k8s無腦系列-安裝k8s 1.16.4

1. 準備環境

1. 主機列表

VirtualBox，雙網卡。這樣可以實現內外網。（有坑！見后面）

• 網卡1(enps03):host-only 設置一個網絡，假設叫vbox1，主機全用它
• 網卡2(enps08) :nat

2. 調整/etc/hosts(全部主機)

   192.168.56.4 master.smokelee.com
   192.168.56.5 node1.smokelee.com
   192.168.56.6 node2.smokelee.com
   

3. 關閉Swap分區(全部主機)

   臨時關閉

   swapoff -a
   
   

   永久關閉

   vim /etc/fstab
   找到swap，用# 注釋
   

4. 調整內核參數/etc/sysctl.conf(全部主機)

   net.bridge.bridge-nf-call-iptables = 1
   net.bridge.bridge-nf-call-ip6tables = 1
   

5. 關閉selinux、firewalld

6. 調整倉庫(全部主機)

   # 調整CentOS7倉庫
   yum install wget -y
   mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
   wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
   # 調整Kubernetes倉庫
   vim /etc/yum.repos.d/kubernetes.repo
   [kubernetes]
   name=Kubernetes
   baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
   enabled=1
   gpgcheck=1
   repo_gpgcheck=1
   gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
   
   #vim保存
   # 刷新倉庫
   yum clean all
   yum makecache
   

7. 主機上如果曾經安裝過老版本，一定要卸載。無腦系列早期用的1.5.2版本

   yum remove kubernetes-master kubernetes-node etcd flannel
   

2. 部署Master

1. 安裝基礎組件

   yum install kubelet-1.16.4 kubeadm-1.16.4 kubectl-1.16.4
   

   如果發生了沖突就刪掉1.5.2或者更老的版本。看過去其它k8s無腦系列的有可能會安裝上1.5.2系統默認的版本

2. 下載鏡像

   編輯download_img.sh（來自www.kubernetes.org.cn的loong576)

   # 倉庫地址用的也是loong576在阿里的鏡像，本人懶^_^
   url=registry.cn-hangzhou.aliyuncs.com/loong576
   version=v1.16.4
   images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
   for imagename in ${images[@]} ; do
     docker pull $url/$imagename
     docker tag $url/$imagename k8s.gcr.io/$imagename
     docker rmi -f $url/$imagename
   done
   

   chmod +x download_img.sh && ./download_img.sh
   

3. 運行后檢查

   docker images
   REPOSITORY                                                        TAG                 IMAGE ID            CREATED             SIZE
   k8s.gcr.io/kube-apiserver                                         v1.16.4             3722a80984a0        2 months ago        217 MB
   registry.aliyuncs.com/google_containers/kube-apiserver            v1.16.4             3722a80984a0        2 months ago        217 MB
   k8s.gcr.io/kube-controller-manager                                v1.16.4             fb4cca6b4e4c        2 months ago        163 MB
   registry.aliyuncs.com/google_containers/kube-controller-manager   v1.16.4             fb4cca6b4e4c        2 months ago        163 MB
   k8s.gcr.io/kube-scheduler                                         v1.16.4             2984964036c8        2 months ago        87.3 MB
   registry.aliyuncs.com/google_containers/kube-scheduler            v1.16.4             2984964036c8        2 months ago        87.3 MB
   k8s.gcr.io/kube-proxy                                             v1.16.4             091df896d78f        2 months ago        86.1 MB
   registry.aliyuncs.com/google_containers/kube-proxy                v1.16.4             091df896d78f        2 months ago        86.1 MB
   k8s.gcr.io/etcd                                                   3.3.15-0            b2756210eeab        5 months ago        247 MB
   registry.aliyuncs.com/google_containers/etcd                      3.3.15-0            b2756210eeab        5 months ago        247 MB
   k8s.gcr.io/coredns                                                1.6.2               bf261d157914        6 months ago        44.1 MB
   registry.aliyuncs.com/google_containers/coredns                   1.6.2               bf261d157914        6 months ago        44.1 MB
   k8s.gcr.io/pause                                                  3.1                 da86e6ba6ca1        2 years ago         742 kB
   registry.aliyuncs.com/google_containers/pause                     3.1                 da86e6ba6ca1        2 years ago         742 kB
   

   大家注意：download_img.sh，會自動調整鏡像的tag。這樣后期安裝過程就不會再出現跑到google去下載鏡像的情況！節點的鏡像請自行導入到節點，尤其是Proxy和pause

   docker save k8s.gcr.io/pause:3.1 > pause.tar
   docker save k8s.gcr.io/kube-proxy:v1.16.4 > proxy.tar
   

