kubeadm方式
安装 runtime(docker)
- 检查k8s与docker匹配的版本
- kubernates的github找到对应的更新日志,其中的dependencies中docker相关,给出的是docker的 tagId
- k8s 1.20.* 可以兼容19.03.11
提前准备
```
关闭防火墙
systemctl stop firewalld systemctl disable firewalld
关闭selinux
永久关闭
sed -i ‘s/enforcing/disabled/’ /etc/selinux/config
临时关闭
setenforce 0
关闭swap
临时
swapoff -a
永久关闭
sed -ri ‘s/.swap./#&/’ /etc/fstab
根据规划设置主机名【master节点上操作】
hostnamectl set-hostname cent01
根据规划设置主机名【node1节点操作】
hostnamectl set-hostname cent02
根据规划设置主机名【node2节点操作】
hostnamectl set-hostname cent03
将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf « EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF
生效
sysctl –system
时间同步
yum install ntpdate -y ntpdate time.windows.com
1
2
3
4
5
### 1. 设置仓库
```shell
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
2. 设置阿里安装源
1
2
3
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3. 安装docker-ce
1
2
3
4
sudo yum update -y && sudo yum install -y \
containerd.io-1.2.13 \
docker-ce-19.03.11 \
docker-ce-cli-19.03.11
4. 设置守护线程
1
2
3
4
5
6
7
8
9
10
11
12
13
14
sudo mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
5. 将docker交给systemctl管理
1
2
3
4
5
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo systemctl daemon-reload
sudo systemctl restart docker
# 开机启动
sudo systemctl enable docker
6. 设置阿里云镜像加速
1
2
3
4
5
6
7
8
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://2tgmzyyl.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
安装 kubeadm、kubelet 和 kubectl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# 将 SELinux 设置为 permissive 模式(相当于将其禁用)
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
yum install -y kubelet-1.20.4 kubeadm-1.20.4 kubectl-1.20.4 --disableexcludes=kubernetes
systemctl enable --now kubelet
4. 部署 Kubernetes Master
1
2
3
4
5
6
kubeadm init \
--apiserver-advertise-address=10.31.149.124 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.20.4 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
5.kubectl使用户可用
1
2
3
4
5
6
# 任何用户
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# root用户
export KUBECONFIG=/etc/kubernetes/admin.conf
6. 安装CNI
1
2
3
4
5
# 下载网络插件配置
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 添加
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
7.验证
1
kubectl get nodes
- 节点的状态变成”Ready“即可
8.检查组件健康状态
1
kubectl get cs
8.1 controller-manager、scheduler组件Unhealthy
```
检查kube-scheduler和kube-controller-manager组件配置是否禁用了非安全端口
vim /etc/kubernetes/manifests/kube-scheduler.yaml vim /etc/kubernetes/manifests/kube-controller-manager.yaml
去掉port=0, 重启服务
systemctl restart kubelet ```