環境準備
- 確認官方推薦的centos版本和Docker版本官網鏈接
- 關閉防火墻
- systemctl stop firewalld
- systemctl disable firewalld
- 關閉swap
- swapoff -a
- vi /etc/fstab
- 注釋掉swap相關行,如下
- #/dev/mapper/centos-swap
- cat /proc/swaps
- 確認文件是空的
- 關閉 SELinux
- setenforce 0
- sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
安裝Docker
- 更新相關依賴
- yum -y update && yum -y upgrade
- yum install yum-utils device-mapper-persistent-data lvm2
- 添加Docker yum倉庫(選阿里)
- 阿里
- yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- 官方
- yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- 安裝docker-ce(注意替換成官方推薦的版本)
- yum update && yum install docker-ce-18.06.2.ce
- 配置docker daemon
-
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ] } EOF- systemctl daemon-reload
- systemctl restart docker
- systemctl enable docker #開機啟動
安裝kubernetes
-
添加kubernetes yum倉庫(阿里),官方倉庫參考
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 安裝三套件
- yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
- systemctl enable --now kubelet
-
修改k8s配置
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF sysctl --system -
偷梁換柱,繞過安裝過程中從墻外google拉鏡像的問題
- 列出依賴鏡像
- kubeadm config images list
- k8s.gcr.io/kube-apiserver:v1.12.2
- k8s.gcr.io/kube-controller-manager:v1.12.2
- k8s.gcr.io/kube-scheduler:v1.12.2
- k8s.gcr.io/kube-proxy:v1.12.2
- k8s.gcr.io/pause:3.1
- k8s.gcr.io/etcd:3.2.24
- k8s.gcr.io/coredns:1.2.2
- kubeadm config images list
- 列出依賴鏡像
- 下載阿里鏡像,替換前綴
-
cat ./pull.sh
for i in `kubeadm config images list`; do imageName=${i#k8s.gcr.io/} docker pull registry.aliyuncs.com/google_containers/$imageName docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName docker rmi registry.aliyuncs.com/google_containers/$imageName done; sh pull.sh
-
- 初始化集群
kubeadm init --kubernetes-version=$(kubeadm version -o short) --pod-network-cidr=10.244.0.0/16 # pod-network-cidr=10.244.0.0/16 這個網段是之后安裝flannel中需要且定死的
-
完成后輸出
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 10.168.1.124:6443 --token idxunz.zj551qd8fxtnwv2g \ --discovery-token-ca-cert-hash sha256:697ed215b32abd060d7902f2f588545c8ba0fd98478994e2814f71e31c777b9b這段最好保存,之后備用。
-
如果kubeXXX命令運行錯誤,則執行第一段
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
- 默認主節點不能部署,去除這一限制
- kubectl taint nodes --all node-role.kubernetes.io/master-
安裝網絡插件flannel(這個容易上手)
- 具體的連接可能會變化,參考官網
- kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
加入節點
- 新節點執行上面的操作直到安裝完kubernets三套件。不需要執行初始化和安裝flannel
- 偷梁換柱(不知道為何主節點安裝flannal時可以正常拉取)
docker pull docker.io/mirrorgooglecontainers/pause:3.1
docker tag docker.io/mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker rmi docker.io/mirrorgooglecontainers/pause:3.1
docker pull quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
docker tag quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64
docker rmi quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.16.2
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.16.2 k8s.gcr.io/kube-proxy:v1.16.2
docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.16.2
- 把之前記錄的命令拉出來執行
- kubeadm join 10.168.1.124:6443 --token idxunz.zj551qd8fxtnwv2g
--discovery-token-ca-cert-hash sha256:697ed215b32abd060d7902f2f588545c8ba0fd98478994e2814f71e31c777b9b
- 命令丟了?token失效過期了?
- 列出已經生成的token
- kubeadm token list
- 重新生成token
- kubeadm token create --print-join-command
如何查找問題,總有一款適合你
- 查看節點狀態
- kubectl get nodes
- 查看服務和端口
- kubectl get services -A
- 查看POD
- kubectl get pods -A
- 查看pod配置(初始化錯誤也可以用這個查看)
- kubectl describe pod [PodName] --namespace=[PodNamespace]
- 查看日志
- kubectl logs -f [PodName]
- 下載image卡住了?重啟下就好了
- systemctl restart kubelet
安裝Dashboard
- 改配置
-
image換成阿里的
- image: registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64
-
修改端口映射type改成NodePort, 增開nodePort
apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 31620 selector: k8s-app: kubernetes-dashboard
-
安裝
- kubectl apply -f kubernetes-dashboard.yaml
- kubectl replace --force -f kubernetes-dashboard.yaml#重裝
-
賬戶權限
- 開賬戶
- kubectl create serviceaccount k8sadmin -n kube-system
- 賦權
- kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin
- 獲得登錄token
- kubectl get secret -n kube-system
- kubectl describe secret [TokenName] -n kube-system
- 以上合并為一行命令
- kubectl get secret -n kube-system | grep k8sadmin | cut -d " " -f1 | xargs -n 1 | xargs kubectl get secret -o 'jsonpath={.data.token}' -n kube-system | base64 --decode
- 開賬戶
打開https://ip:port, 必須加上https, 忽略安全提示
用token登錄
安裝WeaveScope
- 也需要改端口映射參考kubernetes-dashboard,或代理登錄。
- wget https://cloud.weave.works/k8s/scope.yaml?k8s-version=$(kubectl version | base64 | tr -d '\n') -O scope.yaml
