kubernete入门学习-三-官方步骤
作者:互联网
========================================
Centos 7使用kubdeadm安装K8S前需要做的工作:
hosts
key
关闭swap
关闭selinux
关闭防火墙
集群里的每个节点的/etc/hosts都要有所有节点ip和与其对应的hostname
docker安装完毕
让系统内核开启网络转发
hosts
10.249.6.100 master
10.249.6.101 node01
10.249.6.102 node02
key
[root@master ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rTeyvAHlYyRAi0e6RBeDs7dnVR2eX1lWLJ/d2p5Vd58 root@master
The key's randomart image is:
+---[RSA 2048]----+
| .oB. ... .=|
| .o= + ......+|
| +oo . o. o +=|
| ..o. =.. . oB|
| .. ...S . .o*|
| . oo o .E+|
| o + o .o|
| . = . ..|
| +. |
+----[SHA256]-----+
[root@master ~]#
[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'node01 (10.249.6.101)' can't be established.
ECDSA key fingerprint is SHA256:xC2BJAXqUza82oXNd2saKmsGjCSkGzJ7ySlwmOsreF4.
ECDSA key fingerprint is MD5:f8:0f:08:7f:f8:7a:13:ba:b6:96:f2:6b:f5:d3:be:7d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node01's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@node01'"
and check to make sure that only the key(s) you wanted were added.
[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node02
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'node02 (10.249.6.102)' can't be established.
ECDSA key fingerprint is SHA256:z1uzA7zPe8gw0VRvI7JJTE7C677nWK1nqn0K8abQ/a4.
ECDSA key fingerprint is MD5:42:cb:bb:03:5c:86:bb:64:e7:2d:35:28:92:a8:7e:84.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node02's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@node02'"
and check to make sure that only the key(s) you wanted were added.
[root@master ~]# ssh node01
Last login: Thu Feb 28 05:41:18 2019 from 10.249.100.226
[root@node01 ~]# exit
logout
Connection to node01 closed.
[root@master ~]# ssh node02
Last failed login: Thu Feb 28 05:50:39 EST 2019 from 10.249.6.100 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Feb 28 05:40:36 2019 from 10.249.100.227
关闭swap
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vi /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
安装容器
#!/bin/bash
CHANNEL=stable
curl -fsSL https://get.docker.com/ | sh -s -- --mirror Aliyun
mkdir -p /etc/docker
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
systemctl restart docker
systemctl enable docker
安装kubeadm
下载安装包k8s-mirrors-master.zip
https://github.com/Mr-Linus/k8s-mirrors
执行以下命令
./install-generic/install-kubeadm_el7.sh 所有机器都要安装
拉取镜像
如果你的机器可以翻越GFW,请忽略本步骤
如果你的机器不能翻越GFW,请看以下步骤:
如何使用
运行容器拉取指定镜像
版本V1.13.3
docker run --rm -it \
-v /var/run/docker.sock:/var/run/docker.sock \
registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:k8s-1.13.3
需要注意的是,每个节点无论是工作节点还是master节点都需要拉取镜像!!
主节点安装k8s
./install-generic/install-k8s-master.sh
这个时候节点join进来并不会ready,需要你安装网络组件
安装脚本附带详细注释,安装出现任何疑问可以查看
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
kubeadm join 10.249.6.100:6443 --token 8cc6gd.nsgvj2qeb2vuvyu2 --discovery-token-ca-cert-hash sha256:308c1cdfa34bba4049278012e873bd0ca21c9fcdc709e4f893c04de85381a53a
-----------------------------------------------
让系统内核开启网络转发
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptable
下面可以做什么:
部署 CNI 选择需要的集群网络方案:flannel或calico(2选1)
flannel:
运行容器实现镜像拉取(可以GFW请忽略本步骤):
#获取镜像列表
curl -s https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml | grep image | awk -F': ' '{ print $2 }' > $pwd/image-flannel.txt
#拉取镜像
docker run --rm -it \
-v $pwd/image-flannel.txt:/image-pull/image.txt \
-v /var/run/docker.sock:/var/run/docker.sock \
registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:latest
# 部署flannel
./install-networks/install-flannel.sh
calico:
# 部署calico
./install-networks/install-calico.sh
本项目致力于搭建完整的 K8S 平台,如果需要其他额外镜像,您可以使用image-pull镜像实现镜像拉取。 假设需要拉取的镜像名写在文件/root/image.txt中:
quay.io/coreos/flannel:v0.11.0
quay.io/coreos/flannel:v0.12.0
运行容器实现镜像拉取:
docker run --rm -it \
-v /root/image.txt:/image-pull/image.txt \
-v /var/run/docker.sock:/var/run/docker.sock \
registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:latest
标签:kubernete,入门,步骤,image,ssh,key,docker,root,id 来源: https://blog.csdn.net/yujin2010good/article/details/88043217