实验环境介绍:
本次实验环境是5个节点 3台master 2台node节点:
k8smaster01 192.168.111.128 软件:etcd k8smaster haproxy keepalivedk8smaster02 192.168.111.129 软件:etcd k8smaster haproxy keepalivedk8smaster03 192.168.111.130 软件:etcd k8smaster haproxy keepalivedk8snode01 192.168.111.131 ?软件:k8snodek8snode02 192.168.111.132 ?软件:k8snodeVIP: 192.168.111.100
系统优化(在所有节点上操作)
关闭防火墙
systemctl stop firewalld.servicesystemctl disable firewalld.service
关闭SELINUX和swap,优化内核参数
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘ /etc/selinux/config setenforce 0
# 临时关闭swap
# 永久关闭 注释/etc/fstab文件里swap相关的行
swapoff -a
# 配置转发相关参数,否则可能会出错
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF
sysctl --system
# 加载ipvs相关内核模块
# 如果重新开机,需要重新加载
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
lsmod | grep ip_vs
配置yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repomv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backupmv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backupwget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repoyum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repocat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOFyum clean all && yum makecache sudo yum install -y yum-utils device-mapper-persistent-data lvm2
配置hosts解析
192.168.111.128 k8smaster01192.168.111.129 k8smaster02192.168.111.130 k8smaster03192.168.111.131 k8snode01192.168.111.132 k8snode02
安装docker
v1.11.1版本推荐使用docker v17.03,v1.11,v1.12,v1.13, 也可以使用,再高版本官网不推荐使用,但是可以忽略。
这里安装18.06.0-ce
yum -y install docker-cesystemctl enable docker && systemctl restart docker
安装 kubeadm, kubelet 和 kubectl(所有节点)
yum install -y kubelet kubeadm kubectl ipvsadmsystemctl enable kubelet && systemctl start kubelet
配置haproxy代理和keepalived(如下操作在所有master节点上操作)
# 拉取haproxy镜像docker pull haproxy:1.7.8-alpinecat >/etc/haproxy/haproxy.cfg<<EOFglobal ?log 127.0.0.1 local0 err ?maxconn 5000 ?uid 99 ?gid 99 ?#daemon ?nbproc 1 ?pidfile haproxy.piddefaults ?mode http ?log 127.0.0.1 local0 err ?maxconn 5000 ?retries 3 ?timeout connect 5s ?timeout client 30s ?timeout server 30s ?timeout check 2slisten admin_stats ?mode http ?bind 0.0.0.0:1080 ?log 127.0.0.1 local0 err ?stats refresh 30s ?stats uri ????/haproxy-status ?stats realm ??Haproxy\ Statistics ?stats auth ???will:will ?stats hide-version ?stats admin if TRUEfrontend k8s-https ?bind 0.0.0.0:8443 ?mode tcp ?#maxconn 50000 ?default_backend k8s-httpsbackend k8s-https ?mode tcp ?balance roundrobin ?server k8smaster01 192.168.111.128:6443 weight 1 maxconn 1000 check inter 2000 rise 2 fall 3 ?server k8smaster02 192.168.111.129:6443 weight 1 maxconn 1000 check inter 2000 rise 2 fall 3 ?server k8smaster03 192.168.111.130:6443 weight 1 maxconn 1000 check inter 2000 rise 2 fall 3EOF# 启动haproxydocker run -d --name my-haproxy -v /etc/haproxy:/usr/local/etc/haproxy:ro -p 8443:8443 -p 1080:1080 --restart always haproxy:1.7.8-alpine# 拉取keepalived镜像docker pull osixia/keepalived:1.4.4# 启动# 载入内核相关模块lsmod | grep ip_vsmodprobe ip_vs# 启动keepalived# ens33为本次实验192.168.111.0/24网段的所在网卡docker run --net=host --cap-add=NET_ADMIN -e KEEPALIVED_INTERFACE=ens33 -e KEEPALIVED_VIRTUAL_IPS="#PYTHON2BASH:[‘192.168.111.100‘]" -e KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:[‘192.168.111.128‘,‘192.168.111.129‘,‘192.168.111.130‘]" -e KEEPALIVED_PASSWORD=hello --name k8s-keepalived --restart always -d osixia/keepalived:1.4.4# 此时会配置 192.168.111.100 到其中一台机器# ping测试ping ?192.168.111.100# 如果失败后清理后,重新实验#docker rm -f k8s-keepalived#ip a del 192.168.111.100/32 dev ens33
配置kubelet(所有节点操作)
