## 准备镜像 建议使用CentOS-7.8进行安装 CentOS-7.8:[下载地址](https://mirrors.aliyun.com/centos-vault/7.8.2003/isos/x86_64/CentOS-7-x86_64-DVD-2003.iso) ## vm配置 建议：最少3台2核2G的配置 ## 服务器整体规划 |名称|IP| |-------|-------| | k8s-master|192.168.159.128| | k8s-node1|192.168.159.129| | k8s-node2|192.168.159.130| ## 安装CentOS常用应用 由于小王是最小安装的所以许多常用应用没有安装需要自己手动安装 * 安装vim ``` yum install vim -y ``` * 安装ifconfig ``` yum install net-tools -y ``` ## 准备工作 ``` # 关闭防火墙 systemctl stop firewalld systemctl disable firewalld # 关闭selinux sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久 setenforce 0 # 临时 getenforce ## 查看selinux 状态 # 关闭swap swapoff -a # 临时 sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久 free -g ## 查看swap状态 # 根据规划设置主机名 hostnamectl set-hostname <hostname> # 在master添加hosts cat >> /etc/hosts << EOF 192.168.159.128 k8s-master 192.168.159.129 k8s-node1 192.168.159.130 k8s-node2 EOF # 将桥接的IPv4流量传递到iptables的链 cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system # 生效 # 时间同步 yum install ntpdate -y ntpdate time.windows.com ``` * 卸载旧版本的docker ``` sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine ``` * 安装基础依赖 ``` yum install -y yum-utils \ device-mapper-persistent-data \ lvm2 ``` * 配置docker yum源 ``` sudo yum-config-manager \ --add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo ``` * 安装并设置开机启动 docker ``` yum install -y docker-ce-19.03.8 docker-ce-cli-19.03.8 containerd.io systemctl enable docker systemctl start docker ``` * 配置阿里云加速 ``` sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://rsj0shyq.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker ``` #### 安装k8s环境 * 配置K8S的yum源 ``` cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF ``` * 卸载旧版本 ``` yum remove -y kubelet kubeadm kubectl ``` * 安装kubelet、kubeadm、kubectl ``` yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3 ``` * 开机启动和重启kubelet ``` systemctl enable kubelet && systemctl start kubelet ``` * 创建一个shell脚本内容如下 vim images.sh ``` #!/bin/bash images=( kube-apiserver:v1.17.3 kube-proxy:v1.17.3 kube-controller-manager:v1.17.3 kube-scheduler:v1.17.3 coredns:1.6.5 etcd:3.4.3-0 pause:3.1 ) for imageName in ${images[@]} ; do docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName done ``` * 给 images.sh 赋执行权限 chmod -R 700 images.sh 通过 sh images.sh 执行脚本 * docker images 查看脚本下载的docker 镜像 、 * 初始化master节点 ``` kubeadm init \ --apiserver-advertise-address=192.168.159.128 \ --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \ --kubernetes-version v1.17.3 \ --service-cidr=10.96.0.0/16 \ --pod-network-cidr=10.244.0.0/16 ``` --apiserver-advertise-address=192.168.159.128 这里的地址需要修改成master对应的IP地址。  **红框部分建议复制出来** 内容如下： ``` Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.159.128:6443 --token gee67u.p8cz2d2ahu377hx7 \ --discovery-token-ca-cert-hash sha256:7c63a464bce9509a1ae7340f135fc4190e7581f0ca0272a8a06fcd327197dc44 ``` * 安装红框内容执行以下命令 ``` mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config ``` * 部署网络插件calico **安装calico网络插件有坑：`calico-3.22.0.yaml`的部分内容进行了修改** ``` ### 下载calico 需要的docker镜像 docker pull calico/cni:v3.22.0 docker pull calico/kube-controllers:v3.22.0 docker pull calico/pod2daemon-flexvol:v3.22.0 docker pull calico/node:v3.22.0 ``` 获取 [calico-3.22.0.yaml](https://gitee.com/jackgeeks2018/blog-resources/blob/master/calico-3.22.0.yaml) 将`calico-3.22.0.yaml`上传master服务器 kubectl apply -f calico-3.22.0.yaml * 查看calico版本 kubectl describe deployment calico-kube-controllers -n kube-system * 查看calico 运行情况 kubectl get pods -A  * kubectl get nodes 在主节点查看节点运行的情况  * 如果calico 运行情况是`Running`并且k8s-master节点是`Ready`状态时方可将从节点加入到 master节点中。 在从节点执行如下命令 ``` kubeadm join 192.168.159.128:6443 --token gee67u.p8cz2d2ahu377hx7 \ --discovery-token-ca-cert-hash sha256:7c63a464bce9509a1ae7340f135fc4190e7581f0ca0272a8a06fcd327197dc44 ``` * 加入主节点后，在主节点上执行`kubectl get node -o wide` 查看每个node节点的健康状态  * 关于令牌报错 如果在两个从节点运行执行令牌报错： ``` [ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1 [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` To see the stack trace of this error execute with --v=5 or higher ``` 解决方案，两个从节点都执行以下命令： ``` echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables ``` 如果超过2小时忘记了令牌，可以这样做kubeadm token create --print-join-command #打印新令牌 ``` kubeadm token create --ttl 0 --print-join-command #创建个永不过期的令牌 ```