一、集群部署准备
Kubernetes有三种安装方式:
1、通过yum进行安装
2、通过二进制文件进行安装
3、命令行工具kubeadm进行安装
centos7.9部署k8s集群
准备三台虚拟机
- 2核4G(k8s-master),IP 192.168.8.119
- 2核2G(k8s-node01),IP 192.168.8.120
- 2核2G(k8s-node02),IP 192.168.8.121
所有服务器需要关闭防火墙和SElinux,进行时间同步操作
配置服务器基础环境(三台服务器)
# 安装dokcer
yum install -y yum-utils
# 配置docker yum源
yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装指定版本
yum install -y docker-ce-19.03.15 docker-ce-cli-19.03.15 containerd.io-1.4.13
# 设置开机启动,并立即启动
systemctl enable docker --now
# docker加速配置
mkdir -p /etc/docker
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://ung2thfc.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sed -i.bak '/^ExecStart=/c\ExecStart=\/usr\/bin\/dockerd' /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker
# 配置服务器
# 关闭swap, 影响k8s速度
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
# 设置iptables,允许检查桥接流量
cat >> /etc/modules-load.d/k8s.conf << EOF
br_netfilter
EOF
cat >> /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p # 生效配置
# 如果报错,添加ip_conntrack模块
modprobe ip_conntrack
# 预拉取镜像
tee ./images.sh <<-'EOF'
#!/bin/bash
images=(
kube-apiserver:v1.20.9
kube-proxy:v1.20.9
kube-controller-manager:v1.20.9
kube-scheduler:v1.20.9
coredns:1.7.0
etcd:3.4.13-0
pause:3.2
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
done
EOF
chmod +x ./images.sh && ./images.sh
#【公共操作】安装kubelet, kubectl, kubeadm
# 配置k8s yum源地址
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装 kubelet,kubectl, kubeadm
yum install -y kubelet-1.20.9 kubectl-1.20.9 kubeadm-1.20.9
# 设置kubectl开机启动,并立即启动
systemctl enable --now kubelet
# 【私有操作】设置每台服务器各自的主机名
## k8s-master
hostnamectl set-hostname k8s-master
## k8s-node01
hostnamectl set-hostname k8s-node01
## k8s-node02
hostnamectl set-hostname k8s-node02
# 【私有操作】所有机器配置master域名
echo -e "192.168.8.119 k8s-master\n192.168.8.120 k8s-node01\n192.168.8.121 k8s-node02" >> /etc/hosts
k8s-master初始化
# 【master私有操作】k8s-master初始化
# apiserver-advertise-address是你的k8s-master结点的私有IP
# control-plane-endpoint是你的k8s-master结点的hostname
# pod-network-cidr pod的虚拟IP,全k8s集群唯一
# service-cidr svc的虚拟IP,全k8s集群唯一
kubeadm init \
--apiserver-advertise-address=192.168.8.119 \
--control-plane-endpoint=k8s-master \
--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=172.16.0.0/16
# 记录安装结果
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
# 多master模式
kubeadm join k8s-master:6443 --token 2bw7f5.ss0wvaxc1u6phxtd \
--discovery-token-ca-cert-hash sha256:f34622eb6c13a0692d15504fb894c984c97a1a01ee469c333f7d3b166c1d6d0a \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
# 单master模式
kubeadm join k8s-master:6443 --token 2bw7f5.ss0wvaxc1u6phxtd \
--discovery-token-ca-cert-hash sha256:f34622eb6c13a0692d15504fb894c984c97a1a01ee469c333f7d3b166c1d6d0a
# root用户执行
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
k8s-node加入k8s-master
kubeadm join k8s-master:6443 --token 2bw7f5.ss0wvaxc1u6phxtd \
--discovery-token-ca-cert-hash sha256:f34622eb6c13a0692d15504fb894c984c97a1a01ee469c333f7d3b166c1d6d0a
k8s-master检验集群结点状态
# ready 状态即可
kubectl get nodes
# Calico网络插件,apply安装失败可以使用提供的yaml文件
curl https://calico-v3-20.netlify.app/archive/v3.20/manifests/calico.yaml -O
vim calico.yaml
# 第3888行,解开注释并修改
- name: CALICO_IPV4POOL_CIDR
value: "172.16.0.0/16"
kubectl apply -f calico.yaml
kubectl get nodes
安装dashboard
#【master私有操作】
curl https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml -O
mv recommended.yaml dashboard-v2.3.1.yaml
$ vi dashboard-v2.3.1.yaml
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
type: NodePort
---
kubectl apply -f dashboard-v2.3.1.yaml
# svc 修改 type: ClusterIP 为 type: NodePort。修改之后自动立即生效
# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
# nodeport端口
kubectl get svc -A |grep kubernetes-dashboard
# 火狐访问 https://k8s集群node任意IP:30001
https://192.168.8.120:30001/#/login
# 现在还不能使用token进入,需要创建serviceAccount
# 创建ServiceAccount
cat > dash.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
kubectl apply -f dash.yaml
# 获取访问令牌
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
# 火狐界面输入token即可进入dashboard
优化命令提示
# 设置kubectl命令提示
# 安装bash-completion
yum install bash-completion -y
vim .bashrc
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
source <(kubeadm completion bash)
# 编辑退出
source .bashrc