kubernetes 1.15 install for kubeadm

時間 2019-11-06

標籤 kubernetes 1.15 install kubeadm 简体版

原文原文鏈接

kubernetes 1.15 install for kubeadm

安裝條件

阿里雲鏡像服務器訪問暢通
dockerhub能夠訪問
Centos7.7系統 Base-server方式安裝
必要的docker k8s基礎知識

集羣建立前的準備

ip地址	節點角色	CPU	內存	主機名	存儲
192.168.100.101.111	master	2c	4G	k8s-master001	200GB
192.168.100.101.121	worker	2c	4G	k8s-node001	200GB
192.168.100.101.122	worker	2c	4G	k8s-node002	200GB
192.168.100.101.123	worker	2c	4G	k8s-node003	200GB
192.168.100.101.124	worker	2c	4G	k8s-node004	200GB

部署環境爲nat模式下的內網服務器，即家庭網絡環境、辦公室網絡環境html

1、服務器環境初始化

設置hostname 在不一樣的機器上執行如下命令

hostnamectl set-hostname k8s-master001  
hostnamectl set-hostname k8s-node001  
hostnamectl set-hostname k8s-node002 
hostnamectl set-hostname k8s-node003  
hostnamectl set-hostname k8s-node004

修改/etc/sysconfig/network增長HOSTNAME=k8s-master001,注意更改成相應的主機名喔node

關閉防火牆、swap、selinux

systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab

修改內核參數、將橋接網卡的ipv4流量轉發到iptables的鏈表

cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

執行sysctl 載入配置文件參數

modprobe br_netfilter
sysctl --system

增長ipvs的開啓參數

cat /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4

增長ipvs.modules文件可執行權限

chmod 755 /etc/sysconfig/modules/ipvs.modules 
/bin/bash -x /etc/sysconfig/modules/ipvs.modules 
lsmod | grep "ip_vs"

增長阿里雲epelyum源

CentOS-Base有163的源,速度很快不用更換，若是是阿里雲服務器建議使用阿里雲CentOS-Base內網更快linux

yum install -y wget
#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache

增長k8s``docker-ceyum源

cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

該內容能夠經過 opsx.alibaba.com搜索kubernetes``幫助獲取
增長docker-ceyum源git

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

安裝依賴包

yum  -y install ipset ipvsadm yum-utils device-mapper-persistent-data lvm2

查看yum倉庫中Docker版本必定要加上--showduplicates參數，否則只會出現最新版本的rpm包

[root@k8s-master001 ~]# yum list docker-ce.x86_64  --showduplicates |sort -r
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror
Installed Packages
docker-ce.x86_64            3:19.03.2-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.1-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:19.03.0-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.9-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.8-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.7-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.7-3.el7                    @docker-ce-stable
docker-ce.x86_64            3:18.09.6-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.5-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.4-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.3-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.2-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.1-3.el7                    docker-ce-stable 
docker-ce.x86_64            3:18.09.0-3.el7                    docker-ce-stable 
docker-ce.x86_64            18.06.3.ce-3.el7                   docker-ce-stable 
docker-ce.x86_64            18.06.2.ce-3.el7                   docker-ce-stable 
docker-ce.x86_64            18.06.1.ce-3.el7                   docker-ce-stable 
docker-ce.x86_64            18.06.0.ce-3.el7                   docker-ce-stable 
docker-ce.x86_64            18.03.1.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            18.03.0.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.12.1.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.12.0.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.09.1.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.09.0.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.06.2.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.06.1.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.06.0.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.03.3.ce-1.el7                   docker-ce-stable 
docker-ce.x86_64            17.03.2.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.03.1.ce-1.el7.centos            docker-ce-stable 
docker-ce.x86_64            17.03.0.ce-1.el7.centos            docker-ce-stable

Install Docker

yum makecache fast
yum install -y --setopt=obsoletes=0 docker-ce-18.09.8-3.el7.x86_64
systemctl start docker
systemctl enable docker

增長--setopt=obsoletes=0
obsoletes=value
…where value is one of:
0 — Disable yum's obsoletes processing logic when performing updates.
1 — Enable yum's obsoletes processing logic when performing updates. When one package declares in its spec file that it obsoletes another package, the latter package will be replaced by the former package when the former package is installed. Obsoletes are declared, for example, when a package is renamed. obsoletes=1 the default.github

