image

目标

  • master:1个
  • node:2个
  • 网络:calico

安装环境

  • 硬件:1核CPU 2G内存 40G硬盘
  • 操作系统:CentOS Linux 7 (Core)
  • 内核:3.10.0-693.el7.x86_64
  • docker:1.17.0
  • kubeadm:v1.11

安装kubeadm

安装之前

  • 操作系统支持
    • Ubuntu 16.04+
    • Debian 9
    • CentOS 7
    • RHEL 7
    • Fedora 25/26
    • HypriotOS v1.0.1+
    • 容器Linux
  • 2G以上内存
  • 3台host网络互通
  • 每个host唯一的hostname,mac地址,product_uuid

检查mac和product

    # 查看mac地址
    ip link
    或者
    ifconfig -a
    # 查看product_uuid
    sudo cat /sys/class/dmi/id/product_uuid

关闭防火墙

systemctl stop firewalld.service      #停止firewall
systemctl disable firewalld.service
#禁止firewall开机启动

安装docker

# 新增yum源
cat >/etc/yum.repos.d/docker.repo <<EOF
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
yum makecache
# 安装docker
yum install docker-engine-17.03.0.ce-1.el7.centos.x86_64 -y
# 启动docker
systemctl enable docker && systemctl start docker

安装kubeadm, kubelet and kubectl

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0

# 修复可能存在的iptables问题
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

yum install -y kubelet kubeadm kubectl

#host检查cgroup driver与docker cgroup driver是否一直
docker info | grep -i cgroup
cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
# 添加配置 /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice"
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS $KUBELET_CGROUP_ARGS
# 注意添加$KUBELET_CGROUP_ARGS 

systemctl daemon-reload
# 启动kubelet
systemctl enable kubelet && systemctl start kubelet

禁用swap

  • free -l #是否使用swap
  • swapon -s #查看swap所在的分区
  • swapoff {分区路径} #关闭swap

安装master

获取镜像

获取以下镜像

  • k8s.gcr.io/kube-controller-manager-amd64:v1.11.0
  • k8s.gcr.io/kube-scheduler-amd64:v1.11.0
  • k8s.gcr.io/kube-proxy-amd64:v1.11.0
  • k8s.gcr.io/kube-apiserver-amd64:v1.11.0
  • k8s.gcr.io/etcd-amd64:3.2.18
  • k8s.gcr.io/pause-amd64:3.1
  • k8s.gcr.io/coredns:1.1.3
通过阿里云容器镜像服务获取镜像
[镜像生产方法参看](http://www.sunhaojie.com/2018/06/28/通过github和阿里云获取kubenate相关gcr-io的docker镜像/?preview_id=655&preview_nonce=55c78863be&post_format=standard&_thumbnail_id=656&preview=true/)
# 获取已生成的阿里云上的相关镜像
docker pull registry.cn-hongkong.aliyuncs.com/sunhj000/etcd-amd64:3.2.18
docker tag registry.cn-hongkong.aliyuncs.com/sunhj000/etcd-amd64:3.2.18  k8s.gcr.io/etcd-amd64:3.2.18
docker pull registry.cn-hongkong.aliyuncs.com/sunhj000/kube-apiserver-amd64:v1.11.0
docker tag registry.cn-hongkong.aliyuncs.com/sunhj000/kube-apiserver-amd64:v1.11.0 kube-apiserver-amd64:v1.11.0
docker pull registry.cn-hongkong.aliyuncs.com/sunhj000/kube-controller-manager-amd64:v1.11.0
docker tag registry.cn-hongkong.aliyuncs.com/sunhj000/kube-controller-manager-amd64:v1.11.0 k8s.gcr.io/kube-controller-manager-amd64:v1.11.0
docker pull registry.cn-hongkong.aliyuncs.com/sunhj000/kube-proxy-amd64:v1.11.0
docker tag registry.cn-hongkong.aliyuncs.com/sunhj000/kube-proxy-amd64:v1.11.0 k8s.gcr.io/kube-proxy-amd64:v1.11.0
docker pull registry.cn-hongkong.aliyuncs.com/sunhj000/kube-scheduler-amd64:v1.11.0
docker tag registry.cn-hongkong.aliyuncs.com/sunhj000/kube-scheduler-amd64:v1.11.0 k8s.gcr.io/kube-scheduler-amd64:v1.11.0
docker pull registry.cn-hongkong.aliyuncs.com/sunhj000/pause-amd64:3.1
docker tag registry.cn-hongkong.aliyuncs.com/sunhj000/pause-amd64:3.1 k8s.gcr.io/pause-amd64:3.1
docker pull registry.cn-hongkong.aliyuncs.com/sunhj000/coredns:1.1.3
docker tag registry.cn-hongkong.aliyuncs.com/sunhj000/coredns:1.1.3 k8s.gcr.io/coredns:1.1.3

初始化master

kubeadm init --pod-network-cidr=192.168.0.0/16 --feature-gates CoreDNS=true --service-dns-domain sunhaojie.home 

# 显示成功
Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 192.168.1.121:6443 --token 0sc1p5.tjdyi36ykaym302q --discovery-token-ca-cert-hash sha256:c926b1a1ee9b4a092de45b8345c78e56349cb60eda81bdb625997fb1f165827c

配置kubectl

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装calico网络

kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml

查看已安装pods

kubectl get pod --all-namespaces

image

安装node

在已经安装好kubelet和kubeadm的机器上执行以下命令
kubeadm join 192.168.1.121:6443 --token 0sc1p5.tjdyi36ykaym302q --discovery-token-ca-cert-hash sha256:c926b1a1ee9b4a092de45b8345c78e56349cb60eda81bdb625997fb1f165827c

查看集群中的节点

kubectl get nodes

image