环境
主机名 | ip |
master | 192.168.75.154 |
node1 | 192.168.75.155 |
node2 | 192.168.75.156 |
准备工作:
关闭三台防火墙
[root@master ~]# systemctl stop firewalld
[root@master ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master ~]# vi /etc/selinux/config
[root@master ~]# reboot
[root@node1 ~]# systemctl stop firewalld && systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@node1 ~]# vi /etc/selinux/config
[root@node1 ~]# reboot
[root@node2 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@node2 ~]# systemctl stop firewalld && systemctl disable firewalld
[root@node2 ~]# vi /etc/selinux/config
[root@node2 ~]# reboot
在master主机上做域名映射
[root@master ~]# vim /etc/hosts
[root@master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.75.154 master.example.com //添加
192.168.75.155 node1.example.com //添加
192.168.75.156 node2.example.com //添加
禁用swap交换分区
[root@master ~]# swapoff -a
[root@master ~]# vim /etc/fstab
[root@master ~]# cat /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0 //注释掉
[root@master ~]# mount -a
[root@master ~]# free -h
total used free shared buff/cache available
Mem: 7.6G 155M 7.2G 11M 244M 7.2G
Swap: 0B 0B 0B
[root@master ~]#
做ssh免密登录
[root@master ~]# ssh-keygen -t rsa
[root@master ~]# ssh-copy-id master.example.com
[root@master ~]# ssh-copy-id node1.example.com
[root@master ~]# ssh-copy-id node2.example.com
时间同步
[root@master ~]# yum install -y chrony
[root@master ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst //添加此行
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
[root@master ~]# systemctl enable --now chronyd
[root@master ~]# for i in master node1.example.com node2.example.com;do ssh $i 'date';done
ssh: Could not resolve hostname master: Name or service not known
2021年 12月 18日 星期六 20:21:55 CST
2021年 12月 18日 星期六 20:21:55 CST
将桥接的IPv4流量传递到iptables的链
[root@master ~]# vim /etc/sysctl.d/k8s.conf
[root@master ~]# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
安装:
所有主机安装docker
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
systemctl enable --now docker
配置docker加速器
mkdir -p /etc/docker
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://fcetdvye.mirror.aliyuncs.com"]
}
systemctl daemon-reload
systemctl enable --now docker
所有主机安装kubeadm,kubelet和kubectl
配置kubernetes阿里云YUM软件源
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
安装kubeadm,kubelet和kubectl
yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0
systemctl enable kubelet
在master主机上部署Kubernetes Master
kubeadm init \
--apiserver-advertise-address=192.168.75.154 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.20.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。
使用kubectl工具:
[root@master ~]# kubeadm init --apiserver-advertise-address=192.168.75.154 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.20.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.20.0
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
//在此处等待下载镜像
......
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.75.154:6443 --token 0k25rx.ro0tz0r8ttpbxv6r \
--discovery-token-ca-cert-hash sha256:055d22f1e4f1045a30581ff1df548531ddd9e704ab439cb90c1863c4185fb324
//保存结果,后面添加工作节点要用
[root@master ~]# vim init
[root@master ~]# cat init
dm join 192.168.75.154:6443 --token 0k25rx.ro0tz0r8ttpbxv6r \
--discovery-token-ca-cert-hash sha256:055d22f1e4f1045a30581ff1df548531ddd9e704ab439cb90c1863c4185fb324
[root@master ~]#
将node1和node2加入集群
kubeadm join 192.168.75.154:6443 --token 0k25rx.ro0tz0r8ttpbxv6r \
--discovery-token-ca-cert-hash sha256:055d22f1e4f1045a30581ff1df548531ddd9e704ab439cb90c1863c4185fb324
安装pod插件
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
使用kubectl工具
[root@master ~]# mkdir -p $HOME/.kube
root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master.example.com NotReady control-plane,master 4m49s v1.20.0
安装Pod网络插件
确保能够访问到quay.io这个registery
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
测试kubernetes集群
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master.example.com Ready control-plane,master 17m v1.20.0
node1.example.com Ready <none> 89s v1.20.0
node2.example.com Ready <none> 82s v1.20.0
//在Kubernetes集群中创建⼀个pod,验证是否正常运⾏
[root@master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@master ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-hbj7q 0/1 ContainerCreating 0 14s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19m
service/nginx NodePort 10.98.72.65 <none> 80:31040/TCP 5s