查看iptables filter表中FOWARD鏈表中策略是否爲ACCEPT放行狀態。若是不是執行iptables -P FORWARD ACCEPTdocker

[root@k8s-master001 k8s-yum]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

查看Docker cgroup driver狀態是否爲systemd,若是不是systemd請修改配置文件改回systemdshell

[root@k8s-master001 ~]# docker info | grep Cgroup
 Cgroup Driver: systemd
 cat /etc/docker/daemon.json #若是不是請修改配置文件
{
  "exec-opts": ["native.cgroupdriver=systemd"]
}

重啓docker 使配置生效

systemctl restart docker

Install kubeadm、kubelet

yum install -y kubelet-1.15.3-0.x86_64 kubeadm-1.15.3-0.x86_64 kubelet-1.15.3-0.x86_64

kubelet啓動並設置開機啓動

systemctl start kubelet.service
systemctl enable kubelet.service

查看集羣默認的初始化配置信息kubeadm config print init-defaults

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 1.2.3.4
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: k8s-master001
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.15.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}

其中advertiseAddress是指api-server的ip地址，也就是k8s-master001內網ip地址192.168.101.111。
serviceSubnet是集羣將要採用的網段地址，咱們使用10.244.0.0/16。json

初始化k8s集羣在k8s-master001上操做

kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.101.111 --ignore-preflight-errors=Swap

執行後發現會報如下錯誤,這是由於沒法訪問k8s.gcr.io網站。bootstrap

[root@k8s-master001 ~]# kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.101.111 --ignore-preflight-errors=Swap
W0913 00:40:38.345859   31641 version.go:98] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: dial tcp: lookup dl.k8s.io on [::1]:53: read udp [::1]:60967->[::1]:53: read: connection refused
W0913 00:40:38.346081   31641 version.go:99] falling back to the local client version: v1.15.3
[init] Using Kubernetes version: v1.15.3
[preflight] Running pre-flight checks
        [WARNING Hostname]: hostname "k8s-master001" could not be reached
        [WARNING Hostname]: hostname "k8s-master001": lookup k8s-master001 on [::1]:53: read udp [::1]:45558->[::1]:53: read: connection refused
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.15.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: dial tcp: lookup k8s.gcr.io on [::1]:53: read udp [::1]:51990->[::1]:53: read: connection refused
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.15.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: dial tcp: lookup k8s.gcr.io on [::1]:53: read udp [::1]:43086->[::1]:53: read: connection refused
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.15.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: dial tcp: lookup k8s.gcr.io on [::1]:53: read udp [::1]:55885->[::1]:53: read: connection refused
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.15.3: output: Error response from daemon: Get https://k8s.gcr.io/v2/: dial tcp: lookup k8s.gcr.io on [::1]:53: read udp [::1]:48386->[::1]:53: read: connection refused
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: dial tcp: lookup k8s.gcr.io on [::1]:53: read udp [::1]:43804->[::1]:53: read: connection refused
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.3.10: output: Error response from daemon: Get https://k8s.gcr.io/v2/: dial tcp: lookup k8s.gcr.io on [::1]:53: read udp [::1]:49557->[::1]:53: read: connection refused
, error: exit status 1
        [ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:1.3.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: dial tcp: lookup k8s.gcr.io on [::1]:53: read udp [::1]:51683->[::1]:53: read: connection refused
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

換源設置改成阿里雲,查看須要的容器鏡像kubeadm config images list

[root@k8s-master001 ~]# kubeadm config images list
W0913 00:44:21.703361   32321 version.go:98] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: dial tcp: lookup dl.k8s.io on [::1]:53: read udp [::1]:37790->[::1]:53: read: connection refused
W0913 00:44:21.703519   32321 version.go:99] falling back to the local client version: v1.15.3
k8s.gcr.io/kube-apiserver:v1.15.3
k8s.gcr.io/kube-controller-manager:v1.15.3
k8s.gcr.io/kube-scheduler:v1.15.3
k8s.gcr.io/kube-proxy:v1.15.3
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.10
k8s.gcr.io/coredns:1.3.1

pull阿里雲鏡像Images更改tag 舒適提示:雖然是國內源但pull過程依然有些慢,建議衝杯咖啡、奶茶

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.15.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.15.3 k8s.gcr.io/kube-apiserver:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.15.3 k8s.gcr.io/kube-controller-manager:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.15.3 k8s.gcr.io/kube-scheduler:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.15.3 k8s.gcr.io/kube-proxy:v1.15.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1