# 配置kubelet使用国内pause镜像# 配置kubelet的cgroupscat >/etc/sysconfig/kubelet<<EOFKUBELET_EXTRA_ARGS="--cgroup-driver=cgroupfs ?--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1"EOF# 启动systemctl daemon-reloadsystemctl enable kubelet && systemctl restart kubelet
配置k8smaster01(192.168.111.128上操作)
cd /etc/kubernetes# 生成配置文件cat >kubeadm-master.config<<EOFapiVersion: kubeadm.k8s.io/v1alpha2kind: MasterConfigurationkubernetesVersion: v1.11.1imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containersapiServerCertSANs:- "k8smaster01"- "k8smaster02"- "k8smaster03"- "192.168.111.128"- "192.168.111.129"- "192.168.111.130"- "192.168.111.100"- "127.0.0.1"api: ?advertiseAddress: 192.168.111.128 ?controlPlaneEndpoint: 192.168.111.100:8443etcd: ?local: ???extraArgs: ?????listen-client-urls: "https://127.0.0.1:2379,https://192.168.111.128:2379" ?????advertise-client-urls: "https://192.168.111.128:2379" ?????listen-peer-urls: "https://192.168.111.128:2380" ?????initial-advertise-peer-urls: "https://192.168.111.128:2380" ?????initial-cluster: "k8smaster01=https://192.168.111.128:2380" ???serverCertSANs: ?????- k8smaster01 ?????- 192.168.111.128 ???peerCertSANs: ?????- k8smaster01 ?????- 192.168.111.128controllerManagerExtraArgs: ?node-monitor-grace-period: 10s ?pod-eviction-timeout: 10snetworking: ?podSubnet: 10.244.0.0/16kubeProxy: ?config: ???mode: ipvs ???# mode: iptablesEOF# 提前拉取镜像# 如果执行失败 可以多次执行kubeadm config images pull --config kubeadm-master.config# 初始化# 注意保存返回的 join 命令kubeadm init --config kubeadm-master.config# 初始化失败时使用#kubeadm reset# 将ca相关文件传至其他master节点
cd /etc/kubernetes/pki/USER=root CONTROL_PLANE_IPS="k8smaster02 k8smaster03"for host in ${CONTROL_PLANE_IPS}; do
ssh "${USER}"@$host "mkdir -p /etc/kubernetes/pki/etcd" ???scp ca.crt ca.key sa.key sa.pub front-proxy-ca.crt front-proxy-ca.key ?"${USER}"@$host:/etc/kubernetes/pki/ ???scp etcd/ca.crt etcd/ca.key "${USER}"@$host:/etc/kubernetes/pki/etcd/
scp ../admin.conf "${USER}"@$host:/etc/kubernetes/
done
kubeadm init失败解决:
将阿里云image tag成官方的image,即可解决init失败问题。(v1.11.0有此问题)
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.11.1 k8s.gcr.io/kube-apiserver-amd64:v1.11.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.11.1 k8s.gcr.io/kube-proxy-amd64:v1.11.1docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.2.18 k8s.gcr.io/etcd-amd64:3.2.18docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.11.1 k8s.gcr.io/kube-scheduler-amd64:v1.11.1docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.11.1 k8s.gcr.io/kube-controller-manager-amd64:v1.11.1docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.1.3 k8s.gcr.io/coredns:1.1.3docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1 k8s.gcr.io/pause-amd64:3.1docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
配置k8smaster02(192.168.111.129上操作)
