ff77c879f-b8ckk 1/1 Running 2 43h
kube-system coredns-7ff77c879f-lfmdh 1/1 Running 3 43h
kube-system etcd-master 1/1 Running 2 42h
kube-system kube-apiserver-master 1/1 Running 2 42h
kube-system kube-controller-manager-master 1/1 Running 2 42h
kube-system kube-proxy-6qgcw 1/1 Running 1 43h
kube-system kube-proxy-rcdn9 1/1 Running 3 42h
kube-system kube-proxy-thkkj 1/1 Running 1 42h
kube-system kube-scheduler-master 1/1 Running 2 42h
查看node狀態(tài)
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 43h v1.18.3
node1 Ready <none> 43h v1.18.3
node2 Ready <none> 43h v1.18.3
查錯過程
如果有Pod Ready是0,可以執(zhí)行kubectl describe pod <pod_name> --namespace=kube-system查看日志
查看node節(jié)點日志 kubectl describe node <node_name>
可以通過journalctl -f -u kubelet 查看kubelet日志
重啟cubelet命令如下
systemctl daemon-reload
systemctl restart kubelet
報錯
The connection to the server 10.199.187.176:6443 was refused - did you specify the right host or port?
我報錯的原因是因為沒關(guān)防火墻的開機重啟烟阐,重啟了master節(jié)點搬俊,防火墻也重啟了。關(guān)閉防火墻就好了蜒茄。
Failed to start ContainerManager failed to initialize top level QOS containers: failed to update top level BestEffort QOS cgroup : failed to set supported cgroup subsystems for cgroup [kubepods besteffort]: Failed to set config for supported subsystems : failed to write 4611686018427387904 to hugetlb.1GB.limit_in_bytes: open /sys/fs/cgroup/hugetlb/kubepods.slice/kubepods-besteffort.slice/hugetlb.1GB.limit_in_bytes: no such file or directory
Nov 29 23:32:13 localhost systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
就是停掉所有節(jié)點的kubepod相關(guān)的systemd slice
直接執(zhí)行systemctl stop kubepods.slice后唉擂,再重啟kubelet
或者在/var/lib/kubelet/kubeadm-flags.env添加
--runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice,如下
[root@master ~]# cat /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--cgroup-driver=systemd --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.2"
