準備
雲原生的概念越來越火,忍不住去看了看kubernetes,初次接觸,暈暈乎乎的,於是不管三七二十一,先搭建個單機版的再說(沒錢買伺服器,目前也懶得裝虛擬機器),跑起來也算是第一步吧。網上教程一頓搜,各種配置一頓配,這裡正好做個記錄。
步驟
關閉防火強和selinux
- 關閉防火請
systemctl stop firewalld
systemctl disable firewalld
- 關閉selinux
setenforce 0
- 修改檔案/etc/selinux/config
[root@zhangpeilei ~]# cat /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
禁用swap
swapoff -a
修改核心引數和模組
- 修改檔案/etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
- 執行命令
sysctl --system
modprobe br_netfilter
安裝docker,網上方法很多
yum -y install yum-utils device-mapper-persistent-data lvm2
yum-config-manager -y --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install docker-ce-18.06.3.ce-3.el7 docker-ce-cli-18.06.3.ce-3.el7 containerd.io
systemctl start docker
systemctl enable docker
安裝完執行下
docker version
[root@zhangpeilei ~]# docker version
Client:
Version: 18.06.3-ce
API version: 1.38
Go version: go1.10.3
Git commit: d7080c1
Built: Wed Feb 20 02:26:51 2019
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.3-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: d7080c1
Built: Wed Feb 20 02:28:17 2019
OS/Arch: linux/amd64
Experimental: false
安裝kubernates元件
- 修改檔案/etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
- 執行命令
yum -y install kubelet-1.13* kubeadm-1.13* kubectl-1.13*
systemctl start kubelet
systemctl enable kubelet
下載kubernetes映象,並且打標籤
docker pull mirrorgooglecontainers/kube-apiserver:v1.13.3
docker pull mirrorgooglecontainers/kube-controller-manager:v1.13.3
docker pull mirrorgooglecontainers/kube-scheduler:v1.13.3
docker pull mirrorgooglecontainers/kube-proxy:v1.13.3
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.2.24
docker pull coredns/coredns:1.2.6
# 打標籤
docker tag mirrorgooglecontainers/kube-apiserver:v1.13.3 k8s.gcr.io/kube-apiserver:v1.13.3
docker tag mirrorgooglecontainers/kube-controller-manager:v1.13.3 k8s.gcr.io/kube-controller-manager:v1.13.3
docker tag mirrorgooglecontainers/kube-scheduler:v1.13.3 k8s.gcr.io/kube-scheduler:v1.13.3
docker tag mirrorgooglecontainers/kube-proxy:v1.13.3 k8s.gcr.io/kube-proxy:v1.13.3
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag coredns/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
初始化
kubeadm init --kubernetes-version=v1.13.3
接下來根據提示做如下操作
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')
- 成功後執行如下命令看是否成功
[root@zhangpeilei ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-86c58d9df4-7b8vr 0/1 Pending 0 76s
kube-system coredns-86c58d9df4-z8lrf 0/1 Pending 0 76s
kube-system etcd-zhangpeilei 1/1 Running 0 22s
kube-system kube-apiserver-zhangpeilei 1/1 Running 0 13s
kube-system kube-controller-manager-zhangpeilei 1/1 Running 0 20s
kube-system kube-proxy-qlmpp 1/1 Running 0 76s
kube-system kube-scheduler-zhangpeilei 1/1 Running 0 31s
kube-system weave-net-2ph7d 2/2 Running 0 9s
至此我們安裝應該成功了.
master加入節點
kubeadm join <ip>:<port> --token <token> --discovery-token-ca-cert-hash <hash>
檢視節點
[root@zhangpeilei ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
zhangpeilei Ready master 3h40m v1.13.12
但安裝的時候哪有一帆風順的,下面是我碰到的一些問題。
問題一
root@zhangpeilei ~]# kubectl get pods --all-namespaces
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
解決方式:如果執行完
kubeadm reset
命令後,需要先
rm -rf $HOME/.kube
然後再執行如下命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
問題二
檢視節點
[root@zhangpeilei ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
zhangpeilei NotReady master 3h40m v1.13.12
發現節點狀態是NotReady,首先通過命令檢視日誌
journalctl -f -u kubelet.service
修改檔案/etc/cni/net.d/10-flannel.conflist
{
"name": "cbr0",
"cniVersion": "0.2.0",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
修改後執行
systemctl daemon-reload