1. 为什么需要K8S
2. K8S 是什么
3. 安装 K8S
本文通过kubeadmin进行安装最新版本的1.19 K8S 版本,因为简单易上手。(操作系统选择了Centos 7.6)
3.1 前提条件
- 3台虚拟机准备 2vCPU 4G内存 以上 需要联网拉去镜像
- 配置DNS解析记录(没有DNS服务器需要在每台服务器上添加Host主机记录
3.2 环境准备
| 名称 | IP 地址 |
| K8S-Master | 172.16.0.11 |
| K8S-Node01 | 172.16.0.21 |
| K8S-Node02 | 172.16.0.22 |
3.3 安装步骤
3.3.1 系统初始化(所有节点操作)
关闭防火墙: $ systemctl stop firewalld $ systemctl disable firewalld 关闭selinux: $ sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久 $ setenforce 0 # 临时 关闭swap: $ swapoff -a # 临时 $ vim /etc/fstab # 永久 将桥接的IPv4流量传递到iptables的链: $ cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF $ sysctl --system # 生效 时间同步: $ yum install ntpdate -y $ ntpdate ntp.aliyun.com
3.3.2 安装 Docker(所有节点)
#安装 Docker Repo $ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo # 安装Docker $ yum -y install docker-ce # 重启服务 $ systemctl enable docker && systemctl start docker
# 配置Docker 镜像加速器 使用阿里云镜像仓库 代替Docker Hub
$ cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
$ systemctl restart docker
3.3.3 安装K8S
### 所有节点操作 # 下载K8S REPO源 $ cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # 固定kubelet 版本 $ yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0 $ systemctl enable kubelet
# Master节点操作 $ kubeadm init \ --apiserver-advertise-address=172.16.0.11 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.19.0 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16 \ --ignore-preflight-errors=all
# 输出如下
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.16.0.11:6443 --token lgvmn2.cfyk6dky82dr7z8c \
--discovery-token-ca-cert-hash sha256:759802868be91149d9c246a6f0cf5235c09d7ab9a9cef143f490fbc1b657e4de
### 查看节点
[root@k8s-master01 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady master 4m56s v1.19.0
-
-
--image-repository 由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址
-
--kubernetes-version K8s版本,与上面安装的一致
-
--service-cidr 集群内部虚拟网络,Pod统一访问入口
-
# Master 节点操作
### 使用配置文件部署 $ vi kubeadm.conf apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: v1.19.0 imageRepository: registry.aliyuncs.com/google_containers networking: podSubnet: 10.244.0.0/16 serviceSubnet: 10.96.0.0/12 $ kubeadm init --config kubeadm.conf --ignore-preflight-errors=all
# Master节点操作 #### 拷贝K8S 认证文件到默认路径 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
# NODE01 和 NODE02节点上操作
kubeadm join 172.16.0.11:6443 --token lgvmn2.cfyk6dky82dr7z8c \
--discovery-token-ca-cert-hash sha256:759802868be91149d9c246a6f0cf5235c09d7ab9a9cef143f490fbc1b657e4de
# 运行完成后 在Master节点上查看节点状态
[root@k8s-master01 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady master 7m28s v1.19.0
k8s-node01 NotReady <none> 21s v1.19.0
k8s-node02 NotReady <none> 6s v1.19.0
部署 CNI 网络插件
# Master节点上操作 wget https://docs.projectcalico.org/manifests/calico.yaml
下载完后还需要修改里面定义Pod网络(CALICO_IPV4POOL_CIDR),与前面kubeadm init指定的一样(10.244.0.0/16)
~~~~~ 注意对其
# 应用配置 kubectl apply -f calico.yaml # 查看POD状态 kubectl get pods -n kube-system
[root@k8s-master01 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready master 35m v1.19.0
k8s-node01 Ready <none> 27m v1.19.0
k8s-node02 Ready <none> 27m v1.19.0
3.4 测试群集
# 创建无状态应用 $ kubectl create deployment nginx --image=nginx [root@k8s-master01 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-6799fc88d8-snz4j 1/1 Running 0 45s #暴露80端口 svc类型为 Nodeport $ kubectl expose deployment nginx --port=80 --type=NodePort [root@k8s-master01 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 40m nginx NodePort 10.99.4.209 <none> 80:30027/TCP 5s
验证
[root@k8s-master01 ~]# curl http://172.16.0.21:30027
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
3.5 完成
命令补全:
k8s 命令自动补全 yum install -y bash-completion source /usr/share/bash-completion/bash_completion source <(kubectl completion bash) echo "source <(kubectl completion bash)" >> ~/.bashrc
MAC上:
$ brew install bash-completion $ source $(brew --prefix)/etc/bash_completion $ source <(kubectl completion bash)