再次執行集羣初始化操做

[root@k8s-master001 tmp]# kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.101.111 --ignore-preflight-errors=Swap
[init] Using Kubernetes version: v1.15.3
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master001 localhost] and IPs [192.168.101.111 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master001 localhost] and IPs [192.168.101.111 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master001 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.101.111]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 44.009526 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.15" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s-master001 as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node k8s-master001 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: f3xr55.iv29dsas70lrf0jo
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.101.111:6443 --token f3xr55.iv29dsas70lrf0jo \
    --discovery-token-ca-cert-hash sha256:2f939d02abb31a087b4c3f4b1202c4efeaa6f9ee165abb705f8e2b19d41e132c

根據輸出提示進行如下操做

mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

保存記錄好節點加入集羣命令

kubeadm join 192.168.101.111:6443 --token f3xr55.iv29dsas70lrf0jo \
--discovery-token-ca-cert-hash sha256:2f939d02abb31a087b4c3f4b1202c4efeaa6f9ee165abb705f8e2b19d41e132c

注意除了集羣初始化操做在k8s-master001上執行,其它的操做每一個節點都要執行

2、node節點加入集羣

執行kubeadm join 輸出如下信息即爲成功,其中的WARNING是由於/etc/hosts沒有配置,忽略便可沒有影響

[root@k8s-node001 tmp]# kubeadm join 192.168.101.111:6443 --token f3xr55.iv29dsas70lrf0jo \
--discovery-token-ca-cert-hash sha256:2f939d02abb31a087b4c3f4b1202c4efeaa6f9ee165abb705f8e2b19d41e132c
[preflight] Running pre-flight checks
        [WARNING Hostname]: hostname "k8s-node001" could not be reached
        [WARNING Hostname]: hostname "k8s-node001": lookup k8s-node001 on 192.168.100.37:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

Tips:第三天k8s-node003加入集羣報錯

error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s

集羣運行一段時間後後續加入節點的時候提示上面這個錯誤,是mastertoken證書過時,好像有效期只有24小時,建立新的token便可解決，方法以下。centos

[root@k8s-master001 ~]# kubeadm token create
2cwxr3.01v9qv5kbt69fzxa
[root@k8s-master001 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | awk {'print $2'}
2f939d02abb31a087b4c3f4b1202c4efeaa6f9ee165abb705f8e2b19d41e132c

使用新token添加新節點

[root@k8s-node003 ~]# kubeadm join 192.168.101.111:6443 --token 2cwxr3.01v9qv5kbt69fzxa --discovery-token-ca-cert-hash sha256:2f939d02abb31a087b4c3f4b1202c4efeaa6f9ee165abb705f8e2b19d41e132c

查看集羣以及nodes狀態

root@k8s-master001 ~]# kubectl get cs    
NAME                 STATUS    MESSAGE             ERROR
scheduler            Healthy   ok                  
controller-manager   Healthy   ok                  
etcd-0               Healthy   {"health":"true"} 
[root@k8s-master001 ~]# kubectl get nodes
NAME            STATUS     ROLES    AGE   VERSION
k8s-master001   NotReady   master   2h   v1.15.3
k8s-node001     NotReady   <none>   1h   v1.15.3

能夠看到集羣是健康的，可是node節點狀態是notready這是由於咱們僅僅建立了集羣尚未安裝網絡插件

2、安裝必要的插件、網絡插件

Installflannel網絡插件

[root@k8s-master001 k8s]# curl -O https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@k8s-master001 k8s]# cat kube-flannel.yml  | grep '"Network"'
  "Network": "10.244.0.0/16"
kubectl create -f  kube-flannel.yml

配置文件網段和建立集羣是的網段一致，此處不須要修改.

