之前测试了离线环境下使用二进制方法安装配置Kubernetes集群的方法,安装的过程中听说 kubeadm 安装配置集群更加方便,因此试着折腾了一下。安装过程中,也有一些坑,相对来说操作上要比二进制方便一点,毕竟不用手工创建那么多的配置文件,但是对于了解Kubernetes的运作方式,可能不如二进制方式好。同时,因为kubeadm方式,很多集群依赖的组件都是以容器方式运行在Master节点上,感觉对于虚拟机资源的消耗要比二进制方式厉害。

0. kubeadm 介绍与准备工作

kubeadm is designed to be a simple way for new users to start trying Kubernetes out, possibly for the first time, a way for existing users to test their application on and stitch together a cluster easily, and also to be a building block in other ecosystem and/or installer tool with a larger scope.

kubeadm是一个python写的项目,代码在这里,用来帮助快速部署Kubernetes集群环境,但是目前仅仅是作为测试环境使用,如果你想在生产环境使用,可是要三思。

本文所用的环境:

  • 虚拟机软件:VirtualBox
  • 操作系统:Centos 7.3 minimal 安装
  • 网卡:两块网卡,一块 Host-Only方式,一块 Nat 方式。
  • 网络规划:
    • Master:192.168.0.101
    • Node:192.168.0.102-104

0.1 关掉 selinux

$ setenforce  0

$ sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux

0.2 关掉防火墙

$ systemctl stop firewalld

$ systemctl disable firewalld

0.3 关闭 swap

$ swapoff -a

$ sed -i 's/.*swap.*/#&/' /etc/fstab

0.4 配置转发参数

$ cat <<EOF >  /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

$ sysctl --system

0.5 设置国内 yum 源

$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/

enabled=1

gpgcheck=1

repo_gpgcheck=1

gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

0.6 安装一些必备的工具

$ yum install -y epel-release

$ yum install -y net-tools wget vim  ntpdate

1. 安装 kubeadm 必须的软件,在所有节点上运行

1.1 安装Docker

$ yum install -y docker

$ systemctl enable docker && systemctl start docker

$ #设置系统服务,如果不设置后面 kubeadm init 的时候会有 warning

$ systemctl enable docker.service

如果想要用二进制方法安装最新版本的Docker,可以参考我之前的文章在Redhat 7.3中采用离线方式安装Docker

1.2 安装kubeadm、kubectl、kubelet

$ yum install -y kubelet kubeadm kubectl kubernetes-cni

$ systemctl enable kubelet && systemctl start kubelet

这一步之后kubelet还不能正常运行,还处于下面的状态。

The kubelet is now restarting every few seconds, as it waits in a crashloop for kubeadm to tell it what to do.

2. 安装Master节点

因为国内没办法访问Google的镜像源,变通的方法是从其他镜像源下载后,修改tag。执行下面这个Shell脚本即可。

#!/bin/bash

images=(kube-proxy-amd64:v1.11.0 kube-scheduler-amd64:v1.11.0 kube-controller-manager-amd64:v1.11.0 kube-apiserver-amd64:v1.11.0

etcd-amd64:3.2.18 coredns:1.1.3 pause-amd64:3.1 kubernetes-dashboard-amd64:v1.8.3 k8s-dns-sidecar-amd64:1.14.9 k8s-dns-kube-dns-amd64:1.14.9

k8s-dns-dnsmasq-nanny-amd64:1.14.9 )

for imageName in ${images[@]} ; do

  docker pull registry.cn-hangzhou.aliyuncs.com/k8sth/$imageName

  docker tag registry.cn-hangzhou.aliyuncs.com/k8sth/$imageName k8s.gcr.io/$imageName

  #docker rmi registry.cn-hangzhou.aliyuncs.com/k8sth/$imageName

done

docker tag da86e6ba6ca1 k8s.gcr.io/pause:3.1

接下来执行Master节点的初始化,因为我的虚拟机是双网卡,需要指定apiserver的监听地址。

[root@devops-101 ~]# kubeadm init --kubernetes-version=v1.11.0 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.0.101

[init] using Kubernetes version: v1.11.0

[preflight] running pre-flight checks

I0724 08:36:35.636931    3409 kernel_validator.go:81] Validating kernel version

I0724 08:36:35.637052    3409 kernel_validator.go:96] Validating kernel config

	[WARNING Hostname]: hostname "devops-101" could not be reached

	[WARNING Hostname]: hostname "devops-101" lookup devops-101 on 172.20.10.1:53: no such host

	[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'

[preflight/images] Pulling images required for setting up a Kubernetes cluster

[preflight/images] This might take a minute or two, depending on the speed of your internet connection

[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'

[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"

[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"

[preflight] Activating the kubelet service

[certificates] Generated ca certificate and key.

