在Centos7上安装Kubernetes

使用KubeAdm官方工具在Centos7上安装kubernetes.

安装环境

OS: Centos7
K8s Version: v1.10.4

环境配置

更新系统

1
$ yum update -y

时区

1
$ timedatectl set-timezone Asia/Shanghai

配置Hosts

1
2
3
4
$ cat /etc/hosts
10.0.100.2 k8smaster
10.0.100.3 k8snode01
10.0.100.4 k8snode02

关闭防火墙

1
2
3
$ systemctl disable firewalld
$ systemctl stop firewalld
$ systemctl status firewalld

关闭内存交换分区

1
2
3
4
5
$ swapoff -a

# 永久
$ cat /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0

禁用SELINUX

1
2
3
$ setenforce 0
$ cat /etc/selinux/config
SELINUX=disabled

配置网络

1
2
3
4
5
6
7
$ cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
$ modprobe br_netfilter
$ sysctl --system

安装Docker

1
$ yum install -y docker

配置cgroupdriver为cgroupfs

1
2
3
4
5
$ sed -i "s/native.cgroupdriver=systemd/native.cgroupdriver=cgroupfs/g" /usr/lib/systemd/system/docker.service
$ cat /usr/lib/systemd/system/docker.service

$ systemctl enable docker && systemctl start docker
$ docker info | grep Cgroup

安装kubeadm kubelet kubectl

1
2
3
4
5
6
7
8
9
10
11
12
$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

$ yum install -y kubelet kubeadm kubectl
$ systemctl enable kubelet && systemctl start kubelet

Note: kubelet在这里启动时不会成功的,它会定时检查重启。后面程序安装后,kubectl会启动成功。

配置kubeadm的cgroup driver为Cgroupfs

1
2
3
4
5
$ sed -i "s/cgroup-driver=systemd/cgroup-driver=cgroupfs --runtime-cgroups=\/systemd\/system.slice --kubelet-cgroups=\/systemd\/system.slice/g" /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
$ cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

$ systemctl daemon-reload
$ systemctl restart kubelet

查看kubelet日志

1
$ journalctl -u kubelet -f

下载镜像

提前下载Dokcer镜像,如果你机器有科学上网请忽略这一步。我提前将Docker镜像下载到国内私有hub中。下面是下载脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/bin/bash

ARCH=amd64
mversion=v1.10.4
nversion=1.14.8
username=luoji
password=password
repo=k8s.gcr.io
store_repo=r.xiaozhou.net
store_repo_path=r.xiaozhou.net/kubernetes

images=(${repo}/kube-apiserver-${ARCH}:${mversion} \
${repo}/kube-controller-manager-${ARCH}:${mversion} \
${repo}/kube-scheduler-${ARCH}:${mversion} \
${repo}/kube-proxy-${ARCH}:${mversion} \
${repo}/etcd-${ARCH}:3.1.12 \
${repo}/pause-${ARCH}:3.1 \
${repo}/k8s-dns-sidecar-${ARCH}:${nversion} \
${repo}/k8s-dns-kube-dns-${ARCH}:${nversion} \
${repo}/k8s-dns-dnsmasq-nanny-${ARCH}:${nversion} \
${repo}/kubernetes-dashboard-${ARCH}:v1.8.3 \
quay.io/coreos/flannel:v0.10.0-amd64 \
)

docker login -u $username -p $password $store_repo

for url in ${images[@]}
do
sub=${url%/*}
idx=${#sub}
image=${url:$idx+1}
echo -e "download -> $store_repo_path/$image -> $url"
docker pull $store_repo_path/$image
docker tag $store_repo_path/$image $url
docker rmi $store_repo_path/$image
done

unset ARCH mversion nversion images username password repo store_repo store_repo_path

上传脚本可以在这里找到:https://github.com/gunsluo/k8s-example/tree/master/version

初始化主节点

$ kubeadm init –kubernetes-version v1.10.4 –service-cidr 10.96.0.0/16 –pod-network-cidr 10.244.0.0/16 –apiserver-advertise-address 10.0.100.2
$ kubeadm init –config kubeadm.yaml –service-cidr 10.96.0.0/16 –pod-network-cidr 10.244.0.0/16
$ cat kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
kubernetesVersion: v1.10.4
api:
advertiseAddress: ‘10.0.100.2’
etcd:
extraArgs:
‘listen-peer-urls’: ‘http://127.0.0.1:2380

1
2
3
$ mkdir -p $HOME/.kube
$ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ chown $(id -u):$(id -g) $HOME/.kube/config

主节点初始化网络

1
$ curl -O https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml

flanneld启动参数加上–iface=

1
2
3
4
5
6
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
- --iface=eth1

1
2
3
4
$ kubectl apply -f kube-flannel.yml

$ kubectl get nodes
$ kubectl get pods --all-namespaces

加入工作节点

1
$ kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>

安装Dashboard

1
2
$ curl -O https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
$ kubectl create -f kubernetes-dashboard.yaml

$ kubectl apply -f kubernetes-dashboard-admin.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system

配置代理

将Master节点的/etc/kubernetes/admin.conf拷贝到本机的$HOME/.kube目录下,然后运行kubectl proxy。最后在浏览器中输入:http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ 现在可以登录dashboard

配置远程访问dashboard,上面方法需要在本机启动代理。我们可以直接使用IP进行访问,这需要修改kubernetes-dashboard-admin.yaml配置。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 31000
selector:
k8s-app: kubernetes-dashboard

指定NodePort类型和对外提供端口31000。 使用命令kubectl replace -f kubernetes-dashboard.yaml --force重启服务。浏览器中输入: https://ip:31000/ 即可访问。