cd /etc/kubernetes# 生成配置文件cat >kubeadm-master.config<<EOFapiVersion: kubeadm.k8s.io/v1alpha2kind: MasterConfigurationkubernetesVersion: v1.11.1imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containersapiServerCertSANs:- "k8smaster01"- "k8smaster02"- "k8smaster03"- "192.168.111.128"- "192.168.111.129"- "192.168.111.130"- "192.168.111.100"- "127.0.0.1"api: ?advertiseAddress: 192.168.111.129 ?controlPlaneEndpoint: 192.168.111.100:8443etcd: ?local: ???extraArgs: ?????listen-client-urls: "https://127.0.0.1:2379,https://192.168.111.129:2379" ?????advertise-client-urls: "https://192.168.111.129:2379" ?????listen-peer-urls: "https://192.168.111.129:2380" ?????initial-advertise-peer-urls: "https://192.168.111.129:2380" ?????initial-cluster: "k8smaster01=https://192.168.111.128:2380,k8smaster02=https://192.168.111.129:2380" ?????initial-cluster-state: existing ???serverCertSANs: ?????- k8smaster02 ?????- 192.168.111.129 ???peerCertSANs: ?????- k8smaster02 ?????- 192.168.111.129controllerManagerExtraArgs: ?node-monitor-grace-period: 10s ?pod-eviction-timeout: 10snetworking: ?podSubnet: 10.244.0.0/16kubeProxy: ?config: ???mode: ipvs ???# mode: iptablesEOF# 配置kubeletkubeadm alpha phase certs all --config kubeadm-master.configkubeadm alpha phase kubelet config write-to-disk --config kubeadm-master.configkubeadm alpha phase kubelet write-env-file --config kubeadm-master.configkubeadm alpha phase kubeconfig kubelet --config kubeadm-master.configsystemctl restart kubelet# 添加etcd到集群中export KUBECONFIG=/etc/kubernetes/admin.conf kubectl exec -n kube-system etcd-k8smaster01 -- etcdctl --ca-file /etc/kubernetes/pki/etcd/ca.crt --cert-file /etc/kubernetes/pki/etcd/peer.crt --key-file /etc/kubernetes/pki/etcd/peer.key --endpoints=https://192.168.111.128:2379 member add k8smaster02 https://192.168.111.129:2380# 提前拉取镜像kubeadm config images pull --config kubeadm-master.config# 部署kubeadm alpha phase kubeconfig all --config kubeadm-master.configkubeadm alpha phase controlplane all --config kubeadm-master.configkubeadm alpha phase mark-master --config kubeadm-master.config
配置k8smaster03(192.168.111.130上操作)
cd /etc/kubernetes# 生成配置文件cat >kubeadm-master.config<<EOFapiVersion: kubeadm.k8s.io/v1alpha2kind: MasterConfigurationkubernetesVersion: v1.11.1imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containersapiServerCertSANs:- "k8smaster01"- "k8smaster02"- "k8smaster03"- "192.168.111.128"- "192.168.111.129"- "192.168.111.130"- "192.168.111.100"- "127.0.0.1"api: ?advertiseAddress: 192.168.111.130 ?controlPlaneEndpoint: 192.168.111.100:8443etcd: ?local: ???extraArgs: ?????listen-client-urls: "https://127.0.0.1:2379,https://192.168.111.130:2379" ?????advertise-client-urls: "https://192.168.111.130:2379" ?????listen-peer-urls: "https://192.168.111.130:2380" ?????initial-advertise-peer-urls: "https://192.168.111.130:2380" ?????initial-cluster: "k8smaster01=https://192.168.111.128:2380,k8smaster02=https://192.168.111.129:2380,k8smaster03=https://192.168.111.130:2380" ?????initial-cluster-state: existing ???serverCertSANs: ?????- k8smaster03 ?????- 192.168.111.130 ???peerCertSANs: ?????