以centos7為例。
三節點部署
master 192.168.126.128(至少雙核CPU,2G記憶體)node1 192.168.126.118node1 192.168.126.120修改主機名
master
cat <<eof>/etc/hostname
master
eof
---------------------------------------------------------
node1
cat <<eof>/etc/hostname
node1
eof
--------------------------------------------------------
node2
cat <<eof>/etc/hostname
node1
eof
修改hosts
三個節點都要執行,名稱根據自己的需要命名
vim /etc/host
192.168.126.128 master
192.168.126.118 node1
192.168.126.120 node2
以上步驟完成後,建議重啟一下系統。
修改yum源(三個節點執行)
cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF
setenforce 0yum install -y kubelet kubeadm kubectlsystemctl enable kubelet && systemctl start kubelet
初始化master(master執行)
kubeadm init --apiserver-advertise-address=192.168.126.128 --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.1.0.0/16
執行完成後末端會列印這一段內容
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.126.128:6443 --token 4zdsbn.er9397h3ngn5c18b \
--discovery-token-ca-cert-hash sha256:1e80ce505f1edcb34c7da179fff7bb93e755509fce7299153441237bbaa5cb2f
按照提示步驟先執行
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
安裝網路,這裡以flannel為例
kubectl apply -f flannel.yml
flannel.yml可以透過github獲取(https://raw.githubusercontent.com/caoran/kube-flannel.yml/master/kube-flannel.yml),透過kubectl apply -f 地址,如果提示https訪問有問題,可以自行下載該檔案到本地使用。
主節點檢查安裝狀態
kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 43m v1.20.0
kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
子節點加入叢集
node1執行
kubeadm join 192.168.126.128:6443 --token 4zdsbn.er9397h3ngn5c18b \ --discovery-token-ca-cert-hash sha256:1e80ce505f1edcb34c7da179fff7bb93e755509fce7299153441237bbaa5cb2f --node-name node1
node2執行
kubeadm join 192.168.126.128:6443 --token 4zdsbn.er9397h3ngn5c18b \ --discovery-token-ca-cert-hash sha256:1e80ce505f1edcb34c7da179fff7bb93e755509fce7299153441237bbaa5cb2f --node-name node1
執行完成後檢查節點情況
kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 43m v1.20.0
node1 Ready <none> 23m v1.20.0
node2 Ready <none> 27m v1.20.0
到此完成了整個部署
上面的操作在很順利的情況下完成,過程中會遇到一些坑,下面列舉常見的幾個。
kubeadm join 超時 uploading crisocket: timed out waiting for the condition在有問題的節點上依次執行
swapoff -a # will turn off the swap
kubeadm reset
systemctl daemon-reload
systemctl restart kubelet
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X # will reset iptables
元件controller-manager與scheduler狀態為Unhealthy處理修改這兩個檔案下的配置
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
vim /etc/kubernetes/manifests/kube-scheduler.yaml
把--port=0註釋掉,透過#註釋。
token過期了檢視token
kubeadm token list
產生新的token
kubeadm token create
獲取ca的hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'