1.Kubernetes简介
官网:https://kubernetes.io/zh/docs/
kubernetes,简称K8s,是用8代替8个字符“ubernete”而成的缩写。是一个开源的,用于管理云平台中多个主机上的容器化的应用,Kubernetes的目标是让部署容器化的应用简单并且高效(powerful),Kubernetes提供了应用部署,规划,更新,维护的一种机制。
在Docker 作为高级容器引擎快速发展的同时,在Google内部,容器技术已经应用了很多年,Borg系统运行管理着成千上万的容器应用。
Kubernetes项目来源于Borg,可以说是集结了Borg设计思想的精华,并且吸收了Borg系统中的经验和教训。
Kubernetes对计算资源进行了更高层次的抽象,通过将容器进行细致的组合, 将最终的应用服务交给用户。
Kubernetes是Google开源的一个容器编排引擎,它支持自动化部署、大规模可伸缩、应用容器化管理。在生产环境中部署一个应用程序时,通常要部署该应用的多个实例以便对应用请求进行负载均衡。
在Kubernetes中,我们可以创建多个容器,每个容器里面运行一个应用实例,然后通过内置的负载均衡策略,实现对这一组应用实例的管理、发现、访问,而这些细节都不需要运维人员去进行复杂的手工配置和处理。
特点
可移植: 支持公有云,私有云,混合云,多重云(multi-cloud)
可扩展: 模块化,插件化,可挂载,可组合
自动化: 自动部署,自动重启,自动复制,自动伸缩/扩展
2.Kubernetes的安装和部署:
下列步骤所有部署k8s的主机都需要完成:
需要docker初始化环境;
vim /etc/docker/daemon.json
重启docker(直到docker info查看到Cgroup Driver状态为 systemd)
[root@server11 ~]# systemctl daemon-reload
[root@server11 ~]# systemctl restart docker
禁用swap
swapoff -a
vim /etc/fstab:注释swap
然后配置k8s 的yum 源:
[root@server11 ~]# cat /etc/yum.repos.d/k8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
安装k8s:
yum install -y kubelet kubeadm kubectl
开机自启动:
systemctl enable --now kubelet.service
配置master端:
查看k8s默认配置:
kubeadm config print init-defaults
列出所需镜像:
kubeadm config images list --image-repository registry.aliyuncs.com/google_containers
下载镜像:
kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers
[root@server11 ~]# kubeadm config images list --image-repository registry.aliyuncs.com/google_containers
registry.aliyuncs.com/google_containers/kube-apiserver:v1.20.5
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.20.5
registry.aliyuncs.com/google_containers/kube-scheduler:v1.20.5
registry.aliyuncs.com/google_containers/kube-proxy:v1.20.5
registry.aliyuncs.com/google_containers/pause:3.2
registry.aliyuncs.com/google_containers/etcd:3.4.13-0
registry.aliyuncs.com/google_containers/coredns:1.7.0
[root@server11 ~]# kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers
^C
[root@server11 ~]# kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.20.5
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.20.5
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.20.5
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.20.5
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.2
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.4.13-0
[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:1.7.0
初始化:
kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers
初始化完成后会生成join token;token有时效24h,超过24后需要生成新的token;
根据执行初始化提示结果:
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
k8s命令自动补齐:
下载:yum install -y bash-completion
然后:echo “source <(kubectl completion bash)” >> ~/.bashrc
生效:source .bashrc
此时可以通过 kubectl get node 查看节点状态:
在节点端:
yum install -y kubelet kubeadm kubectl
systemctl enable --now kubelet.service
添加token:
kubeadm join 172.25.254.111:6443 --token esgmoe.gv6il4lrhkdvnqx2
–discovery-token-ca-cert-hash sha256:85c0c9b01778f808715351222f1c89ba8a1f9778fdf53db3e393462475ba5d15
所有节点添加完成后:
在master端可以看见:
[root@server11 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
server11 NotReady control-plane,master 3h2m v1.20.5
server12 NotReady <none> 44s v1.20.5
server13 NotReady <none> 29s v1.20.5
安装网络组件:
在master端:
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
或者从本地导入:kubectl apply -f kube-flannel.yml
[root@server11 ~]# kubectl apply -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/flannel created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
结果:master和节点都已经就绪(ready)
[root@server11 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
server11 Ready control-plane,master 3h15m v1.20.5
server12 Ready <none> 14m v1.20.5
server13 Ready <none> 13m v1.20.5