记录日常工作关于系统运维,虚拟化云计算,数据库,网络安全等各方面问题。

Centos8安装docker19.03.4,kubernetes v1.16.2,kuboard面板


下载好centos8-boot.iso.安装到虚拟机中,安装源可以采用163源或是阿里源,这就不说了。

1. 环境预设(在所有主机上操作)

关闭firewalld:

 systemctl stop firewalld && systemctl disable firewalld 

关闭SElinux:

 setenforce 0 && sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config 

关闭Swap:

swapoff -a
echo "vm.swappiness = 0">> /etc/sysctl.conf
sed -i 's/.*swap.*/#&/' /etc/fstab
sysctl -p

使用阿里云yum源:

 wget -O /etc/yum.repos.d/CentOS7-Aliyun.repo http://mirrors.aliyun.com/repo/Centos-7.repo 

更新 /etc/hosts 文件:在每一台主机的该文件中添加k8s所有节点的IP和对应主机名,否则初始化的时候回出现告警甚至错误

echo "192.168.137.22 k8smaster" >> /etc/hosts


修改centos8系统为国内源。

cd /etc/yum.repos.d/
 
sed -i 's/mirrorlist/\#mirrorlist/g' CentOS-Base.repo
 
sed -i 's/\#baseurl/baseurl/g' CentOS-Base.repo
 
sed -i 's/mirrorlist/#mirrorlist/g' CentOS-AppStream.repo
sed -i 's/#baseurl=http:\/\/mirror.centos.org\/$contentdir/baseurl=https:\/\/mirrors.aliyun.com\/centos/g' CentOS-AppStream.repo
sed -i 's/mirrorlist/#mirrorlist/g' CentOS-Extras.repo
sed -i 's/#baseurl=http:\/\/mirror.centos.org\/$contentdir/baseurl=https:\/\/mirrors.aliyun.com\/centos/g' CentOS-Extras.repo
sed -i 's/baseurl=http:\/\/mirror.centos.org\/$contentdir/baseurl=https:\/\/mirrors.aliyun.com\/centos/g' CentOS-Base.repo
 

安装阿里云docker源:
cd /etc/yum.repos.d/

curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o docker-ce.repo


查看docker版本信息

yum list docker-ce --showduplicates | sort -r

安装最新版本的docker,实际上kubernetes v16.2 并不支持最新版本的docker ,支持docker 18版本。


wget https://download.docker.com/linux/centos/7/x86_64/edge/Packages/containerd.io-1.2.10-3.2.el7.x86_64.rpm
yum install  containerd.io-1.2.10-3.2.el7.x86_64.rpm
yum install -y docker-ce
systemctl enable docker --now


配置docker的deamon.json【没有就新建】

  
[root@k8smaster ~]# cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://a495m8mk.mirror.aliyuncs.com"]
}
{
          "exec-opts": ["native.cgroupdriver=systemd"]
}
 


安装相关依赖软件。

yum install -y yum-utils device-mapper-persistent-data lvm2


配置k8s相关参数文件。

cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
EOF

sysctl --system


sudo systemctl daemon-reload
sudo systemctl restart docker

安装kubeadm基础环境依赖镜像

[root@apple ~]# kubeadm config images list --kubernetes-version v1.16.2

k8s.gcr.io/kube-controller-manager:v1.16.2
k8s.gcr.io/kube-scheduler:v1.16.2
k8s.gcr.io/kube-proxy:v1.16.2
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2

我们从aliyun下载镜像,新建 一个get_k8s_images.sh 脚本
chmod +x get_k8s_images.sh
./get_k8s_images.sh

#! /bin/bashimages=(
    kube-apiserver:v1.16.2
    kube-controller-manager:v1.16.2
    kube-scheduler:v1.16.2
    kube-proxy:v1.16.2
    pause:3.1
    etcd:3.3.15-0
    coredns:1.6.2
)for imageName in ${images[@]} ; do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}
    docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName} k8s.gcr.io/${imageName}
    docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}done

安装kubeadm、kubelet和kubectl

kubeadm不管kubelet和kubectl,所以我们需要手动安装kubelet和kubectl:

yum install -y kubeadm kubelet kubectl  --disableexcludes=kubernetes

Kubelet负责与其他节点集群通信,并进行本节点Pod和容器生命周期的管理。
Kubeadm是Kubernetes的自动化部署工具,降低了部署难度,提高效率。
Kubectl是Kubernetes集群管理工具。

最后启动kubelet:

systemctl enable kubelet --now


部署master 节点

注:在master节点上进行如下操作

在安装过程中我们发现安装的是 1.16.2版本

kubeadm version

输出

kubeadm version: &version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b",
GitTreeState:"clean", BuildDate:"2019-10-15T19:15:39Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"}

