使用kubekey在线部署k8s高可用集群及kubesphere
一、资源需求
| 主机名 | cpu(vCPUs) | 内存(GB) | 磁盘 | ip |
|---|---|---|---|---|
| k8s-master01 | 8 | 32 | 40G+500G | 192.168.1.180 |
| k8s-master02 | 8 | 32 | 40G+500G | 192.168.1.53 |
| k8s-master03 | 8 | 32 | 40G+500G | 192.168.1.110 |
| k8s-node01 | 8 | 32 | 40G+500G | 192.168.1.162 |
| k8s-node02 | 8 | 32 | 40G+500G | 192.168.1.210 |
| k8s-node03 | 8 | 32 | 40G+500G | 192.168.1.224 |
| k8s-node04 | 8 | 32 | 40G+500G | 192.168.1.73 |
| k8s-node05 | 8 | 32 | 40G+500G | 192.168.1.169 |
| k8s-node06 | 8 | 32 | 40G+500G | 192.168.1.193 |
| lb | 192.168.1.184 |
三台master六台node,lb为云上负载均衡或自建lb
二、环境准备
1. 版本信息:
操作系统版本:centos7.9
kubesphere: v3.1.1
KubeKey版本:v1.1.1
Kubernetes版本:v1.20.4
docker版本:v19.03.15
部署参考:https://kubesphere.io/zh/docs/installing-on-linux/high-availability-configurations/ha-configuration/
2. 基础配置
#关闭防火墙和selinux
systemctl stop firewalld && systemctl disable firewalld
#永久关闭selinux
vi /etc/selinux/config
#修改下面配置项
SELINUX=disabled
#临时关闭selinux
setenforce 0
#所有节点修改主机名
hostnamectl set-hostname k8s-master01
#添加主机名解析
vi /etc/hosts
192.168.1.180 k8s-master01.hectsi.cn k8s-master01
192.168.1.53 k8s-master02.hectsi.cn k8s-master02
192.168.1.110 k8s-master03.hectsi.cn k8s-master03
192.168.1.162 k8s-node01.hectsi.cn k8s-node01
192.168.1.210 k8s-node02.hectsi.cn k8s-node02
192.168.1.224 k8s-node03.hectsi.cn k8s-node03
192.168.1.73 k8s-node04.hectsi.cn k8s-node04
192.168.1.169 k8s-node05.hectsi.cn k8s-node05
192.168.1.193 k8s-node06.hectsi.cn k8s-node06
192.168.1.184 lb.hectsi.cn #负载均衡
#挂载磁盘
[root@k8s-master01 kk]# lsblk #查看数据盘
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk
├─vda1 253:1 0 4G 0 part
└─vda2 253:2 0 36G 0 part /
vdb 253:16 0 500G 0 disk
[root@k8s-master01 kk]# fdisk /dev/vdb
n
p
一路回车
....