[certificates] Generated apiserver certificate and key.

[certificates] apiserver serving cert is signed for DNS names [devops-101 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.0.101]

[certificates] Generated apiserver-kubelet-client certificate and key.

[certificates] Generated sa key and public key.

[certificates] Generated front-proxy-ca certificate and key.

[certificates] Generated front-proxy-client certificate and key.

[certificates] Generated etcd/ca certificate and key.

[certificates] Generated etcd/server certificate and key.

[certificates] etcd/server serving cert is signed for DNS names [devops-101 localhost] and IPs [127.0.0.1 ::1]

[certificates] Generated etcd/peer certificate and key.

[certificates] etcd/peer serving cert is signed for DNS names [devops-101 localhost] and IPs [192.168.0.101 127.0.0.1 ::1]

[certificates] Generated etcd/healthcheck-client certificate and key.

[certificates] Generated apiserver-etcd-client certificate and key.

[certificates] valid certificates and keys now exist in "/etc/kubernetes/pki"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"

[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"

[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"

[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"

[controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"

[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"

[init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"

[init] this might take a minute or longer if the control plane images have to be pulled

[apiclient] All control plane components are healthy after 46.002877 seconds

[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace

[kubelet] Creating a ConfigMap "kubelet-config-1.11" in namespace kube-system with the configuration for the kubelets in the cluster

[markmaster] Marking the node devops-101 as master by adding the label "node-role.kubernetes.io/master=''"

[markmaster] Marking the node devops-101 as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]

[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "devops-101" as an annotation

[bootstraptoken] using token: wkj0bo.pzibll6rd9gyi5z8

[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials

[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token

[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster

[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace

[addons] Applied essential addon: CoreDNS

[addons] Applied essential addon: kube-proxy

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube

  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node

as root:

  kubeadm join 192.168.0.101:6443 --token wkj0bo.pzibll6rd9gyi5z8 --discovery-token-ca-cert-hash sha256:51985223a369a1f8c226f3ccdcf97f4ad5ff201a7c8c708e1636eea0739c0f05

看到以上信息表示Master节点已经初始化成功了。如果需要用普通用户管理集群,可以按照提示进行操作,如果是使用root用户管理,执行下面的命令。

[root@devops-101 ~]# export KUBECONFIG=/etc/kubernetes/admin.conf

[root@devops-101 ~]# kubectl get nodes

NAME         STATUS     ROLES     AGE       VERSION

devops-101   NotReady   master    7m        v1.11.1

[root@devops-101 ~]# kubectl get pods --all-namespaces

NAMESPACE     NAME                                 READY     STATUS    RESTARTS   AGE

kube-system   coredns-78fcdf6894-8sd6g             0/1       Pending   0          7m

kube-system   coredns-78fcdf6894-lgvd9             0/1       Pending   0          7m

kube-system   etcd-devops-101                      1/1       Running   0          6m

kube-system   kube-apiserver-devops-101            1/1       Running   0          6m

kube-system   kube-controller-manager-devops-101   1/1       Running   0          6m

kube-system   kube-proxy-bhmj8                     1/1       Running   0          7m

kube-system   kube-scheduler-devops-101            1/1       Running   0          6m

可以看到节点还没有Ready,dns的两个pod也没不正常,还需要安装网络配置。

3. Master节点的网络配置

这里我选用了 Flannel 的方案。

kubeadm only supports Container Network Interface (CNI) based networks (and does not support kubenet).

修改系统设置,创建 flannel 网络。

[root@devops-101 ~]# sysctl net.bridge.bridge-nf-call-iptables=1

net.bridge.bridge-nf-call-iptables = 1

[root@devops-101 ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml

clusterrole.rbac.authorization.k8s.io/flannel created

clusterrolebinding.rbac.authorization.k8s.io/flannel created

serviceaccount/flannel created

configmap/kube-flannel-cfg created

daemonset.extensions/kube-flannel-ds created

flannel 默认会使用主机的第一张网卡,如果你有多张网卡,需要通过配置单独指定。修改 kube-flannel.yml 中的以下部分

containers:

      - name: kube-flannel

        image: quay.io/coreos/flannel:v0.10.0-amd64

        command:

        - /opt/bin/flanneld

        args:

