Skip to content

使用部署工具安装 Kubernetes ¶

# k8s 官網安裝前設定

# 节点之中不可以有重复的主机名
hostnamectl set-hostname master
hostnamectl set-hostname node1
hostnamectl set-hostname node2

# 将SELinux设置为permissive模式（相当于将其禁用）
sudo setenforce
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
sudo sed -i 's/^SELINUX=permissive/SELINUX=disabled/' /etc/selinux/config


cat /etc/selinux/config
# 关闭swap
swapoff -a
sed -ri 's/.*swap.*/#$/' /etc/fstab

# 允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

How to Install a Kubernetes Cluster on CentOS 7 ¶

開始安裝

官方 CentOS 7 存儲庫中不提供 Kubernetes 包。此步驟需要在主節點以及您計劃用於容器設置的每個工作節點上執行。輸入以下命令以檢索 Kubernetes 存儲庫。

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

###############################################
# sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9
# sudo yum install -y kubelet-v1.22.4 kubeadm-v1.22.4 kubectl-v1.22.4
yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes


systemctl enable kubelet
systemctl start kubelet

###############################################
# 需要知道主節點在那邊
sudo vi /etc/hosts


echo "192.168.100.129 master master-node cluster-endpoint" >> /etc/hosts
echo "192.168.100.130 node1 worker-node1" >> /etc/hosts
echo "192.168.100.131 node2 worker-node2" >> /etc/hosts

###############################################
# master firewall
sudo firewall-cmd --permanent --add-port=6443/tcp
sudo firewall-cmd --permanent --add-port=2379-2380/tcp
sudo firewall-cmd --permanent --add-port=10248/tcp
sudo firewall-cmd --permanent --add-port=10250/tcp
sudo firewall-cmd --permanent --add-port=10251/tcp
sudo firewall-cmd --permanent --add-port=10252/tcp
sudo firewall-cmd --permanent --add-port=10255/tcp
sudo firewall-cmd --reload

# node firewall
sudo firewall-cmd --permanent --add-port=10248/tcp
sudo firewall-cmd --permanent --add-port=10251/tcp
sudo firewall-cmd --permanent --add-port=10255/tcp
firewall-cmd --reload




sudo systemctl stop firewalld
sudo systemctl disable firewalld


###############################################
# 修正 docker.ce 
# I faced similar issue recently. The problem was cgroup driver. Kubernetes cgroup driver was set to systems but docker was set to systemd. So I created /etc/docker/daemon.json and added below:
# [kubelet-check] It seems like the kubelet isn't running or healthy.
# [kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.

vim /etc/docker/daemon.json 

{
    "exec-opts": ["native.cgroupdriver=systemd"]
}

sudo systemctl restart docker
###############################################

# 主節點初始化
[root@hdss7-11 ~]# kubeadm init \
> --apiserver-advertise-address=10.4.7.11 \
> --control-plane-endpoint=cluster-endpoint \
> --service-cidr=172.16.0.0/16 \
> --pod-network-cidr=192.168.0.0/16 | tee kubeadm-init.log
I1231 07:07:03.036788    2204 version.go:254] remote version is much newer: v1.23.1; falling back to: stable-1.20
[init] Using Kubernetes version: v1.20.14
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated ver
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [cluster-endpoint hdss7-11.host.com kubernetes kubernetes.default kubernetesvc.cluster.local] and IPs [172.16.0.1 10.4.7.11]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [hdss7-11.host.com localhost] and IPs [10.4.7.11 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [hdss7-11.host.com localhost] and IPs [10.4.7.11 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests
[apiclient] All control plane components are healthy after 10.004710 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.20" in namespace kube-system with the configuration for the kubelets in the clust
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node hdss7-11.host.com as control-plane by adding the labels "node-role.kubernetes.io/master=''" rol-plane='' (deprecated)"
[mark-control-plane] Marking the node hdss7-11.host.com as control-plane by adding the taints [node-role.kubernetes.io/master:NoSc
[bootstrap-token] Using token: lbl36v.0liz1h81h2nb0j5g
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificat
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join cluster-endpoint:6443 --token lbl36v.0liz1h81h2nb0j5g \
    --discovery-token-ca-cert-hash sha256:d7bd29289d585c4c49da1ffa810b3a726cff7ea940f7a7d4204eae49226a824f \
    --control-plane

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join cluster-endpoint:6443 --token lbl36v.0liz1h81h2nb0j5g \
    --discovery-token-ca-cert-hash sha256:d7bd29289d585c4c49da1ffa810b3a726cff7ea940f7a7d4204eae49226a824f



###############################################
# kubeadm 裝壞了，重新處理
kubeadm reset

sudo rm -rf ~/.kube
###############################################
# 安裝網路 : flannel
> wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

# 需要修改 kube-flannel.yml 裡面的10.xx.xx.xx 
# pod-network-cidr 與 kube-flannel.yml 相關
kubectl apply -f kube-flannel.yml

# 安裝node
kubeadm join cluster-endpoint:6443 --token 7xk678.48sbnte867jog8wt \
        --discovery-token-ca-cert-hash sha256:084a126b16b7cb35209978fc363b47cf96db8992228b2af27560156b22433cc7 



[root@master ~]# kubeadm token create --print-join-command
kubeadm join cluster-endpoint:6443 --token j0kh9n.wlp3l1t2erc5jo90 --discovery-token-ca-cert-hash sha256:084a126b16b7cb35209978fc363b47cf96db8992228b2af27560156b22433cc7

[root@hdss7-11 flannel]# kubectl get nodes
NAME                STATUS     ROLES                  AGE   VERSION
hdss7-11.host.com   NotReady   control-plane,master   18m   v1.20.9
hdss7-21.host.com   NotReady   <none>                 15m   v1.20.9
hdss7-22.host.com   NotReady   <none>                 15m   v1.20.9

flannel¶

修改 "Network": "10.244.0.0/16" => "Network": "192.168.0.0/16"

安裝網路 : flannel¶

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

需要修改 kube-flannel.yml 裡面的10.xx.xx.xx¶

pod-network-cidr 與 kube-flannel.yml 相關¶

kubectl apply -f kube-flannel.yml

[root@hdss7-11 flannel]# kubectl apply -f kube-flannel.yml 
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created


[root@hdss7-11 flannel]# kubectl get nodes
NAME                STATUS   ROLES                  AGE   VERSION
hdss7-11.host.com   Ready    control-plane,master   20m   v1.20.9
hdss7-21.host.com   Ready    <none>                 18m   v1.20.9
hdss7-22.host.com   Ready    <none>                 17m   v1.20.9
[root@hdss7-11 flannel]#