标签:k8s system 笔记 docker kube config calico localhost
目录安装
环境预准备
-
安装 docker:
curl -sSL https://get.daocloud.io/docker | sh systemctl enable docker systemctl start docker -
更改 Docker 源以及保持 Docker Cgroup Driver 和 k8s 一致:
cat <<EOF > /etc/docker/deamon.json { "registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"] } EOF systemctl enable docker systemctl start docker -
关闭 selinux:
# setenforce 0 # vim /etc/sysconfig/selinux SELINUX=disabled -
关闭交换分区:
swapoff -a vim /etc/fstab # 注释掉 swap 行 -
iptables 配置:
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf br_netfilter EOF cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sudo sysctl --system -
关闭防火墙:
systemctl disable firewalld systemctl stop firewalld
开始安装
安装 kublet,kubeadm,kubctl,版本都是1.18.3。
-
yum 设置源:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes Respository baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 EOF -
安装 kublet,kubeadm,kubctl:
yum install -y kubelet-1.18.3 kubectl-1.18.3 kubeadm-1.18.3 --disableexcludes=kubernetes systemctl enable kubelet && systemctl start kubelet -
首先在Master上安装,安装前更改配置文件:
# kubeadm config print init-defaults > init.config.yaml # vim init.config.yaml ... localAPIEndpoint: advertiseAddress: 1.2.3.4 ... # 1.2.3.4 修改为本机物理网卡ip地址,只有Master安装时需要改 ... imageRepository: k8s.gcr.io ... # k8s.gcr.io 改为 registry.cn-hangzhou.aliyuncs.com/google_containers -
查看镜像地址发现还是指向 k8s.grc.io:
kubeadm config images list -
可以使用之前更改过的配置文件提前拉取 kubeadm 所需镜像:
kubeadm config images pull --config=init.config.yaml -
开始安装Master:
kubeadm init --config=init.config.yaml -
完成后按照提示执行下面命令:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config -
还有一个Node加入的token命令,这里保存下来,类似:
kubeadm join 192.168.10.8:6443 --token y3r86i.anh1x5pxt2mc680y \ --discovery-token-ca-cert-hash sha256:9762cd94ffe6c35089d647e8b7a817226b57f21d19cafc977f41140cfaec19b9注意:如果时间过久(Node加入时间与这个token的创建时间间隔),token会失效(默认24小时),这时可以
kubeadm token create --ttl 0创建永久token或者kubeadm token create创建默认24小时有效时间的token,替换上面的token之后再join即可。 -
开始安装Node,执行上述第1,2,3,4,5步,之后执行第8步保存下来的命令。
-
为了能够在Node上直接使用kubectl(不显示指定conf文件):
cp /etc/kubernetes/kubelet.conf /etc/kubernetes/admin.conf -
此时在Master上输入
kubectl get nodes,发现 STATUS 全部是 NotReady,这是因为没有安装 cni 网络插件:[root@localhost ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION centos2 NotReady <none> 2m53s v1.18.3 centos3 NotReady <none> 117s v1.18.3 localhost.localdomain NotReady master 5h52m v1.18.3
安装网络插件
在Master上安装 calico。
-
下载 yaml 文件:
wget https://docs.projectcalico.org/manifests/calico.yaml -
vim 查找
docker.io发现下面四个镜像:calico/cni:v3.21.0 calico/pod2daemon-flexvol:v3.21.0 calico/node:v3.21.0 calico/kube-controllers:v3.21.0 -
docker 先用之前替换好的国内源把镜像拉下来:
docker pull calico/cni:v3.21.0 && \ docker pull calico/pod2daemon-flexvol:v3.21.0 && \ docker pull calico/node:v3.21.0 && \ docker pull calico/kube-controllers:v3.21.0 -
部署 calico:
kubectl apply -f calico.yaml -
此时查看 pods,会看到 calico 正在初始化,等待完成后,STATUS 会全部变成 Running:
[root@localhost ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-kube-controllers-858fbfbc9-mpnjt 1/1 Running 0 96s kube-system calico-node-p265c 1/1 Running 0 97s kube-system calico-node-xrsgm 0/1 PodInitializing 0 97s kube-system calico-node-z946n 0/1 PodInitializing 0 97s kube-system coredns-546565776c-cxnnf 1/1 Running 0 7h3m kube-system coredns-546565776c-f299w 1/1 Running 0 7h3m kube-system etcd-localhost.localdomain 1/1 Running 0 7h3m kube-system kube-apiserver-localhost.localdomain 1/1 Running 0 7h3m kube-system kube-controller-manager-localhost.localdomain 1/1 Running 0 7h3m kube-system kube-proxy-777wz 1/1 Running 0 74m kube-system kube-proxy-mj6r8 1/1 Running 0 7h3m kube-system kube-proxy-tx56l 1/1 Running 0 73m kube-system kube-scheduler-localhost.localdomain 1/1 Running 0 7h3m -
查看 nodes,STATUS 已经全部 Ready:
[root@localhost ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION centos2 Ready <none> 76m v1.18.3 centos3 Ready <none> 75m v1.18.3 localhost.localdomain Ready master 7h6m v1.18.3
错误记录
-
安装完 Master 后:
[root@localhost ~]# kubectl get nodes Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")解决:
[root@localhost ~]# export KUBECONFIG=/etc/kubernetes/kubelet.conf [root@localhost ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION localhost.localdomain Ready master 2m20s v1.18.3 -
安装 calico 时出错(RBAC):
[root@localhost ~]# kubectl apply -f calico.yaml Error from server (Forbidden): error when retrieving current configuration of: Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap" Name: "calico-config", Namespace: "kube-system"............................. -
在 node 上执行
kubectl get pods出现:[root@centos3 ~]# kubectl get pods The connection to the server localhost:8080 was refused - did you specify the right host or port?解决:
mkdir -p /root/.kube && cp /etc/kubernetes/kubelet.conf /root/.kube/config
标签:k8s,system,笔记,docker,kube,config,calico,localhost 来源: https://www.cnblogs.com/coodyz/p/15860743.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。