Installing Kubernetes 1.13.3 using kubeadm
Preparatory environment: two CentOS 7 system servers, 2 cores, 2G
| host name | Ip | role |
|---|---|---|
| K8s-master | 192.168.2.7 | K8s master node |
| K8s-node1 | 192.168.137.4 | K8s slave node 1 |
Docker version: 1.18.3
Kubernetes Version: 1.13.3
(1) Preparations
(1) All nodes close the firewall
systemctl disable firewalld.service systemctl stop firewalld.service
(2) Disabling SELINUX
setenforce 0 vi /etc/selinux/config SELINUX=disabled
(3) All nodes close swap
swapoff -a
(4) Setting the host name of all nodes
hostnamectl --static set-hostname k8s-master hostnamectl --static set-hostname k8s-node1
(5) Host name/IP join hosts resolution for all nodes
vim /etc/hosts 192.168.2.7 k8s-master 192.168.137.4 k8s-node1
(2) Installation of docker
(1) Set up yum source in China and download docker
cd /etc/yum.repos.d/ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(2) Install the specified version of docker
yum -y install docker-ce-18.06.1.ce-3.el7
(3) Set up boot to start docker and start docker process
systemctl enable docker && systemctl start docker
(4) View the docker version
docker --version
(3) Installation of kubernetes
(1) Setting up the domestic yum source of kubernetes
vim /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
(2) Install kubelet, kubeadm,kubectl,cni
yum install -y kubelet-1.13.3 kubeadm-1.13.3 kubectl-1.13.3 kubernetes-cni-0.6.0-0
(4) Preparations for kubeadm init
(1) Download the image needed to start kubernetes
docker pull mirrorgooglecontainers/kube-apiserver:v1.13.3 docker pull mirrorgooglecontainers/kube-controller-manager:v1.13.3 docker pull mirrorgooglecontainers/kube-scheduler:v1.13.3 docker pull mirrorgooglecontainers/kube-proxy:v1.13.3 docker pull mirrorgooglecontainers/pause:3.1 docker pull mirrorgooglecontainers/etcd:3.2.24 docker pull coredns/coredns:1.2.6 docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
(2) Rename the download image to kubernetes and start the default image name
docker tag mirrorgooglecontainers/kube-apiserver:v1.13.3 k8s.gcr.io/kube-apiserver:v1.13.3 docker tag mirrorgooglecontainers/kube-controller-manager:v1.13.3 k8s.gcr.io/kube-controller-manager:v1.13.3 docker tag mirrorgooglecontainers/kube-scheduler:v1.13.3 k8s.gcr.io/kube-scheduler:v1.13.3 docker tag mirrorgooglecontainers/kube-proxy:v1.13.3 k8s.gcr.io/kube-proxy:v1.13.3 docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1 docker tag mirrorgooglecontainers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24 docker tag coredns/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6 docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64
(3) Delete the original image
docker rmi mirrorgooglecontainers/kube-apiserver:v1.13.3 docker rmi mirrorgooglecontainers/kube-controller-manager:v1.13.3 docker rmi mirrorgooglecontainers/kube-scheduler:v1.13.3 docker rmi mirrorgooglecontainers/kube-proxy:v1.13.3 docker rmi mirrorgooglecontainers/pause:3.1 docker rmi mirrorgooglecontainers/etcd:3.2.24 docker rmi coredns/coredns:1.2.6 docker rmi registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
(4) Setting Kernel Parameters
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF
Make configuration effective
sysctl -p /etc/sysctl.d/k8s.conf
(5) Start kubernetes and set up boot-up self-start
systemctl enable kubelet && systemctl start kubelet
Note that kubelet can't start properly at this time. You can check / var/log/messages for error messages. It's normal to wait for initialization. Please execute the above steps on all nodes of Kubernetes.
(5) Initialize cluster, kubeadm init
(1) master node, execute initialization command
kubeadm init --kubernetes-version=v1.13.3 --apiserver-advertise-address 192.168.2.7 --pod-network-cidr=10.244.0.0/16
· - apiserver-advertise-address: Specifies which IP address of Master is used to communicate with other nodes of Cluster.
· service-cidr: Specifies the scope of the Service network, that is, the IP address segment used by the load balancing VIP.
· - pod-network-cidr: Specifies the scope of the Pod network, that is, the IP address segment of the Pod.
· image-repository: The default Registries address for Kubenets is k8s.gcr.io It can't be visited at home. gcr.io In version 1.13, we can add the - image-repository parameter. The default value is k8s.gcr.io To designate it as the Ali Cloud Mirror Address: registry.aliyuncs.com/google_containers.
