资源准备
角色 | 主机名 | ip | 系统 |
---|---|---|---|
master | m8s-master01 | 192.168.219.160 | CentOS 7.9.2009 |
node | m8s-node01 | 192.168.219.164 | CentOS 7.9.2009 |
软件信息
软件 | 版本 |
---|---|
docker | 19.03.11 |
kubernetes | 1.18.18 |
一、安装docker
Install required packages
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
Add the Docker repository
[root@localhost ~]# yum-config-manager --add-repo
https://download.docker.com/linux/centos/docker-ce.repo
Install Docker CE
[root@localhost ~]# yum update -y && yum install -y
containerd.io-1.2.13
docker-ce-19.03.11
docker-ce-cli-19.03.11
Create /etc/docker
[root@localhost ~]# mkdir /etc/docker
Set up the Docker daemon
[root@localhost ~]# cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
添加docker加速器
[root@localhost ~]# vim /etc/docker/daemon.json
在最后加上
"registry-mirrors": ["https://n0k07cz2.mirror.aliyuncs.com"]
[root@localhost ~]# cat /etc/docker/daemon.json
输出如下
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"registry-mirrors": ["https://n0k07cz2.mirror.aliyuncs.com"]
}
Restart Docker
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
二、系统配置(master、node节点)
1、关闭防火墙
[root@localhost ~]# systemctl stop firewalld
2、设置主机名
k8s-master01
[root@localhost ~]# hostnamectl set-hostname k8s-master01
k8s-node01
[root@localhost ~]# hostnamectl set-hostname k8s-node01
3、修改主机名(可省略,方便记忆)
[root@k8s-master01 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.219.160 k8s-master01
192.168.219.164 k8s-node01
4、关闭swap分区
[root@k8s-master01 ~]# swapoff -a
[root@k8s-master01 ~]# vi /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Apr 1 06:39:41 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=8bb2a63e-0853-417f-8c2d-c231588e4b07 /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
# 注释swap相关信息
# /dev/mapper/centos-swap swap swap defaults 0 0
5、流量转发
Setup required sysctl params, these persist across reboots.
[root@k8s-master01 ~]# cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
Apply sysctl params without reboot
[root@k8s-master01 ~]# sysctl --system
6、新增阿里yum源,这里是Centos 7系统
[root@k8s-master01 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
7、同步时间
centos6我们一直用的ntp时间服务器,虽然到CentOS7上也可以装ntp。但是各种问题。所以建议centos7使用chrony同步工具
[root@k8s-master01 ~]# yum install chrony -y
[root@k8s-master01 ~]# systemctl enable chronyd
[root@k8s-master01 ~]# systemctl start chronyd
[root@k8s-master01 ~]# chronyc sources
三、kubectl、kubelet、 kubeadm安装(master、node节点)
1、添加阿里kubernetes源信息
[root@k8s-master01 ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2、安装
[root@k8s-master01 ~]# yum -y install kubectl-1.18.18 kubelet-1.18.18 kubeadm-1.18.18
3、设置kubectl开机自启动
[root@k8s-master01 ~]# systemctl enable kubelet.service
四、Kubernetes主节点安装
1、获取安装文件yml
[root@k8s-master01 ~]# kubeadm config print init-defaults --kubeconfig ClusterConfiguration > kubeadm.yml
2、修改安装配置文件
[root@master01 ~]# vi kubeadm.yml
修改一下注释内容
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
# 修改主节点IP
advertiseAddress: 192.168.219.160
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: test1
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
# 国内不能访问 Google,修改为阿里云
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
# 修改为对应的k8s版本
kubernetesVersion: v1.18.18
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
3、可以查看所需镜像
[root@k8s-master01 ~]# kubeadm config images list --config kubeadm.yml
输出一下信息
W0610 02:42:29.980212 83223 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
registry.aliyuncs.com/google_containers/kube-apiserver:v1.18.18
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.18.18
registry.aliyuncs.com/google_containers/kube-scheduler:v1.18.18
registry.aliyuncs.com/google_containers/kube-proxy:v1.18.18
registry.aliyuncs.com/google_containers/pause:3.2
registry.aliyuncs.com/google_containers/etcd:3.4.3-0
registry.aliyuncs.com/google_containers/coredns:1.6.7
4、拉取镜像,静等10来分钟,具体快和慢和网络相关
[root@k8s-master01 ~]# kubeadm config images pull --config kubeadm.yml
5、安装主节点
[root@k8s-master01 ~]# kubeadm init --config=kubeadm.yml --upload-certs | tee kubeadm-init.log
说明 :
- init 命令是初始化
- --upload-certs参数可以在后续执行加入节点时自动分发证书文件
- tee kubeadm-init.log 用以输出日志
注意:
安装 kubernetes 版本和下载的镜像版本不统一则会出现
timed out waiting for the condition 错误。
想修改配置可以使用 kubeadm reset 命令重置配置,
重新初始化操作即可。
安装成功
6、配置 kubectl
[root@k8s-master01 ~]# mkdir -p $HOME/.kube
[root@k8s-master01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master01 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
验证是否成功
[root@k8s-master01 ~]# kubectl get nodes
显示如下信息
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady master 11m v1.18.18
五、安装从节点
1、加入节点到集群
在node节点上执行
[root@k8s-master01 ~]# kubeadm join 192.168.219.129:6443 --token abcdef.0123456789abcdef
--discovery-token-ca-cert-hash sha256:6dad4602dd288cbfbc952e3a9db40ee192ae8c4229479d60b330c95940131c06
节点验证
返回主节点查看
[root@k8s-master01 ~]# kubectl get nodes
输出如下
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady master 40m v1.18.18
k8s-node01 NotReady <none> 5m15s v1.18.18
这里的STATUS是NotReady因为coredns,需要安装网络插件
在master节点上查看 Pods 状态
[root@k8s-master01 ~]# kubectl get pods -n kube-system -o wide
输出如下
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-7ff77c879f-94wq9 1/1 Running 0 24h 192.168.32.129 k8s-master01 <none> <none>
coredns-7ff77c879f-kg4gd 0/1 Running 0 24h 192.168.85.194 k8s-node01 <none> <none>
etcd-k8s-master01 1/1 Running 0 24h 192.168.219.160 k8s-master01 <none> <none>
kube-apiserver-k8s-master01 1/1 Running 0 24h 192.168.219.160 k8s-master01 <none> <none>
kube-controller-manager-k8s-master01 1/1 Running 1 24h 192.168.219.160 k8s-master01 <none> <none>
kube-proxy-qwbpg 1/1 Running 0 24h 192.168.219.160 k8s-master01 <none> <none>
kube-proxy-t92jc 1/1 Running 0 24h 192.168.219.164 k8s-node01 <none> <none>
kube-scheduler-k8s-master01 1/1 Running 1 24h 192.168.219.160 k8s-master01 <none> <none>
六、网络插件安装
在使用使用容器的时候,只是提供一个CNI(Container Network Interface) 标准的通用的接口,容器网络解决方案 flannel,calico,Canal,weave,使用这些解决方案可以满足该协议的所有容器平台提供网络功能。
Calico链接 https://docs.projectcalico.or...
