kubernete入门学习三官方步骤

========================================

Centos 7使用kubdeadm安装K8S前需要做的工作:

hosts

key

关闭swap

关闭selinux

关闭防火墙

集群里的每个节点的/etc/hosts都要有所有节点ip和与其对应的hostname

docker安装完毕

让系统内核开启网络转发

hosts

10.249.6.100 master

10.249.6.101 node01

10.249.6.102 node02

key

[root@master ~]# ssh-keygen 

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa): 

Created directory '/root/.ssh'.

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:rTeyvAHlYyRAi0e6RBeDs7dnVR2eX1lWLJ/d2p5Vd58 root@master

The key's randomart image is:

+---[RSA 2048]----+

|  .oB.     ... .=|

| .o= +    ......+|

|  +oo . o.  o  +=|

| ..o.  =..   . oB|

|  .. ...S .   .o*|

|    . oo o    .E+|

|     o  + o    .o|

|       . = .   ..|

|        +.       |

+----[SHA256]-----+

[root@master ~]# 

[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node01

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"

The authenticity of host 'node01 (10.249.6.101)' can't be established.

ECDSA key fingerprint is SHA256:xC2BJAXqUza82oXNd2saKmsGjCSkGzJ7ySlwmOsreF4.

ECDSA key fingerprint is MD5:f8:0f:08:7f:f8:7a:13:ba:b6:96:f2:6b:f5:d3:be:7d.

Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@node01's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node01'"

and check to make sure that only the key(s) you wanted were added.

[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node02

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"

The authenticity of host 'node02 (10.249.6.102)' can't be established.

ECDSA key fingerprint is SHA256:z1uzA7zPe8gw0VRvI7JJTE7C677nWK1nqn0K8abQ/a4.

ECDSA key fingerprint is MD5:42:cb:bb:03:5c:86:bb:64:e7:2d:35:28:92:a8:7e:84.

Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@node02's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node02'"

and check to make sure that only the key(s) you wanted were added.

[root@master ~]# ssh node01

Last login: Thu Feb 28 05:41:18 2019 from 10.249.100.226

[root@node01 ~]# exit

logout

Connection to node01 closed.

[root@master ~]# ssh node02

Last failed login: Thu Feb 28 05:50:39 EST 2019 from 10.249.6.100 on ssh:notty

There was 1 failed login attempt since the last successful login.

Last login: Thu Feb 28 05:40:36 2019 from 10.249.100.227

关闭swap

swapoff -a 

sed -i 's/.*swap.*/#&/' /etc/fstab

关闭防火墙

systemctl stop firewalld

systemctl disable firewalld

setenforce  0

vi /etc/selinux/config

SELINUX=disabled

SELINUXTYPE=targeted

安装容器

#!/bin/bash

CHANNEL=stable

curl -fsSL https://get.docker.com/ | sh -s -- --mirror Aliyun

mkdir -p /etc/docker

touch /etc/docker/daemon.json

cat > /etc/docker/daemon.json <
{

      "registry-mirrors": ["https://registry.docker-cn.com"]

}

EOF

systemctl restart docker

systemctl enable docker

安装kubeadm

下载安装包k8s-mirrors-master.zip

https://github.com/Mr-Linus/k8s-mirrors

执行以下命令

./install-generic/install-kubeadm_el7.sh    所有机器都要安装

拉取镜像

如果你的机器可以翻越GFW,请忽略本步骤

如果你的机器不能翻越GFW,请看以下步骤：

如何使用

运行容器拉取指定镜像

版本V1.13.3

docker run --rm -it \

        -v /var/run/docker.sock:/var/run/docker.sock  \

        registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:k8s-1.13.3

需要注意的是,每个节点无论是工作节点还是master节点都需要拉取镜像!!    

        

主节点安装k8s

./install-generic/install-k8s-master.sh

这个时候节点join进来并不会ready,需要你安装网络组件

安装脚本附带详细注释,安装出现任何疑问可以查看

mkdir -p $HOME/.kube

cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

chown $(id -u):$(id -g) $HOME/.kube/config

kubeadm join 10.249.6.100:6443 --token 8cc6gd.nsgvj2qeb2vuvyu2 --discovery-token-ca-cert-hash sha256:308c1cdfa34bba4049278012e873bd0ca21c9fcdc709e4f893c04de85381a53a

-----------------------------------------------

让系统内核开启网络转发

echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables 

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptable

下面可以做什么:

部署 CNI 选择需要的集群网络方案:flannel或calico(2选1)

flannel:

运行容器实现镜像拉取（可以GFW请忽略本步骤）：

#获取镜像列表

curl -s  https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml | grep image | awk -F': ' '{ print $2  }' > $pwd/image-flannel.txt

#拉取镜像

docker run --rm -it \

        -v $pwd/image-flannel.txt:/image-pull/image.txt \

        -v /var/run/docker.sock:/var/run/docker.sock  \

        registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:latest

# 部署flannel 

./install-networks/install-flannel.sh

calico:

# 部署calico

./install-networks/install-calico.sh

本项目致力于搭建完整的 K8S 平台，如果需要其他额外镜像，您可以使用image-pull镜像实现镜像拉取。 假设需要拉取的镜像名写在文件/root/image.txt中:

quay.io/coreos/flannel:v0.11.0

quay.io/coreos/flannel:v0.12.0

运行容器实现镜像拉取：

docker run --rm -it \

        -v /root/image.txt:/image-pull/image.txt \

        -v /var/run/docker.sock:/var/run/docker.sock  \

        registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:latest