在CentOS8中安装Kubernetes(K8s)

Posted on by

1 安装Docker设置静态IP

2 先决条件

2.1 禁用防火墙

systemctl stop firewalld && systemctl disable firewalld

2.2 永久性禁用swap 与SELinux安全配置,

vi /etc/fstab

#注释最后一行如:
#/dev/mapper/cl-swap

vi /etc/selinux/config
#改为
SELINUX=disabled

#或者使用以下命令进行关闭
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

swapoff -a
setenforce 0 

2.3 安装依赖(可选)

yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget
modprobe ip_vs_rr
modprobe br_netfilter

2.4 优化内核参数

vi /etc/sysctl.d/kubernetes.conf

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0 # 禁止使用 swap 空间,只有当系统 OOM 时才允许使用它  
vm.overcommit_memory=1 # 不检查物理内存是否够用  
vm.panic_on_oom=0 # 开启 OOM
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720

3 创建K8s的yum安装源

vi /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

4 安装

yum install -y kubectl kubelet kubeadm

5 设置开机自启kubelet (与容器进行交互)

systemctl enable kubelet

6 初始化master节点

kubeadm init  --image-repository registry.aliyuncs.com/google_containers   --pod-network-cidr=10.244.0.0/16  | tee init.log

----------
还可以额外指定所需要初始化的版本:--kubernetes-version v1.17.0

6.1 另外也可以通过内置的初始化模板进行初始化:可使用一下命令获得内置初始化模板

kubeadm config print init-defaults

然后保存到本地(文件名如:k8s-init,yaml),使用以下命令进行初始化

kubeadm init --k8s-init.yaml | tee init.log

7 该方法需要从谷歌获得镜像,需要科学上网,解决办法,可以从阿里云获得相应镜像,然后使用docker tag进行更改便签

需要以下镜像版本号看相应的错误提示

k8s.gcr.io/kube-apiserver:v1.17.0
k8s.gcr.io/kube-controller-manager:v1.17.0
k8s.gcr.io/kube-scheduler:v1.17.0
k8s.gcr.io/kube-proxy:v1.17.0
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.5

docker tag命令

docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.17.0
docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.17.0 k8s.gcr.io/kube-apiserver:v1.17.0

docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.17.0
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.17.0 k8s.gcr.io/kube-controller-manager:v1.17.0

docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.17.0
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.17.0 k8s.gcr.io/kube-scheduler:v1.17.0

docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.17.0
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.17.0 k8s.gcr.io/kube-proxy:v1.17.0

docker pull registry.aliyuncs.com/google_containers/pause:3.1
docker tag registry.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1

docker pull registry.aliyuncs.com/google_containers/etcd:3.4.3-0
docker tag registry.aliyuncs.com/google_containers/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0

docker pull registry.aliyuncs.com/google_containers/coredns:1.6.5 
docker tag registry.aliyuncs.com/google_containers/coredns:1.6.5 k8s.gcr.io/coredns:1.6.5

PS:安装完后会出现以下的提示.记得复制token

kubeadm join 192.168.2.212:6443 --token fy24jx.na2tkrv3ejj4qum7 \
    --discovery-token-ca-cert-hash sha256:d3a3fa786cbcbc442f572673df6ac5fe768c90e84bb5ac5597f3e0db78c1ad12 

8 创建配置文件

mkdir -p $HOME/.kube

cp -i /etc/kubernetes/admin.conf  $HOME/.kube/config

chown $(id -u):$(id -g) $HOME/.kube/config

9 安装网络插件,任选一个

9.1 Flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

9.2 Calico
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

如果提示连接被拒绝,可以手动下载,然后复制到服务器上执行

PS: 如果镜像下载的太慢,可以全局替换kube-flannel.yml中的:quay.io 为 quay-mirror.qiniu.com , 或者 手动 使用docker pull 镜像

遇到的问题————————————

1 dashboard部署不成功,安装后启动不了,

使用kubectl get pod –all-namespaces -o wide 命令 查看 dashboard是否部署到了其他节点,而导致了访问不到api server. 可以在dashboard.yaml增加nodeName: Master 指定部署到master节点

    spec:
      nodeName: master
      containers:

2 设置IPtables

vi /etc/systemd/system/docker.service.d/docker.service

[Service]
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT