K8s集群环境搭建
一、环境规划
1、集群类型
Kubernetes集群大体上分为两类:一主多从和多主多从
- 一主多从:一台master节点和多台node节点,搭建简单,但是有单机故障风险,适用于测试环境
- 多主多从:多台master节点和多台node节点,搭建麻烦,安全性高,适用于生产环境
2、安装方式
Kubernetes有多种部署方式,目前主流的方式有kubeadm、minikube、二进制包
- 1、Minikube:一个用于快速搭建单节点kubernetes的工具
- 2、Kubeadm:一个用于快速搭建kubernetes集群的工具,https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/
- 3、二进制包:从官网下载每个组件的二进制包,依次去安装,此方式对于理解kubernetes组件更加有效,https://github.com/kubernetes/kubernetes
说明:现在需要安装kubernetes的集群环境,但是又不想过于麻烦,所有选择使用kubeadm方式
3、主机规划
角色 | ip地址 | 组件 |
---|---|---|
master | 192.168.223.171 | docker,kubectl,kubeadm,kubelet |
node1 | 192.168.223.172 | docker,kubectl,kubeadm,kubelet |
node2 | 192.168.223.173 | docker,kubectl,kubeadm,kubelet |
二、环境搭建
本次环境搭建需要安装三台Linux系统(一主二从),内置centos7.5系统,然后在每台linux中分别安装docker。kubeadm(1.25),kubelet(1.25.4),kubelet(1.25.4).
1、主机安装
安装虚拟机过程中注意下面选项的设置:
- 1、操作系统环境:cpu2个 内存2G 硬盘50G centos7+
- 2、语言:中文简体/英文
- 3、软件选择:基础设施服务器
- 4、分区选择:自动分区/手动分区
- 5、网络配置:按照下面配置网络地址信息
网络地址:192.168.233.(171、172、173)
子网掩码:255.255.255.0
默认网关:192.168.223.254
DNS:8.8.8.8 - 6、主机名设置:
Master节点:master
Node节点:node1
Node节点:node2
2、环境初始化
- 1、查看操作系统的版本
此方式下安装kubernetes集群要求Centos版本要在7.5或之上
[root@master ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)
[root@node1 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)
[root@node2 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.2 (Ootpa)
- 2、主机名解析 (三个节点都做)
为了方便集群节点间的直接调用,在这个配置一下主机名解析,企业中推荐使用内部DNS服务器
[root@master ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.223.171 master.example.com master
192.168.223.172 node1.example.com node1
192.168.223.173 node2.example.com node2
[root@master ~]# scp /etc/hosts root@192.168.223.172:/etc/hosts
The authenticity of host '192.168.223.172 (192.168.223.172)' can't be established.
ECDSA key fingerprint is SHA256:iQTqIMUK0MuzzkKJd5l2TPD06bDfCUsiYVrVY5pIb60.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.223.172' (ECDSA) to the list of known hosts.
root@192.168.223.172's password:
hosts 100% 288 51.3KB/s 00:00
[root@master ~]# scp /etc/hosts root@192.168.223.173:/etc/hosts
The authenticity of host '192.168.223.173 (192.168.223.173)' can't be established.
ECDSA key fingerprint is SHA256:htGQhOUiMQf5RsJrBue/q1K1XoXiSA+bqItTy5V6DDU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.223.173' (ECDSA) to the list of known hosts.
root@192.168.223.173's password:
hosts 100% 288 44.4KB/s 00:00
[root@master ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1laY1fQ9wFSyD138bkUvaznh8R2/o9GS3In4cmnaRw0 root@master
The key's randomart image is:
+---[RSA 3072]----+
| +*oo.|
| + .*.=|
| o .o +=|
| . . E.=|
| S o . @*|
| . . o @.O|
| . Bo*.|
| .o+o+ |
| .=+o .|
+----[SHA256]-----+
[root@master ~]#
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node1 (192.168.223.172)' can't be established.
ECDSA key fingerprint is SHA256:iQTqIMUK0MuzzkKJd5l2TPD06bDfCUsiYVrVY5pIb60.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node2 (192.168.223.173)' can't be established.
ECDSA key fingerprint is SHA256:htGQhOUiMQf5RsJrBue/q1K1XoXiSA+bqItTy5V6DDU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@node2'"
and check to make sure that only the key(s) you wanted were added.
- 3、时钟同步
kubernetes要求集群中的节点时间必须精确一致,这里使用chronyd服务从网络同步时间
企业中建议配置内部的时间同步服务器
Master:
[root@master ~]# yum -y install chrony
....
local stratum 10
....
[root@master ~]# systemctl restart chronyd
[root@master ~]# systemctl enable chronyd
[root@master ~]# hwclock -w
Node1和node2:
[root@node1 ~]# yum -y install chrony
[root@node1 ~]# vi /etc/chrony.conf
server master.example.com iburst
[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# systemctl enable chronyd
[root@node2 ~]# yum -y install chrony
[root@node2 ~]# vi /etc/chrony.conf
server master.example.com iburst
[root@node2 ~]# systemctl restart chronyd
[root@node2 ~]# systemctl enable chronyd