   在節點上運行

   docker load < pause.tar
   docker load < proxy.tar
   

4. 部署Pod

   kubeadm init --apiserver-advertise-address=192.168.56.4 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.16.4 --service-cidr=10.254.0.0/16 --pod-network-cidr=10.244.0.0/16
   

   參數說明：

   • --apiserver-advertise-address Master的內網地址，務必要自行設置
   • --image-repository 設置鏡像
   • --kubernetes-version 設置集群版本
   • --service-cidr 所有service資源分配的地址段
   • --pod-network-cidr 所有pod資源分配的地址段

   出現如下內容，最后一行（kubeadm開頭的命令）在Node1，Node2上執行，即可加入集群

   To start using your cluster, you need to run the following as a regular user:
   
     mkdir -p $HOME/.kube
     sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
     sudo chown $(id -u):$(id -g) $HOME/.kube/config
   
   You should now deploy a pod network to the cluster.
   Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
     https://kubernetes.io/docs/concepts/cluster-administration/addons/
   
   Then you can join any number of worker nodes by running the following on each as root:
   
   kubeadm join 192.168.56.4:6443 --token l6q448.jrqk9pj1ipi8fgn9 \
       --discovery-token-ca-cert-hash sha256:78a10e6e6bca9c0090d9e9b2002b01d135b2a5c70f8240a7954e0d58f8d0052f
   

5. Master主機不Ready
   調用kubectl get node
   Master顯示NotReady

   安裝flannel

   kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
   

   
   Node Join后，出現鏡像下載不了，運行不成功，多半是因為，下載的aliyun鏡像的原因。通過打tag，來讓Docker認識
   ```bash
   docker tag registry.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
   docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.16.4 k8s.gcr.io/kube-proxy:v1.16.4

注意：仔細執行了2.3后面的腳本，理論上不會出現上面的問題

3. 節點部署

1. 安裝

   $yum install kubelet-1.16.4 kubeadm-1.16.4 docker
   

2. 導入鏡像包(請參考2.3的docker load那兩行）

3. 加入集群(請參考2.4代碼部分，kubeadm 開頭的代碼）

4. 問題解決

1. 集群主機不通

   更詳細的請訪問《k8s無腦-分析flannel跨Node不通的分析，解決辦法》

   下面只講解本次部署遇到的問題

   隨便挑一個flannel的Pod實例，查看輸出

   $docker ps -a（任一節點執行都可以）
   找到flannel所在容器
   
   $docker logs 9895357d488d(flannel所在容器)
    I0226 17:21:01.510702       1 main.go:514] Determining IP address of default interface
    I0226 17:21:01.513557       1 main.go:527] Using interface with name enp0s8 and address 10.0.3.15
    I0226 17:21:01.513576       1 main.go:544] Defaulting external address to interface address (10.0.3.15)
    I0226 17:21:01.612040       1 kube.go:126] Waiting 10m0s for node controller to sync
   

   $ip route show
   10.0.3.0/24 dev enp0s8 proto kernel scope link src 10.0.3.15 metric 101
   

10.244.0.0/24 via 10.244.0.0 dev flannel.1 onlink
10.244.1.0/24 dev cni0 proto kernel scope link src 10.244.1.1
10.244.2.0/24 via 10.244.2.0 dev flannel.1 onlink
10.254.49.0/24 dev docker0 proto kernel scope link src 10.254.49.1
192.168.56.0/24 dev enp0s3 proto kernel scope link src 192.168.56.5 metric 100

發現Flannel竟然自己Determining用了路由的默認出口（外網出口，內網出口enps03）,自作聰明！！！！
修改：flannel線上配置
```bash
#把配置文件下載到本地
$wget https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
# 調用線上編輯功能
$kubectl edit -f kube-flannel.yml # 線上編輯資源配置

找到

image: quay.io/coreos/flannel:v0.11.0-amd64
再往下的args:段，添加
- --iface=enp0s3

保存后，系統會自動更新所有Pod。更新完畢即可訪問

docker log xxxxx
I0226 18:57:32.812177       1 main.go:527] Using interface with name enp0s3 and address 192.168.56.6
I0226 18:57:32.812263       1 main.go:544] Defaulting external address to interface address (192.168.56.6)
I0226 18:57:32.910184       1 kube.go:126] Waiting 10m0s for node controller to sync
I0226 18:57:32.910230       1 kube.go:309] Starting kube subnet manager
I0226 18:57:33.911346       1 kube.go:133] Node controller sync successful

4. 引用

[1] lvs+keepalived部署k8s v1.16.4高可用集群

[2] K8S學習筆記之Flannel解讀