        - --ip-masq

        - --kube-subnet-mgr

        - --iface=enp0s3            #指定内网网卡

执行成功后,Master并不能马上变成Ready状态,稍等几分钟,就可以看到所有状态都正常了。

[root@devops-101 ~]# kubectl get pods --all-namespaces

NAMESPACE     NAME                                 READY     STATUS    RESTARTS   AGE

kube-system   coredns-78fcdf6894-8sd6g             1/1       Running   0          14m

kube-system   coredns-78fcdf6894-lgvd9             1/1       Running   0          14m

kube-system   etcd-devops-101                      1/1       Running   0          13m

kube-system   kube-apiserver-devops-101            1/1       Running   0          13m

kube-system   kube-controller-manager-devops-101   1/1       Running   0          13m

kube-system   kube-flannel-ds-6zljr                1/1       Running   0          48s

kube-system   kube-proxy-bhmj8                     1/1       Running   0          14m

kube-system   kube-scheduler-devops-101            1/1       Running   0          13m

[root@devops-101 ~]# kubectl get nodes

NAME         STATUS    ROLES     AGE       VERSION

devops-101   Ready     master    14m       v1.11.1

4. 加入节点

Node节点的加入集群前,首先需要按照本文的第0节和第1节做好准备工作,然后下载镜像。

$ docker pull registry.cn-hangzhou.aliyuncs.com/k8sth/kube-proxy-amd64:v1.11.0

$ docker pull registry.cn-hangzhou.aliyuncs.com/k8sth/pause-amd64:3.1

$ docker tag registry.cn-hangzhou.aliyuncs.com/k8sth/pause-amd64:3.1 k8s.gcr.io/pause-amd64:3.1

$ docker tag registry.cn-hangzhou.aliyuncs.com/k8sth/kube-proxy-amd64:v1.11.0 k8s.gcr.io/kube-proxy-amd64:v1.11.0

$ docker tag registry.cn-hangzhou.aliyuncs.com/k8sth/pause-amd64:3.1 k8s.gcr.io/pause:3.1

最后再根据Master节点的提示加入集群。

$ kubeadm join 192.168.0.101:6443 --token wkj0bo.pzibll6rd9gyi5z8 --discovery-token-ca-cert-hash sha256:51985223a369a1f8c226f3ccdcf97f4ad5ff201a7c8c708e1636eea0739c0f05

节点的启动也需要一点时间,稍后再到Master上查看状态。

[root@devops-101 ~]# kubectl get nodes

NAME         STATUS    ROLES     AGE       VERSION

devops-101   Ready     master    1h        v1.11.1

devops-102   Ready     <none>    11m       v1.11.1

我把安装中需要用到的一些命令整理成了几个脚本,放在我的Github上,大家可以下载使用。

X. 坑

pause:3.1

安装的过程中,发现kubeadmin会找 pause:3.1 的镜像,所以需要重新 tag 。

$ docker tag registry.cn-hangzhou.aliyuncs.com/k8sth/pause-amd64:3.1 k8s.gcr.io/pause:3.1

两台服务器时间不同步。

报错信息

[discovery] Failed to request cluster info, will try again: [Get https://192.168.0.101:6443/api/v1/namespaces/kube-public/configmaps/cluster-info: x509: certificate has expired or is not yet valid]

解决方法,设定一个时间服务器同步两台服务器的时间。

$ ntpdate ntp1.aliyun.com

参考资料

  1. centos7.3 kubernetes/k8s 1.10 离线安装
  2. Kubeadm安装Kubernetes环境
  3. Steps to install kubernetes
  4. kubeadm reference guide
  5. kubeadm安装Kubernetes V1.10集群详细文档
  6. kubeadm reference
  7. kubeadm搭建kubernetes1.7.5集群
  8. 安装部署 Kubernetes 集群
  9. linux 命令 ---- 同步当前服务器时间
  10. CentOS 7.4 安装 K8S v1.11.0 集群所遇到的问题
  11. 使用kubeadm部署kubernetes

kubeadm安装kubernetes V1.11.1 集群的更多相关文章

  1. CentOS 7.4 安装 K8S v1.11.0 集群所遇到的问题

    0.引言 最近打算将现有项目的 Docker 部署到阿里云上面,但是之前是单机部署,现在阿里云上面有 3 台机器,所以想做一个 Docker 集群.之前考虑是用 Docker Swarm 来做这个事情 ...

  2. Ubuntu16.04搭建kubernetes v1.11.2集群

    1.节点介绍         master      cluster-1      cluster-2      cluster-3 hostname        k8s-55      k8s-5 ...

