K8s集群环境搭建

最新推荐文章于 2024-05-10 20:44:09 发布

Aurora yhm

最新推荐文章于 2024-05-10 20:44:09 发布

阅读量184

点赞数

文章标签：服务器

本文链接：https://blog.csdn.net/weixin_72898433/article/details/127906489

版权

K8s集群环境搭建

一、环境规划

1、集群类型

Kubernetes集群大体上分为两类：一主多从和多主多从

一主多从：一台master节点和多台node节点，搭建简单，但是有单机故障风险，适用于测试环境
多主多从：多台master节点和多台node节点，搭建麻烦，安全性高，适用于生产环境

2、安装方式

Kubernetes有多种部署方式，目前主流的方式有kubeadm、minikube、二进制包

1、Minikube：一个用于快速搭建单节点kubernetes的工具
2、Kubeadm：一个用于快速搭建kubernetes集群的工具，https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/
3、二进制包：从官网下载每个组件的二进制包，依次去安装，此方式对于理解kubernetes组件更加有效，https://github.com/kubernetes/kubernetes
说明：现在需要安装kubernetes的集群环境，但是又不想过于麻烦，所有选择使用kubeadm方式

3、主机规划

角色	ip地址	组件
master	192.168.223.171	docker，kubectl，kubeadm，kubelet
node1	192.168.223.172	docker，kubectl，kubeadm，kubelet
node2	192.168.223.173	docker，kubectl，kubeadm，kubelet

二、环境搭建

本次环境搭建需要安装三台Linux系统（一主二从），内置centos7.5系统，然后在每台linux中分别安装docker。kubeadm（1.25），kubelet（1.25.4），kubelet（1.25.4）.

1、主机安装

安装虚拟机过程中注意下面选项的设置：

1、操作系统环境：cpu2个内存2G 硬盘50G centos7+
2、语言：中文简体/英文
3、软件选择：基础设施服务器
4、分区选择：自动分区/手动分区
5、网络配置：按照下面配置网络地址信息
网络地址：192.168.233.（171、172、173）
子网掩码：255.255.255.0
默认网关：192.168.223.254
DNS：8.8.8.8
6、主机名设置：
Master节点：master
Node节点：node1
Node节点：node2

2、环境初始化

1、查看操作系统的版本
此方式下安装kubernetes集群要求Centos版本要在7.5或之上

[root@master ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

[root@node1 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

[root@node2 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)

2、主机名解析（三个节点都做）
为了方便集群节点间的直接调用，在这个配置一下主机名解析，企业中推荐使用内部DNS服务器

[root@master ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.223.171  master.example.com  master
192.168.223.172  node1.example.com   node1
192.168.223.173  node2.example.com   node2
[root@master ~]# scp /etc/hosts root@192.168.223.172:/etc/hosts
The authenticity of host '192.168.223.172 (192.168.223.172)' can't be established.
ECDSA key fingerprint is SHA256:iQTqIMUK0MuzzkKJd5l2TPD06bDfCUsiYVrVY5pIb60.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.223.172' (ECDSA) to the list of known hosts.
root@192.168.223.172's password: 
hosts                                                  100%  288    51.3KB/s   00:00    
[root@master ~]# scp /etc/hosts root@192.168.223.173:/etc/hosts
The authenticity of host '192.168.223.173 (192.168.223.173)' can't be established.
ECDSA key fingerprint is SHA256:htGQhOUiMQf5RsJrBue/q1K1XoXiSA+bqItTy5V6DDU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.223.173' (ECDSA) to the list of known hosts.
root@192.168.223.173's password: 
hosts                                                  100%  288    44.4KB/s   00:00    
[root@master ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1laY1fQ9wFSyD138bkUvaznh8R2/o9GS3In4cmnaRw0 root@master
The key's randomart image is:
+---[RSA 3072]----+
|            +*oo.|
|           + .*.=|
|          o .o +=|
|         . .  E.=|
|        S o  . @*|
|       . .  o @.O|
|           . Bo*.|
|           .o+o+ |
|           .=+o .|
+----[SHA256]-----+
[root@master ~]# 
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node1 (192.168.223.172)' can't be established.
ECDSA key fingerprint is SHA256:iQTqIMUK0MuzzkKJd5l2TPD06bDfCUsiYVrVY5pIb60.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.

[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node2 (192.168.223.173)' can't be established.
ECDSA key fingerprint is SHA256:htGQhOUiMQf5RsJrBue/q1K1XoXiSA+bqItTy5V6DDU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node2'"
and check to make sure that only the key(s) you wanted were added.

3、时钟同步
kubernetes要求集群中的节点时间必须精确一致，这里使用chronyd服务从网络同步时间
企业中建议配置内部的时间同步服务器

Master：

[root@master ~]# yum -y install chrony
....
local stratum 10
....
[root@master ~]# systemctl restart chronyd
[root@master ~]# systemctl enable chronyd
[root@master ~]# hwclock -w

Node1和node2:

[root@node1 ~]# yum -y install chrony
[root@node1 ~]# vi /etc/chrony.conf 
server master.example.com  iburst
[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# systemctl enable chronyd

[root@node2 ~]# yum -y install chrony
[root@node2 ~]# vi /etc/chrony.conf 
server master.example.com  iburst
[root@node2 ~]# systemctl restart chronyd
[root@node2 ~]# systemctl enable chronyd