国内源安装kubernetes

环境 centos7 为例

1 yum 源修改为国内

// 备份本地yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak 

// 获取阿里yum源配置
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
// 或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

// 更新catch
yum clean all # 清除系统所有的yum缓存 
yum makecache # 生成yum缓存

// 查看
yum -y update 

// 调整时区为上海
timedatectl set-timezone Asia/Shanghai

2 使用本地软件包管理软件安装 kubectl 二进制文件

$ cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
开始安装 kubelet kubeadm kubectl
$ yum install -y kubelet-1.18.2 kubeadm-1.18.2 kubectl-1.18.2

设置开机启动
$ systemctl enable kubelet && systemctl start kubelet

设置路由策略
lsmod | grep br_netfilter

使桥接流量对iptables可见

cat <  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

关闭swap
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
sudo swapoff -a

验证是否生效,均返回 1 即正确
sysctl -n net.bridge.bridge-nf-call-iptables
sysctl -n net.bridge.bridge-nf-call-ip6tables

echo "1" >/proc/sys/net/ipv4/ip_forward
 

3 关闭防火墙

sudo systemctl stop firewalld.service   #停止firewall
sudo systemctl disable firewalld.service #禁止firewall开机启动
sudo firewall-cmd --state             #查看防火墙状态

4 禁用SELINUX

sudo setenforce 0
sudo vi /etc/selinux/config
#SELINUX修改为disabled
SELINUX=disabled

5 升级内核为 4.44 版本

更新yum源
yum -y update

获取源
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
 
安装,装完成后检查 /boot/grub2/grub.cfg中对应内核menuentry中是否包含 initrd16 配置,如果没有,再安装一次!
yum --enablerepo=elrepo-kernel install -y kernel-lt 
 
查看系统的全部内核
sudo awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg


0 : CentOS Linux (4.4.234-1.el7.elrepo.x86_64) 7 (Core)
1 : CentOS Linux (3.10.0-1127.19.1.el7.x86_64) 7 (Core)
2 : CentOS Linux (3.10.0-1127.el7.x86_64) 7 (Core)
3 : CentOS Linux (0-rescue-a3c527d56cc044c1887c29a15fe92891) 7 (Core)



设置开机从新内核启动
grub2-set-default 0


生成grub配置文件
grub2-mkconfig -o /boot/grub2/grub.cfg


重启使配置有效
reboot

查看正在使用的内核
uname -r



6 安装 docker-ce,国内阿里仓库安装


安装所需的软件包。yum-utils 提供了 yum-config-manager ,并且 device mapper 存储驱动程序需要 device-mapper-persistent-data 和 lvm2。



sudo yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2





$ sudo yum-config-manager \
    --add-repo \
    http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo



安装最新版本的 Docker Engine-Community 和 containerd



$ sudo yum install docker-ce docker-ce-cli containerd.io

将普通用户可以执行docker命令

创建docker 用户组
sudo groupadd docker

普通用户加入docker用户组
sudo usermod -aG docker ${USER}


启动docker
sudo systemctl restart docker



## Create /etc/docker
mkdir /etc/docker


# Set up the Docker daemon
cat > /etc/docker/daemon.json <




mkdir -p /etc/systemd/system/docker.service.d




# Restart Docker
systemctl daemon-reload
systemctl restart docker

# 开机启动docker
systemctl enable docker




7 查看kubeadm、kubectl、cubelet 版本命令



[allen@k8s-node2 ~]$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:28:32Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
[allen@k8s-node2 ~]$ kubectl version --client
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:30:33Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
[allen@k8s-node2 ~]$ kubelet --version
Kubernetes v1.19.0




8 master 节点初始化集群



[root@master ~]# kubeadm init --kubernetes-version=1.18.2 \


--apiserver-advertise-address=192.168.253.11 \
--ignore-preflight-errors=all \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16



POD的网段为: 10.122.0.0/16, api server地址就是master本机IP。


这一步很关键,由于kubeadm 默认从官网k8s.grc.io下载所需镜像,国内无法访问,因此需要通过–image-repository指定阿里云镜像仓库地址。


 参数解释:



–kubernetes-version: 用于指定k8s版本;
–apiserver-advertise-address:用于指定kube-apiserver监听的ip地址,就是 master本机IP地址。
–pod-network-cidr:用于指定Pod的网络范围; 10.244.0.0/16
–service-cidr:用于指定SVC的网络范围;
–image-repository: 指定阿里云镜像仓库地址




9 执行以下命令



[root@master ~]#  mkdir -p $HOME/.kube
[root@master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config




10 使kubectl自动补全



# source <(kubectl completion bash)



11 查看节点



kubectl get pod --all-namespaces -o wide



12 添加网络



kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

或者

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml




13 worker 节点添加到集群中



kubeadm join 192.168.253.11:6443 --token zz2iu9.ta51l53ajgai8rhx --discovery-token-ca-cert-hash sha256:e49bc0b32bd1f8ebdd8420bf5f29c4d8ab8b0f4abc21d0e9612b57cb8b0c41a8 



