k8s 吐血小记

经过两天无数次重装虚拟机,终于也是装好了k8s集群…k8s用来干嘛?不知道= =

环境准备

准备几台linux虚拟机,什么系统无所谓反正我用的是centos7.6

下面是我准备的:

ip 节点 cpu 内存 hostname
192.168.1.71 master 2c 2g master
192.168.1.68 node1 2c 2g node1

为啥只有两台?电脑扛不住啊!

系统配置(在每台机子都这么做)

  • 设置hostname

    1
    hostnamectl set-hostname ${hostname}
  • 添加域名解析
    编辑 /etc/hosts

    1
    2
    192.168.1.71 master
    192.168.1.68 node1

    可以直接用scp把文件传过去

  • 关闭防火墙、selinux和swap

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    systemctl stop firewalld

    systemctl disable firewalld

    setenforce 0

    sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

    swapoff -a

    sed -i 's/.*swap.*/#&/' /etc/fstab
  • 配置内核参数,将桥接的IPv4流量传递到iptables的链

    1
    2
    3
    4
    5
    6
    7
    8
    9
    cat > /etc/sysctl.d/k8s.conf <<EOF

    net.bridge.bridge-nf-call-ip6tables = 1

    net.bridge.bridge-nf-call-iptables = 1

    EOF

    sysctl --system
  • 配置源

  • 配置yum源

    1
    2
    3
    4
    5
    6
    7
    8
    9
    yum install -y wget

    mkdir /etc/yum.repos.d/bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak

    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo

    wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo

    yum clean all && yum makecache
  • 配置kubernetes源

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    cat <<EOF > /etc/yum.repos.d/kubernetes.repo

    [kubernetes]

    name=Kubernetes

    baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/

    enabled=1

    gpgcheck=1

    repo_gpgcheck=1

    gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

    EOF
  • 配置docker repo

    1
    wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

安装软件(还是所有节点执行)

  • docker

    1
    2
    3
    yum install -y docker-ce

    systemctl enable docker && systemctl start docker

    也可以指定版本,装完后设置开机自启并且启动

  • 安装kubeadm、kubelet、kubectl

    1
    2
    3
    yum install -y kubelet kubeadm kubectl

    systemctl enable kubelet

    kebeadm就是k8s集群的自动化部署工具。Kubelet负责与其他节点集群通信,并进行本节点Pod和容器生命周期的管理。kubectl是管理工具。

  • 先把要用到的镜像下载了,因为默认从k8s.grc.io下载镜像,当然你也可以架上你的梯子,或者指定国内的镜像站,办法很多自己选择吧,下面提供脚本

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    #!/bin/bash
    KUBE_VERSION=v1.15.1
    PAUSE_VERSION=3.1
    ETCD_VERSION=3.3.10
    COREDNS_VERSION=1.3.1
    FLANNEL_VERSION=v0.11.0-amd64
    docker pull mirrorgooglecontainers/kube-apiserver:$KUBE_VERSION
    docker pull mirrorgooglecontainers/kube-controller-manager:$KUBE_VERSION
    docker pull mirrorgooglecontainers/kube-scheduler:$KUBE_VERSION
    docker pull mirrorgooglecontainers/kube-proxy:$KUBE_VERSION
    docker pull mirrorgooglecontainers/pause:$PAUSE_VERSION
    docker pull mirrorgooglecontainers/etcd:$ETCD_VERSION
    docker pull coredns/coredns:$COREDNS_VERSION
    docker pull quay.io/coreos/flannel:$FLANNEL_VERSION

