kubeadm安装k8s和k8s基本命令使用(Kubedm installation k8s and k8s basic commands)

搭建k8s完整过程三台虚拟机都采用centos7.21、初始化环境准备:1.1、环境装备192.168.1.3 k8s-master01192.168.1.4 k8s-node01192.168.1.5 k8s-node021、2、设置系统主机名hostnamectl set-hostname k8s-master01hostnamectl set-hostname k8s-node01hostnamectl set-hostname k8s-node021.3 分别修改各机器的host文件*cat >/etc/hosts << EOF192.168.1.4 k8s-node01192.168.1.5 k8s-node02192.168.1.3 k8s-master01EOF1.4 安装所需的依赖包yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git1.5、设置防火墙为 Iptables 并设置空规则systemctl stop firewalld && systemctl disable firewalldyum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save1.6、关闭 SELINUXswapoff -a && sed -i ‘/ swap / s/^\(.*\)$/#\1/g’ /etc/fstabsetenforce 0 && sed -i ‘s/^SELINUX=.*/SELINUX=disabled/’ /etc/selinux/config1.8、调整系统时区timedatectl set-timezone Asia/Shanghaitimedatectl set-local-rtc 0systemctl restart rsyslogsystemctl restart crond1.9、关闭系统不需要服务systemctl stop postfix && systemctl disable postfix1.10、设置 rsyslogd 和 systemd journaldmkdir /var/log/journalmkdir /etc/systemd/journald.conf.dcat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF[Journal]Storage=persistentCompress=yesSyncIntervalSec=5mRateLimitInterval=30sRateLimitBurst=1000SystemMaxUse=10GSystemMaxFileSize=200MMaxRetentionSec=2weekForwardToSyslog=noEOFsystemctl restart systemd-journald注意:以上步骤需要每一台机器均执行。2、安装 Docker 以及配置私有仓库2.1 安装docker软件yum install -y yum-utils device-mapper-persistent-data lvm2yum-config-manager \–add-repo \http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repoyum update -y && yum install -y docker-ce2.2 创建 /etc/docker 目录mkdir /etc/docker2.3 配置 daemon.jsoncat > /etc/docker/daemon.json <<EOF{  “registry-mirrors” : [    “http://registry.docker-cn.com”  ],  “insecure-registries” : [  ],  “exec-opts”: [“native.cgroupdriver=systemd”]}EOF注意:其中registry-mirrors为阿里云加速器地址,insecure-registries为私有仓库地址exec-opts 为调整docker的cgroupdriver,要和kubelet保持一致,具体可查看docker info .否则kubelet起不来.2.4 重启docker并开机启动systemctl daemon-reload && systemctl restart docker && systemctl enable docker2.5连接私有仓库docker login  #可以连接自己的私有仓库2.6 测试拉取私有仓库文件注意:上述步骤所有机器均需执行3、Kubeadm 部署安装k8s集群:3.1、kube-proxy开启ipvs的前置条件(这一步如果执行不成功,可以忽略)modprobe br_netfiltercat > /etc/sysconfig/modules/ipvs.modules <<EOF#!/bin/bashmodprobe — ip_vsmodprobe — ip_vs_rrmodprobe — ip_vs_wrrmodprobe — ip_vs_shmodprobe — nf_conntrack_ipv4EOFchmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules &&lsmod | grep -e ip_vs -e nf_conntrack_ipv43.2、安装 Kubeadm (所有机器)3.2.1 配置kubernetes yum源cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg              http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF3.2.2 安装kubeadm、kubectl、kubeletyum -y install kubeadm kubectl kubeletsystemctl enable kubelet.servicekubelet:运行在cluster所有节点上,负责启动POD和容器kubeadm:用于初始化clusterkubectl:kubectl是kubenetes命令行工具,通过kubectl可以部署和管理应用,查看各种资源,创建,删除和更新组件3.2.3 安装kubeadm基础镜像kubeadm config images list #列出所有的镜像版本执行shell脚本

