kubernete入门学习-三-官方步骤

最新推荐文章于 2024-07-17 13:01:39 发布

yujin2010good

最新推荐文章于 2024-07-17 13:01:39 发布

阅读量778

点赞数 1

分类专栏： devops kubenetes 文章标签： kubernete

本文链接：https://blog.csdn.net/yujin2010good/article/details/88043217

版权

kubenetes 同时被 2 个专栏收录

35 篇文章 2 订阅

订阅专栏

devops

30 篇文章 1 订阅

订阅专栏

========================================
Centos 7使用kubdeadm安装K8S前需要做的工作:
hosts
key
关闭swap
关闭selinux
关闭防火墙
集群里的每个节点的/etc/hosts都要有所有节点ip和与其对应的hostname
docker安装完毕
让系统内核开启网络转发

hosts
10.249.6.100 master
10.249.6.101 node01
10.249.6.102 node02

key
[root@master ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rTeyvAHlYyRAi0e6RBeDs7dnVR2eX1lWLJ/d2p5Vd58 root@master
The key's randomart image is:
+---[RSA 2048]----+
| .oB. ... .=|
| .o= + ......+|
| +oo . o. o +=|
| ..o. =.. . oB|
| .. ...S . .o*|
| . oo o .E+|
| o + o .o|
| . = . ..|
| +. |
+----[SHA256]-----+
[root@master ~]#
[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'node01 (10.249.6.101)' can't be established.
ECDSA key fingerprint is SHA256:xC2BJAXqUza82oXNd2saKmsGjCSkGzJ7ySlwmOsreF4.
ECDSA key fingerprint is MD5:f8:0f:08:7f:f8:7a:13:ba:b6:96:f2:6b:f5:d3:be:7d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node01's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@node01'"
and check to make sure that only the key(s) you wanted were added.

[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node02
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'node02 (10.249.6.102)' can't be established.
ECDSA key fingerprint is SHA256:z1uzA7zPe8gw0VRvI7JJTE7C677nWK1nqn0K8abQ/a4.
ECDSA key fingerprint is MD5:42:cb:bb:03:5c:86:bb:64:e7:2d:35:28:92:a8:7e:84.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node02's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@node02'"
and check to make sure that only the key(s) you wanted were added.

[root@master ~]# ssh node01
Last login: Thu Feb 28 05:41:18 2019 from 10.249.100.226
[root@node01 ~]# exit
logout
Connection to node01 closed.
[root@master ~]# ssh node02
Last failed login: Thu Feb 28 05:50:39 EST 2019 from 10.249.6.100 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Feb 28 05:40:36 2019 from 10.249.100.227

关闭swap
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab

关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

setenforce 0

vi /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted

安装容器
#!/bin/bash

CHANNEL=stable
curl -fsSL https://get.docker.com/ | sh -s -- --mirror Aliyun
mkdir -p /etc/docker
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
systemctl restart docker

systemctl enable docker

安装kubeadm
下载安装包k8s-mirrors-master.zip
https://github.com/Mr-Linus/k8s-mirrors
执行以下命令
./install-generic/install-kubeadm_el7.sh 所有机器都要安装

拉取镜像
如果你的机器可以翻越GFW,请忽略本步骤
如果你的机器不能翻越GFW,请看以下步骤：
如何使用
运行容器拉取指定镜像
版本V1.13.3
docker run --rm -it \
-v /var/run/docker.sock:/var/run/docker.sock \
registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:k8s-1.13.3
需要注意的是,每个节点无论是工作节点还是master节点都需要拉取镜像!!

主节点安装k8s
./install-generic/install-k8s-master.sh
这个时候节点join进来并不会ready,需要你安装网络组件

安装脚本附带详细注释,安装出现任何疑问可以查看

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

kubeadm join 10.249.6.100:6443 --token 8cc6gd.nsgvj2qeb2vuvyu2 --discovery-token-ca-cert-hash sha256:308c1cdfa34bba4049278012e873bd0ca21c9fcdc709e4f893c04de85381a53a

-----------------------------------------------

让系统内核开启网络转发
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptable

下面可以做什么:
部署 CNI 选择需要的集群网络方案:flannel或calico(2选1)
flannel:
运行容器实现镜像拉取（可以GFW请忽略本步骤）：

#获取镜像列表
curl -s https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml | grep image | awk -F': ' '{ print $2 }' > $pwd/image-flannel.txt
#拉取镜像
docker run --rm -it \
-v $pwd/image-flannel.txt:/image-pull/image.txt \
-v /var/run/docker.sock:/var/run/docker.sock \
registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:latest
# 部署flannel
./install-networks/install-flannel.sh

calico:
# 部署calico
./install-networks/install-calico.sh
本项目致力于搭建完整的 K8S 平台，如果需要其他额外镜像，您可以使用image-pull镜像实现镜像拉取。假设需要拉取的镜像名写在文件/root/image.txt中:

quay.io/coreos/flannel:v0.11.0
quay.io/coreos/flannel:v0.12.0
运行容器实现镜像拉取：

docker run --rm -it \
-v /root/image.txt:/image-pull/image.txt \
-v /var/run/docker.sock:/var/run/docker.sock \
registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:latest

集群测试
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc

[root@master ingress-nginx]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-5c7588df-9xvbn 1/1 Running 0 15s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 164m
service/nginx NodePort 10.98.181.177 <none> 80:31884/TCP 7s

[root@master ingress-nginx]# kubectl get --help
[root@master ingress-nginx]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-5c7588df-9xvbn 1/1 Running 0 4m2s 10.244.2.2 node02 <none> <none>

[root@master ingress-nginx]# curl -I http://10.249.6.102:31884
HTTP/1.1 200 OK
Server: nginx/1.15.8
Date: Thu, 28 Feb 2019 14:10:17 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 25 Dec 2018 09:56:47 GMT
Connection: keep-alive
ETag: "5c21fedf-264"
Accept-Ranges: bytes

群名称：k8s学习群群号：153144292