    docker tag mirrorgooglecontainers/kube-proxy:$KUBE_VERSION k8s.gcr.io/kube-proxy:$KUBE_VERSION
    docker tag mirrorgooglecontainers/kube-scheduler:$KUBE_VERSION k8s.gcr.io/kube-scheduler:$KUBE_VERSION
    docker tag mirrorgooglecontainers/kube-apiserver:$KUBE_VERSION k8s.gcr.io/kube-apiserver:$KUBE_VERSION
    docker tag mirrorgooglecontainers/kube-controller-manager:$KUBE_VERSION k8s.gcr.io/kube-controller-manager:$KUBE_VERSION
    docker tag mirrorgooglecontainers/etcd:$ETCD_VERSION k8s.gcr.io/etcd:$ETCD_VERSION
    docker tag coredns/coredns:$COREDNS_VERSION k8s.gcr.io/coredns:$COREDNS_VERSION
    docker tag mirrorgooglecontainers/pause:$PAUSE_VERSION k8s.gcr.io/pause:$PAUSE_VERSION

    docker rmi mirrorgooglecontainers/kube-proxy:$KUBE_VERSION
    docker rmi mirrorgooglecontainers/kube-scheduler:$KUBE_VERSION
    docker rmi mirrorgooglecontainers/kube-apiserver:$KUBE_VERSION
    docker rmi mirrorgooglecontainers/kube-controller-manager:$KUBE_VERSION
    docker rmi mirrorgooglecontainers/etcd:$ETCD_VERSION
    docker rmi coredns/coredns:$COREDNS_VERSION
    docker rmi mirrorgooglecontainers/pause:$PAUSE_VERSION

    版本看自己kubeadm config images list看所需的版本,自己修改

    初始化master节点

  • 初始化

    1
    2
    3
    4
    5
    kubeadm init --kubernetes-version=1.14.2 \

    --service-cidr=10.1.0.0/16 \

    --pod-network-cidr=10.244.0.0/16

    参数有很多,百度看看就好了…

    执行成功后会有一个类似

    1
    2
    3
    kubeadm join 192.168.1.71:6443 --token kekvgu.nw1n76h84f4camj6 \

    --discovery-token-ca-cert-hash sha256:4ee74205227c78ca62f2d641635afa4d50e6634acfaa8291f28582c7e3b0e30e

    这个是用来加节点的,先记下来

  • 配置kubectl工具

    1
    2
    3
    mkdir -p /root/.kube
    sudo cp /etc/kubernetes/admin.conf /root/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config

    这段也是执行成功后会打印出来的,执行就好了

    然后试试

    1
    2
    3
    kubectl get nodes

    kubectl get cs

    get nodes 会发现 master是notready,那是因为没有装网络插件,等下装了就好了。

  • 部署flannel网络

    1
    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml

    再执行kubectl get nodes应该就看到master 是ready了

加入子节点

刚刚master节点不是复制了那个 kubeadm join xxx 的那个命令了吗,直接在节点上运行就好了。token的有效期好像只有一天,过期的话

1
kubeadm token create --print-join-command --ttl 0

加入后等一会,然后再master节点上执行kubectl get nodes如果node1是notready的话,就把master部署flannel的那个语句在node1也执行下,这步我有点忘了。

安装Dashboard(master上)

  • 创建dashboard的yaml文件

    1
    wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
    1
    2
    3
    sed -i 's/k8s.gcr.io/loveone/g' kubernetes-dashboard.yaml

    sed -i '/targetPort:/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' kubernetes-dashboard.yaml

    改成NodePort方式(一脸懵逼),指定端口

  • 部署dashboard

    1
    kubectl create -f kubernetes-dashboard.yaml
  • 检查服务状态

    1
    2
    3
    4
    5
    6
    7
    kubectl get deployment kubernetes-dashboard -n kube-system

    kubectl get pods -n kube-system -o wide

    kubectl get services -n kube-system

    netstat -ntlp|grep 30001
  • 访问dashboard
    火狐浏览器,访问https://${masterip}:30001,垃圾谷歌不让接受风险

  1. 获取访问token
    1
    2
    3
    kubectl create serviceaccount  dashboard-admin -n kube-system
    kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
    kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

把获取的令牌填进去
login
然后就登录进去了
login

end!😭😭😭