#!/bin/bash
images=(  
   kube-apiserver:v1.23.1
   kube-controller-manager:v1.23.1
   kube-scheduler:v1.23.1
   kube-proxy:v1.23.1
   pause:3.6
   etcd:3.5.1-0
   coredns/coredns:v1.8.6
)

for imageName in ${images[@]} ; do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
    docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
    docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
done

docker pull registry.cn-hangzhou.aliyuncs.com/coredns/coredns:v1.8.6
docker tag registry.cn-hangzhou.aliyuncs.com/coredns/coredns:v1.8.6 k8s.gcr.io/coredns/coredns:v1.8.6
docker rmi registry.cn-hangzhou.aliyuncs.com/coredns/coredns:v1.8.6

3.3 初始化主节点此步骤可以直接初始化:kubeadm init –pod-network-cidr=10.244.0.0/163.3.1 生成kubeadm-config.yaml文件(也可以不使用配置文件直接执行上面的初始化命令)kubeadm config print init-defaults > kubeadm-config.yaml修改配置如下:apiVersion: kubeadm.k8s.io/v1beta2bootstrapTokens:- groups:  – system:bootstrappers:kubeadm:default-node-token  token: abcdef.0123456789abcdef  ttl: 24h0m0s  usages:  – signing  – authenticationkind: InitConfigurationlocalAPIEndpoint:  advertiseAddress: 192.168.1.3 #需修改  bindPort: 6443nodeRegistration:  criSocket: /var/run/dockershim.sock  name: k8s-master01  taints:  – effect: NoSchedule    key: node-role.kubernetes.io/master—apiServer:  timeoutForControlPlane: 4m0sapiVersion: kubeadm.k8s.io/v1beta2certificatesDir: /etc/kubernetes/pkiclusterName: kubernetescontrollerManager: {}dns:  type: CoreDNSetcd:  local:    dataDir: /var/lib/etcdimageRepository: k8s.gcr.iokind: ClusterConfigurationkubernetesVersion: v1.15.1#需修改networking:  dnsDomain: cluster.local  podSubnet: “10.244.0.0/16″#需新增  serviceSubnet: 10.96.0.0/12scheduler: {}—apiVersion: kubeproxy.config.k8s.io/v1alpha1kind: KubeProxyConfigurationfeatureGates:  SupportIPVSProxyMode: truemode: ipvs—apiVersion: kubeproxy.config.k8s.io/v1alpha1kind: KubeProxyConfigurationfeatureGates:SupportIPVSProxyMode: truemode: ipvs3.3.2 根据生成的文件进行kubeadm初始化kubeadm init –config=kubeadm-config.yaml –experimental-upload-certs | tee kubeadm-init.log注意:kubeadm-init.log需保留,后期可能会用到3.3.3 根据生成的日志在master执行如下命令mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config3.3.4 分别在两台机器执行如下命令,将该节点加入k8s集群中。kubeadm join 192.168.1.3:6443 –token abcdef.0123456789abcdef   –discovery-token-ca-cert-hash sha256:b4beebdc57cc809471996300fe3d49a4a66e1cc595807f06d80ee52ec927187e需要安装flannel网络插件:kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml注意:如日志没有保存可通过如下方式:1、获取hash值:openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed ‘s/^.* //’2、查看token:

 kubeadm token list

部署网络flannel

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

如果无法访问,可以下载

git pull https://github.com/flannel-io/flannel.git

然后进入Documentation目录下,直接执行:

kubectl apply -f ./kube-flannel.yaml

上述k8s安装完成journalctl -xefu kubelet 查看k8s集群报错日志

注意kubelet的从group dirver保持和docker的一致,不然会报如下错:可以修改docker的cgroup,修改/etc/docker/daemon.json  ,增加 {“exec-opts”: [“native.cgroupdriver=systemd”]},然后执行:systemctl daemon-reload  systemctl restart docker如果出现不能使用kubectl情况:echo export KUBECONFIG=/etc/kubernetes/kubelet.conf >> ~/.bashrc    source ~/.bashrc如果网络处于pending状态,要安装网络插件才行:kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml还有个套件可以直接安装k8s:kubekit如果要加节点,可以在master上执行:kubeadm token create –print-join-command#让 master节点参与POD负载的命令为kubectl taint nodes k8s-master node-role.kubernetes.io/master-#让 master节点恢复不参与POD负载的命令为 kubectl taint nodes k8s-master node-role.kubernetes.io/master=:NoSchedule

