目录
一、环境准备
二、环境初始化
三、在所有主机上安装相关软件
1、安装docker
2、配置k8s的yum源
3、安装kubelet、kubeadm、kubectl
四、部署Kubernetes Master
五、加入Kubernets Node
六、部署CNI网络插件
七、测试k8s集群
一、环境准备
我的是CentOS7系统,然后准备三台虚拟主机
一台master,和两台node:node1、node2
我设置的主机名以及对应IP如下:
| 主机名 | IP地址 |
| k8smaster | 192.168.198.150 |
| k8snode1 | 192.168.198.151 |
| k8snode2 | 192.168.198.152 |
二、环境初始化
虚拟主机准备好之后,每一台都必须要关闭防火墙和selinux服务,以及关闭swap
在所有主机上执行:
#所有主机都要执行的操作
#关闭防火墙
临时:systemctl stop firewalld
永久:systemctl disable firewall
#关闭selinux
临时:setenforce 0
永久:sed -i 's/enforcing/disabled' /etc/selinux/config
#关闭swap
临时:swapoff -a
永久:sed -ri 's/.*swap.*/#&/' /etc/fstab
#开启流量转发,将桥接的IPv4流量传递到iptables
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
使其生效:sysctl --system
#设置时间同步
yum install ntpdate -y
ntp time.windows.com
仅在192.168.198.150(master)主机上执行:
#master上做的操作
#在master上添加hosts,根据自己设置的主机名和对应IP添加
cat >> /etc/hosts << EOF
192.168.198.150 k8smaster
192.168.198.151 k8snode1
192.168.198.152 k8snode2
EOF
三、在所有主机上安装相关软件
所有主机上执行以下所有安装操作
1、安装docker
#使用阿里云的提供的docker仓库
curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#更新yum缓存
yum clean all && yum makecache
#查看yum源中可用的版本
yum list docker-ce --showduplicates | sort -r
#直接yum安装
yum install -y docker-ce-20.10.6
#也可以直接安装旧版本
#yum install -y docker-ce-18.09.9
#启动docker,并设置开机自启
systemctl start docker
systemctl enable docker#查看版本信息,能看到则安装启动成功
docker version
然后配置加速器,可以去登录自己的阿里云账号,获取容器镜像服务
点击链接:
阿里云登录 - 欢迎登录阿里云,安全稳定的云计算服务平台
复制步骤就可以完成了
2、配置k8s的yum源
#配置阿里的官方yum源,方便后面软件的安装
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
3、安装kubelet、kubeadm、kubectl
#由于版本更新频繁,所以我这里指定版本号部署,也可以不指定版本
yum install -y kubelet-1.19.4 kubeadm-1.19.4 kubectl-1.19.4
#设置开机自启
systemctl enable kubelet
四、部署Kubernetes Master
仅在主机192.168.198.150(master)上执行:
#执行命令初始化
kubeadm init \
--apiserver-advertise-address=192.168.198.150 \ #写主机的IP
--image-repository registry.aliyuncs.com/google_containers \ #指定为阿里云仓库地址
--kubernetes-version v1.19.4 \ #指定版本信息,和你安装的版本要一致
--service-cidr=10.88.0.0/12 \ #这个无所谓,只要不和其他的IP冲突即可
--pod-network-cidr=10.240.0.0/16 #同样的,不和其他IP冲突即可
#上面的斜杠\表示换行,方便展示命令,其实是一条完整命令,如下
kubeadm init --apiserver-advertise-address=192.168.198.150 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.19.4 --service-cidr=10.88.0.0/12 --pod-network-cidr=10.240.0.0/16
#然后就可以看到拉取到了这些镜像
[root@k8smaster ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-proxy v1.19.4 635b36f4d89f 2 years ago 118MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.19.4 4830ab618586 2 years ago 111MB
registry.aliyuncs.com/google_containers/kube-apiserver v1.19.4 b15c6247777d 2 years ago 119MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.19.4 14cd22f7abe7 2 years ago 45.7MB
registry.aliyuncs.com/google_containers/etcd 3.4.13-0 0369cf4303ff 2 years ago 253MB
registry.aliyuncs.com/google_containers/coredns 1.7.0 bfe3a36ebd25 3 years ago 45.2MB
registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 3 years ago 683kB
[root@k8smaster ~]#我们刚才在执行完kubeamd init命令之后,结尾会有以下信息
然后就可以直接复制这三条命令去执行
#执行以下命令即可使用kubectl工具
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
五、加入Kubernets Node
仅在两个Node节点(node1、node2)上执行:
继续看到刚才在Master上执行完kubeamd init命令之后的结尾信息
#复制命令到Node节点:192.168.198.151(node1)和192.168.198.152(node2)上执行
kubeadm join 192.168.198.150:6443 --token pto6nc.ibvfrahbo8siq8rh \
--discovery-token-ca-cert-hash sha256:485c64cd0b07b7c7aab9c95decd09b8bf2d4ab105c207d203767486d68f075a8
在Master上可以看到节点信息,k8snode1和k8snode2就被加入进来了
[root@k8smaster ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8smaster NotReady master 21m v1.19.4
k8snode1 NotReady <none> 98s v1.19.4
k8snode2 NotReady <none> 88s v1.19.4#默认token有效期为24小时,过期后就不可用了,需要重新创建token可以执行以下命令
kubeadm token create --print-join-command
六、部署CNI网络插件
在192.168.198.150(master)上执行
#从docker hub上下载镜像仓库,由于是国外网站,可能会失败,多试几次
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
如果一直失败的话,可以试试以下办法:
vim kube-flannel.yml,然后复制下面代码框中的内容进去,保存退出之后,再执行kubectl apply -f kube-flannel.yml命令即可
---
kind: Namespace
apiVersion: v1
