kubernetes规划及部署etcd和master
1、生产环境k8s平台规划-多集群HA
master节点建议3台
etcd节点建议(3,5,7)
worker节点越多越好,根据业务情况具体部署
2、测试环境平台规划
由于测试环境资源有限,为最大利用虚拟机资源,按照以下规划进行部署:
角色 | ip | 组件 |
---|---|---|
k8s-master01/LoadBanlancer(master) | 192.168.8.21 | kube-apiserver/kube-controller-manager/kbe-scheduler/etcd/nginx L4 |
k8s-master02/LoadBanlancer(slave) | 192.168.8.22/192.168.8.20(vip) | kube-apiserver/kube-controller-manager/kbe-scheduler/Nginx L4 |
k8s-node01 | 192.168.8.23 | kubelet/kube-proxy/docker/etcd |
k8s-node02 | 192.168.8.24 | kubelet/kube-proxy/docker/etcd |
3、官方提供三种部署方式
minikube
- Minikube是一个工具,可以在本地快速运行一个单点的kubernetes,仅用于尝试kubernetes
- 部署地址:https://kubernetes.io/docs/setup/minikube/
kubeadm
- kubeadm也是工具,提供kubeadm init和kubeadm join,用于快速部署kubernetes集群
- 部署地址:https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/
二进制
- 推荐,从官方下载发行版的二进制包,手动部署每个组件,组成kubernetes集群
- 下载地址:https://github.com/kubernetes/kubernetes
4、部署单master集群
4.1 集群规划
master节点
主机名:k8s-master01
IP:192.168.8.21/24
worker节点1
主机名:k8s-node01
IP:192.168.8.23/24
worker节点2
主机名:k8s-node02
IP:192.168.8.24/24
k8s版本:v1.9.11
安装方式:离线-二进制
操作系统版本:centos7.6
4.2 初始化服务器
1、关闭防火墙(以下以master节点举例)
[root@k8s-master ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@k8s-master ~]# systemctl stop firewalld
2、关闭swap交换分区
注释掉/etc/fstab中的最后一行
[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# vi /etc/fstab
[root@k8s-master ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Mar 19 17:18:10 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/bel-root / xfs defaults 0 0
UUID=8ddd9b13-2b6a-4706-969e-e80478adbaf0 /boot xfs defaults 0 0
#/dev/mapper/bel-swap swap swap defaults 0 0
[root@k8s-master ~]# free -m
total used free shared buff/cache available
Mem: 972 125 631 7 215 666
Swap: 0 0 0
3、配置主机名
[root@k8s-master01 ~]# hostnamectl set-hostname k8s-master01
[root@k8s-master01 ~]#
4、配置名称解析
[root@k8s-master01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.21 k8s-master01
192.168.8.23 k8s-node01
192.168.8.24 k8s-node02
192.168.8.22 k8s-master02
5、配置时间同步
master01为时间服务器服务端
- 在master01上安装chrony
[root@k8s-master01 ~]# yum install chrony
base | 3.6 kB 00:00
extras | 2.9 kB 00:00
kernel-bek | 2.9 kB 00:00
kernel-lt | 2.9 kB 00:00
kernel-ml | 2.9 kB 00:00
updates | 3.3 kB 00:00
(1/8): kernel-bek/x86_64/primary_db | 13 kB 00:00
(2/8): base/x86_64/group_gz | 161 kB 00:00
(3/8): updates/x86_64/updateinfo | 31 kB 00:00
(4/8): extras/x86_64/primary_db | 187 kB 00:01
(5/8): base/x86_64/primary_db | 6.0 MB 00:09
(6/8): kernel-lt/x86_64/primary_db | 12 MB 00:15
(7/8): updates/x86_64/primary_db | 12 MB 00:22
(8/8): kernel-ml/x86_64/primary_db | 28 MB 00:28
Package chrony-3.2-2.el7.x86_64 already installed and latest version
Nothing to do
- 修改/etc/chrony.conf文件
server 127.127.1.0 iburst #设置本机为上游时间同步服务器
allow 192.168.8.0/24 #允许网段时间同步
local stratum 10
[root@k8s-master01 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 127.127.1.0 iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 192.168.8.0/24
# Serve time even if not synchronized to a time source.
local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
- 启动chronyd服务
[root@k8s-master01 ~]# systemctl start chronyd
[root@k8s-master01 ~]# systemctl enable chronyd
Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.
[root@k8s-master01 ~]# ss -unl |grep 123
UNCONN 0 0 *:123 *:*
[root@k8s-master01 ~]#
其他为时间服务器客户端
1、安装chrony
2、配置/etc/chrony.conf文件中server为192.168.8.21
3、启动服务
4、查看时间同步状态chronyc sources
[root@k8s-node01 ~]# yum install chrony
base | 3.6 kB 00:00
extras | 2.9 kB 00:00
kernel-bek | 2.9 kB 00:00
kernel-lt | 2.9 kB 00:00
kernel-ml | 2.9 kB 00:00
updates | 3.3 kB 00:00
(1/8): kernel-bek/x86_64/primary_db | 13 kB 00:00
(2/8): base/x86_64/group_gz | 161 kB 00:00
(3/8): updates/x86_64/updateinfo | 31 kB 00:00
(4/8): extras/x86_64/primary_db | 187 kB 00:00
(5/8): base/x86_64/primary_db | 6.0 MB 00:07
(6/8): updates/x86_64/primary_db | 12 MB 00:19
(7/8): kernel-lt/x86_64/primary_db | 12 MB 00:21
(8/8): kernel-ml/x86_64/primary_db | 28 MB 00:23
Package chrony-3.2-2.el7.x86_64 already installed and latest version
Nothing to do
[root@k8s-node01 ~]# vi /etc/chrony.conf
[root@k8s-node01 ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.8.21 iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
[root@k8s-node01 ~]# systemctl start chronyd
[root@k8s-node01 ~]# systemctl enable chronyd
Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.
[root@k8s-node01 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* k8s-master01 10 6 17 15 -2233ns[ +166us] +/- 1366us
[root@k8s-node01 ~]#
6、关闭selinux
修改/etc/selinux/config配置文件中的SELINUX=disabled
[root@k8s-master01 ~]# setenforce 0
[root@k8s-master01 ~]# vi /etc/selinux/config
[