————————

搭建k8s完整过程三台虚拟机都采用centos7.21、初始化环境准备:1.1、环境装备192.168.1.3 k8s-master01192.168.1.4 k8s-node01192.168.1.5 k8s-node021、2、设置系统主机名hostnamectl set-hostname k8s-master01hostnamectl set-hostname k8s-node01hostnamectl set-hostname k8s-node021.3 分别修改各机器的host文件*cat >/etc/hosts << EOF192.168.1.4 k8s-node01192.168.1.5 k8s-node02192.168.1.3 k8s-master01EOF1.4 安装所需的依赖包yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git1.5、设置防火墙为 Iptables 并设置空规则systemctl stop firewalld && systemctl disable firewalldyum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save1.6、关闭 SELINUXswapoff -a && sed -i ‘/ swap / s/^\(.*\)$/#\1/g’ /etc/fstabsetenforce 0 && sed -i ‘s/^SELINUX=.*/SELINUX=disabled/’ /etc/selinux/config1.8、调整系统时区timedatectl set-timezone Asia/Shanghaitimedatectl set-local-rtc 0systemctl restart rsyslogsystemctl restart crond1.9、关闭系统不需要服务systemctl stop postfix && systemctl disable postfix1.10、设置 rsyslogd 和 systemd journaldmkdir /var/log/journalmkdir /etc/systemd/journald.conf.dcat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF[Journal]Storage=persistentCompress=yesSyncIntervalSec=5mRateLimitInterval=30sRateLimitBurst=1000SystemMaxUse=10GSystemMaxFileSize=200MMaxRetentionSec=2weekForwardToSyslog=noEOFsystemctl restart systemd-journald注意:以上步骤需要每一台机器均执行。2、安装 Docker 以及配置私有仓库2.1 安装docker软件yum install -y yum-utils device-mapper-persistent-data lvm2yum-config-manager \–add-repo \http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repoyum update -y && yum install -y docker-ce2.2 创建 /etc/docker 目录mkdir /etc/docker2.3 配置 daemon.jsoncat > /etc/docker/daemon.json <<EOF{  “registry-mirrors” : [    “http://registry.docker-cn.com”  ],  “insecure-registries” : [  ],  “exec-opts”: [“native.cgroupdriver=systemd”]}EOF注意:其中registry-mirrors为阿里云加速器地址,insecure-registries为私有仓库地址exec-opts 为调整docker的cgroupdriver,要和kubelet保持一致,具体可查看docker info .否则kubelet起不来.2.4 重启docker并开机启动systemctl daemon-reload && systemctl restart docker && systemctl enable docker2.5连接私有仓库docker login  #可以连接自己的私有仓库2.6 测试拉取私有仓库文件注意:上述步骤所有机器均需执行3、Kubeadm 部署安装k8s集群:3.1、kube-proxy开启ipvs的前置条件(这一步如果执行不成功,可以忽略)modprobe br_netfiltercat > /etc/sysconfig/modules/ipvs.modules <<EOF#!/bin/bashmodprobe — ip_vsmodprobe — ip_vs_rrmodprobe — ip_vs_wrrmodprobe — ip_vs_shmodprobe — nf_conntrack_ipv4EOFchmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules &&lsmod | grep -e ip_vs -e nf_conntrack_ipv43.2、安装 Kubeadm (所有机器)3.2.1 配置kubernetes yum源cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg              http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF3.2.2 安装kubeadm、kubectl、kubeletyum -y install kubeadm kubectl kubeletsystemctl enable kubelet.servicekubelet:运行在cluster所有节点上,负责启动POD和容器kubeadm:用于初始化clusterkubectl:kubectl是kubenetes命令行工具,通过kubectl可以部署和管理应用,查看各种资源,创建,删除和更新组件3.2.3 安装kubeadm基础镜像kubeadm config images list #列出所有的镜像版本执行shell脚本

