1.准备
准备两台 CentOS 7.3.1611 主机
1.1 系统配置
1.1.1 修改 hostname
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2
1.1.2 修改 /etc/hosts
echo "10.211.55.51 k8s-node1" >> /etc/hosts
echo "10.211.55.52 k8s-node2" >> /etc/hosts
1.1.3 禁用防火墙
systemctl stop firewalld
systemctl disable firewalld
1.2 安装 docker
2台主机都要安装
Docker versions 1.10.3, 1.11.2, 1.12.6 have been validated
目前 kubernetes 官方支持 docker 的最高版本为1.12.6,所以这里安装 1.12.6 版本的 docker
1.2.1 Add the yum repo
sudo tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
1.2.2 Install the Docker package
yum install -y docker-engine-1.12.6
systemctl enable docker && systemctl start docker
2.安装 kubectl kubeadm kubelet
2台主机都要安装
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubectl kubelet kubeadm
修改 /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
将 Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=systemd"
改为 Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"
systemctl enable kubelet && systemctl start kubelet
3.使用 kubeadm init 初始化集群
Note: - In order for Network Policy to work correctly, you need to pass --pod-network-cidr=192.168.0.0/16 to kubeadm init - Calico works on amd64 only.
这里因为我们之后要使用 calico,所以需要 --pod-network-cidr 参数
kubeadm init --pod-network-cidr=192.168.0.0/16
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.3
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks
[preflight] Starting the kubelet service
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [k8s-node1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.211.55.51]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[apiclient] Created API client, waiting for the control plane to become ready
[apiclient] All control plane components are healthy after 128.500975 seconds
[token] Using token: b5bdde.b6a3e93dbd76a535
[apiconfig] Created RBAC rules
[addons] Applied essential addon: kube-proxy
[addons] Applied essential addon: kube-dns
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run (as a regular user):
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
http://kubernetes.io/docs/admin/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join --token b5bdde.b6a3e93dbd76a535 10.211.55.51:6443
4.安装 pod network
这里我们使用 calico
kubectl apply -f https://docs.projectcalico.org/v2.4/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml
configmap "calico-config" created
daemonset "calico-etcd" created
service "calico-etcd" created
daemonset "calico-node" created
deployment "calico-policy-controller" created
clusterrolebinding "calico-cni-plugin" created
clusterrole "calico-cni-plugin" created
serviceaccount "calico-cni-plugin" created
clusterrolebinding "calico-policy-controller" created
clusterrole "calico-policy-controller" created
serviceaccount "calico-policy-controller" created
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-etcd-twsf9 1/1 Running 0 2h
kube-system calico-node-nmbcp 2/2 Running 0 2h
kube-system calico-node-st191 2/2 Running 0 2h
kube-system calico-policy-controller-336633499-km08x 1/1 Running 0 2h
kube-system etcd-k8s-node1 1/1 Running 0 2h
kube-system kube-apiserver-k8s-node1 1/1 Running 0 2h
kube-system kube-controller-manager-k8s-node1 1/1 Running 0 2h
kube-system kube-dns-2425271678-01qzj 3/3 Running 3 2h
kube-system kube-proxy-6rk7f 1/1 Running 0 2h
kube-system kube-proxy-xbv0b 1/1 Running 0 2h
kube-system kube-scheduler-k8s-node1 1/1 Running 0 2h
5.向 kubernetes 集群添加 node
kubeadm join --token 6161c7.47935395206b75fe 10.211.55.51:6443
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[preflight] The system verification failed. Printing the output from the verification:
OS: Linux
KERNEL_VERSION: 3.10.0-514.el7.x86_64
CONFIG_NAMESPACES: enabled
CONFIG_NET_NS: enabled
CONFIG_PID_NS: enabled
CONFIG_IPC_NS: enabled
CONFIG_UTS_NS: enabled
CONFIG_CGROUPS: enabled
CONFIG_CGROUP_CPUACCT: enabled
CONFIG_CGROUP_DEVICE: enabled
CONFIG_CGROUP_FREEZER: enabled
CONFIG_CGROUP_SCHED: enabled
CONFIG_CPUSETS: enabled
CONFIG_MEMCG: enabled
CONFIG_INET: enabled
CONFIG_EXT4_FS: enabled (as module)
CONFIG_PROC_FS: enabled
CONFIG_NETFILTER_XT_TARGET_REDIRECT: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled (as module)
CONFIG_OVERLAY_FS: enabled (as module)
CONFIG_AUFS_FS: not set - Required for aufs.
CONFIG_BLK_DEV_DM: enabled (as module)
CGROUPS_CPU: enabled
CGROUPS_CPUACCT: enabled
CGROUPS_CPUSET: enabled
CGROUPS_DEVICES: enabled
CGROUPS_FREEZER: enabled
CGROUPS_MEMORY: enabled
[preflight] WARNING: docker service is not enabled, please run 'systemctl enable docker.service'
[preflight] Some fatal errors occurred:
failed to get docker info: Cannot connect to the Docker daemon. Is the docker daemon running on this host?
docker service is not active, please run 'systemctl start docker.service'
/proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`
[root@centos-7 ~]# systemctl enable docker && systemctl start docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@centos-7 ~]# kubeadm join --token 6161c7.47935395206b75fe 10.211.55.51:6443
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[discovery] Trying to connect to API Server "10.211.55.51:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.211.55.51:6443"
[discovery] Cluster info signature and contents are valid, will use API Server "https://10.211.55.51:6443"
[discovery] Successfully established connection with API Server "10.211.55.51:6443"
[bootstrap] Detected server version: v1.7.3
[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)
[csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request
[csr] Received signed certificate from the API server, generating KubeConfig...
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
Node join complete:
* Certificate signing request sent to master and response
received.
* Kubelet informed of new secure connection details.
Run 'kubectl get nodes' on the master to see this machine join.
参考
- 使用kubeadm安装Kubernetes 1.7