步骤
# 主节点k8s-01在和两个从节点k8s-02\03配置在不同的主机上,选择桥接模式,网关配置路由器ip即可实现不同主机的虚拟机互通
# 关闭防火墙
systemctl disable firewalld && systemctl stop firewalld
# 关闭selinux
vi /etc/sysconfig/selinux
# 修改SELINUX=disabled
setenforce 0
# 关闭swap
swapoff -a
vi /etc/fstab
# 注掉该行
# /dev/mapper/centos-swap swap swap defaults 0 0
# ip流量转发相关配置
vi /etc/sysctl.d/k8s.conf
-----------
# 配置内容
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 0
-----------
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
reboot
# 配置k8s yum镜像
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装docker
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O/etc/yum.repos.d/docker-ce.repo
yum clean all && yum makecache
yum -y install docker-ce-18.06.1.ce-3.el7
# 安装kubeadm和相关工具
yum install -y kubelet-1.13.3 kubeadm-1.13.3 kubectl-1.13.3 kubernetes-cni-0.6.0 -y
# 异常,提示
# Public key for e3438a5f740b3a907758799c3be2512a4b5c64dbe30352b2428788775c6b359e-kubectl-1.13.3-0.x86_64.rpm is not installed
# 加 --nogpgcheck参数
yum install -y kubelet-1.13.3 kubeadm-1.13.3 kubectl-1.13.3 kubernetes-cni-0.6.0 -y --nogpgcheck
# 启动docker和kubelet服务,并设置开机启动
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet
# 在此处克隆出两个从节点k8s-02\k8s-03,分别配置ip\主机名\hosts
# 配置工作目录
mkdir working && cd working
# 生成配置
kubeadm config print init-defaults ClusterConfiguration > kubeadm.conf
# 修改配置
vi kubeadm.conf
-----------------
# 修改ip
localAPIEndpoint:
advertiseAddress: 192.168.1.151
# 修改镜像
imageRepository: registry.aliyuncs.com/google_containers
# 修改版本号
kubernetesVersion: v1.13.1
# 配置子网
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"
---------------
# 启动k8s
kubeadm init --config ./kubeadm.conf
# 启动时会拉取k8s镜像,可能失败,可以多试几次
# 启动日志会打印加入k8s集群的命令
# kubeadm join 192.168.1.151:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:3c86e544a96e68e78d67f85effc954d65ef83893998d20b58d85049800ecacd1
# 按照日志提示执行
mkdir $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
# 加载flannel配置
kubectl apply -f kube-flannel.yml
# 配置分发到k8s-02\k8s-03
scp /etc/kubernetes/admin.conf root@k8s-02:/root
scp /etc/kubernetes/admin.conf root@k8s-03:/root
========================
# k8s-02\k8s-03分别执行
mkdir $HOME/.kube
cp -i $HOME/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
# 加入集群
kubeadm join 192.168.1.151:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:3c86e544a96e68e78d67f85effc954d65ef83893998d20b58d85049800ecacd1
异常:
1.最可能出现异常的情况是拉取k8s镜像失败,为何阿里云如此不稳定一时没找到原因,多拉几次解决;
2.从节点第二次加入集群时会提示某些文件存在,删除这些文件即可;
3.节点显示not ready多半也是镜像问题,可以尝试删除后重新应用flannel配置;
kubectl delete -f kube-flannel.yml
kubectl apply -f kube-flannel.yml
4.如果提示config相关,节点没能加入集群,是由于kubeadm和kubelet版本不一致,删除kubectl和kubelet重新安装;
yum remove kubectl kubelet -y
参考:
https://www.cnblogs.com/caoxb/p/11243472.html
5.从节点克隆出新节点,加入集群时提示:
cluster CA found in cluster-info configmap is invalid
原因是hash值错误,主节点执行:
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
获取hash值
6.提示:
unable to fetch the kubeadm-config ConfigMap: failed to get config map: Unauthorized
# master执行
kubeadm token create
# 从节点修改join的token参数
网友评论