环境准备
准备三台服务器,IP:
服务器是centos7的版本
192.168.56.120 k8s-master
192.168.56.121 k8s-node1
192.168.56.122 k8s-node2
服务器配置
1、关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
2、关闭 selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久关闭
setenforce 0 # 临时关闭
3、关闭 swap
swapoff -a # 临时关闭
vim /etc/fstab # 永久关闭
#注释掉swap这行
# /dev/mapper/centos-swap swap swap defaults 0 0
systemctl reboot #重启生效
free -m #查看下swap交换区是否都为0,如果都为0则swap关闭成功
4、给三台机器分别设置主机名
hostnamectl set-hostname <hostname>
第一台:k8s-master
第二台:k8s-node1
第三台:k8s-node2
5、在 k8s-master机器添加hosts,执行如下命令,ip需要修改成你自己机器的ip
cat >> /etc/hosts << EOF
192.168.56.120 k8s-master
192.168.56.121 k8s-node1
192.168.56.122 k8s-node2
EOF
#禁用SELINUX
setenforce 0
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
创建/etc/sysctl.d/k8s.conf文件,添加如下内容:
cat >>/etc/sysctl.d/k8s.conf<< OFF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
OFF
#执行如下命令使修改生效:
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
加载ipvs模块
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
lsmod | grep ip_vs
lsmod | grep nf_conntrack_ipv4
yum install -y ipvsadm ipset
docker安装
三台服务器安装docker
设置yum源
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
安装docker
yum install docker-ce-20.10.8 docker-ce-cli-20.10.8 containerd.io-1.4.10 -y
yum remove podman -y
systemctl start docker
systemctl enable docker
#设置Docker镜像加速器 修改docker 配置以适应kubelet
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
systemctl daemon-reload
systemctl restart docker
安装k8s
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install kubeadm-1.21.5 kubectl-1.21.5 kubelet-1.21.5 -y
systemctl enable kubelet
systemctl start kubelet
在master上执行
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.21.5 --pod-network-cidr=10.10.0.0/16 --service-cidr=10.20.0.0/16 --apiserver-advertise-address=192.168.56.120
输出:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.56.120:6443 --token wbjskr.pshehg84g1b6wz3m \
--discovery-token-ca-cert-hash sha256:a3e2fd56b3162f5b5140740674ccab6d780d1efc12104fbf7aa48ae90a2ebc3c
在master上执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#查看kubectl是否能正常使用
kubectl get nodes
#安装 Pod 网络插件
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
# 如果上面这个calico网络插件安装不成功可以试下下面这个
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kubeflannel.yml
在node节点上执行加入集群:
kubeadm join 192.168.56.120:6443 --token wbjskr.pshehg84g1b6wz3m \
--discovery-token-ca-cert-hash sha256:a3e2fd56b3162f5b5140740674ccab6d780d1efc12104fbf7aa48ae90a2ebc3c
等待一会儿过后在master节点上查看:
kubectl get nodes
验证安装
创建两个pod nginx和tomcat8
kubectl create deployment nginx --image=nginx
成功以后执行:
kubectl expose deployment nginx --port=80 --type=NodePort
创建tomcat8:
kubectl create deployment tomcat8 --image=tomcat:8.0.41-jre8-alpine
pod创建成功以后执行:
kubectl expose deployment tomcat8 --port=8080 --type=NodePort
分别通过192.168.56.120:31554访问nginx和31056访问tomcat都是可以的
k8s会通过自己的调度算法将两个pod放在不同的地方
K8S安装命令补全工具
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
安装了k8s命令补全攻击过后,这边是将k8s一些命令通过别名进行设置了,我一般设置在了profile文件中,如下:
vim /etc/profile
alias k=kubectl
alias cls=clear
alias kn='kn(){ kubectl config set-context --current --namespace=$1;};kn'
complete -F __start_kubectl k
这样我在命令行输入k就可以了,就代表了kubectl,收入kn test就代表切换到test命名空间了,很方便