Flannel链接 https://github.com/coreos/fla...
Weave链接 https://www.weave.works/oss/net/
Canal 链接 https://github.com/projectcal...
我这里使用的是calico,因为支持网络策略、支持服务网格Istio集成
官方的安装文档:https://docs.projectcalico.or...
1、获取yml文档
[root@k8s-master01 ~]# wget https://docs.projectcalico.org/v3.18/manifests/calico.yaml
2、安装calico.yml
[root@k8s-master01 ~]# kubectl apply -f calico.yaml
验证安装是否成功
[root@k8s-master01 ~]# kubectl get pods --all-namespaces
输出如下
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-545578d5-dmzsj 1/1 Running 0 24m
kube-system calico-node-rmq5x 1/1 Running 0 24m
kube-system calico-node-v89vb 1/1 Running 0 24m
kube-system coredns-7ff77c879f-94wq9 1/1 Running 0 56m
kube-system coredns-7ff77c879f-kg4gd 0/1 Running 0 56m
kube-system etcd-k8s-master01 1/1 Running 0 56m
kube-system kube-apiserver-k8s-master01 1/1 Running 0 56m
kube-system kube-controller-manager-k8s-master01 1/1 Running 1 56m
kube-system kube-proxy-qwbpg 1/1 Running 0 56m
kube-system kube-proxy-t92jc 1/1 Running 0 56m
kube-system kube-scheduler-k8s-master01 1/1 Running 1 56m
3、查看 nodes状态
[root@k8s-master01 ~]# kubectl get nodes
显示STATUS -Ready代表网络已经组成
输出如下
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready master 24h v1.18.18
k8s-node01 Ready <none> 24h v1.18.18
七、容器部署
这里需要注意的是,之前使用 --replicas方式已经不推荐使用了
Flag --replicas has been deprecated, has no effect and will be removed in the future.
在K8S v1.18.0以后,–replicas已弃用 ,推荐用 deployment 创建 pods。
我这里使用nginx-1.18.0容器,作为示例
[root@k8s-master01 ~]# vi nginx-deployment.yaml
内容如下:
apiVersion: apps/v1 #指定api版本,此值必须在kubectl apiversion中
kind: Deployment # 指定创建资源的角色/类型
metadata: #资源的元数据/属性
name: nginx-deployment #资源的名字,在同一个namespace中必须唯一
labels: #设定资源的标签
app: nginx
spec: #指定该资源的内容
replicas: 1 #创建1个nginx容器
selector: #节点选择
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx #设定资源的标签
spec:
containers:
- name: nginx #容器的名字
image: nginx:1.18.0 #容器使用的镜像地址
ports:
- containerPort: 80 #容器开发对外的端口
---
apiVersion: v1 # API 版本号
kind: Service # 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
metadata: # 元数据
name: nginx-deployment # Kind 的名称
spec:
ports:
- port: 80 # Service 暴露的端口
targetPort: 80 # Pod 上的端口,这里是将 Service 暴露的端口转发到 Pod 端口上
type: LoadBalancer # 类型
selector: # 标签选择器
app: nginx # 需要和上面部署的 Deployment 标签名对应
1、容器部署发布
[root@k8s-master01 ~]# kubectl apply -f nginx-deployment.yaml
2、查看pods
[root@k8s-master01 ~]# kubectl get pods
显示如下
NAME READY STATUS RESTARTS AGE
nginx-deployment-75ddd4d4b4-6gtx5 1/1 Running 0 26h
3、查看deployment
[root@k8s-master01 ~]# kubectl get deployments
显示如下
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 1/1 1 1 26h
4、查看service
[root@k8s-master01 ~]# kubectl get services
显示如下
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 27h
nginx-deployment LoadBalancer 10.100.103.238 <pending> 80:32234/TCP 26h
验证服务
访问:http://192.168.219.160:32234/
5、查看资源对象详情
如:service、pod、deployment等
[root@k8s-master01 ~]# kubectl describe service nginx-deployment
6、服务删除
[root@k8s-master01 ~]# kubectl delete -f nginx-deployment.yaml
参考
https://blog.csdn.net/qq_3241...
https://cloud.tencent.com/dev...