- k8smaster03 ?????- 192.168.111.130controllerManagerExtraArgs: ?node-monitor-grace-period: 10s ?pod-eviction-timeout: 10snetworking: ?podSubnet: 10.244.0.0/16kubeProxy: ?config: ???mode: ipvs ???# mode: iptablesEOF# 配置kubeletkubeadm alpha phase certs all --config kubeadm-master.configkubeadm alpha phase kubelet config write-to-disk --config kubeadm-master.configkubeadm alpha phase kubelet write-env-file --config kubeadm-master.configkubeadm alpha phase kubeconfig kubelet --config kubeadm-master.configsystemctl restart kubelet# 添加etcd到集群中KUBECONFIG=/etc/kubernetes/admin.confkubectl exec -n kube-system etcd-k8smaster01 -- etcdctl --ca-file /etc/kubernetes/pki/etcd/ca.crt --cert-file /etc/kubernetes/pki/etcd/peer.crt --key-file /etc/kubernetes/pki/etcd/peer.key --endpoints=https://192.168.111.128:2379 member add k8smaster03 https://192.168.111.130:2380# 提前拉取镜像kubeadm config images pull --config kubeadm-master.config# 部署kubeadm alpha phase kubeconfig all --config kubeadm-master.configkubeadm alpha phase controlplane all --config kubeadm-master.configkubeadm alpha phase mark-master --config kubeadm-master.config
配置使用kubectl (master 任意节点执行)
rm -rf $HOME/.kubemkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config
# 查看node节点
kubectl get nodes
# 只有网络插件也安装配置完成之后,才能会显示为ready状态
# 设置master允许部署应用pod,参与工作负载,现在可以部署其他系统组件
配置使用网络插件(任意master节点上操作)
# 下载配置cd /etc/kubernetesmkdir flannel && cd flannelwget https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml # 修改配置# 此处的ip配置要与上面kubeadm的pod-network一致 ?net-conf.json: | ???{ ?????"Network": "10.244.0.0/16", ?????"Backend": { ???????"Type": "vxlan" ?????} ???} # 修改镜像image: registry.cn-shanghai.aliyuncs.com/gcr-k8s/flannel:v0.10.0-amd64 # 如果Node有多个网卡的话,参考flannel issues 39701,# https://github.com/kubernetes/kubernetes/issues/39701# 目前需要在kube-flannel.yml中使用--iface参数指定集群主机内网网卡的名称,# 否则可能会出现dns无法解析。容器无法通信的情况,需要将kube-flannel.yml下载到本地,# flanneld启动参数加上--iface=<iface-name> ???containers: ?????- name: kube-flannel ???????image: registry.cn-shanghai.aliyuncs.com/gcr-k8s/flannel:v0.10.0-amd64 ???????command: ???????- /opt/bin/flanneld ???????args: ???????- --ip-masq ???????- --kube-subnet-mgr ???????- --iface=ens33 # 启动kubectl apply -f kube-flannel.yml # 查看kubectl get pods --namespace kube-systemkubectl get svc --namespace kube-system配置node节点加入集群(所有的node节点上操作)
以下上master生成的,与你环境可能不符合 ?
kubeadm join 192.168.111.100:8443 --token uf9oul.7k4csgxe5p7upvdb --discovery-token-ca-cert-hash sha256:36bc173b46eb0545fc30dd5db2d27dab70a257bd406fd791647d991a69454595
node节点报错处理办法:
tail -f /var/log/message
Jul 19 07:52:21 localhost kubelet: E0726 07:52:21.336281 10018 summary.go:102] Failed to get system container stats for "/system.slice/kubelet.service": failed to get cgroup stats for "/system.slice/kubelet.service": failed to get container info for "/system.slice/kubelet.service": unknown container "/system.slice/kubelet.service"
在kubelet配置文件追加以下配置
/etc/sysconfig/kubelet
# Append configuration in Kubelet--runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice
这样一个集群环境配置完成里,其余的是自己添加附件吧。
Centos7使用kubeadm 安装多主高可用kubernets:v.1.11集群
原文地址:https://www.cnblogs.com/xzkzzz/p/9502502.html