#!/bin/bash
images=(  
   kube-apiserver:v1.23.1
   kube-controller-manager:v1.23.1
   kube-scheduler:v1.23.1
   kube-proxy:v1.23.1
   pause:3.6
   etcd:3.5.1-0
   coredns/coredns:v1.8.6
)

for imageName in ${images[@]} ; do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
    docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
    docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
done

docker pull registry.cn-hangzhou.aliyuncs.com/coredns/coredns:v1.8.6
docker tag registry.cn-hangzhou.aliyuncs.com/coredns/coredns:v1.8.6 k8s.gcr.io/coredns/coredns:v1.8.6
docker rmi registry.cn-hangzhou.aliyuncs.com/coredns/coredns:v1.8.6

3.3 初始化主节点此步骤可以直接初始化:kubeadm init –pod-network-cidr=10.244.0.0/163.3.1 生成kubeadm-config.yaml文件(也可以不使用配置文件直接执行上面的初始化命令)kubeadm config print init-defaults > kubeadm-config.yaml修改配置如下:apiVersion: kubeadm.k8s.io/v1beta2bootstrapTokens:- groups:  – system:bootstrappers:kubeadm:default-node-token  token: abcdef.0123456789abcdef  ttl: 24h0m0s  usages:  – signing  – authenticationkind: InitConfigurationlocalAPIEndpoint:  advertiseAddress: 192.168.1.3 #需修改  bindPort: 6443nodeRegistration:  criSocket: /var/run/dockershim.sock  name: k8s-master01  taints:  – effect: NoSchedule    key: node-role.kubernetes.io/master—apiServer:  timeoutForControlPlane: 4m0sapiVersion: kubeadm.k8s.io/v1beta2certificatesDir: /etc/kubernetes/pkiclusterName: kubernetescontrollerManager: {}dns:  type: CoreDNSetcd:  local:    dataDir: /var/lib/etcdimageRepository: k8s.gcr.iokind: ClusterConfigurationkubernetesVersion: v1.15.1#需修改networking:  dnsDomain: cluster.local  podSubnet: “10.244.0.0/16″#需新增  serviceSubnet: 10.96.0.0/12scheduler: {}—apiVersion: kubeproxy.config.k8s.io/v1alpha1kind: KubeProxyConfigurationfeatureGates:  SupportIPVSProxyMode: truemode: ipvs—apiVersion: kubeproxy.config.k8s.io/v1alpha1kind: KubeProxyConfigurationfeatureGates:SupportIPVSProxyMode: truemode: ipvs3.3.2 根据生成的文件进行kubeadm初始化kubeadm init –config=kubeadm-config.yaml –experimental-upload-certs | tee kubeadm-init.log注意:kubeadm-init.log需保留,后期可能会用到3.3.3 根据生成的日志在master执行如下命令mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config3.3.4 分别在两台机器执行如下命令,将该节点加入k8s集群中。kubeadm join 192.168.1.3:6443 –token abcdef.0123456789abcdef   –discovery-token-ca-cert-hash sha256:b4beebdc57cc809471996300fe3d49a4a66e1cc595807f06d80ee52ec927187e需要安装flannel网络插件:kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml注意:如日志没有保存可通过如下方式:1、获取hash值:openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed ‘s/^.* //’2、查看token:

 kubeadm token list

Deploy network flannel

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

If it is not accessible, it can be downloaded

git pull https://github.com/flannel-io/flannel.git

Then enter the < strong class = "final path" > documentation < / strong > directory and directly execute:

kubectl apply -f ./kube-flannel.yaml

After the above k8s installation is completed, journalctl – xefu kubelet can view the k8s cluster error log

注意kubelet的从group dirver保持和docker的一致,不然会报如下错:可以修改docker的cgroup,修改/etc/docker/daemon.json  ,增加 {“exec-opts”: [“native.cgroupdriver=systemd”]},然后执行:systemctl daemon-reload  systemctl restart docker如果出现不能使用kubectl情况:echo export KUBECONFIG=/etc/kubernetes/kubelet.conf >> ~/.bashrc    source ~/.bashrc如果网络处于pending状态,要安装网络插件才行:kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml还有个套件可以直接安装k8s:kubekit如果要加节点,可以在master上执行:kubeadm token create –print-join-command#让 master节点参与POD负载的命令为kubectl taint nodes k8s-master node-role.kubernetes.io/master-#让 master节点恢复不参与POD负载的命令为 kubectl taint nodes k8s-master node-role.kubernetes.io/master=:NoSchedule