kubernetes集群搭建(kubernetes v1.20.0)
1 . 準備基本環境
1.1 一臺或多臺安裝了以下系統的物理機或者虛擬機
- Ubuntu 16.04+
- Debian 9+
- CentOS 7
- Red Hat Enterprise Linux (RHEL) 7
- Fedora 25+
- HypriotOS v1.0.1+
- Flatcar Container Linux (tested with 2512.3.0)
1.2 一臺或多臺安裝了以下系統的物理機或者虛擬機
- 每臺機器至少分配2G記憶體
- 每臺機器至少分配2 CPU
1.3 一臺或多臺安裝了以下系統的物理機或者虛擬機
- 集群中所有計算機可以相互訪問(可以使用公用或專用網路)
- 每個節點的唯一主機名,MAC地址和product_uuid
1.4 禁用swap磁區
在centos下
1 . vim /etc/fstab
# /dev/mapper/centos-swap swap swap defaults 0 0
2 . 重啟系統,測驗
reboot
free -h
3 . swap一行應該全部是0
[root@node2 ~]# free -h
total used free shared buff/cache available
Mem: 1.8G 408M 397M 8.8M 1.0G 1.2G
Swap: 0B 0B 0B
[root@node2 ~]#
1.5 讓iptables可以查看橋接流量
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
1.6 修改主機名稱
vim /etc/hostname
重啟機器生效
2 . 準備部署工具
2.1 使用一鍵安裝腳本安裝最新版docker
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
2.2 安裝kubeadm 、kubelet、 kubectl
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# Set SELinux in permissive mode (effectively disabling it)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
3 . 開始安裝
3.1 初始化master節點
sudo kubeadm init --pod-network-cidr=172.171.0.0/16
輸出:
[root@master ~]# sudo kubeadm init --pod-network-cidr=172.171.0.0/16
[init] Using Kubernetes version: v1.20.0
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.0. Latest validated version: 19.03
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master] and IPs [10.96.0.1 192.168.0.137]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master] and IPs [192.168.0.137 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master] and IPs [192.168.0.137 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 15.010275 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.20" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master as control-plane by adding the labels "node-role.kubernetes.io/master=''" and "node-role.kubernetes.io/control-plane='' (deprecated)"
[mark-control-plane] Marking the node master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: qyfc05.u0qyqz9yxxufcmev
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.0.137:6443 --token qyfc05.u0qyqz9yxxufcmev \
--discovery-token-ca-cert-hash sha256:f1cf6b2f8bf71ed2d940f12cae74a1fa7d4eb5e3a9415d77c1d0a5ec27750ef6
3.2 使master節點可以使用kubectl工具進行集群控制
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
3.3 安裝網路插件(這里選用的calico)
kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
kubectl create -f https://docs.projectcalico.org/manifests/custom-resources.yaml
這里要注意的是,由于我的虛擬機使用橋接方式上網,虛擬機的網段是192.168.*.*,為了使pod的ip網段跟虛擬機不重復(重復了也能裝成功,但是訪問pod時有問題,已踩坑), 將https://docs.projectcalico.org/manifests/custom-resources.yaml下載下來,修改默認的配置
192.168.0.0/16 -> 172.171.0.0/16
# This section includes base Calico installation configuration.
# For more information, see: https://docs.projectcalico.org/v3.17/reference/installation/api#operator.tigera.io/v1.Installation
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
# Configures Calico networking.
calicoNetwork:
# Note: The ipPools section cannot be modified post-install.
ipPools:
- blockSize: 26
cidr: 172.171.0.0/16
encapsulation: VXLANCrossSubnet
natOutgoing: Enabled
nodeSelector: all()
3.4 加入其它節點到當前集群
確保將要加入的work節點已經安裝了docker,kubelet ,我這里是復制的master節點
kubeadm join 192.168.0.137:6443 --token qyfc05.u0qyqz9yxxufcmev \
--discovery-token-ca-cert-hash sha256:f1cf6b2f8bf71ed2d940f12cae74a1fa7d4eb5e3a9415d77c1d0a5ec27750ef6
輸出:
[root@node1 ~]# kubeadm join 192.168.0.137:6443 --token qyfc05.u0qyqz9yxxufcmev \
> --discovery-token-ca-cert-hash sha256:f1cf6b2f8bf71ed2d940f12cae74a1fa7d4eb5e3a9415d7 7c1d0a5ec27750ef6
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. Th e recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/se tup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated v ersions: 20.10.0. Latest validated version: 19.03
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubea dm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubea dm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
[root@node1 ~]#
3.4 查看安裝結果
[root@master ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master Ready control-plane,master 77m v1.20.0 192.168.0.137 <none> CentOS Linux 7 (Core) 3.10.0-693.el7.x86_64 docker://20.10.0
node1 Ready <none> 72m v1.20.0 192.168.0.138 <none> CentOS Linux 7 (Core) 3.10.0-693.el7.x86_64 docker://20.10.0
node2 Ready <none> 72m v1.20.0 192.168.0.139 <none> CentOS Linux 7 (Core) 3.10.0-693.el7.x86_64 docker://20.10.0
[root@master ~]#
部署一個nginx試試:
[root@master ~]# kubectl run nginx --image=nginx --restart=Never
pod/nginx created
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 14s 172.171.104.1 node2 <none> <none>
[root@master ~]# curl 172.171.104.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master ~]#
4 . 參考鏈接
- kubeadm安裝
- 使用kubeadm搭建集群
- calico使用入門
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/233992.html
標籤:其他