kubeadmを使用してCentOS 7にkubernetesをインストールする1.7.3

1.準備
CentOS 7.3.1611ホストを2台用意
1.1システム構成
1.1.1 hostnameの変更

hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2

1.1.2修正/etc/hosts

echo "10.211.55.51 k8s-node1" >> /etc/hosts
echo "10.211.55.52 k8s-node2" >> /etc/hosts

1.1.3ファイアウォールの無効化

systemctl stop firewalld
systemctl disable firewalld

1.2 dockerのインストール
2台のホストをインストールする
Docker versions 1.10.3, 1.11.2, 1.12.6 have been validated
現在kubernetes公式サポートdockerの最高バージョンは1.12.6なので、ここには1.12.6バージョンのdockerがインストールされています.
1.2.1 Add the yum repo

sudo tee /etc/yum.repos.d/docker.repo <

1.2.2 Install the Docker package

yum install -y docker-engine-1.12.6
systemctl enable docker && systemctl start docker

2.クbectlクbeadmクbeletをインストールする
2台のホストをインストールする

cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
        https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubectl  kubelet kubeadm

   /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
  Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=systemd"
   Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"
systemctl enable kubelet && systemctl start kubelet

3.kubeadm initを使用してクラスタを初期化する
Note: - In order for Network Policy to work correctly, you need to pass --pod-network-cidr=192.168.0.0/16 to kubeadm init - Calico works on amd64 only.
ここでは後でcalicoを使用するので、pod-network-cidrパラメータが必要です.

kubeadm init --pod-network-cidr=192.168.0.0/16

[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.7.3
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks
[preflight] Starting the kubelet service
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert is signed for DNS names [k8s-node1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.211.55.51]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and public key.
[certificates] Generated front-proxy CA certificate and key.
[certificates] Generated front-proxy client certificate and key.
[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[apiclient] Created API client, waiting for the control plane to become ready
[apiclient] All control plane components are healthy after 128.500975 seconds
[token] Using token: b5bdde.b6a3e93dbd76a535
[apiconfig] Created RBAC rules
[addons] Applied essential addon: kube-proxy
[addons] Applied essential addon: kube-dns

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run (as a regular user):

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  http://kubernetes.io/docs/admin/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join --token b5bdde.b6a3e93dbd76a535 10.211.55.51:6443

4.pod networkのインストール
ここではcalicoを使います

kubectl apply -f https://docs.projectcalico.org/v2.4/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml

configmap "calico-config" created
daemonset "calico-etcd" created
service "calico-etcd" created
daemonset "calico-node" created
deployment "calico-policy-controller" created
clusterrolebinding "calico-cni-plugin" created
clusterrole "calico-cni-plugin" created
serviceaccount "calico-cni-plugin" created
clusterrolebinding "calico-policy-controller" created
clusterrole "calico-policy-controller" created
serviceaccount "calico-policy-controller" created

kubectl get pods --all-namespaces

NAMESPACE     NAME                                       READY     STATUS    RESTARTS   AGE
kube-system   calico-etcd-twsf9                          1/1       Running   0          2h
kube-system   calico-node-nmbcp                          2/2       Running   0          2h
kube-system   calico-node-st191                          2/2       Running   0          2h
kube-system   calico-policy-controller-336633499-km08x   1/1       Running   0          2h
kube-system   etcd-k8s-node1                             1/1       Running   0          2h
kube-system   kube-apiserver-k8s-node1                   1/1       Running   0          2h
kube-system   kube-controller-manager-k8s-node1          1/1       Running   0          2h
kube-system   kube-dns-2425271678-01qzj                  3/3       Running   3          2h
kube-system   kube-proxy-6rk7f                           1/1       Running   0          2h
kube-system   kube-proxy-xbv0b                           1/1       Running   0          2h
kube-system   kube-scheduler-k8s-node1                   1/1       Running   0          2h

5.kubernetesクラスタへのnodeの追加

kubeadm join --token 6161c7.47935395206b75fe 10.211.55.51:6443

[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[preflight] The system verification failed. Printing the output from the verification:
OS: Linux
KERNEL_VERSION: 3.10.0-514.el7.x86_64
CONFIG_NAMESPACES: enabled
CONFIG_NET_NS: enabled
CONFIG_PID_NS: enabled
CONFIG_IPC_NS: enabled
CONFIG_UTS_NS: enabled
CONFIG_CGROUPS: enabled
CONFIG_CGROUP_CPUACCT: enabled
CONFIG_CGROUP_DEVICE: enabled
CONFIG_CGROUP_FREEZER: enabled
CONFIG_CGROUP_SCHED: enabled
CONFIG_CPUSETS: enabled
CONFIG_MEMCG: enabled
CONFIG_INET: enabled
CONFIG_EXT4_FS: enabled (as module)
CONFIG_PROC_FS: enabled
CONFIG_NETFILTER_XT_TARGET_REDIRECT: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled (as module)
CONFIG_OVERLAY_FS: enabled (as module)
CONFIG_AUFS_FS: not set - Required for aufs.
CONFIG_BLK_DEV_DM: enabled (as module)
CGROUPS_CPU: enabled
CGROUPS_CPUACCT: enabled
CGROUPS_CPUSET: enabled
CGROUPS_DEVICES: enabled
CGROUPS_FREEZER: enabled
CGROUPS_MEMORY: enabled
[preflight] WARNING: docker service is not enabled, please run 'systemctl enable docker.service'
[preflight] Some fatal errors occurred:
    failed to get docker info: Cannot connect to the Docker daemon. Is the docker daemon running on this host?
    docker service is not active, please run 'systemctl start docker.service'
    /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`
[root@centos-7 ~]# systemctl enable docker && systemctl start docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@centos-7 ~]# kubeadm join --token 6161c7.47935395206b75fe 10.211.55.51:6443
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[preflight] Running pre-flight checks
[discovery] Trying to connect to API Server "10.211.55.51:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.211.55.51:6443"
[discovery] Cluster info signature and contents are valid, will use API Server "https://10.211.55.51:6443"
[discovery] Successfully established connection with API Server "10.211.55.51:6443"
[bootstrap] Detected server version: v1.7.3
[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1)
[csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request
[csr] Received signed certificate from the API server, generating KubeConfig...
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"

Node join complete:
* Certificate signing request sent to master and response
  received.
* Kubelet informed of new secure connection details.

Run 'kubectl get nodes' on the master to see this machine join.

リファレンス

kubeadmを使用してKubernetes 1.7

をインストール