w
[root@k8s-master01 kk]# mkfs.ext4 /dev/vdb1 #格式化文件系统
[root@k8s-master01 kk]# lsblk #查看查看数据盘
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 40G 0 disk
├─vda1 253:1 0 4G 0 part
└─vda2 253:2 0 36G 0 part /
vdb 253:16 0 500G 0 disk
└─vdb1 253:17 0 500G 0 part
[root@k8s-master01 kk]# vi /etc/fstab #永久挂载,添加
/dev/vdb1 /data ext4 defaults 0 0
[root@k8s-master01 kk]# mount -a #挂载
[root@k8s-master01 kk]# df -h #查看验证
3. 安装docker
a. 配置docker yum源
vi /etc/yum.repods.d/docker.repo
[docker-ce-stable]
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/$releasever/$basearch/stable
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg
enabled=1
[root@k8s-master01 ~]# yum clean all
[root@k8s-master01 ~]# yum makecache
b. 创建docker的配置文件目录和配置文件
mkdir -p /etc/docker/
vi /etc/docker/daemon.json
{
"data-root": "/data/docker",
"registry-mirrors":["https://docker.mirrors.ustc.edu.cn"],
"log-opts": {
"max-size": "5m",
"max-file":"3"
},
"exec-opts": ["native.cgroupdriver=systemd"]
}
c. 安装docker
yum install docker-ce-19.03.15-3.el7 docker-ce-cli-19.03.15-3.el7 -y
此步骤要确保在挂载好磁盘之后执行,启动并设置开机自动启动docker服务
systemctl enable docker.service && systemctl start docker.service
d. 验证
docker验证
docker info
4. 安装glusterfs客户端(所有k8s节点操作)
#配置glusterfs的yum源
[root@k8s-master01 ~] vi /etc/yum.repos.d/glusterfs.repo
[glusterfs]
name=glusterfs
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/7.9.2009/storage/x86_64/gluster-9/
#gpgkey=https://mirrors.tuna.tsinghua.edu.cn/centos/RPM-GPG-KEY-CentOS-7
gpgcheck=0
ebabled=1
[root@k8s-master01 ~] yum clean all
[root@k8s-master01 ~] yum makecache
#安装glusterfs客户端以确保k8s可以正常使用动态存储功能
[root@k8s-master01 ~] yum install glusterfs-fuse -y
5. 下载KubeKey
#如果访问github和googleapis受限,先执行以下命令以确保您从正确的区域下载 KubeKey。
export KKZONE=cn
#执行以下命令下载 KubeKey:
curl -sfL https://get-kk.kubesphere.io | VERSION=v1.1.1 sh -
#在您下载 KubeKey 后,如果您将其传至新的机器,且访问 Googleapis 同样受限,在您执行以下步骤之前请务必再次执行 export KKZONE=cn 命令。
#为 kk 添加可执行权限:
chmod +x kk
#安装必须的依赖
yum install -y socat conntrack ipset
6. 部署前的自定义配置
#创建包含默认配置的示例配置文件,--with-kubesphere参数指定安装的KubeSphere版本,--with-kubernetes指定安装的kubernetes版本
./kk create config --with-kubesphere v3.1.1 --with-kubernetes v1.20.4
#编辑生成的hosts配置文件config-sample.yaml,自定义环境信息
##自定义k8s节点、etcd信息和外部负载均衡地址等
spec:
hosts:
- {name: k8s-master01, address: 192.168.1.180, internalAddress: 192.168.1.180, user: root, password: ***}
- {name: k8s-master02, address: 192.168.1.53, internalAddress: 192.168.1.53, user: root, password: ***}
- {name: k8s-master03, address: 192.168.1.110, internalAddress: 192.168.1.110, user: root, password: ***}
- {name: k8s-node01, address: 192.168.1.162, internalAddress: 192.168.1.162, user: root, password: ***}
- {name: k8s-node02, address: 192.168.1.210, internalAddress: 192.168.1.210, user: root, password: ***}
- {name: k8s-node03, address: 192.168.1.224, internalAddress: 192.168.1.224, user: root, password: ***}
- {name: k8s-node04, address: 192.168.1.73, internalAddress: 192.168.1.73, user: root, password: ***}
- {name: k8s-node05, address: 192.168.1.169, internalAddress: 192.168.1.169, user: root, password: ***}
- {name: k8s-node06, address: 192.168.1.193, internalAddress: 192.168.1.193, user: root, password: ***}
roleGroups:
etcd:
- k8s-master01
- k8s-master02
- k8s-master03
master:
- k8s-master01
- k8s-master02
- k8s-master03
worker:
- k8s-node01
- k8s-node02
- k8s-node03
- k8s-node04
- k8s-node05
- k8s-node06
controlPlaneEndpoint:
domain: lb.hectsi.cn
address: "192.168.1.184" #负载均衡地址及端口
port: 6443
kubernetes:
version: v1.20.4
imageRepo: kubesphere
clusterName: hectsi.cn
network:
plugin: calico #网络插件类型、Calico或者Flannel
kubePodsCIDR: 10.233.64.0/18 #pod网段
kubeServiceCIDR: 10.233.0.0/18 #service网段
---
apiVersion: installer.kubesphere.io/v1alpha1 #可在该配置段添加可安装插件
kind: ClusterConfiguration
metadata:
name: ks-installer
............