镜像下载

https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/

执行 kubeadm config images list 命令就会输出如下所需版本

[root@k8smaster ~]# kubeadm config images list --kubernetes-version v1.16.2
k8s.gcr.io/kube-apiserver:v1.16.2
k8s.gcr.io/kube-controller-manager:v1.16.2
k8s.gcr.io/kube-scheduler:v1.16.2
k8s.gcr.io/kube-proxy:v1.16.2
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2
[root@k8smaster ~]#

kubeadm基础环境依赖镜像

我们从aliyun下载镜像,新建 一个get_k8s_images.sh 脚本

chmod +x get_k8s_images.sh
./get_k8s_images.sh

#! /bin/bashimages=(
    kube-apiserver:v1.16.2
    kube-controller-manager:v1.16.2
    kube-scheduler:v1.16.2
    kube-proxy:v1.16.2
    pause:3.1
    etcd:3.3.15-0
    coredns:1.6.2
)for imageName in ${images[@]} ; do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}
    docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName} k8s.gcr.io/${imageName}
    docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}done

systemctl enable kubelet && systemctl start kubelet
systemctl daemon-reload
systemctl restart kubelet


因为无法直接获取到所需镜像,这里是用镜像映射,通过tag更改名称


wget https://cbs.centos.org/repos/paas7-crio-115-release/x86_64/os/Packages/cri-o-1.15.1-2.el7.x86_64.rpm

rpm -Uvh cri-o-1.15.1-2.el7.x86_64.rpm --nodeps


systemctl daemon-reload
systemctl start crio.service
systemctl daemon-reload

在master进行Kubernetes集群初始化


kubeadm init --kubernetes-version=1.16.2 --apiserver-advertise-address=192.168.137.22 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16

或是

kubeadm init --kubernetes-version=1.16.2 --apiserver-advertise-address=192.168.137.22 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16


  1. –kubernetes-version: 用于指定k8s版本;

  2. –apiserver-advertise-address:用于指定kube-apiserver监听的ip地址,就是 master本机IP地址。

  3. –pod-network-cidr:用于指定Pod的网络范围; 10.244.0.0/16,可以不用指定,软件会自动添加。

  4. –service-cidr:用于指定SVC的网络范围;

  5. –image-repository: 指定阿里云镜像仓库地址。



这一步很关键,由于kubeadm 默认从官网k8s.grc.io下载所需镜像,国内无法访问,因此需要通过–image-repository指定阿里云镜像仓库地址

集群初始化成功后返回如下信息:
记录生成的最后部分内容,此内容需要在其它节点加入Kubernetes集群时执行。

Your Kubernetes control-plane has initialized successfully!To start using your cluster, 
you need to run the following as a regular user:  
mkdir -p $HOME/.kube  
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config  
sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.10.10.10:6443 --token kehvmq.e33d33lgkrm8h0rn \
    --discovery-token-ca-cert-hash sha256:6150e7960c44890d5dd6b160bbbb4bfa256023db22f004b54d27e1cca72b0afc 

根据以上结果,还要操作一些任务,会有一些报错,可根据自己的情况修改。

                           

Docker中的Cgroup Driver:Cgroupfs 与 Systemd            

在安装kubernetes的过程中,会出现

Copyfailed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"

文件驱动默认由systemd改成cgroupfs, 而我们安装的docker使用的文件驱动是systemd, 造成不一致, 导致镜像无法启动

docker info查看

Cgroup Driver: systemd

现在有两种方式, 一种是修改docker, 另一种是修改kubelet,

修改docker:#

修改或创建/etc/docker/daemon.json,加入下面的内容:

Copy{  "exec-opts": ["native.cgroupdriver=systemd"]
}

重启docker:

Copysystemctl restart docker
systemctl status docker

修改kubelet:#

Copyvim /etc/systemd/system/kubelet.service.d/10-kubeadm.conf# Note: This dropin only works with kubeadm and kubelet v1.11+[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamicallyEnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

添加如下内容--cgroup-driver=systemd

 

或者:

Copy# 配置kubelet使用国内pause镜像# 配置kubelet的cgroups# 获取docker的cgroups$ DOCKER_CGROUPS=$(docker info | grep 'Cgroup' | cut -d' ' -f3)$ echo $DOCKER_CGROUPS$ cat >/etc/sysconfig/kubelet<<EOFKUBELET_CGROUP_ARGS="--cgroup-driver=$DOCKER_CGROUPS"
KUBELET_EXTRA_ARGS="--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1"
EOF# 启动$ systemctl daemon-reload$ systemctl enable kubelet && systemctl restart kubelet

或者:

CopyDOCKER_CGROUPS=$(docker info | grep 'Cgroup' | cut -d' ' -f3)echo $DOCKER_CGROUPScat >/etc/sysconfig/kubelet<<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=$DOCKER_CGROUPS --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1"EOF# 启动$ systemctl daemon-reload
$ systemctl enable kubelet && systemctl restart kubelet
参考:

https://www.cnblogs.com/sparkdev/p/9523194.html

https://www.jianshu.com/p/02dc13d2f651

作者:hongda

出处:https://www.cnblogs.com/hongdada/p/9771857.html

版权:本站使用「署名 4.0 国际」创作共享协议,转载请在文章明显位置注明作者及出处。




配置kubectl工具

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

最后可以安装kubernetes dashborad 面板,我这里使用kuboard面板,很好用的。

kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml
kubectl get svc -A
kubectl get pods -o wide -A
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}')
 



转载请标明出处【Centos8安装docker19.03.4,kubernetes v1.16.2,kuboard面板】。

《www.92cto.com》 虚拟化云计算,系统运维,安全技术服务.

网站已经关闭评论