kubernates集羣搭建

版本

• CentOS7
• Docker 18.09.0
• kubeadm-1.14.0-0
• kubelet-1.14.0-0
• kubectl-1.14.0-0
• calico:v3.9

依賴更新及安裝

yum -y update
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp

docker安裝

上一篇寫的docker的博客內容：

http://www.javashuo.com/article/p-gioqvamz-nx.html

配置hosts文件

# 設置master的hostname，而且修改hosts文件
sudo hostnamectl set-hostname m
#兩個slave
sudo hostnamectl set-hostname w1
sudo hostnamectl set-hostname w2

# vi /etc/hosts(三臺節點都配置一下)
master的ip m
slave1的ip w1
slave2的ip w2
# 測試
ping m
ping w1
ping w2

系統基礎配置

# 關閉防火牆
systemctl stop firewalld && systemctl disable firewalld
# 關閉selinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 關閉swap
swapoff -a
sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
# 配置iptables的ACCEPT規則
	iptables -F && iptables -X && iptables \
    -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
# 設置系統參數
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

安裝kubeadm, kubelet及kubectl

• 配置yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

• 安裝kubeadm&kubelet&kubectl

yum install -y kubeadm-1.14.0-0 kubelet-1.14.0-0 kubectl-1.14.0-0

• 注意

#由於我這邊報了以下錯誤，因此還須要安裝: kubernetes-cni- 0.7.5：
Error: Package: kubelet-1.14.0-0.x86_64 (kubernetes)
           Requires: kubernetes-cni = 0.7.5
           Available: kubernetes-cni-0.3.0.1-0.07a8a2.x86_64 (kubernetes)
               kubernetes-cni = 0.3.0.1-0.07a8a2
           Available: kubernetes-cni-0.5.1-0.x86_64 (kubernetes)
               kubernetes-cni = 0.5.1-0
           Available: kubernetes-cni-0.5.1-1.x86_64 (kubernetes)
               kubernetes-cni = 0.5.1-1
           Available: kubernetes-cni-0.6.0-0.x86_64 (kubernetes)
               kubernetes-cni = 0.6.0-0
           Available: kubernetes-cni-0.7.5-0.x86_64 (kubernetes)
               kubernetes-cni = 0.7.5-0
           Available: kubernetes-cni-0.8.6-0.x86_64 (kubernetes)
               kubernetes-cni = 0.8.6-0
           Installing: kubernetes-cni-0.8.7-0.x86_64 (kubernetes)
               kubernetes-cni = 0.8.7-0
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

可是，若是單獨安裝kubernetes-cni- 0.7.5以後，繼續執行的話會發現又有其餘的錯誤以下所示，始終版本不一致，可是我安裝的時候明明指定了1.14.0的版本,反反覆覆檢查以後發現原來直接安裝kubernetes-cni- 0.7.5的時候會默認給你安裝kubelet,顯然不是咱們想要的結果：

the kubelet version is higher than the control plane version. 
This is not a supportted version skew 
and may lead to a malfunctional cluster.
kubelet v1.9.3， control plane 1.14.0，

• 若是出現上述問題請執行

yum install -y kubeadm-1.14.0-0 kubelet-1.14.0-0 kubectl-1.14.0-0  kubernetes-cni-0.7.5

• docker和k8s設置同一個cgroup

  • docker

  vi /etc/docker/daemon.json
  
  	 {
  	    "exec-opts": ["native.cgroupdriver=systemd"]
  	  }

  • kubelet

  sed -i "s/cgroup-driver=systemd/cgroup-driver=cgroupfs/g" /etc/systemd/system/kubelet.service.d/10-kubeadm.conf 【`找不到內容不要緊`】

• 重啓

systemctl restart docker

systemctl enable kubelet && systemctl start kubelet

• 查看kubeadm使用的鏡像

kubeadm config images list

• 解決國外鏡像不能訪問的問題

vi kubeadm.sh
---------------------------
#!/bin/bash
set -e
KUBE_VERSION=v1.14.0
KUBE_PAUSE_VERSION=3.1
ETCD_VERSION=3.3.10
CORE_DNS_VERSION=1.3.1
GCR_URL=k8s.gcr.io
ALIYUN_URL=registry.cn-hangzhou.aliyuncs.com/google_containers
images=(kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${CORE_DNS_VERSION})
for imageName in ${images[@]} ; do
	docker pull $ALIYUN_URL/$imageName
	docker tag  $ALIYUN_URL/$imageName $GCR_URL/$imageName
	docker rmi $ALIYUN_URL/$imageName
done

• 運行腳本並查看鏡像

sh ./kubeadm.sh

docker images

• 初始化master

kubeadm init --kubernetes-version=1.14.0 \
    --apiserver-advertise-address=master IP \
    --pod-network-cidr=10.244.0.0/16

出現以下內容則表示初始化成功

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join xxxxxxx:6443 --token xxxxxx \
    --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxx

• 根據日誌提示依次執行

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

• 查看pod

kubectl get pods -n kube-system

能夠看到coredns一直處於pending狀態，這是由於還未安裝網絡插件

• calico網絡插件（也能夠選擇其餘官方推薦的）

docker pull calico/cni:v3.9.3
docker pull calico/pod2daemon-flexvol:v3.9.3
docker pull calico/node:v3.9.3
docker pull calico/kube-controllers:v3.9.3

可能會由於網絡的緣由致使失敗，能夠配置國內鏡像地址

• slave節點依次執行master初始化獲得的內容

kubeadm join xxxxxxx:6443 --token xxxxxx \
    --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxx

直接執行可能會出現以下內容，執行kubeadm reset再操做便可

[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
	[ERROR FileAvailable--etc-kubernetes-bootstrap-kubelet.conf]: /etc/kubernetes/bootstrap-kubelet.conf already exists
	[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

• 執行以下命令能夠發現集羣中已經存在的節點信息

kubectl get nodes