............
devops: #例如启用devops插件
enabled: false
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 1500Mi
jenkinsVolumeSize: 8Gi
jenkinsJavaOpts_Xms: 512m
jenkinsJavaOpts_Xmx: 512m
jenkinsJavaOpts_MaxRAM: 2g
7. 配置负载均衡器
创建一个负载均衡器来监听(在某些云平台也称作监听器)关键端口。监听下表中的所有master节点端口,并确保至少监听apiserver端口,这里使用云lb
| 服务 | 协议 | 端口 |
|---|---|---|
| apiserver | TCP | 6443 |
| ks-console | TCP | 30880 |
| http | TCP | 80 |
| https | TCP | 443 |
自建lb举例(haproxy)
[root@k8s-node-1 ~]# yum install haproxy -y
[root@k8s-node-1 ~]# vi /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /var/run/haproxy-admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
nbproc 1
defaults
log global
timeout connect 5000
timeout client 10m
timeout server 10m
#对k8s集群三个master节点的6443端口进行代理
listen kube-master
bind 192.168.1.184:6443
mode tcp
option tcplog
balance roundrobin
server 192.168.1.180 192.168.1.180:6443 check inter 2000 fall 2 rise 2 weight 1
server 192.168.1.53 192.168.1.53:6443 check inter 2000 fall 2 rise 2 weight 1
server 192.168.1.110 192.168.1.110:6443 check inter 2000 fall 2 rise 2 weight 1
[root@k8s-node-1 ~]# systemctl start haproxy && systemctl enable haproxy
三、部署集群
1. 开始安装
#配置完成后,您可以执行以下命令来开始安装
./kk create cluster -f config-sample.yaml
2. 验证安装
#运行以下命令查看安装日志
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
#若您看到以下信息,您的高可用集群便已创建成功。
#####################################################
### Welcome to KubeSphere! ###
#####################################################
Console: http://192.168.0.3:30880
Account: admin
Password: P@88w0rd
NOTES:
1. After you log into the console, please check the
monitoring status of service components in
the "Cluster Management". If any service is not
ready, please wait patiently until all components
are up and running.
2. Please change the default password after login.
#####################################################
https://kubesphere.io 2020-xx-xx xx:xx:xx
#####################################################
3. 验证集群
#当节点状态全处于Ready状态并且kube-system命名空间下的所有pod都处于running状态即可
[root@k8s-master01 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready control-plane,master 47d v1.20.4
k8s-master02 Ready control-plane,master 47d v1.20.4
k8s-master03 Ready control-plane,master 47d v1.20.4
k8s-node01 Ready worker 47d v1.20.4
k8s-node02 Ready worker 47d v1.20.4
k8s-node03 Ready worker 47d v1.20.4
k8s-node04 Ready worker 47d v1.20.4
k8s-node05 Ready worker 47d v1.20.4
k8s-node06 Ready worker 47d v1.20.4
[root@k8s-master01 ~]# kubectl get pod -n kube-system
#创建nginx进行部署验证
[root@k8s-master01 ~]# vi nginx.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: default
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 80
#创建
[root@k8s-master01 ~]# kubectl apply -f nginx.yml
#查看nginx svc地址
[root@k8s-master01 ~]# kubectl get svc
nginx ClusterIP 10.233.34.123 <none> 80/TCP 7s
#访问测试
[root@master02 ~]# curl 10.233.34.123
k8s集群kube-system命名空间pod状态展示
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-4t02GFKp-1640072096892)(…/images/k8s-syspod.png)]
测试nginx成功访问结果展示
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-drM0ka0u-1640072096894)(…/images/k8s-nginx.png)]
