Kubernetes集群部署

1、配置kubernetes源镜像库

1
2
3
4
5
6
7
8
9
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2、安装docker、kubelet、kubectl、kubeadm

1
yum install -y docker-ce kubectl-1.20.6 kubelet-1.20.6 kubeadm-1.20.6

3. Master节点初始化(Worker节点跳过)

1
2
3
4
kubeadm init --kubernetes-version=1.20.6  \
--apiserver-advertise-address=172.18.0.231   \
--image-repository registry.aliyuncs.com/google_containers  \
--service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16

4. 安装网络插件

1
kubectl apply -f /root/calico.yaml

5、安装Helm2

1
2
3
4
5
helm init --upgrade --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.9.1 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

6、显示加入集群命令

1
kubeadm token create --print-join-command

7、设置节点不可调度

1
kubectl cordon k8s-master01

8、驱逐节点上的pod

1
kubectl drain 172-18-1-36.master --delete-emptydir-data --ignore-daemonsets

9、给主节点打上不可调度污点

1
kubectl taint node 172-18-1-36.master node-role.kubernetes.io/master="":NoSchedule

10、去掉主节点不可调度的污点

1
kubectl taint node 172-18-1-36.master node-role.kubernetes.io/master-

11、创建sa及绑定集群管理员角色

1
2
3
4
admin_account="k8s-cyk-admin"
kubectl create serviceaccount ${admin_account} -n kube-system
kubectl create clusterrolebinding ${admin_account} --clusterrole=cluster-admin --serviceaccount=kube-system:${admin_account}
kubectl -n kube-system describe secrets $(kubectl -n kube-system get secret | grep ${admin_account} | awk '{print $1}')

错误

1、warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/containerd.io-1.4.4-3.1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY ] 1.2 MB/s | 33 MB 00:01:01 ETA
Public key for containerd.io-1.4.4-3.1.el7.x86_64.rpm is not installed

2、问题:yum安装docker,卸载后安装docker-ce报错

**Transaction check error:
file /usr/bin/docker from install of docker-ce-cli-1:20.10.6-3.el7.x86_64 conflicts with file from package docker-common-2:1.13.1-205.git7d71120.el7.centos.x86_64
file /usr/bin/dockerd from install of docker-ce-3:20.10.6-3.el7.x86_64 conflicts with file from package docker-common-2:1.13.1-205.git7d71120.el7.centos.x86_64

原因:未卸载干净 

1
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine

3、calico网络插件启动失败

2021-05-08 07:46:24.560 [ERROR][49] felix/health.go 246: Health endpoint failed, trying to restart it… error=listen tcp: lookup localhost on 114.114.114.114:53: no such host

原因:/etc/hosts文件中未配置ipv4和ipv6的回环地址,导致本机无法解析

1
2
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6