K8s集羣安裝--最新版 Kubernetes 1.14.1

K8s集羣安裝--最新版 Kubernetes 1.14.1

前言

網上有不少關於k8s安裝的文章，可是我參照一些文章安裝時碰到了很多坑。今天終於安裝好了，故將一些關鍵點寫下來與你們共享。
我安裝是基於ss客戶端的，鑑於ss有些敏感，故不作說明。

環境說明

Centos

cat /etc/redhat-release

CentOS Linux release 7.6.1810 (Core)

Docker

ss客戶端+privoxy

hostname	ip	環境說明
k8master	192.168.2.38	筆記本電腦 8G i3-5005U
node3	192.168.2.23	exsi下 2G E3-1226 v3

代理設置

~/.bash_profile # 當前用戶
/etc/profile # 系統級

在最後加入

export proxy="http://192.168.2.38:8118"
export http_proxy=$proxy
export https_proxy=$proxy
export ftp_proxy=$proxy
export no_proxy="localhost, 127.0.0.1, ::1"
source /etc/profile # 使生效

/etc/yum.conf
在最後加入

# Proxy
proxy=http://192.168.2.38:8118/

也可

echo "proxy=http://192.168.2.38:8118/" >> /etc/yum.conf

/etc/wgetrc
在最後加入

#  Proxy
http_proxy=http://192.168.2.38:8118/
ftp_proxy=http://192.168.2.38:8118/

docker安裝

參考文章

yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager \
     --add-repo \
     https://download.docker.com/linux/centos/docker-ce.repo

docker 設置代理

參考文章

mkdir -p /etc/systemd/system/docker.service.d

nano /etc/systemd/system/docker.service.d/http-proxy.conf

# 添加
[Service]
Environment="HTTP_PROXY=http://192.168.2.38:8118/" "HTTPS_PROXY=http://192.168.2.38:8118/"

更新配置

systemctl daemon-reload

重啓服務

systemctl restart docker

k8s安裝

參照連接1

參照連接2

關閉swap

執行swapoff臨時關閉swap。

swapoff -a

重啓後會失效，若要永久關閉，能夠編輯/etc/fstab文件，將其中swap分區一行註釋掉

nano /etc/fstab

#/dev/mapper/centos-swap swap                    swap    defaults        0 0

添加yum倉庫

nano /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*

關閉firewalld

systemctl stop firewalld

systemctl disable firewalld

關閉SELinux

setenforce 0

sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

修改sysctl內核參數

nano /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0

sysctl --system

安裝kubeadm, kubelet and kubectl

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

systemctl enable --now kubelet

拉取鏡像

說明：執行kubeadm需配置docker代理才能訪問gcr.io

kubeadm config images pull

安裝pod網絡插件

yum insatll flanneld

初始化集羣master

kubeadm init --pod-network-cidr=10.244.0.0/16

Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.2.38:6443 --token vxoj3n.5tiw4y9c4chppagz \
    --discovery-token-ca-cert-hash sha256:f844a1934f1ed2399468f7037bb8605c112eab89bcdf5a4dea9cbd89e6906261

記錄並保存屏幕文字，後續worker節點將用到。

執行如下命令配置kubectl，做爲普通用戶管理集羣並在集羣上工做

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

獲取pods列表

kubectl get pods --all-namespaces

查看集羣的健康狀態

kubectl get cs

worker節點加入

操做同master節點，直到初始化集羣master這一步（worker節點不用初始化）

kubeadm join 192.168.2.38:6443 --token vxoj3n.5tiw4y9c4chppagz \
    --discovery-token-ca-cert-hash sha256:f844a1934f1ed2399468f7037bb8605c112eab89bcdf5a4dea9cbd89e6906261

而後等待幾分鐘

部署dashboard

注意項
獲取登陸dashboard的token

kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name |grep namespace)|grep token

kubernetes nodes notready的處理

systemctl restart docker