四、添加与删除节点
1. 添加节点
添加之前请确保安装docker、conntrack、socat、glusterfs客户端
#编辑现有的config-sample.yaml文件,如果没有可以使用./kk create config --from-cluster命令生成
···
spec:
hosts:
- {name: master1, address: 192.168.0.3, internalAddress: 192.168.0.3, user: root, password: ***}
- {name: node1, address: 192.168.0.4, internalAddress: 192.168.0.4, user: root, password: ***}
- {name: node2, address: 192.168.0.5, internalAddress: 192.168.0.5, user: root, password: ***}
roleGroups:
etcd:
- master1
master:
- master1
worker:
- node1
- node2
···
#在配置文件中,将新节点的信息放在 hosts 和 roleGroups 之下。该示例添加了两个新节点(即 node1 和 node2)。这里的 master1 是现有节点。
./kk add nodes -f sample.yaml
2. 验证
#在master节点执行下列命令已验证
kubectl get node
3. 删除节点
#将要删除的节点设置为不可调度
kubectl cordon nodename
#删除节点需要使用config-sample.yaml文件,如果没有可以使用./kk create config --from-cluster命令生成
##请确保在该配置文件中提供主机的所有信息,无需更改文件内容,然后运行以下命令以删除节点
./kk delete node <nodeName> -f config-sample.yaml
4. 验证
#在master节点执行下列命令以验证
kubectl get node
五. k8s日常运维
1. pod
#查看pod
kubectl get pod
#查看所有命名空间的pod
kubectl get pod -A
#查看指定命名空间的pod
kubectl get pod -n namespaceName
#查看pod简略信息
kubectl get pod -o wide
#查看pod详细信息
kubectl describe -n szxc pod/redis
#查看pod的日志,查看倒数n行--tail=n
kubectl logs -f -n szxc pod/redis
#删除pod
kubectl delete -n szxc pod/redis
#从pod中拷贝文件
kubectl cp -n szxc redis:/aaa.bin ./aaa.bin
#查看pod资源使用率
kubectl stop pod
2. service
#查看svc
kubectl get svc
#查看所有命名空间的svc
kubectl get svc -A
#查看指定命名空间的svc
kubectl get svc -n namespaceName
#查看svc简略信息
kubectl get svc -o wide
#查看svc详细信息及pod事件
kubectl describe -n szxc svc/redis
#删除svc
kubectl delete -n szxc svc/redis
3. configmap
#查看cm
kubectl get cm
#查看所有命名空间的cm
kubectl get cm -A
#查看指定命名空间的cm
kubectl get cm -n namespaceName
#查看cm简略信息
kubectl get cm -o wide
#查看cm详细信息
kubectl describe -n szxc cm/redis
#删除cm
kubectl delete -n szxc cm/redis
4. node
#查看node
kubectl get node
#查看node简略信息
kubectl get node -o wide
#查看node详细信息
kubectl describe node/node01
#为node打标签
kubectl label node node1 env-role=prod
#查看标签
kubectl get nodes --show-labels
#查看node资源使用率
kubectl stop node
5. 系统组件的维护
a. kubelet
#登录需要排查的节点(k8s所有节点都会启动kublet)
#查看kubelet状态
systemctl status kubelet
#启动kubelet
systemctl start kubelet
#停止kubelet
systemctl stop kubelet
#重启kubelet
systemctl restart kubelet
#查看kubelet日志
journalctl -u kubelet
kubelet服务的启动文件
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ZtTXvqwZ-1640072096897)(…/images/k8s-kubelet.png)]
b. apiserver等
calico、coredns、controller-manager、kube-proxy、scheduler等系统组件都与apiserver相同
#查看apiserver的日志
kubectl logs --tail=100 -f -n kube-system pod/kube-apiserver-k8s-master01
#重启apiserver
kubectl delete -n kube-system pod/kube-apiserver-k8s-master0
#查看apiserver的事件信息
kubectl describe -n kube-system pod/kube-apiserver-k8s-master01
#查看系统组件的运行状态及信息(系统组件都运行在kube-system的命名空间中)
kubectl get pod -n kube-system -o wide
c. etcd
#登录需要排查的节点(k8s所有master节点都会启动etcd)
#查看etcd状态
systemctl status etcd
#启动etcd
systemctl start etcd
#停止etcd
systemctl stop etcd
#重启etcd
systemctl restart etcd
#查看etcd日志
journalctl -u etcd
486
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
