安装前的检查
检查项
检查细节
结果
主机
一台兼容的 Linux 主机。Kubernetes 项目为基于 Debian 和 Red Hat 的 Linux 发行版以及一些不提供包管理器的发行版提供通用的指令
硬件 - 内存
每台机器 2 GB 或更多的 RAM
硬件 - CPU
2 CPU 核或更多
网络
集群中的所有机器的网络彼此均能相互连接(公网和内网都可以)
配置 - 主机名
节点之中不可以有重复的主机名、MAC 地址或 product_uuid
配置 - 开放端口
master: 6443, 2379-2380, 10250, 10251, 10252 worker:10250, 30000-32767
配置 - 禁用swap
禁用swap
必要的安装和配置
1 sudo modprobe br_netfilter
1 2 3 cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf br_netfilter EOF
1 2 3 4 cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF
1 sudo sed -i '/ swap / s/^/#/' /etc/fstab
安装容器运行时sudo apt-get install docker.iosudo systemctl enable dockersudo systemctl start docker
安装kubeadm, kubelet, kubectl
1 apt-get update && apt-get install -y apt-transport-https
1 2 3 4 curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF
1 apt-get install -y kubelet kubeadm kubectl
配置docker CGroup driver 与 kubelet CGroup driver 一致: systemd
创建或者编辑 /etc/docker/daemon.json docker daemon 配置文件:
1 2 3 { "exec-opts" : [ "native.cgroupdriver=systemd" ] }
然后重启 docker:
1 2 sudo systemctl restart docker
配置Control-plane (master节点)
1 sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers --ignore-preflight-errors=all
一切正常后会有一段说明worker节点Join master节点的命令,请将其保存下来,后续在worker节点部署步骤上需要使用(以下为示例):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.30.1:6443 --token xxxxxxxxx.xxxxxxxxxxx \ --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1 2 3 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/confi
1 sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
配置worker节点 kubeadm join master节点将上一步骤中master节点kubeadm join命令在worker节点上执行。
1 2 kubeadm join 192.168.30.1:6443 --token xxxxxxxxx.xxxxxxxxxxx \ --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
安装Helm及ingress-nginx
1 2 3 4 5 curl https://baltocdn.com/helm/signing.asc | sudo apt-key add - sudo apt-get install apt-transport-https --yes echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list sudo apt-get update sudo apt-get install helm
ingress-nginx
1 2 3 4 helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm install ingress-nginx ingress-nginx/ingress-nginx
排错 遇到 coredns 组件镜像下载问题怎么办? 阿里云镜像registry.aliyuncs.com/google_containers/coredns:v1.8.4 这个镜像tag目前无法获取,可以考虑使用 kubectl edit deployment.apps/coredns -n kube-system 或者 kubectl set image 命令替换image为coredns/coredns:1.8.4
helm 安装ingress-nginx 失败怎么办?考虑使用官网 baremetal 方式安装,鉴于有些镜像在国内无法访问可以用部分个人维护的国内镜像替换:kubernetes 安装 ingress controller
提升效率的一些shell配置 如果使用的是bash:sudo vim /etc/bash.bashrc
1 2 3 4 source <(kubectl completion bash) alias k=kubectl complete -F __start_kubectl k alias kns="kubectl config set-context --current --namespace"
