theme: condensed-night-purple
highlight: a11y-dark
搭建Kubernetes集群
1. 搭建方案
1.1. kubeadm
你可以使用 kubeadm 工具来创建和管理 Kubernetes 集群。 该工具能够执行必要的动作并用一种用户友好的方式启动一个可用的、安全的集群。
安装 kubeadm 展示了如何安装 kubeadm 的过程。一旦安装了 kubeadm, 你就可以使用它来创建一个集群。
1.1.1. 前提
最低配置:2核、2G内存、20G硬盘。最好能联网,不能联网的话需要有提供对应镜像的私有仓库。
| 主机名 | IP地址 | | --- | --- | | master | 37.10 | | node1 | 37.11 | | node2 | 37.12 |
1.1.2. 软件环境
操作系统:CentOS7
Docker版本:20+
K8s版本:1.23.6
1.1.3. 安装步骤
1.1.3.1. 初始化操作
```go
关闭防火墙、禁止开机启动
systemctl stop firewalld systemctl disable firewalld
关闭SELinux、临时关闭'setenforce 0'
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
关闭swap(内存交换空间)、临时关闭'swapoff -a'
sed -ri 's/.swap./#&/' /etc/fstab
关闭完swap后,一定要重启一下虚拟机!!!
将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF
生效
sysctl --system 在master添加hosts
go cat >> /etc/hosts << EOF 192.168.37.10 master 192.168.37.11 node1 192.168.37.12 node2 EOF ```
1.1.3.2. 安装基础软件(所有节点)
1.1.3.2.1. 安装Docker
```go sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum makecache fast
sudo yum -y install docker-ce ```
1.1.3.2.2. 添加阿里云yum源
```go cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x8664
enabled=1
gpgcheck=0
repogpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF ```
1.1.3.2.3. 安装kubeadm、kubelet、kubectl
```go yum install -y kubelet-1.23.6 kubeadm-1.23.6 kubectl-1.23.6
vim /etc/docker/daemon.json { "registry-mirrors": ["https://n5jclonh.mirror.aliyuncs.com"], "insecure-registries": ["192.168.37.12:8858"], "exec-opts": ["native.cgroupdriver=systemd"] }
设置开机启动、重启docker
systemctl enable kubelet docker systemctl daemon-reload systemctl restart docker ```
1.1.3.3. 部署kubernetes Master
Master go kubeadm init \ --apiserver-advertise-address=192.168.37.10 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.23.6 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16
要开始使用集群,您需要以常规用户身份运行以下操作: ```go mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config ```
go kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 3m2s v1.23.6
1.1.3.4. 加入Kubernetes Node
node1和node2
下方命令可以在 k8s master 控制台初始化成功后复制 join 命令 ```go
如果初始化的 token 不小心清空了,可以通过如下命令获取或者重新申请、参考注释1
kubeadm join 192.168.37.10:6443 --token tk8n13.1hf01e32mcfshihu \ --discovery-token-ca-cert-hash sha256:e4cf9e6ccf34b83262a689c9ccff650a5a39e91195125fb7faf4a0dcb3be93fe
```
master注释1 ```go
如果初始化的 token 不小心清空了,可以通过如下命令获取或者重新申请
如果 token 已经过期,就重新申请
kubeadm token create
token 没有过期可以通过如下命令获取
kubeadm token list go
获取 --discovery-token-ca-cert-hash 值,得到值后需要在前面拼接上 sha256:
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //' ```
master
查看节点是否加入 ```go kubectl get nodes
NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 17h v1.23.6 node1 NotReady 17h v1.23.6 node2 NotReady 17h v1.23.6 ``` kubectl获取组件状态
```go
'componetstatus'可缩写'cs'
kubectl get componetstatus error: the server doesn't have a resource type "componetstatus" [root@master ~]# kubectl get componentstatus Warning: v1 ComponentStatus is deprecated in v1.19+ NAME STATUS MESSAGE ERROR scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true","reason":""} ```
1.1.3.5. 部署CNI网络插件
master
创建文件夹 go cd /opt/ mkdir k8s
```go
进到目录中
cd k8s/
下载文件
curl https://docs.projectcalico.org/archive/v3.25/manifests/calico.yaml -O
修改 calico.yaml 文件中的 CALICOIPV4POOLCIDR 配置,修改为与初始化的 cidr 相同
vim calico.yaml ... - name: CALICOIPV4POOLCIDR value: "10.244.0.0/16" ```
```go
删除镜像 docker.io/ 前缀,避免下载过慢导致失败
sed -i 's#docker.io/##g' calico.yaml ```
```go
创建资源
kubectl apply -f calico.yaml ```
```go
kubectl get po -n kube-system
NAME READY STATUS RESTARTS AGE calico-kube-controllers-cd8566cf-jlflr 1/1 Running 0 2m26s calico-node-7cc5k 1/1 Running 0 2m26s calico-node-82tcw 1/1 Running 0 2m26s calico-node-vx46p 1/1 Running 0 2m26s coredns-6d8c4cb4d-dbt9z 1/1 Running 0 19h coredns-6d8c4cb4d-hbkmj 1/1 Running 0 19h etcd-master 1/1 Running 1 (10h ago) 19h kube-apiserver-master 1/1 Running 1 (10h ago) 19h kube-controller-manager-master 1/1 Running 1 (10h ago) 19h kube-proxy-bcxpg 1/1 Running 1 (10h ago) 19h kube-proxy-kdf8j 1/1 Running 1 (10h ago) 19h kube-proxy-xnfhd 1/1 Running 1 (10h ago) 19h kube-scheduler-master 1/1 Running 1 (10h ago) 19h ```
1.1.3.6. 测试 kubernetes 集群
```go
创建部署
kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
暴露端口
kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
查看 pod 以及服务信息(注意端口号)
kubectl get pod,svc
NAME READY STATUS RESTARTS AGE pod/nginx-85b98978db-4qzd8 1/1 Running 0 60s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.96.0.1
443/TCP 20h service/nginx NodePort 10.96.107.44
80:32439/TCP 9s
查看暴露端口是否可以访问
go curl 192.168.37.10:32439 curl 192.168.37.11:32439 curl 192.168.37.12:32439 ```