Centos7.9使用kubeadm部署K8S单机环境

使用kubeadm部署一个k8s单机环境

1. 环境信息

• 操作系统：CentOS 7.9.2009
• 内存: 4GB
• CPU: 2
• 网络: 能够互访，能够访问互联网

hostname	ip	备注
k8s	192.168.0.159	master + worker

2. 准备工作

在所有节点（包括 Master 和 Worker 节点）上执行以下步骤。

2.1 linux基础配置

# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld

# 关闭 swap
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

# 关闭 selinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

# 设置时区
timedatectl set-timezone Asia/Shanghai

# 时间同步
yum -y install ntpdate
ntpdate time.windows.com
hwclock --systohc

# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system  # 生效

2.2 安装 Docker

# 添加镜像源
curl https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
# 查看docker-ce的版本列表
yum list docker-ce --showduplicates | sort -r
# 安装20.10
yum -y install docker-ce-20.10.6-3.el7
systemctl start docker
systemctl enable docker

# 换成阿里Docker仓库
cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://wnsrsn9i.mirror.aliyuncs.com"]
}
EOF

# 重启配置生效
systemctl restart docker
docker info
...
 Registry Mirrors:
  https://wnsrsn9i.mirror.aliyuncs.com/
...

2.3 安装 kubeadm、kubelet 和 kubectl

# 添加镜像源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# 查看支持的版本
yum list kubelet --showduplicates | sort -r

# 安装
yum install -y kubelet-1.22.0 kubeadm-1.22.0 kubectl-1.22.0

# 配置kubelet服务自启动
systemctl enable kubelet

3. 单机部署

# 设置hostname
hostnamectl set-hostname k8s
cat >> /etc/hosts << EOF
192.168.0.159 k8s
EOF

# 初始化 Master
kubeadm init \
--apiserver-advertise-address=192.168.0.159 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.22.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16

...
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.0.159:6443 --token vb5md9.x6xwf6v3cr41iwio \
        --discovery-token-ca-cert-hash sha256:acb09147ed61103c7ab66d16150a382b378e10bb76cf986556830483c58ce448
...

# 按照提示执行如下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 如果是root用户，也可执行如下命令
export KUBECONFIG=/etc/kubernetes/admin.conf

# 去除污点
kubectl describe node k8s | grep Taints
kubectl taint nodes k8s node-role.kubernetes.io/master-

# 部署CNI网络插件
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

# 查看运行状态
kubectl get pods -A

如果kubeadm部署没有成功需要重新部署，请执行kubeadm reset重置后重试。

问题记录：

1. kubelet服务无法正常运行，报错如下：

"Failed to run kubelet" err="failed to run Kubelet: misconfiguration: kubelet cgroup driver: \"systemd\" is different from docker cgroup driver: \"cgroupfs\""
kubelet.service: main process exited, code=exited, status=1/FAILURE

解决方式：

在daemon.json中增加如下配置，"exec-opts": ["native.cgroupdriver=systemd"],，重启docker服务生效。然后重新启动kubelet服务即可恢复正常。

cat /etc/docker/daemon.json
{

  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": ["https://wnsrsn9i.mirror.aliyuncs.com"]
}

2. 国内网络无法下载安装flannel

如果无法下载yml文件，手动创建kube-flannel.yml，内容如下：

---
kind: Namespace
apiVersion: v1
metadata:
  name: kube-flannel
  labels:
    k8s-app: flannel
    pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: flannel
  name: flannel
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes/status
  verbs:
  - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: flannel
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: flannel
  name: flannel
  namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-flannel
  labels:
    tier: node
    k8s-app: flannel
    app: flannel
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "EnableNFTables": false,
      "Backend": {
        "Type": "vxlan"
      }
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds
  namespace: kube-flannel
  labels:
    tier: node
    app: flannel
    k8s-app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
      hostNetwork: true
      priorityClassName: system-node-critical
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni-plugin
        image: docker.io/flannel/flannel-cni-plugin:v1.4.1-flannel1
        command:
        - cp
        args:
        - -f
        - /flannel
        - /opt/cni/bin/flannel
        volumeMounts:
        - name: cni-plugin
          mountPath: /opt/cni/bin
      - name: install-cni
        image: docker.io/flannel/flannel:v0.25.4
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: docker.io/flannel/flannel:v0.25.4
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
            add: ["NET_ADMIN", "NET_RAW"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: EVENT_QUEUE_DEPTH
          value: "5000"
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
        - name: xtables-lock
          mountPath: /run/xtables.lock
      volumes:
      - name: run
        hostPath:
          path: /run/flannel
      - name: cni-plugin
        hostPath:
          path: /opt/cni/bin
      - name: cni
        hostPath:
          path: /etc/cni/net.d
      - name: flannel-cfg
        configMap:
          name: kube-flannel-cfg
      - name: xtables-lock
        hostPath:
          path: /run/xtables.lock
          type: FileOrCreate

部署flannel会拉取两个镜像，国内网络环境有时候无法顺利拉取，可以从其他地方获取后离线导入当前环境：

[root@k8s-master ~]# docker images
REPOSITORY                                                        TAG               IMAGE ID       CREATED        SIZE
flannel/flannel                                                   v0.25.4           e6c43605b714   18 hours ago   81MB
flannel/flannel-cni-plugin                                        v1.4.1-flannel1   1e3c860c213d   7 weeks ago    10.3MB

4. 创建测试应用

# 创建一个nginx应用，并暴露到节点外部
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort

# 查看部署的应用
kubectl get pod,svc
NAME                        READY   STATUS    RESTARTS   AGE
pod/nginx-f89759699-j9lnv   1/1     Running   0          30s

NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        34m
service/nginx        NodePort    10.102.197.201   <none>        80:30510/TCP   19s

通过k8s节点ip+30510端口即可访问nginx。