未整理2 - 2.K8s安装集群 - 《Docker》

创建并修改配置
查看所需镜像
拉取所需镜像
安装主节点
- 配置 kubectl
- 验证是否成功
安装从节点
- 验证是否成功
- 查看 Pod 状态
批量删除Evicted Pods

创建并修改配置

# 导出配置文件
kubeadm config print init-defaults --kubeconfig ClusterConfiguration > kubeadm.yml

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  # 修改为主节点 IP
  advertiseAddress: 192.168.1.201
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: kubernetes-master
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
# 国内不能访问 Google，修改为阿里云
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
# 修改版本号
kubernetesVersion: v1.15.0
networking:
  dnsDomain: cluster.local
  # 配置 POD 所在网段为我们虚拟机不重叠的网段（这里用的是 Flannel 默认网段）
  podSubnet: "10.244.0.0/16"
  serviceSubnet: 10.96.0.0/12
scheduler: {}

查看所需镜像

kubeadm config images list --config kubeadm.yml

# 输出如下
registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.0
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.15.0
registry.aliyuncs.com/google_containers/kube-scheduler:v1.15.0
registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0
registry.aliyuncs.com/google_containers/pause:3.1
registry.aliyuncs.com/google_containers/etcd:3.3.10
registry.aliyuncs.com/google_containers/coredns:1.3.1

拉取所需镜像

kubeadm config images pull --config kubeadm.yml

# 输出如下
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.15.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.15.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.15.0
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.1
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.3.10
[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:1.3.1

安装主节点

kubeadm init --config=kubeadm.yml --upload-certs | tee kubeadm-init.log

# 最后输出如下
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.1.201:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:0978563ea2487e53200408a1260b206b9e5d8cfc2d93d434e41071f11ae0ce43

配置 kubectl

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

# 非 ROOT 用户执行
chown $(id -u):$(id -g) $HOME/.kube/config

验证是否成功

kubectl get node

# 输出如下
NAME                STATUS     ROLES    AGE     VERSION
kubernetes-master   NotReady   master   4m38s   v1.15.0

安装从节点

kubeadm join 192.168.1.201:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:0978563ea2487e53200408a1260b206b9e5d8cfc2d93d434e41071f11ae0ce43

如果子节点出现以下报错是因为Token令牌失效(有效期24h)需要重新创建

[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get config map: Unauthorized

创建Token

kubeadm token create

# 输出如下
3d7o6i.66c6fx0kvfe12how

查看所有Token

kubeadm token list

# 输出如下
3d7o6i.66c6fx0kvfe12how   23h         2019-09-03T17:25:44+08:00   authentication,signing   <none>                                                system:bootstrappers:kubeadm:default-node-token
abcdef.0123456789abcdef   <invalid>   2019-09-02T14:33:31+08:00   authentication,signing   <none>                                                system:bootstrappers:kubeadm:default-node-token
l7v5v8.jtoyd9it1v02y96z   <invalid>   2019-09-01T16:33:31+08:00   <none>                   Proxy for managing TTL for the kubeadm-certs secret   <none>

查看K8s证书

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

# 输出如下
0978563ea2487e53200408a1260b206b9e5d8cfc2d93d434e41071f11ae0ce43

验证是否成功

回到 Master 主节点查看是否安装成功

kubectl get node

# 输出如下
NAME                 STATUS     ROLES    AGE   VERSION
kubernetes-master    NotReady   master   20m   v1.15.0
kubernetes-node-01   NotReady   <none>   16s   v1.15.0
kubernetes-node-02   NotReady   <none>   6s    v1.15.0

查看 Pod 状态

coredns 尚未运行，此时我们还需要安装网络插件

kubectl get pod -n kube-system -o wide

批量删除Evicted Pods

kubectl -n kube-system  get pods | grep Evicted |awk '{print$1}'|xargs kubectl -n kube-system delete pods