上一节安装完kubelet、kubeadm、kubectl后,在master服务器上操作
初始化
# v1.20.1
kubeadm init \
--apiserver-advertise-address=192.168.1.135 \
--kubernetes-version v1.20.1 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--service-dns-domain=cluster.local \
--upload-certs
kubeadm init --apiserver-advertise-address=192.168.1.135 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --kubernetes-version v1.20.1 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all
# v1.24.1
kubeadm init --apiserver-advertise-address=192.168.1.135 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --kubernetes-version v1.24.1 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all --cri-socket /var/run/cri-dockerd.sock
kubeadm reset --cri-socket /var/run/cri-docker.sock #如果初始化未设置可如此重设
#如果出错或需修改参数时,执行如下命令后再init即可
kubeadm reset
--apiserver-advertise-address 集群通告地址
--image-repository 由于默认拉取镜像地址 k8s.gcr.io 国内无法访问,这里指定阿里云镜像仓库地址
--kubernetes-version K8s版本,与上面安装的一致
--service-cidr 集群内部虚拟网络,Pod统一访问入口
--pod-network-cidr Pod网络,与下面部署的CNI网络组件yaml中保持一致
--ignore-preflight-errors 忽略所有预检项的警告信息
--cri-socket /var/run/cri-dockerd.sock 使用运行时,需要安装cri-dockerd,不设置默认使用containerd
如果拉取镜像失败,先执行下面命令:
kubeadm config images list #查看需要的镜像
#由于国内无法下载k8s.gcr.io的镜像,所以先手动从阿里云拉取
# v1.20.1版本
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0
# v1.24.1版本
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.24.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.24.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.24.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.24.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.7
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.3-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns/coredns:v1.8.6
# 改名下载的镜像(把阿里云下载的镜像改名为k8s.gcr.io的镜像,这样当初始化时发现本地已有此镜像就直接使用而不用去k8s.gcr.io下载)
# v1.20.1版本
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.1 k8s.gcr.io/kube-apiserver:v1.20.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.1 k8s.gcr.io/kube-controller-manager:v1.20.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.1 k8s.gcr.io/kube-scheduler:v1.20.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.1 k8s.gcr.io/kube-proxy:v1.20.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 k8s.gcr.io/etcd:3.4.13-0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0 k8s.gcr.io/coredns:1.7.0
# v1.24.1版本
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.24.1 k8s.gcr.io/kube-apiserver:v1.24.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.24.1 k8s.gcr.io/kube-controller-manager:v1.24.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.24.1 k8s.gcr.io/kube-scheduler:v1.24.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.24.1 k8s.gcr.io/kube-proxy:v1.24.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.7 k8s.gcr.io/pause:3.7
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.3-0 k8s.gcr.io/etcd:3.5.3-0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns/coredns:v1.8.6 k8s.gcr.io/coredns/coredns:v1.8.6
初始化成功,会有提示需执行如下操作(使用kubectl访问集群):
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
复制初始化提示的信息如下,加入节点时使用(具体内容会不同,复制自己初始化成功的信息即可)
kubeadm join 192.168.1.135:6443 --token m2ykv0.tkiflix13da128e4 \
--discovery-token-ca-cert-hash sha256:49c4412c5d71bcfb4525ffe696a567f0bff0c19e67a0ac90ae786bae5b292d82
#token有效期是24小时,过期后重新生成
kubeadm token create –print-join-command
其它命令:
kubectl get cs #查看集群健康状态
kubectl get nodes #查看节点
kubectl get pod -n kube-system #查看镜像状态
kubectl get nodes 查看k8s-master为NotReady
kubectl get pod -n kube-system #查看镜像
默认master不参与工作负载,如果安装单机k8s环境,则可执行如下命令(删除Node的Label “node-role.kubernetes.io/master”),让Master节点成为一个Node节点:
kubectl taint nodes --all node-role.kubernetes.io/master- #去除污点
2019-04-12 11:35:07 未知 回复