查看插件啓動狀態

[root@k8s-master001 ~]# kubectl get pod -n kube-system
NAME                                    READY   STATUS    RESTARTS   AGE
coredns-5c98db65d4-6v8zm                1/1     Running   0          1h
coredns-5c98db65d4-7xdsn                1/1     Running   0          1h
etcd-k8s-master001                      1/1     Running   0          1h
kube-apiserver-k8s-master001            1/1     Running   0          1h
kube-controller-manager-k8s-master001   1/1     Running   0          1h
kube-proxy-97jz2                        1/1     Running   0          1h
kube-proxy-lftz2                        1/1     Running   0          1h
kube-scheduler-k8s-master001            1/1     Running   0          1h

kube-proxy更改成ipvs模式mode: ""更改成mode: "ipvs"
```
kubectl edit cm kube-proxy -n kube-system
```

Install dashboard插件

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl create -f kubernetes-dashboard.yaml
root@k8s-master001 k8s]# kubectl get svc kubernetes-dashboard -n kube-system  
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.111.189.89   <none>        443:32576/TCP   21s

其狀態一直是ImagePullBackOff

[root@k8s-master001 tmp]# kubectl get pods,svc -n kube-system   | grep kubernetes-dashboard       
pod/kubernetes-dashboard-7d75c474bb-ljdhp   0/1     ImagePullBackOff   0          14m
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

生成token dashboard登陸支持Kubeconfig和token兩種認證方式Kubeconfig中也依賴token

kubectl create serviceaccount  dashboard-admin -n kube-system
kubectl create clusterrolebinding  dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

獲取 Dashboardtoken

[root@k8s-master001 tmp]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

Name:         dashboard-admin-token-hqj4v
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 56931c3b-ce9d-456c-9e12-3597163fff47

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQv
c2VjcmV0Lm5hbWUiOiJkYXNoYm7hcmQtYWRtaW4tdG9rZW4taHFqNHYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY
291bnQudWlkIjoiNTY5MzFjM2ItY2U5ZC00NTZjLTllMTItMzU5NzE2M2ZmZjQ3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.sYIp7MzgFw6jSBRN63GX4y3j9yfyvYnmAw1BN4FsoiU5rdaSDle1lGWwleMGh
Y5lNHTpoQwUXAzl6uQmrhFCQPFsZZEIaPaSWEzHxuwmYO3uiaLcJB4_0wtC_DiKpLx_JV8NQwYmgAlgL2s2HxLeuweSHcMcxwIccA5CHdRPoh0_r6NjHc1yf4s6vzNQUpfNMj3k34_Oe7YmpU6eGFONvxzDigy5kWG4QDE4m3g4ceeYqjydJ_gRMjfu86E_VxGgbeILBK3OQd
GsqK8i5GZz8IziDOd3sYicHqbwDgGXiGZfPuqtu4FbDSKV1lZ8VWK0sRuuww3idCGuG7gzMkB2hw

Install Helm Client

wget https://get.helm.sh/helm-v2.14.3-linux-amd64.tar.gz
 tar -zxf helm-v2.14.3-linux-amd64.tar.gz
 cp helm  /usr/local/bin/
 [root@k8s-master001 linux-amd64]# helm version
 Client: &version.Version{SemVer:"v2.14.3",   GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
 Error: could not find tiller

Install Helm servertiller

helm init --upgrade --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.14.3
 [root@k8s-master001 k8s]#  kubectl get pod -n kube-system -l app=helm
 NAME                             READY   STATUS    RESTARTS   AGE
 tiller-deploy-6867df9fc6-xh6hh   1/1     Running   0          112s
 root@k8s-master001 k8s]# helm version
 Client: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}
 Server: &version.Version{SemVer:"v2.14.3", GitCommit:"0e7f3b6637f7af8fcfddb3d2941fcc7cbebb0085", GitTreeState:"clean"}

Tiller增長ServiceAccount

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

END

至此最小集羣已經安裝完成了,這裏只安裝了最核心的k8s服務。

參考文獻
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-configuring_yum_and_yum_repositories
https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm

結語

但願天下沒有難裝的k8s

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。