metadata:name: kube-flannellabels:k8s-app: flannelpod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: flannelname: flannel
rules:
- apiGroups:- ""resources:- podsverbs:- get
- apiGroups:- ""resources:- nodesverbs:- get- list- watch
- apiGroups:- ""resources:- nodes/statusverbs:- patch
- apiGroups:- networking.k8s.ioresources:- clustercidrsverbs:- list- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: flannelname: flannel
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: flannel
subjects:
- kind: ServiceAccountname: flannelnamespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: flannelname: flannelnamespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:name: kube-flannel-cfgnamespace: kube-flannellabels:tier: nodek8s-app: flannelapp: flannel
data:cni-conf.json: |{"name": "cbr0","cniVersion": "0.3.1","plugins": [{"type": "flannel","delegate": {"hairpinMode": true,"isDefaultGateway": true}},{"type": "portmap","capabilities": {"portMappings": true}}]}net-conf.json: |{"Network": "10.244.0.0/16","Backend": {"Type": "vxlan"}}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-dsnamespace: kube-flannellabels:tier: nodeapp: flannelk8s-app: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linuxhostNetwork: truepriorityClassName: system-node-criticaltolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cni-pluginimage: docker.io/flannel/flannel-cni-plugin:v1.2.0command:- cpargs:- -f- /flannel- /opt/cni/bin/flannelvolumeMounts:- name: cni-pluginmountPath: /opt/cni/bin- name: install-cniimage: docker.io/flannel/flannel:v0.22.2command:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: docker.io/flannel/flannel:v0.22.2command:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: "100m"memory: "50Mi"securityContext:privileged: falsecapabilities:add: ["NET_ADMIN", "NET_RAW"]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: EVENT_QUEUE_DEPTHvalue: "5000"volumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/- name: xtables-lockmountPath: /run/xtables.lockvolumes:- name: runhostPath:path: /run/flannel- name: cni-pluginhostPath:path: /opt/cni/bin- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg- name: xtables-lockhostPath:path: /run/xtables.locktype: FileOrCreate#执行命令下载
[root@k8smaster ~]# kubectl apply -f kube-flannel.yml
namespace/kube-flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
[root@k8smaster ~]# #然后再来查看status状态,还没好的多等一会儿就会好
[root@k8smaster ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6d56c8448f-82vp9 0/1 Pending 0 64m
coredns-6d56c8448f-vdlrw 0/1 Pending 0 64m
etcd-k8smaster 1/1 Running 0 64m
kube-apiserver-k8smaster 1/1 Running 0 64m
kube-controller-manager-k8smaster 1/1 Running 0 64m
kube-proxy-89dm9 1/1 Running 0 64m
kube-proxy-ltrtj 1/1 Running 0 44m
kube-proxy-ngph4 1/1 Running 0 44m
kube-scheduler-k8smaster 1/1 Running 0 64m#查看nodes状态,都是Ready即可
[root@k8smaster ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8smaster Ready master 91m v1.19.4
k8snode1 Ready <none> 71m v1.19.4
k8snode2 Ready <none> 71m v1.19.4七、测试k8s集群
在192.168.198.150(master)上执行
在Kubernetes集群中创建一个pod,验证是否正常运行
#拉取nginx镜像
[root@k8smaster ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created#等待状态变成running
[root@k8smaster ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-s2pt9 0/1 ContainerCreating 0 67s#设置对外暴露的端口,提供访问
[root@k8smaster ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed#查看对外暴露的端口信息,因为我目前还没启动好,状态显示还在连网拉取当中
[root@k8smaster ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-s2pt9 0/1 ContainerCreating 0 11mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.80.0.1 <none> 443/TCP 109m
service/nginx NodePort 10.81.133.109 <none> 80:32061/TCP 48s
[root@k8smaster ~]# ##可以看到端口是80映射到32061由于我的状态还在ContainerCreating中,很慢,泡的枸杞都喝完两杯了还没好(不知道是网速问题,还是设备资源给小了的问题),就没法演示了,等到状态是Running就可以测试了。测试的时候就可以用任意一个Node节点的IP,后面跟上刚查看到的32061这个端口,便可以访问到nginx的欢迎界面。
![[管理与领导-51]:IT基层管理者 - 8项核心技能 - 6 - 流程](https://img-blog.csdnimg.cn/img_convert/f1b7ae8168218cb0e9b11d6fa23f2fd5.jpeg)
