CentOS7安装K8S - 简单版

服务器准备:
1、 10.0.2.5  2核3G master
2、 10.0.2.6  2核2G node

一、关闭swap交换区
vi /etc/fstab  注释掉 swap行, 临时关闭:  swapoff -a
free -m  查看swap的状态

二、禁用SELinux
vi /etc/sysconfig/selinux   将SELINUX=enforcing修改为SELINUX=disabled  临时关闭:  setenforce 0

三、关闭firewalld
systemctl disable firewalld
systemctl stop firewalld

四、安装docker,并且启动docker,配置cgroupdriver为systemd
1、前提条件    CentOS7以上版本, linux内核需要3.10以上
# uname -r
3.10.0-1062.el7.x86_64

1、卸载旧版本:
docker的旧版本叫 docker 或 docker-engine,如果安装了则卸载掉,把相关的依赖也卸载掉
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine

2、安装
yum update
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(如果  yum-config-manager: command not found, 执行 yum -y install yum-utils)
yum makecache fast
yum -y install docker-ce    如果提示 No package docker-ce available. 则reboot 后重新执行
service docker start  也可以 systemctl start docker
systemctl enable docker  设置开机自启动
docker info
docker -v  或 docker version
vi /etc/docker/daemon.json  添加下面的内容
{
  "registry-mirrors": ["https://reg-mirror.qiniu.com/","https://registry.docker-cn.com","http://hub-mirror.c.163.com"]
  , "exec-opts": ["native.cgroupdriver=systemd"]
}

service docker restart

五、启用 bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

六、安装kubernetes master
1、修改hostname和域名映射
# 查看当前的hostname
hostname 或hostnamectl
# 修改hostname
hostnamectl set-hostname k8s-master    # master节点的主机名
# vi /etc/hosts   添加
10.0.2.5 k8s-master kube-apiserver
10.0.2.6 k8s-node1
# reboot   修改hostname需要重启系统

2、配置k8s yum源
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

yum makecache fast

3、安装kubelet和kubeadm:
yum install kubelet kubeadm --disableexcludes=kubernetes

4、启动kubelet服务
kubeadm将使用kubelet服务以容器的方式部署和启动Kubernetes的主要服务,所以需要先启动kubelet服务。
systemctl enable kubelet & systemctl start kubelet
此时kubelet的状态,还是启动失败,通过journalctl -xeu kubelet能看到error信息;只有当执行了kubeadm init后才会启动成功。

5、获取配置,拉取相关镜像
拉取默认的配置
kubeadm config print init-defaults > init-config.yaml
vi init-config.yaml 
advertiseAddress: 1.2.3.4  改成master的真实ip 10.0.2.5
imageRepository: k8s.gcr.io 改成 registry.aliyuncs.com/google_containers

kubernetes镜像拉取:
kubeadm config images pull --config=init-config.yaml

运行kubeadm init安装master节点
kubeadm init --config=init-config.yaml
最后提示如下
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.0.2.5:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:90489d258bb3254596c2e9ff54d3a7d214299b4a712a459b97a6b549efdfed0e

根据提示配置环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile

# kubectl get node
NAME   STATUS     ROLES                  AGE     VERSION
node   NotReady   control-plane,master   3m52s   v1.22.4

当加入node节点时,需要查看token,可以执行以下指令:
kubeadm token list

当token过期时,可以创建新的永久token:
# kubeadm token create --ttl 0   #创建永久的token
返回 43ilet.ke2va6a0ja4ed2n8
# 获取ca证书sha256编码hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
返回  (stdin)= f7cb2c94078cbbd7873f9b317013168a97393c69925d73127dc90b9f1b50d83f
# node 节点加入
kubeadm join 10.0.2.5:6443 --token 43ilet.ke2va6a0ja4ed2n8 --discovery-token-ca-cert-hash sha256:f7cb2c94078cbbd7873f9b317013168a97393c69925d73127dc90b9f1b50d83f

# kubeadm token list
TOKEN                     TTL         EXPIRES   USAGES                   DESCRIPTION   EXTRA GROUPS
43ilet.ke2va6a0ja4ed2n8   <forever>   <never>   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token

七、安装kubernetes node
先操作前面的一~五
1、修改hostname和域名映射
# 查看当前的hostname
hostname 或hostnamectl
# 修改hostname
hostnamectl set-hostname k8s-node1    # master节点的主机名
# vi /etc/hosts   添加
10.0.2.5 k8s-master kube-apiserver
10.0.2.6 k8s-node1
# reboot   修改hostname需要重启系统

2、配置k8s yum源
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

yum makecache fast

3、安装kubelet和kubeadm:
yum install kubelet kubeadm --disableexcludes=kubernetes

运行以下命令,并设置开机启动:
systemctl enable kubelet && systemctl start kubelet

执行join命令 (即前面master init成功后的提示内容, 如果token过期了需要重新create token, master章节要介绍)
kubeadm join 10.0.2.5:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:90489d258bb3254596c2e9ff54d3a7d214299b4a712a459b97a6b549efdfed0e

从master复制admin.conf 然后配置环境变量
scp root@10.0.2.5:/etc/kubernetes/admin.conf ~
echo "export KUBECONFIG=~/admin.conf" >> ~/.bash_profile
source ~/.bash_profile

# kubectl get nodes
NAME        STATUS     ROLES                  AGE   VERSION
k8s-node1   NotReady   <none>                 10m   v1.22.4
node        NotReady   control-plane,master   82m   v1.22.4

4、安装网络插件 Calico CNI
kubectl apply -f "https://docs.projectcalico.org/manifests/calico.yaml"
稍等一会儿,重新执行
# kubectl get nodes
NAME        STATUS   ROLES                  AGE   VERSION
k8s-node1   Ready    <none>                 14m   v1.22.4
node        Ready    control-plane,master   85m   v1.22.4

完毕。

上一篇:K8S集群修改100年证书


下一篇:构建k8s一主两副集群