| 主机名 | IP地址 | 角色 |
|---|---|---|
| k8s-master | 192.168.16.134 | 主节点 |
| node1 | 192.168.16.141 | 工作节点1 |
| node2 | 192.168.16.140 | 工作结点2 |
一、kubenetes集群部署
1、关闭防火墙、selinux和交换分区
[root@k8s-master ~]# systemctl stop firewalld
[root@k8s-master ~]# setenforce 0
[root@k8s-master ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
[root@k8s-master ~]# swapoff -a
# 永久关闭,修改/etc/fstab,注释掉swap一行
2、修改hosts文件
[root@k8s-master ~]# vi /etc/hosts
# 添加
192.168.16.134 k8s-master
192.168.16.141 node1
192.168.16.140 node2
3、时间同步
[root@k8s-master ~]# yum install chrony -y
[root@k8s-master ~]# systemctl start chronyd
[root@k8s-master ~]# systemctl enable chronyd
[root@k8s-master ~]# chronyc sources
4、修改内核参数
[root@k8s-master ~]# vi /etc/sysctl.d/k8s.conf
# 添加
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@k8s-master ~]# sysctl --system
5、安装docker
# 修改docker的yum源为阿里源
[root@k8s-master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
[root@k8s-master ~]# yum install -y docker-ce
[root@k8s-master ~]# docker --version
Docker version 20.10.2, build 2291f61
[root@k8s-master ~]# systemctl enable docker
[root@k8s-master ~]# systemctl start docker
6、配置docker加速并修改驱动
root@k8s-master ~]# vi /etc/docker/daemon.json
# 添加
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://1nj0zren.mirror.aliyuncs.com",
"https://kfwkfulq.mirror.aliyuncs.com",
"https://2lqq34jg.mirror.aliyuncs.com",
"https://pee6w651.mirror.aliyuncs.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn",
"http://f1361db2.m.daocloud.io",
"https://registry.docker-cn.com"
]
}
[root@k8s-master ~]# systemctl restart docker
[root@k8s-master ~]# docker info | grep "Cgroup Driver"
Cgroup Driver: systemd
7、安装kubenetes
[root@k8s-master ~]# vi /etc/yum.repos.d/kubernetes.repo
# 添加
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
# 安装kubelet kubeadm kubectl组件
[root@k8s-master ~]# yum -y install kubelet kubeadm kubectl
[root@k8s-master ~]# kubelet --version
Kubernetes v1.20.1
[root@k8s-master ~]# systemctl start kubelet
[root@k8s-master ~]# export KUBECONFIG=/etc/kubernetes/admin.conf
# 初始化kubenetes
[root@k8s-master ~]# kubeadm init --image-repository=registry.aliyuncs.com/google_containers
# 配置kubectl与kube-apiserver交互
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 安装网络组件
[root@k8s-master ~]# wget https://docs.projectcalico.org/v3.14/manifests/calico.yaml
[root@k8s-master ~]# kubectl apply -f calico.yaml
# 查看节点状态
[root@k8s-master ~]# kubectl get nodes
# 查看组件状态
[root@k8s-master ~]# kubectl get cs
# 如果显示为unHealthy状态,注释掉/etc/kubernetes/manifests下的kube-controller-manager.yaml和kube-scheduler.yaml的 -- port=0。
8、工作节点加入集群,工作节点同样需要关闭防火墙、swap分区,安装docker、kubenetes组件,不需要init操作
# 生成token
[root@k8s-master ~]# kubeadm token create
ngq3sd.0qx38uuare9u91zh
# 生成证书
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
9540ca794ce6b383c7d2202bd64614af5993371b5030b5746eb775a0bbbe662f
# 工作节点加入
[root@node1 ~]# kubeadm join 192.168.16.134:6443 --token ngq3sd.0qx38uuare9u91zh --discovery-token-ca-cert-hash sha256:9540ca794ce6b383c7d2202bd64614af5993371b5030b5746eb775a0bbbe662f
# 查看节点状态,如果是NotReady,请等待几分钟加载
[root@k8s-master ~]# kubectl get nodes
# 查看pod的状态
[root@k8s-master ~]# kubectl get pods -A
二、istio示例项目部署
使用master节点部署安装
下载istio安装文件
[root@k8s-master ~]# curl -L https://istio.io/downloadIstio | sh -
如果速度太慢可以使用迅雷访问https://github.com/istio/istio/releases/download/1.8.1/istio-1.8.1-linux-amd64.tar.gz 下载下列tar包
istio-1.8.1-linux-amd64.tar.gz
[root@k8s-master ~]# tar -zxvf istio-1.8.1-linux-amd64.tar.gz
[root@k8s-master ~]# cd istio-1.8.1
[root@k8s-master ~]# export PATH=$PWD/bin:$PATH
[root@k8s-master ~]# istioctl install --set profile=demo -y
✔ Istio core installed
✔ Istiod installed
✔ Egress gateways installed
✔ Ingress gateways installed
✔ Installation complete
[root@k8s-master ~]# kubectl label namespace default istio-injection=enabled
namespace/default labeled
[root@k8s-master ~]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created
[root@k8s-master ~]# kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
details ClusterIP 10.0.0.212 <none> 9080/TCP 29s
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 25m
productpage ClusterIP 10.0.0.57 <none> 9080/TCP 28s
ratings ClusterIP 10.0.0.33 <none> 9080/TCP 29s
reviews ClusterIP 10.0.0.28 <none> 9080/TCP 29s
[root@k8s-master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-558b8b4b76-2llld 2/2 Running 0 2m41s
productpage-v1-6987489c74-lpkgl 2/2 Running 0 2m40s
ratings-v1-7dc98c7588-vzftc 2/2 Running 0 2m41s
reviews-v1-7f99cc4496-gdxfn 2/2 Running 0 2m41s
reviews-v2-7d79d5bd5d-8zzqd 2/2 Running 0 2m41s
reviews-v3-7dbcdcbc56-m8dph 2/2 Running 0 2m41s
[root@k8s-master ~]# kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -s productpage:9080/productpage | grep -o "<title>.*</title>"
<title>Simple Bookstore App</title>
[root@k8s-master ~]# kubectl get svc istio-ingressgateway -n istio-system
# 当使用的环境没有外部负载均衡器时使用下列指令,否则查看官方文档 https://istio.io/latest/docs/setup/getting-started/
[root@k8s-master ~]# export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
[root@k8s-master ~]# export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
[root@k8s-master ~]# export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}')
# 设置网关URL
[root@k8s-master ~]# export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
[root@k8s-master ~]# echo "$GATEWAY_URL"
192.168.16.141:31679
# 使用浏览器访问输出的URL
[root@k8s-master ~]# echo "http://$GATEWAY_URL/productpage"
http://192.168.16.141:31679/productpage
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-J4bTAVqh-1610623768867)(C:\Users\18567731037\AppData\Roaming\Typora\typora-user-images\image-20210114191136199.png)]](https://i-blog.csdnimg.cn/blog_migrate/d8b9a93c50b99cd29a29ddcce8e9d0a8.png)
398
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