  3. kubeadm安装kubernetes 1.13.1集群完整部署记录

    k8s是什么 Kubernetes简称为k8s,它是 Google 开源的容器集群管理系统.在 Docker 技术的基础上,为容器化的应用提供部署运行.资源调度.服务发现和动态伸缩等一系列完整功能,提 ...

  4. 使用Kubeadm搭建Kubernetes(1.12.2)集群

    Kubeadm是Kubernetes官方提供的用于快速安装Kubernetes集群的工具,伴随Kubernetes每个版本的发布都会同步更新,在2018年将进入GA状态,说明离生产环境中使用的距离越来 ...

  5. 使用 kubeadm 安装 kubernetes v1.16.0

    近日通过kubeadm 安装 kubernetes v1.16.0,踩过不少坑,现记录下安装过程. 安装环境: 系           统:CentOS Linux release 7.6 Docke ...

  6. 使用kubeadm安装kubernetes v1.14.1

    使用kubeadm安装kubernetes v1.14.1 一.环境准备 操作系统:Centos 7.5 ​ ⼀ 一台或多台运⾏行行着下列列系统的机器器: ​ Ubuntu 16.04+ ​ Debi ...

  7. 安装 kubernetes v1.11.1

    kubernetes 版本 v1.11.1 系统版本:Centos 7.4 3.10.0-693.el7.x86_64 master: 192.168.0.205 node1: 192.168.0.2 ...

  8. 使用kubeadm搭建Kubernetes(1.10.2)集群(国内环境)

    目录 目标 准备 主机 软件 步骤 (1/4)安装 kubeadm, kubelet and kubectl (2/4)初始化master节点 (3/4) 安装网络插件 (4/4)加入其他节点 (可选 ...

  9. kubeadm安装Kubernetes V1.10集群详细文档

    https://www.kubernetes.org.cn/3808.html?tdsourcetag=s_pcqq_aiomsg 1:服务器信息以及节点介绍 系统信息:centos1708 mini ...

随机推荐

  1. 京东在html5页面中打开本地app的解决方案

    转:https://blog.csdn.net/CameloHuang/article/details/64476385 从html5打开本地的app–如果本地没有app就跳转到下载页面,大家都会认为 ...

  2. 【C++ Primer 第10章】再探迭代器

    反向迭代器 • 反向迭代器就是在容器中从尾元素向首元素反向移动的迭代器.对于反向迭代器,递增(以及递减)操作的含义会颠倒过来. • 递增一个反向迭代器(++it)会移动到前一个元素:递减一迭代器(-- ...

  3. HDU 1029 某个数出现的次数大于等于(N+1)/2的是哪个 map水题

    题意:输入n个数 n为奇数 问某个数出现的次数大于等于(N+1)/2的是 哪个 输出来Sample Input51 3 2 3 3111 1 1 1 1 5 5 5 5 5 571 1 1 1 1 1 ...

  4. eclipse错误GC overhead limit exceeded

    1.eclipse以外关闭后打开错误如下图: 2.具体详情: 3.An internal error occurred during: "Building workspace". ...

  5. Storm消息容错机制(ack-fail机制)

    storm消息容错机制(ack-fail) 1.介绍 在storm中,可靠的信息处理机制是从spout开始的. 一个提供了可靠的处理机制的spout需要记录他发射出去的tuple,当下游bolt处理t ...

  6. 文档工具GitBook使用

    一.登陆注册 地址:https://www.gitbook.com/ 1.gitbook可使用github账号登录,如果已经注册github可以直接使用github账号登录 2.如果是github账号 ...

  7. P2700 逐个击破 最小生成树

    题目描述 现在有N个城市,其中K个被敌方军团占领了,N个城市间有N-1条公路相连,破坏其中某条公路的代价是已知的,现在,告诉你K个敌方军团所在的城市,以及所有公路破坏的代价,请你算出花费最少的代价将这 ...

  8. 非常可乐 HDU1495

    BFS题 一共有六种状态转移 一一枚举就好 设置一个标记数组. 用二重循环可以很清晰的解决代码长的问题 #include<cstdio> #include<cstring> # ...

  9. char *s 与 char s[ ]的区别

    程序的内存分配 一个由C/C++编译的程序占用的内存分为以下几个部分 1.栈区(stack)— 由编译器自动分配释放 ,存放函数的参数值,局部变量的值等.其 操作方式类似于数据结构中的栈. 2.堆区( ...

  10. 【hdu】4521 小明序列【LIS变种】【间隔至少为d】

    题目链接:https://vjudge.net/contest/228455#problem/B 转载于:https://blog.csdn.net/a709743744/article/detail ...