kubeadm 搭建 k8s

wangxiuwen 技术 , 评论

前置条件

安装 docker

https://download.docker.com/linux/static/stable/

修改系统参数

1
2
3
4
5
6
7
8
9
10
11
$ cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl -p /etc/sysctl.d/k8s.conf
```	  

### 禁用swap

>k8s 1.8 开始, 需要禁用 swap 或修改 kubelet 启动参数 kubelet --fail-swap-on=false)
swapoff -a && sysctl -w vm.swappiness=0
cat /proc/swaps
free
blkid
lsblk

1
2
3
4
5

### 修改 fstab


### 集群内机器 product_uuid 与 IP 不能相同

cat /sys/class/dmi/id/product_uuid

1
2
  
###  mac 地址检查(所有节点的 Mac 地址也不能相同)
ip a
ifconfig -a

1
2

### 端口占用检查

yum install -y net-tools
netstat -ntlp | grep -E '6443|23[79,80]|1025[0,1,2]' 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
    
### 安装 cri-tools

>crictl 包含在 cri-tools 项目中,这个项目中包含两个工具:
crictl 是 kubelet CRI (Container Runtime Interface) 的 CLI 。
critest 是 kubelet CRI 的测试工具集。

下载地址:

<https://github.com/kubernetes-sigs/cri-tools/releases>

### 安装 socat

>socat 可以建立两个双向字节流并在其中传输数据,他的一个功能是实现端口转发

yum install -y socat
apt-get install -y socat

1
2
3
4
5


## 安装 kubelet

### kubelet service 文件

cat </etc/systemd/system/kubelet.service
[Unit]
Description=kubelet: The Kubernetes Agent
Documentation=http://kubernetes.io/docs/

[Service]
ExecStart=/usr/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

1
2

### kubelet Drop-in 文件(kubeadm.conf 会被 systemd 自动解析,用于覆写 kubelet 的基础 systemd 配置)

mkdir -p /etc/systemd/system/kubelet.service.d
cat </etc/systemd/system/kubelet.service.d/kubeadm.conf
[Service]
Environment=“KUBELET_KUBECONFIG_ARGS=–bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf”
Environment=“KUBELET_CONFIG_ARGS=–config=/var/lib/kubelet/config.yaml”
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
EOF

1
2

### 启动 `kubelet`:

systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet

1
2

### 启动kubeadm:

kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.15.0

1
2

### 根据提示修改配置:

mkdir -p $HOME/.kube
cp /etc/kubernetes/admin.conf $HOME/.kube/config
chown (idu):(id -u):(id -g) $HOME/.kube/config

1
2
3
4

### 给每台主机安装 `cni` 插件

<https://github.com/containernetworking/plugins/releases>

wget https://github.com/containernetworking/plugins/releases/download/v0.8.1/cni-plugins-linux-amd64-v0.8.1.tgz
tar -xzvf cni-plugins-linux-amd64-v0.8.1.tgz -C /opt/cni/bin/

1
2
3
4

### 安装 flannel 网络

<https://github.com/coreos/flannel>

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

1
2

### 查看集群状态
kubectl get nodes -o yaml | grep message

1
2
3
4
5

### 安装 dashboard
<https://github.com/kubernetes/dashboard>

修改 ` image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1` 为 image: `registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1`

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

1
2
3
4

### 赋予 dashboard admin 权限

<https://github.com/kubernetes/dashboard/wiki/Access-control#admin-privileges>

kubectl create -f dashboard-admin.yaml

1
2


apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:

  • kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kube-system
1
2
3
4
5
6
7
8


### 访问 1.7.X 以上的 dashboard

<https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above>


修改 ClusterIP 为 NodePort:

kubectl -n kube-system edit service kubernetes-dashboard

1
2

查看端口:

kubectl -n kube-system get service kubernetes-dashboard

1
2

访问地址为:

https://:

1
2

如果尝试在多节点群集上使用NodePort公开Dashboard,则必须找到运行Dashboard的节点的IP:

https://:

1
2
3


使用 令牌登陆

kubectl -n kube-system get serviceaccount -l k8s-app=kubernetes-dashboard -o yaml
kubectl -n kube-system describe secrets kubernetes-dashboard-token-xxa48

1
2
3
4
5
6
7




## 其它操作

- 查看默认配置:

kubeadm config print init-defaults

1
2

- 查看当前kubeadm版本号和所需组件

kubeadm config images list --kubernetes-version=v1.15.0

k8s.gcr.io/kube-apiserver:v1.15.0
k8s.gcr.io/kube-controller-manager:v1.15.0
k8s.gcr.io/kube-scheduler:v1.15.0
k8s.gcr.io/kube-proxy:v1.15.0
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.10
k8s.gcr.io/coredns:1.3.1



参考资料:

<https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1>