阿裡雲-ECS部署k8s叢集
目錄
阿裡雲-ECS部署k8s叢集
一、伺服器資源規劃
二、部署k8s-master
三、部署k8s-node
一、伺服器資源規劃
IP位址 | 使用 |
---|---|
172.17.47.100 | Rancher |
172.17.47.101 | k8s-master-01、etcd-01 |
172.17.47.102 | k8s-master-02、etcd-02 |
172.17.47.103 | k8s-master-03、etcd-03 |
172.16.47.104 | k8s-node-01 |
172.16.47.105 | k8s-node-02 |
172.17.47.60 | 内網SLB |
二、部署k8s-master
1、修改伺服器基礎配置(環境内機器都需要處理)
修改主機名
# 修改主機名
# 172.17.47.101
hostnamectl set-hostname k8s-master-01
# 172.17.47.102
hostnamectl set-hostname k8s-master-02
# 172.17.47.103
hostnamectl set-hostname k8s-master-03
# 172.17.47.104
hostnamectl set-hostname k8s-node-01
# 172.17.47.105
hostnamectl set-hostname k8s-node-02
修改hosts
# vim /etc/hosts
# 172.17.47.101
172.17.47.101 k8s-master-01
172.17.47.101 k8s-api-server
# 172.17.47.102
172.17.47.102 k8s-master-02
172.17.47.102 k8s-api-server
# 172.17.47.103
172.17.47.103 k8s-master-03
172.17.47.103 k8s-api-server
# 172.17.47.104
172.17.47.104 k8s-node-01
172.17.47.60 k8s-api-server
# 172.17.47.105
172.17.47.105 k8s-node-02
172.17.47.60 k8s-api-server
注:阿裡SLB不能由本機通路通過負載均衡再通路本機位址,故在配置上做了一些特殊處理。work(node)都使用SLB,其它的master 使用IP映射本機IP通路(此處為阿裡SLB坑)
關閉 SELINUX
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
關閉swap分區
[[email protected] ~]# swapoff -a
[[email protected] ~]#
## vim /etc/fstab 注釋如下語句,注意:centos-swap 可能不一樣,如:rhel-swap
/dev/mapper/centos-swap swap swap defaults 0 0
基礎應用安裝
yum install -y kubelet-1.18.18-0.x86_64 kubeadm-1.18.18-0.x86_64 kubectl-1.18.18-0.x86_64 kubernetes-cni-0.8.7-0.x86_64
安裝docker
# 安裝依賴
yum install -y yum-utils device-mapper-persistent-data lvm2
# 下載下傳阿裡源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce-19.03.15-3.el7 docker-ce-cli-19.03.15-3.el7
2、下載下傳鏡像&&加載鏡像
[[email protected] ~]# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.18.18
k8s.gcr.io/kube-controller-manager:v1.18.18
k8s.gcr.io/kube-scheduler:v1.18.18
k8s.gcr.io/kube-proxy:v1.18.18
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.7
3、安裝k8s-master
生成預設配置
kubeadm config print init-defaults > kubeadm-init.yaml
kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 172.17.47.101 # 主機IP
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master-01 #主機名
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
# local:
# dataDir: /var/lib/etcd
external:
endpoints:
- https://172.17.47.101:2379
- https://172.17.47.102:2379
- https://172.17.47.103:2379
caFile: /etc/kubernetes/pki/etcd/ca.pem #搭建etcd叢集時生成的ca證書
certFile: /etc/kubernetes/pki/apiserver-etcd-client.pem #搭建etcd叢集時生成的用戶端證書
keyFile: /etc/kubernetes/pki/apiserver-etcd-client-key.pem #搭建etcd叢集時生成的用戶端密鑰
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers # 阿裡雲加速網址可換其它
kind: ClusterConfiguration
kubernetesVersion: v1.18.18
controlPlaneEndpoint: k8s-api-server # vip位址
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.1.0.0/24
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
将etcd 下的證書檔案儲存到指定目錄 (ETCD安裝檢視ETCD安裝文檔)
mkdir -p /etc/kubernetes/pki/etcd/
cp /opt/etcd/ssl/ca.pem /etc/kubernetes/pki/etcd/
cp /opt/etcd/ssl/server.pem /etc/kubernetes/pki/apiserver-etcd-client.pem
cp /opt/etcd/ssl/server-key.pem /etc/kubernetes/pki/apiserver-etcd-client-key.pem
初始化
kubeadm init --config=kubeadm-init.yaml
添加配置(待初始化完成後)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
配置flannel
kubectl apply -f kube-flannel.yaml
驗證
[[email protected] bin]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master-01 Ready master 1m v1.18.18
添加k8s-master-02、k8s-master-03
1)、修改hosts映射(此處很重要)
# vim /etc/hosts
172.17.47.101k8s-api-server
# 注:在接入後,重新修改為本機位址
2)、 将k8s-master-01證書傳輸到 master-02、master-03伺服器中
scp /etc/kubernetes/pki/ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/ca.key [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.pub [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.key [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/ca.key [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.pub [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.key [email protected]:/etc/kubernetes/pki/
3)、建立k8s-master-02、k8s-master-03
# 此處在master 初始化完成後會生成使用即可
kubeadm join k8s-api-server:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:6997d9c13cf7d9f108b2a6c8b3ce8d0838fa9ed9fda7a14e3513b3e4bd123456 \
--control-plane
驗證
[[email protected] bin]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master-01 Ready master 45h v1.18.18
k8s-master-02 Ready master 45h v1.18.18
k8s-master-03 Ready master 45h v1.18.18
4、配置SLB
SLB(6443)->ECS(6443)
SLB指定:172.17.47.101:6443、172.17.47.102:6443、172.17.47.103:6443
三、部署k8s-node
1、修改配置
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
2、初始化
kubeadm join k8s-api-server:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:6997d9c13cf7d9f108b2a6c8b3ce8d0838fa9ed9fda7a14e3513b3e4bd123456
3、傳flannel網絡配置
scp -r /etc/cni/ [email protected]:/etc/
scp -r /etc/cni/ [email protected]:/etc/
4、驗證
[[email protected] bin]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master-01 Ready master 45h v1.18.18
k8s-master-02 Ready master 45h v1.18.18
k8s-master-03 Ready master 45h v1.18.18
k8s-node-01 Ready <none> 43h v1.18.18
k8s-node-02 Ready <none> 43h v1.18.18