欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

CentOS 学习Kubernetes(四)——部署master和node

程序员文章站 2022-07-13 22:24:40
...

master和node通用步骤:

1、检查hostname:
对于master: hostnamectl set-hostname master
对于node1: hostnamectl set-hostname node1
或者vi /etc/hostname,修改为master或node1

2、检查hosts:
vi /etc/hosts,确保有本机IP的配置和hostname,没有的添加一行:
对于master应该添加:10.4.47.129 master
对于node1应该添加:10.4.47.130 node1

3、关闭防火墙:
禁止开机启动:systemctl disable firewalld.service
关闭防火墙:systemctl stop firewalld.service

4、关闭SELinux:
临时生效:执行命令 setenforce 0
永久生效:打开文件/etc/selinux/config,找到SELINUX=enforcing这行,改为SELINUX=disabled

5、关闭Swap交换分区:
执行命令 swapoff -a

6、安装docker:
yum install -y docker
systemctl enable docker
systemctl start docker

7、配置docker本地仓库:

参考:https://blog.csdn.net/nk3652/article/details/104652462
新建文件 vi /etc/docker/daemon.json
添加地址,其中“10.4.47.129”替换为自己的ip

{
  "insecure-registries":["10.4.47.129:5000"],
  "registry-mirrors": ["https://registry.docker-cn.com"]
}

保存退出。
重启docker服务,使上述更改生效:
systemctl restart docker

8、安装kubelet kubeadm kubectl
设置镜像:

bash -c 'cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF'

安装:

yum install -y kubelet kubeadm kubectl

9、开启IPV4转发:

bash -c 'cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
EOF'

使配置生效:

sysctl --system

10、kubelet开机启动:
systemctl enable kubelet
systemctl start kubelet

 

master配置:

1、master初始化

kubeadm init --pod-network-cidr 172.100.0.0/16 --apiserver-advertise-address 10.4.47.129 
#--pod-network-cidr:pod节点的网段
#--apiserver-advertise-address:apiserver的IP地址,这里写成master节点的IP即可
#-**-apiserver-cert-extra-sans: 如果需要使用公网IP,加上这一条,并且后面加上你的公网IP地址**

报错拉取失败:
更改镜像拉取地址,修改镜像的名称,创建一个脚本:

vi pull-k8s.sh

images=(
    kube-apiserver:v1.17.3
    kube-controller-manager:v1.17.3
    kube-scheduler:v1.17.3
    kube-proxy:v1.17.3
    pause:3.1
    etcd:3.4.3-0
    coredns:1.6.5
)
for imageName in ${images[@]} ; do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
    docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
    docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
done

执行脚本: bash pull-k8s.sh

成功后显示:

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.4.47.129:6443 --token f8l3kt.aga5lpe7myxlebq7 \
    --discovery-token-ca-cert-hash sha256:b0a268551d3ba4996a7cd590e0e42ff5214d44367e918403633c43df8eea24fb

保存最后两句,添加node时使用

2、运行kubeadm配置:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

3、安装flannet网络插件:

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

4、打包node所需的镜像:

docker save -o k8s-node.tar k8s.gcr.io/coredns quay.io/coreos/flannel k8s.gcr.io/pause k8s.gcr.io/kube-proxy

 

node配置:

1、将master的flannel环境配置拷贝到node,使配置生效:

mkdir /run/flannel
scp [email protected]:/run/flannel/subnet.env /run/flannel/

2、安装镜像:

docker load --input k8s-node.tar

3、加入集群:

kubeadm join 10.4.47.129:6443 --token f8l3kt.aga5lpe7myxlebq7 \
    --discovery-token-ca-cert-hash sha256:b0a268551d3ba4996a7cd590e0e42ff5214d44367e918403633c43df8eea24fb

如果报错:

error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s

说明token过期,token在24小时后会失效

检查是否有Token,在控制节点上运行命令:

kubeadm token list

创建新的token:

kubeadm token create

获取hash(token会改变,但是hash是固定的不会变):

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

有其它错误导致加入node失败,可以先会滚:

kubeadm reset

4、在node上配置访问权限:

在node节点电脑查询node,提示 The connection to the server localhost:8080 was refused - did you specify the right host or port?

mkdir /root/.kube
scp [email protected]:/etc/kubernetes/admin.conf /root/.kube/config

 

查看pod:

kubectl get pod -n kube-system

显示:(一个master,一个node)

CentOS 学习Kubernetes(四)——部署master和node

 

上一篇: Kubernetes部署Node组件

下一篇: kubernetes部署Master组件

推荐阅读