在腾讯云上使用kubeadm搭建Kubernetes集群
原创
在腾讯云上使用kubeadm搭建Kubernetes集群
原创
Hunter
发布于 2019-11-19 02:07:46
发布于 2019-11-19 02:07:46
代码可运行
运行总次数:0
代码可运行
背景说明
容器技术在国内已经非常火爆,作为IT从业者的一员,必须跟上时代的浪潮,掌握容器相关技术。提到容器技术必然会提到容器的编排系统,在众多编排系统中Google的Kubernetes已跑在了行业的最前端,本文将介绍如何使用kubeadm快速的搭建一套用于学习和测试的kubernetes集群。
环境准备
VPC | 国内 | 国外 |
|---|---|---|
地域 | 北京 | 国际地域 |
机器 | 三台 | 一台 |
腾讯云资源&环境准备
1 腾讯云国内地域和国际地域分别创建一个VPC,例如北京一个VPC,中国香港一个VPC
2 国内地域VPC资源规划如下
创建3台服务器,系统版本为centos7.6 x64 ,本节内容需要在三台服务器上全部进行操作。
服务器名称 | IP地址 |
|---|---|
master | 10.0.0.10/24 |
node1 | 10.0.0.11/24 |
node2 | 10.0.0.12/24 |
2.1 关闭seleniux、iptables、firewalld和NetworkManager
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl stop firewalld
systemctl disable firewalld
sed -i '/^SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0
iptables -F
2.2 配置时间同步
yum -y install chronyd
systemctl start chronyd
2.3 关闭swap
echo "vm.swappiness = 0">> /etc/sysctl.conf
sysctl -p
swapoff -a
2.4 配置hosts解析
cat >> /etc/hosts << END
10.0.0.10 master
10.0.0.11 node1
10.0.0.12 node2
END
2.5 如果采用ipvs转发,需要加载ipvs模块
#!/bin/sh
ipvs_dir="/usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs"
for mod in $(ls $ipvs_dir | grep -o "[^.ko]*")
do
modinfo -F filename $mod &> /dev/null
if [ $? -eq 0 ];then
modprobe $mod
fi
done
备注:由于是测试所以建议服务器安全组端口全开。
3 国际地域VPC
3.1 创建一台服务器
此处为了解决镜像拉取问题。
3.2 在服务器内安装squid
yum install squid
3.2 打开配置文件
vi /etc/squid/squid.conf
3.3 添加自定义配置
最底部增加 如下
http_access allow all
然后 注释掉
http_access deny all
注意默认端口是3128,建议更改为自定义端口,例如28809之类。
3.4 启动squid
service squid start
3.5 查看服务是否启动
netstat -ntl
如果你自定义的端口存在那么证明服务启动成功
4 在国内服务器上安装docker
本节内容需要在三台服务器上全部进行操作。
4.1 安装docker
#下载最新的仓库
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
#安装docker
yum install docker-ce -y
4.2 配置docker启动文件
vim /usr/lib/systemd/system/docker.service
如果通过k8s.gcr.io镜像仓库获取kubernetes系统相关镜像,需要在docker启动文件(/usr/lib/systemd/system/docker.service)中配置 Environment 变量,为其定义 HTTPS_PROXY
格式如下
#格式:Environment="HTTPS_PROXY=PROTOCOL://HOST:PORT"
Environment="HTTPS_PROXY=http://你的国际地域服务器IP地址:squid开放的端口"
Environment="NO_PROXY=127.0.0.0/8,10.0.0.0/8" #不用代理的为本机ip
#iptables中FORWARD链是关闭的,需要在dockers启动后开启,在启动文件 ExecStart 下添加一行
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
可以使用scp快速分发配置文件到其它机器,也可以使用ansible
scp /usr/lib/systemd/system/docker.service node1:/usr/lib/systemd/system/docker.service
scp /usr/lib/systemd/system/docker.service node2:/usr/lib/systemd/system/docker.service
4.3 启动docker
systemctl daemon-reload && systemctl start docker
4.4 查看docker自定义信息是否生效
docker info
#出现HTTPS PROXY和NO PROXY字段且配置的IP地址和端口和你自定义的一样,表示添加配置生效
iptables -vnL
#出现 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 表示添加配置生效
4.5 修改内核参数,将桥接的IPV4流量传递到iptables 的链
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
sysctl -p
sysctl --system
sysctl -a | grep bridge
开始安装kubernetes
1 master和node配置对应的yum仓库
cat > /etc/yum.repos.d/kubernetes.repo << END
[kubernetes]
name = kubernetes
baseurl = https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgchek = 1
gpgkey = https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enable = 1
END
校验
yum repolist
2 在master和node上安装软件
yum install -y kubelet kubectl kubeadm
3 在master和node上设置忽略swap启用的状态
echo 'KUBELET_EXTRA_ARGS="--fail-swap-on=false"' > /etc/sysconfig/kubelet &&
