kubeadm部署单节点k8s集群

kubeadm部署单节点k8s集群

Scroll Down

部署环境

环境说明

主机名IP地址角色系统
k8s-master192.168.200.175k8s-masterCentos7.6
k8s-node-1192.168.200.176k8s-nodeCentos7.6
k8s-node-2192.168.200.177k8s-nodeCentos7.6

所有节点都要写入hosts

[root@k8s-master ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.175 k8s-master
192.168.200.176 k8s-node1
192.168.200.177 k8s-node2

部署准备

以下都要在所有节点上执行
准备docker yum仓库
准备k8s yum仓库
准备 epel yum仓库

配置docker的yum库

[root@master01 ~]# cd /etc/yum.repos.d/
[root@master01 ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

配置k8s的yum库

[root@master01 ~]# cat /etc/yum.repos.d/
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

docker安装

[root@master01 ~]# yum -y install docker-ce
[root@master01 ~]# mkdir -p /etc/docker
[root@master01 ~]# vim /etc/docker/daemon.json

{
 "registry-mirrors": ["https://ik8akj45.mirror.aliyuncs.com"]
}
systemctl daemon-reload
systemctl start docker
systemctl enable docker

kubeadm安装

[root@master01 ~]# yum -y install kubeadm-1.15.4-0.x86_64 kubelet-1.15.4-0.x86_64 kubectl-1.15.4-0.x86_64

关闭swap

# 临时关闭
[root@k8s01 ~]# swapoff -a  
# 永久关闭
[root@k8s01 ~]# sed -ri 's/.*swap.*/#&/' /etc/fstab
[root@k8s01 ~]# sysctl --system 
#如不关闭,也可修改kubelet参数
[root@master01 ~]# vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
systemctl enable kubelet

关闭防火墙

[root@master01 ~]# systemctl stop firewalld && systemctl disable firewalld

部署k8s

master节点部署 kubeadm 初始化

#定义pod的网段为:10.244.0.0/16,api-server为本机ip地址,由于国内无法访问国外的镜像,这里通过--image-repository来指定阿里云镜像仓库地址
[root@master01 ~]# kubeadm init --kubernetes-version=1.15.4 --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --ignore-preflight-errors=all

#10.244.0.0/16为pod网络 server网络默认为10.96.0.0/12
网段可自定义,符合规定就好

初始化完成后,记录保存好token,24h有效

记住节点要加入的token

kubeadm join 192.168.200.175:6443 --token sllxy1.ava0v4czc6y1wo4u --discovery-token-ca-cert-hash sha256:d3d3dbf9bbaced3f49fc59cc6bc9a0ec69b8305492c16f8aaf10ccb0423d6637 

按照要求执行三个步骤

[root@master01 ~]# mkdir -p $HOME/.kube
[root@master01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master01 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

master部署网络插件flannel

[root@master01 ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

node节点部署 各节点利用token部署

#重新生成token
[root@k8s-master yum.repos.d]# kubeadm token create
0xi0z9.wbe8xf1v4s4k8xqt
#列出token
[root@k8s-master yum.repos.d]# kubeadm token list
TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
0xi0z9.wbe8xf1v4s4k8xqt   23h       2019-07-23T11:49:47+08:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token
1o6ho6.ju8tsc9q760v22bn   23h       2019-07-23T11:38:56+08:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token
#获取token值
[root@k8s-master yum.repos.d]# kubeadm token list  | awk -F" " '{print $1}' |tail -n 1
1o6ho6.ju8tsc9q760v22bn
#获取CA公钥的哈希值
[root@k8s-master yum.repos.d]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed  's/^ .* //'
(stdin)= d3d3dbf9bbaced3f49fc59cc6bc9a0ec69b8305492c16f8aaf10ccb0423d6637
#利用新的token加入集群
kubeadm join 192.168.200.175:6443 --token 1o6ho6.ju8tsc9q760v22bn --discovery-token-ca-cert-hash sha256:d3d3dbf9bbaced3f49fc59cc6bc9a0ec69b8305492c16f8aaf10ccb0423d6637 --ignore-preflight-errors=all

查看各节点是否就绪

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   5d20h   v1.15.0
k8s-node1    Ready    <none>   5d19h   v1.15.0
k8s-node2    Ready    <none>   5d19h   v1.15.0