Centos 8 安装 K8s(1.17.0)

by Posted on

root 运行,单Master,参考 https://kuboard.cn/install/install-k8s.html#%E5%AE%89%E8%A3%85docker%E5%8F%8Akubelet

yum源更新 替换为阿里云源Centos+Docker CE+K8s

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
mv /etc/yum.repos.d/CentOS-Extras.repo /etc/yum.repos.d/CentOS-Extras.repo.backup
mv /etc/yum.repos.d/CentOS-centosplus.repo /etc/yum.repos.d/CentOS-centosplus.repo.backup
mv /etc/yum.repos.d/CentOS-AppStream.repo /etc/yum.repos.d/CentOS-AppStream.repo.backup
mv /etc/yum.repos.d/CentOS-PowerTools.repo /etc/yum.repos.d/CentOS-PowerTools.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

SE-Linux 网上教程多是关闭的,但是我们这里使用K8s官方的(Set SELinux in permissive mode (effectively disabling it))

setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

关闭swap,如果不关闭k8s无法启动

swapoff -a
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak |grep -v swap > /etc/fstab

修改内核参数

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
sysctl -p

安装docker 

yum install -y docker-ce docker-ce-cli containerd.io
systemctl enable docker
systemctl start docker

如果提示podman-manage 冲突,则先卸载podman

yum -y remove podman
yum install -y docker-ce docker-ce-cli containerd.io
systemctl enable docker
systemctl start docker

如果containerd.io安装失败的话

wget https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/edge/Packages/containerd.io-1.2.10-3.2.el7.x86_64.rpm
yum -y install containerd.io-1.2.10-3.2.el7.x86_64.rpm
yum install -y docker-ce docker-ce-cli
systemctl enable docker
systemctl start docker

修改Firewall,将10.0.0.0/24 修改为master和node的CIDR格式的地址或者一个IP 两条记录(TCP + UDP),关闭firewall不是一个安全的选项

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="1-65535" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="udp" port="1-65535" accept"
firewall-cmd --reload

安装k8s

yum install -y kubelet kubeadm kubectl

修改docker服务

sed -i "s#^ExecStart=/usr/bin/dockerd.*#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --exec-opt native.cgroupdriver=systemd#g" /usr/lib/systemd/system/docker.service

添加docker加速源(可选),将https://0.mirror.aliyuncs.com替换成你的阿里云镜像加速地址

["https://0.mirror.aliyuncs.com"]\n}\n}' > /etc/docker/daemon.json

查看k8s 和docker 是否已经安装

systemctl daemon-reload
systemctl restart docker
systemctl enable kubelet && systemctl start kubelet
docker version

MASTER节点初始化(以下配置只在MATER节点上执行)

环境变量初始化,MASTER_IP和POD_SUBNET记得替换为自己的实际值

export MASTER_IP=10.10.0.100
export APISERVER_NAME=secfa.lan
export POD_SUBNET=10.100.0.1/16
echo "${MASTER_IP}    ${APISERVER_NAME}" >> /etc/hosts

初始化kubeadm,kubernetesVersion和serviceSubnet 根据实际情况修改

rm -f ./kubeadm-config.yaml
cat <<EOF > ./kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: 1.17.0
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
controlPlaneEndpoint: "${APISERVER_NAME}:6443"
networking:
  serviceSubnet: "10.96.0.0/16"
  podSubnet: "${POD_SUBNET}"
  dnsDomain: "cluster.local"
EOF

满长的等待

kubeadm init --config=kubeadm-config.yaml --upload-certs

关键的一步(不执行的常见问题:报无法连接到localhost:8080)

rm -rf /root/.kube/
mkdir /root/.kube/
cp -i /etc/kubernetes/admin.conf /root/.kube/config

安装calico

echo "安装calico-3.10.2"
rm -f calico-3.10.2.yaml
wget https://kuboard.cn/install-script/calico/calico-3.10.2.yaml
sed -i "s#192\.168\.0\.0/16#${POD_SUBNET}#" calico-3.10.2.yaml
kubectl apply -f calico-3.10.2.yaml

观察是否配置成功,全部是running和Ready

kubectl get pod -n kube-system
kubectl get nodes

特别的一步,生成node连接到master的命令,有效时间2小时

kubeadm token create --print-join-command


#out: kubeadm join secfa.lan:6443 --token 123456.1234567890123456     --discovery-token-ca-cert-hash sha256:8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92

以下配置在Node节点进行

设置环境变量

export MASTER_IP=10.10.0.100
export APISERVER_NAME=secfa.lan
echo "${MASTER_IP}    ${APISERVER_NAME}" >> /etc/hosts

加入集群(MASTER 执行kubeadm token create –print-join-command 命令的输出)

kubeadm join secfa.lan:6443 --token 123456.1234567890123456     --discovery-token-ca-cert-hash sha256:8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92

MASTER节点上查看是否加入成功

kubectl get nodes -o wide
kubectl get pod -n kube-system -o wide

Published by secfa

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注