前言
kubeadm是kubernetes官方提供的一种快速安装k8s集群的工具,在这里分享给大家
一、基础环境
1、关闭防火墙、swap和selinux
2、配置主机名与解析
hostnamectl set-hostname ops-master-1
hostnamectl set-hostname ops-node-1
hostnamectl set-hostname ops-node-2
vim /etc/hosts
192.168.0.26 ops-master-1
192.168.0.27 ops-node-1
192.168.0.28 ops-node-2
3、配置SSH无密码登陆(三台服务器都需要免密)
ssh-keygen
ssh-copy-id -i id_rsa.pub root@
4、时间同步
(1)配置master节点
yum -y install chrony
systemctl start chronyd
timedatectl set-ntp true
vim /etc/chrony.conf
allow 192.168.0.0/24
local stratum 10
#重启时间同步服务
systemctl restart chronyd.service
(2)配置node节点
vim /etc/chrony.conf
#删掉哪些没用的server xxxxxxxxxx iburst
server 192.168.0.26 iburst
#同样需要重启同步服务,关闭防火墙
systemctl restart chronyd.service
#查看同步状态
chronyc sources -v
4、修改iptables相关参数(所有节点)
RHEL / CentOS7上的一些用户报告了由于iptables被绕过而导致流量路由不正确的问题。创建/etc/sysctl.d/k8s.conf文件,添加如下内容:
cat <<EOF > /etc/sysctl.d/k8s.conf
vm.swappiness = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 使配置生效
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
5、安装docker(所有节点)
(1)安装依赖
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
(2)配置稳定的repositories
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
(3)安装docker
yum install docker-ce docker-ce-cli containerd.io -y
#启动
systemctl start docker
#修改docker参数,文件驱动默认由systemd改成cgroupfs, 而我们安装的docker使用的文件驱动是systemd, 造成不一致, 导致k8s镜像无法启动
vim /etc/docker/daemon.json
{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors": ["http://hub-mirror.c.163.com"]
}
(4)启动docker
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
二、部署k8s集群
1、配置kubernetes.repo的源,由于官方源国内无法访问,这里使用阿里云yum源(所有节点)
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2、部署master
sudo yum -y install kubectl-1.22.3 kubeadm-1.22.3 kubelet-1.22.3 --disableexcludes=kubernetes
#下载所需镜像
for i in `kubeadm config images list`; do
imageName=${i#k8s.gcr.io/}
docker pull registry.aliyuncs.com/google_containers/$imageName
docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
docker rmi registry.aliyuncs.com/google_containers/$imageName
done;
#下载失败,手动pull
docker pull registry.aliyuncs.com/google_containers/coredns:1.8.4
docker tag registry.aliyuncs.com/google_containers/coredns:1.8.4 registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.4
#下载calico镜像
docker pull calico/cni:v3.21.3
docker pull calico/node:v3.21.3
docker pull calico/pod2daemon-flexvol:v3.21.3
docker pull calico/kube-controllers:v3.21.3
#更改kubelet的参数
vi /etc/sysconfig/kubelet
#改为如下参数
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
systemctl enable kubelet
#Master节点执行初始化:
注意这里执行初始化用到了- -image-repository选项,指定初始化需要的镜像源从阿里云镜像仓库拉取。
kubeadm init \
--ignore-preflight-errors=Swap \
--apiserver-advertise-address=192.168.0.26 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.22.3 \
--pod-network-cidr=10.10.0.0/16
初始化成功。
配置kubectl
3、部署node节点
yum -y install kubeadm-1.22.3 kubelet-1.22.3
#下载所需镜像
for i in `kubeadm config images list`; do
imageName=${i#k8s.gcr.io/}
docker pull registry.aliyuncs.com/google_containers/$imageName
docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
docker rmi registry.aliyuncs.com/google_containers/$imageName
done;
#下载失败,手动pull
docker pull registry.aliyuncs.com/google_containers/coredns:1.8.4
docker tag registry.aliyuncs.com/google_containers/coredns:1.8.4 registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.4
#下载calico镜像
docker pull calico/cni:v3.21.3
docker pull calico/node:v3.21.3
docker pull calico/pod2daemon-flexvol:v3.21.3
docker pull calico/kube-controllers:v3.21.3
#更改kubelet的参数
vi /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
systemctl enable kubelet
#加入master节点
kubeadm join 192.168.0.26:6443 --token oueskg.uhvbn5utdl9dj93h \
--discovery-token-ca-cert-hash sha256:ffb3003190bd72fd9b099ce8d77c369a15e7389a5b4718d5582b2c9bc632fe86
4、安装网络插件
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
三、简单使用
1、查询node节点
kubectl get nodes
2、查询pods状态
kubectl get pods --namespace=kube-system
3、查询k8s版本
kubectl version
4、验证集群
#创建一个nginx deployment
kubectl create deployment nginx --image=nginx:alpine
kubectl get pods
#增加副本
kubectl scale deployment nginx --replicas=2
#使用nodeport映射端口
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get services nginx
访问
5、kube-proxy开启ipvs
修改ConfigMap的kube-system/kube-proxy中的config.conf,mode: “ipvs”:
kubectl edit cm kube-proxy -n kube-system
重启各个节点上的kube-proxy pod
kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'
#查看kube-proxy状态
kubectl get pod -n kube-system | grep kube-proxy
查看日志:
kubectl logs kube-proxy-2rw79 -n kube-system
日志中打印出了Using ipvs Proxier,说明ipvs模式已经开启。