Docker----安装部署kubeadm
1 实验环境
server2、server3、server4的配置(CPU:2核,memory:2048)
(1) 关闭防火墙和selinux,部署docker-ce
(2)设置docker开机启动:systemctl enable --now docker.service
(3) 修改cgroup的驱动
- 查看docker的驱动信息:
docker info
,默认的是cgroups的方式
- 编辑配置文件修改cgroup的驱动类型:
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
- 重新加载服务的配置文件:
systemctl daemon-reload
- 重启docker服务:
systemctl reload docker.service
(2)禁用swap分区:swapoff -a
- 编辑配置文件,禁止swap开机启动:
vim /etc/fstab
2 安装部署kubeadm
(1) yum仓库的编写:vim /etc/yum.repos.d/k8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
列出仓库:yum repolist
(2) 安装kubeadm:yum install -y kubelet kubeadm kubectl
(3) 设置kubelet开机启动(server2,server3,server4):systemctl enable --now kubelet
- 查看默认配置信息:
kubeadm config print init-defaults
默认从k8s.gcr.io上下载组件镜像,需要翻墙,故使用ali镜像仓库
- 列出镜像:
kubeadm config images list --image-repository registry.aliyuncs.com/google_containers
- 拉取镜像:
kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers
(4) 初始化集群(server2):
kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers
(5) 使用集群前执行的命令
- 普通用户:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
root用户可以直接操作:
export KUBECONFIG=/etc/kubernetes/admin.conf
-
配置kubectl命令补齐功能
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc
(6) 查看Master状态(server2):
- get 获取所有namespace:
kubectl get ns
- 查看集群状态:
kubectl get cs
- 查看集群节点信息:
kubectl get node
- 只显示默认命名空间的pod:
kubectl get pod
- 显示指定空间的pod:
kubectl get pod --namespace kube-system
(7) 安装flannel网络组件(server2)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
- 显示指定空间的pod:
kubectl get pod --namespace kube-system
-
查看镜像:
docker images
-
将客户端需要的镜像打包,并发送到server3和server4,直接在本地导入镜像
docker save quay.io/coreos/flannel:v0.13.1-rc2 registry.aliyuncs.com/google_containers/pause:3.2 registry.aliyuncs.com/google_containers/coredns:1.7.0 registry.aliyuncs.com/google_containers/kube-proxy:v1.20.4 >node.tar
scp node.tar server3:/root
scp node.tar server4:/root
docker load -i node.tar ##在本地导入镜像
- 查看docker所有的镜像:
docker images
(8) 将节点(server3,server4)加入集群(初始化集群的时候自动生成的命令)
kubeadm join 172.25.12.2:6443 --token 5me2iy.x6t4nh97hzm6s8vs \
--discovery-token-ca-cert-hash sha256:77c1bdedd9333b94e38835fc8ad80a5be6273d2057f7e8cbcdecad68ce5ea367
- 在Master查看集群节点信息:
kubectl get nodes
3 搭建私有仓库
(1)server1:搭建harbor仓库
(2)k8s的部署:
server2:k8s主节点
server3、server4:k8s子节点
(3)k8s的各个节点可以使用harbor仓库
server1-4:
vim /etc/hosts
172.25.12.1 server1 reg.westos.org
mkdir /etc/docker/certs.d/red.westos.org -p
server1:
cp /certs/westos.org.crt /etc/docker/certs.d/red.westos.org/ca.crt
scp /certs/westos.org.crt server2:/etc/docker/certs.d/red.westos.org/ca.crt
scp /certs/westos.org.crt server3:/etc/docker/certs.d/red.westos.org/ca.crt