重新生成加入集群命令



kubeadm token create --print-join-command







14 部署 dashbord 界面


下载 dashbord.yaml 文件到本地,可以在github上查看想要的版本,例如 2.0.0 地址如下



https://github.com/kubernetes/dashboard/blob/v2.0.0/aio/deploy/recommended.yaml



部署



kubectl create -f dashbord.yaml


kubectl proxy



可以通过以下方式查看界面



https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md




15 设置可以在外部访问dashboard,修改 dashboard以 nodePort 访问,编辑配置文件



$ kubectl -n kubernetes-dashboard edit service kubernetes-dashboard




修改类型
type: ClusterIP 
改为
type: NodePort



查看暴露的端口



kubectl -n kubernetes-dashboard get service kubernetes-dashboard







此时可以通过31481端口访问



https://192.168.253.11:31481/#/login









查看dashboard.yaml 文件找到 





 表示创建了 kubernetes-dashbord  账户


15.1 为该账户创建登录 token



kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep kubernetes-dashboard | awk '{print $1}')



输出样例如下:



Name:         kubernetes-dashboard-certs
Namespace:    kubernetes-dashboard
Labels:       k8s-app=kubernetes-dashboard
Annotations:  

Type:  Opaque

Data
====


Name:         kubernetes-dashboard-csrf
Namespace:    kubernetes-dashboard
Labels:       k8s-app=kubernetes-dashboard
Annotations:  

Type:  Opaque

Data
====
csrf:  256 bytes


Name:         kubernetes-dashboard-key-holder
Namespace:    kubernetes-dashboard
Labels:       
Annotations:  

Type:  Opaque

Data
====
priv:  1679 bytes
pub:   459 bytes


Name:         kubernetes-dashboard-token-5w8wl
Namespace:    kubernetes-dashboard
Labels:       
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: bbc82fe3-cd7d-439a-b8e6-0cc0babc3909

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlZ1Nm1aWDMxZlVqenl3OVJtdnJldmtDQ1UyS1F0UVVjd3VVLTEzc2tXYzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi01dzh3bCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY29jZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJiYzgyZmUzLWNkN2QtNDM5YS1iOGU2LTBjYzBiYWJjMzkwOSIsInN1YiI6ZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.oFNrIn9sfEXtENOz3ENWrtHN_snUkMkDD5cvMPlAVqBZMM1jHK4bzl2tzym2jcd-1rA1X3g_GfgECGCmnNkU33TublWXaofkMsy8qR6y5sy9uXo8_lke-c3XRwDI3GTq_TU0A61b3MgiuP4U9z2StYxL2lsC9OZfKfmAx5cn8titkvIu7zxftxjJKVKQb6QHjX2q8zbOV3J7x9ObmdLv4emjOqUZvl_5uRNbaSTCcnXJ7TAXvdOzi506EkkjtlwQCccpnOUqt3IzMS5vT_WyeItJ2iZ_vnxs5frnsfof2diYprIr9V88WWP_XmDX0g



此时将 token 复制到 dashbord 登录页 token 输入框




 卸载kubenetes集群



kubectl delete node --all
kubeadm reset -f
modprobe -r ipip
lsmod
rm -rf ~/.kube/
rm -rf /etc/kubernetes/
rm -rf /etc/systemd/system/kubelet.service.d
rm -rf /etc/systemd/system/kubelet.service
rm -rf /usr/bin/kube*
rm -rf /etc/cni
rm -rf /opt/cni
rm -rf /var/lib/etcd
rm -rf /var/etcd
yum clean all
yum remove kube*




常见问题:


1.  加入集群时报错: /etc/kubernetes/kubelet.conf already exists


原因: 上次的配置文件没有清理干净,删除即可



rm -rf /etc/kubernetes/kubelet.conf /etc/kubernetes/pki/ca.crt



2.   加入集群时报错: [ERROR Port-10250]: Port 10250 is in use


原因:上次加入没有成功就关闭。重置kubeadm



kubeadm reset



 3. 加入集群报错:/proc/sys/net/ipv4/ip_forward contents are not set to 1



echo "1" >/proc/sys/net/ipv4/ip_forward




参考文献


https://blog.csdn.net/xiaojin21cen/article/details/84726193


https://www.cnblogs.com/xjh713/p/7458437.html


https://blog.csdn.net/weixin_43394724/article/details/96477946


https://www.cnblogs.com/chenzhenqi/p/10695959.html


https://blog.csdn.net/u013641234/article/details/106329087/


https://www.cnblogs.com/xzkzzz/p/9627658.html


https://www.runoob.com/docker/centos-docker-install.html


https://blog.csdn.net/sq4521/article/details/105873575


https://blog.csdn.net/aixiaoyang168/article/details/78411511


https://www.cnblogs.com/hellxz/p/use-kubeadm-init-kubernetes-cluster.html

						  
					  

						
							


						

							
							
			虚拟化容器国内源安装kubernetes							
						



						

						
						


						

						
					

					

					
					

						
相关

						

				
						
			            
            
            
                                    
           
  			
						

					

					
				


				

														
					
					

					
									

					
									   
标签