Kubernetes部署
准备工作
环境:
192.168.1.10 master
192.168.1.20 node1
192.168.1.30 node2
注:内存必须在2G以上 cpu个数2个以上
以下操作均在三台实例上运行
修改hosts文件 三台都修改
[root@master ~]# vim /etc/hosts
创建无密连接在master运行
ssh-keygen -t rsa
ssh-copy-id node1
ssh-copy-id node2
关闭selinux
vim /etc/selinux/config
临时关闭
setenforce 0
关闭swap
vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon May 18 20:42:48 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/cl-root / xfs defaults 0 0
UUID=fa723b9e-bbcf-4460-9f36-7dfb982ed502 /boot xfs defaults 0 0
##/dev/mapper/cl-swap swap swap defaults 0 0
临时关闭
swapoff -a
调整vm.swappiness
vim /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
vm.swappiness = 0
加载
sysctl -p
将桥接的IPv4流量传递到iptables的链
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
开启模块
modprobe br_netfilter
加载
sysctl --system
关闭防火墙
systemctl disable firewalld
systemctl stop firewalld
安装docker 安装指定版本
同样在三台实例上运行
docker下载参考网站:阿里云 Docker CE 镜像
阿里云镜像加速网站:容器镜像服务 需要注册
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
##安装指定版本docker
yum -y install docker-ce-18.06.3.ce-3.el7
**配置加速器 建议自己注册**
[root@node2 ~]# mkdir -p /etc/docker
[root@node2 ~]# vim /etc/docker/daemon.json
启动docker
[root@master docker]# systemctl enable docker
[root@master docker]# systemctl start docker
安装 Kubernetes
参考文档链接:https://developer.aliyun.com/mirror/kubernetes?spm=a2c6h.13651102.0.0.3e221b11t7vZ0z
## 镜像源
[root@master ~]#cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
下载指定版本镜像,最新版本不稳定
[root@master ~]# yum -y install kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0
[root@master ~]# systemctl enable kubelet && systemctl start kubelet
下载k8s镜像
以下镜像使用Kubernetes时会用上,先下上
因为镜像过多使用脚本下载方便,默认网站是国外的无法访问使用国内网址下载、
#! /bin/bash
source=k8s.gcr.io
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.17.0
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.17.0
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.17.0
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.17.0
docker pull registry.aliyuncs.com/google_containers/pause:3.1
docker pull registry.aliyuncs.com/google_containers/etcd:3.4.3-0
docker pull registry.aliyuncs.com/google_containers/coredns:1.6.5
docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.17.0 $source/kube-apiserver:v1.17.0
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.17.0 $source/kube-controller-manager:v1.17.0
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.17.0 $source/kube-scheduler:v1.17.0
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.17.0 $source/kube-proxy:v1.17.0
docker tag registry.aliyuncs.com/google_containers/pause:3.1 $source/pause:3.1
docker tag registry.aliyuncs.com/google_containers/etcd:3.4.3-0 $source/etcd:3.4.3-0
docker tag registry.aliyuncs.com/google_containers/coredns:1.6.5 $source/coredns:1.6.5
docker rmi registry.aliyuncs.com/google_containers/kube-apiserver:v1.17.0
docker rmi registry.aliyuncs.com/google_containers/kube-controller-manager:v1.17.0
docker rmi registry.aliyuncs.com/google_containers/kube-scheduler:v1.17.0
docker rmi registry.aliyuncs.com/google_containers/kube-proxy:v1.17.0
docker rmi registry.aliyuncs.com/google_containers/pause:3.1
docker rmi registry.aliyuncs.com/google_containers/etcd:3.4.3-0
docker rmi registry.aliyuncs.com/google_containers/coredns:1.6.5
查看镜像
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-proxy v1.17.0 7d54289267dc 7 months ago 116MB
k8s.gcr.io/kube-apiserver v1.17.0 0cae8d5cc64c 7 months ago 171MB
k8s.gcr.io/kube-controller-manager v1.17.0 5eb3b7486872 7 months ago 161MB
k8s.gcr.io/kube-scheduler v1.17.0 78c190f736b1 7 months ago 94.4MB
k8s.gcr.io/coredns 1.6.5 70f311871ae1 8 months ago 41.6MB
k8s.gcr.io/etcd 3.4.3-0 303ce5db0e90 8 months ago 288MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 2 years ago 742kB
添加网络组件
##下载镜像
[root@master ~]# docker pull quay.io/coreos/flannel:v0.12.0-amd64
##创建文件夹
[root@master ~]# mkdir /etc/cni/net.d
[root@node1 ~]# vim /etc/cni/net.d/10-flannel.conf
{"name":"cbr0","type":"flannel","delegate":{"isDefaultGateway":true}}
[root@master ~]# mkdir /usr/share/oci-umount/oci-umount.d -p
[root@master ~]# mkdir /run/flannel/
[root@master ~]# cat <<EOF> /run/flannel/subnet.env
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.1.0/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
EOF
部署 Kubernetes
在 master 上初始化
如果初始化错误 执行kubeadm reset这个命令 从新初始化
kubeadm init --kubernetes-version=v1.17.0 --apiserver-advertise-address=192.168.64.10 --pod-network-cidr=10.244.0.0/16
##参数:
--kubernetes-version=v1.17.0 ##指定版本
--apiserver-advertise-address=192.168.1.10 ##发布本机IP
--pod-network-cidr=10.244.0.0/16 ##发布podIp 要与网络组件flannel对应
Your Kubernetes control-plane has initialized successfully!
**初始化返回的信息**
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.64.10:6443 --token c59mg2.nmyduf18unzqqcni \
--discovery-token-ca-cert-hash sha256:7134a560ccbd3a67791751a56cfa970d5417aa528a3dcf9c7892cc98e641af42
按照初始化完事返回的信息创建文件
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
按照提示将网络部署到集群
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
在两台节点上加如master 按照master初始化返回的消息做
[root@node1 ~]# kubeadm join 192.168.64.10:6443 --token c59mg2.nmyduf18unzqqcni --discovery-token-ca-cert-hash sha256:7134a560ccbd3a67791751a56cfa970d5417aa528a3dcf7892cc98e641af42
[root@node2 ~]# kubeadm join 192.168.64.10:6443 --token c59mg2.nmyduf18unzqqcni --discovery-token-ca-cert-hash sha256:7134a560ccbd3a67791751a56cfa970d5417aa528a3dcf7892cc98e641af42
如果忘记了,可以执行在 master 上执行 kubeadm token list 查看
在 master 上查看节点
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 7m20s v1.17.0
node1 Ready <none> 24s v1.17.0
node2 Ready <none> 11s v1.17.0
当之前集群有错误的时候,可以执行下面语句重新进行配置:
[root@node2 ~]# kubeadm reset
reset 之后初始化需重新执行界面输出命令
删除节点:
卸载节点:
[root@master ~]# kubectl drain node1 --delete-local-data --force --ignore-daemonsets
删除节点:
[root@master ~]# kubectl delete node node1
清空配置:
[root@master ~]# kubeadm reset
查看日志
[root@master ~]# journalctl -f -u kubelet.service
485
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