cat /etc/sysconfig/kubelet
4 在master上做初始化操作
4.1 查看默认配置信息
kubeadm config print init-defaults
4.2 pod之间相互通信插件默认网段
flannel:10.244.0.0/16 我们使用flannel
calico:192.168.0.0/16
4.3 下载镜像
kubeadm config images list 查看需要哪些镜像
W0707 18:35:28.154473 16831 version.go:98] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W0707 18:35:28.154542 16831 version.go:99] falling back to the local client version: v1.15.0
k8s.gcr.io/kube-apiserver:v1.15.0
k8s.gcr.io/kube-controller-manager:v1.15.0
k8s.gcr.io/kube-scheduler:v1.15.0
k8s.gcr.io/kube-proxy:v1.15.0
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.10
k8s.gcr.io/coredns:1.3.1
4.4 初始化
测试
kubeadm init --kubernetes-version=v1.15.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --dry-run --ignore-preflight-errors=Swap
执行
kubeadm init --kubernetes-version=v1.15.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
#ignore-preflight-errors参数如果是物理机,内存比较大可以不指定此参数
#这个初始化是采用k8s默认的镜像仓库
初始化成功后会有如下信息,用于node添加到集群内。
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.1.5:6443 --token snmjt7.zblqw2zjob4ry5d4 \
--discovery-token-ca-cert-hash sha256:a84d9064b02060959e6a0ebde7b1977667be9378b936d0afc48954fd94567d98
#备用方案,采用国内的镜像仓库
kubeadm init \
--kubernetes-version="v1.15.0" \
--image-repository="registry.aliyuncs.com/google_containers" \
--pod-network-cidr="10.244.0.0/16" \
--service-cidr="10.1.0.0/16" \
--ignore-preflight-errors=Swap
5 在master上使用kubectl管理以及初始化flannel网络
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#初始化flannel网络
#git地址:https://github.com/coreos/flannel ,以下命令是在git上的Deploying flannel manually 找到
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
6 将node添加到集群内
在node上执行如下命令
systemctl enable docker && systemctl enable kubelet && systemctl start docker
kubeadm join 10.0.1.5:6443 --token snmjt7.zblqw2zjob4ry5d4 \
--discovery-token-ca-cert-hash sha256:a84d9064b02060959e6a0ebde7b1977667be9378b936d0afc48954fd94567d98
至此一个用于测试学习的集群已经搭建完毕。
如果在node上使用 kubectl命令,在master 复制配置文件到node上即可
scp /root/.kube/config node01:/root/.kube/config
kubeadm安装k8s集群采坑专栏
使用如下命令:
ubeadm config print init-defaults
报错如下:
name: Invalid value: "vm_1_5_centos": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
解决方案如下:
hostname master
hostnamectl set-hostname master
使用如下命令:
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
报错如下:
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
unable to recognize "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp 127.0.0.1:8080: connect: connection refused
解决方案如下:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
使用如下命令:
kubeadm join 10.0.1.5:6443 --token snmjt7.zblqw2zjob4ry5d4 --discovery-token-ca-cert-hash sha256:a84d9064b02060959e6a0ebde7b1977667be9378b936d0afc48954fd94567d98
报错如下:
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
解决方案如下:
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
sysctl -p
使用如下命令: 加入节点到集群内
kubeadm join 10.0.1.5:6443 --token snmjt7.zblqw2zjob4ry5d4 \
--discovery-token-ca-cert-hash sha256:a84d9064b02060959e6a0ebde7b1977667be9378b936d0afc48954fd94567d98
报错如下:
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: [preflight] Some fatal errors occurred:
主要看这里:
[ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
解决方案如下:
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