· - kubernetes-version=v1.13.3: Specify the version number to install.
ignore-preflight-errors=: Ignore runtime errors, such as [ERROR NumCPU] and [ERROR Swap], and ignoring these two errors is an increase
–ignore-preflight-errors=NumCPU
–ignore-preflight-errors=Swap
(2) Successful initialization results are as follows
Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join 192.168.2.7:6443 --token i8nxlt.ox0bzax19jak1tyq --discovery-token-ca-cert-hash sha256:02e8fd59a30c53e792f5f822409762bfab5aef329fd24c48f994a20f752c5738
(3) Node node joins master cluster
kubeadm join 192.168.2.7:6443 --token i8nxlt.ox0bzax19jak1tyq --discovery-token-ca-cert-hash sha256:02e8fd59a30c53e792f5f822409762bfab5aef329fd24c48f994a20f752c5738
(4) Configuring kubectl on master node
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile source /etc/profile echo $KUBECONFIG
(5) Installing pod network
Installation of Pod network is a necessary condition for communication between Pods. k8s supports many network schemes. Here we still choose the classic flannel scheme.
sysctl net.bridge.bridge-nf-call-iptables=1
vim kube-flannel.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-flannel-ds-amd64
namespace: kube-system
labels:
tier: node
app: flannel
spec:
template:
metadata:
labels:
tier: node
app: flannel
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: amd64
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.10.0-amd64
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.10.0-amd64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-flannel-ds-arm64
namespace: kube-system
labels:
tier: node
app: flannel
spec:
template:
metadata:
labels:
tier: node
app: flannel
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: arm64
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.10.0-arm64
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.10.0-arm64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-flannel-ds-arm
namespace: kube-system
labels:
tier: node
app: flannel
spec:
template:
metadata:
labels:
tier: node
app: flannel
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: arm
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.10.0-arm
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.10.0-arm
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-flannel-ds-ppc64le
namespace: kube-system
labels:
tier: node
app: flannel
spec:
template:
metadata:
labels:
tier: node
app: flannel
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: ppc64le
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.10.0-ppc64le
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.10.0-ppc64le
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-flannel-ds-s390x
namespace: kube-system
labels:
tier: node
app: flannel
spec:
template:
metadata:
labels:
tier: node
app: flannel
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: s390x
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.10.0-s390x
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.10.0-s390x
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
kubectl apply -f kube-flannel.yaml
Once the Pod network is installed, the following commands can be executed to check whether CoreDNS Pod is working properly at the moment, and once it is running properly, follow-up steps can be continued.
(6) View master's pod status
kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system coredns-78d4cf999f-8p4v8 1/1 Running 1 2d22h 10.244.0.4 k8s-master <none> <none> kube-system coredns-78d4cf999f-xmnxj 1/1 Running 1 2d22h 10.244.0.5 k8s-master <none> <none> kube-system etcd-k8s-master 1/1 Running 1 2d22h 192.168.2.7 k8s-master <none> <none> kube-system kube-apiserver-k8s-master 1/1 Running 1 2d22h 192.168.2.7 k8s-master <none> <none> kube-system kube-controller-manager-k8s-master 1/1 Running 1 2d22h 192.168.2.7 k8s-master <none> <none> kube-system kube-flannel-ds-amd64-95vw6 1/1 Running 1 2d22h 192.168.2.7 k8s-master <none> <none> kube-system kube-flannel-ds-amd64-j2xht 1/1 Running 0 41h 192.168.137.4 k8s-node1 <none> <none> kube-system kube-proxy-2d9n8 1/1 Running 0 41h 192.168.137.4 k8s-node1 <none> <none> kube-system kube-proxy-6v8pz 1/1 Running 1 2d22h 192.168.2.7 k8s-master <none> <none> kube-system kube-scheduler-k8s-master 1/1 Running 1 2d22h 192.168.2.7 k8s-master <none> <none>
All of them are running, which means that the startup is successful.
(7) Viewing the running status of nodes
kubectl get nodes
NAME STATUS ROLES AGE VERSION k8s-master Ready master 2d22h v1.13.3 k8s-node1 Ready <none> 41h v1.13.3
If the pod state is not running and the node is not ready, the problem can be sorted out through the log.
journalctl -f -u kubelet
You can also look at some common problems at the following address
https://blog.csdn.net/qq_34857250/article/details/82562514
init or join failed, kubeadm reset reset reset, try again
(6) token expires and nodes rejoin the cluster
(1) The token above is valid for one day, and you can view the token of the cluster.
kubeadm token list
(2) Create a permanent token that will not expire and is not recommended for security.
kubeadm token create --ttl 0
(3) View token values
kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS kgiide.777z4nmpgtamq2q8 <invalid> 2019-07-31T11:49:10+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token yu1ieo.lg1r6cpe5vlzgolg <forever> <never> authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
(4) Obtaining the hash value of sha256 code of ca certificate
$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
(5) The newly generated token and ca certificate sha256 encoding hash value reassembly is used to effectively join the cluster command. Before joining, the previously joined nodes can be deleted first.
kubectl delete node k8s-node1
kubeadm join 192.168.2.7:6443 --token yu1ieo.lg1r6cpe5vlzgolg --discovery-token-ca-cert-hash sha256:02e8fd59a30c53e792f5f822409762bfab5aef329fd24c48f994a20f752c5738
Reprinted place
https://blog.csdn.net/qq_34857250/article/details/82562514
https://www.kubernetes.org.cn/4956.html