本博客搭建k8s集群1.12.2版本
systemctl disable firewalldsystemctl stop firewalld
生产环境下建议不要关闭防火墙,只开放k8s所用的端口
首先选择一台性能比较好的机器作为主节点
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[kubernetes]name=kubernetes Repobaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpgenabled=1
wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgrpm --import rpm-package-key.gpgyum repolist
yum install kubeadm-1.12.2-0.x86_64 docker-ce-18.06.0.ce kubelet-1.12.2-0.x86_64
这里指定了docker和kubelet的版本,如果不指定的话默认下载最新的版本,如果你的服务器可以上Google的话可以选择执行以下命令下载最新版
yum install kubeadm docker-ce kubelet
这里分为两种场景
Environment="HTTPS_PROXY=http://www.ik8s.io:10080"Environment="NO_PROXY=127.0.0.0/8,172.0.0.0/16"
systemctl daemon-reload
systemctl enable dockersystemctl start docker
systemctl enable dockersystemctl start docker
docker pull mirrorgooglecontainers/kube-apiserver-amd64:v1.12.2docker pull mirrorgooglecontainers/kube-controller-manager-amd64:v1.12.2docker pull mirrorgooglecontainers/kube-scheduler-amd64:v1.12.2docker pull mirrorgooglecontainers/kube-proxy-amd64:v1.12.2docker pull mirrorgooglecontainers/pause:3.1docker pull mirrorgooglecontainers/etcd-amd64:3.2.24docker pull coredns/coredns:1.2.2
因为来自mirrorgooglecontainers或者coredns的镜像k8s是不认识的,所以我们需要修改一下上方下载的镜像的tag
docker tag mirrorgooglecontainers/kube-apiserver-amd64:v1.12.2 k8s.gcr.io/kube-apiserver-amd64:v1.12.2
docker tag mirrorgooglecontainers/kube-controller-manager-amd64:v1.12.2 k8s.gcr.io/kube-controller-manager-amd64:v1.12.2
docker tag mirrorgooglecontainers/kube-scheduler-amd64:v1.12.2 k8s.gcr.io/kube-scheduler-amd64:v1.12.2
docker tag mirrorgooglecontainers/kube-proxy-amd64:v1.12.2 k8s.gcr.io/kube-proxy-amd64:v1.12.2
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd-amd64:3.2.24 k8s.gcr.io/etcd-amd64:3.2.24
docker tag coredns/coredns:1.2.2 k8s.gcr.io/coredns:1.2.2
cat /proc/sys/net/bridge/bridge-nf-call-ip6tablescat /proc/sys/net/bridge/bridge-nf-call-iptables
查看两条命令是否返回的都是1
rpm -ql kubelet
执行以上命令看屏幕结果是否如下
/etc/kubernetes/manifests #清单目录/etc/sysconfig/kubelet #配置文件/etc/systemd/system/kubelet.service /usr/bin/kubelet #主程序
systemctl enable kubelet
kubeadm init --kubernetes-version=v1.12.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
注意如果使用最新版本的话不需要使用–kubernetes-version参数
命令执行后k8s会进行一系列的检查,比如说:
检查结束以后如果没问题的话名字执行结束最后会有这样的一条指令出现
kubeadm join 172.26.15.165:6443 --token ns4kps.j8cuqwf78emp5a5b --discovery-token-ca-cert-hash sha256:b71b7e52c318959bab3f05f02f6fe51d6396d8c54ea6849ec7556927d1c6c88a
这个就是node节点需要加入主节点时所需要的token,很重要,记下来,一会会用到
mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/config
kubectl get nodes
查看节点status是否为NotReady
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
curl -sSL"https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml?raw=true" | kubectl create -f -
kubectl get nodes
查看节点status是否为Ready
至此master节点的配置已经完成了。
scp /etc/yum.repos.d/CentOS-Base.repo docker-ce.repo kubernetes.repo 服务器ip:/etc/yum.repos.d/scp /etc/sysconfig/kubelet 服务器ip:/etc/sysconfig/
wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgrpm --import rpm-package-key.gpg
yum install kubeadm-1.12.2-0.x86_64 docker-ce-18.06.0.ce kubelet-1.12.2-0.x86_64
systemctl start dockersystemctl enable docker kubelet
kubeadm join 172.26.15.165:6443 --token ns4kps.j8cuqwf78emp5a5b --discovery-token-ca-cert-hash sha256:b71b7e52c318959bab3f05f02f6fe51d6396d8c54ea6849ec7556927d1c6c88a
kubectl get nodes
至此k8s集群就搭建完成了。