阿裡雲-ECS部署k8s叢集

一、伺服器資源規劃

二、部署k8s-master

三、部署k8s-node

一、伺服器資源規劃

IP位址	使用
172.17.47.100	Rancher
172.17.47.101	k8s-master-01、etcd-01
172.17.47.102	k8s-master-02、etcd-02
172.17.47.103	k8s-master-03、etcd-03
172.16.47.104	k8s-node-01
172.16.47.105	k8s-node-02
172.17.47.60	内網SLB

二、部署k8s-master

1、修改伺服器基礎配置(環境内機器都需要處理)

修改主機名

# 修改主機名
# 172.17.47.101
hostnamectl set-hostname k8s-master-01

# 172.17.47.102 
hostnamectl set-hostname k8s-master-02

# 172.17.47.103
hostnamectl set-hostname k8s-master-03

# 172.17.47.104
hostnamectl set-hostname k8s-node-01

# 172.17.47.105
hostnamectl set-hostname k8s-node-02

修改hosts

# vim /etc/hosts
# 172.17.47.101
172.17.47.101 k8s-master-01
172.17.47.101 k8s-api-server

# 172.17.47.102
172.17.47.102 k8s-master-02
172.17.47.102 k8s-api-server

# 172.17.47.103
172.17.47.103 k8s-master-03
172.17.47.103 k8s-api-server

# 172.17.47.104
172.17.47.104 k8s-node-01
172.17.47.60 k8s-api-server

# 172.17.47.105
172.17.47.105 k8s-node-02
172.17.47.60 k8s-api-server

注：阿裡SLB不能由本機通路通過負載均衡再通路本機位址，故在配置上做了一些特殊處理。work（node）都使用SLB，其它的master 使用IP映射本機IP通路（此處為阿裡SLB坑）

關閉 SELINUX

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

關閉swap分區

[[email protected] ~]# swapoff -a
[[email protected] ~]# 

## vim /etc/fstab 注釋如下語句，注意：centos-swap 可能不一樣，如：rhel-swap
/dev/mapper/centos-swap swap                    swap    defaults        0 0

基礎應用安裝

yum install -y kubelet-1.18.18-0.x86_64 kubeadm-1.18.18-0.x86_64 kubectl-1.18.18-0.x86_64 kubernetes-cni-0.8.7-0.x86_64

安裝docker

# 安裝依賴
yum install -y yum-utils device-mapper-persistent-data lvm2
# 下載下傳阿裡源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce-19.03.15-3.el7 docker-ce-cli-19.03.15-3.el7

2、下載下傳鏡像&&加載鏡像

[[email protected] ~]# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.18.18
k8s.gcr.io/kube-controller-manager:v1.18.18
k8s.gcr.io/kube-scheduler:v1.18.18
k8s.gcr.io/kube-proxy:v1.18.18
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.7

3、安裝k8s-master

生成預設配置

kubeadm config print init-defaults > kubeadm-init.yaml

kubeadm-init.yaml

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.17.47.101  # 主機IP
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: k8s-master-01  #主機名
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
#  local:
#    dataDir: /var/lib/etcd
  external:
    endpoints:
    - https://172.17.47.101:2379
    - https://172.17.47.102:2379
    - https://172.17.47.103:2379
    caFile: /etc/kubernetes/pki/etcd/ca.pem  #搭建etcd叢集時生成的ca證書
    certFile: /etc/kubernetes/pki/apiserver-etcd-client.pem   #搭建etcd叢集時生成的用戶端證書
    keyFile: /etc/kubernetes/pki/apiserver-etcd-client-key.pem  #搭建etcd叢集時生成的用戶端密鑰
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers # 阿裡雲加速網址可換其它
kind: ClusterConfiguration
kubernetesVersion: v1.18.18
controlPlaneEndpoint: k8s-api-server  # vip位址
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.1.0.0/24
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"

将etcd 下的證書檔案儲存到指定目錄（ETCD安裝檢視ETCD安裝文檔）

mkdir -p /etc/kubernetes/pki/etcd/
cp /opt/etcd/ssl/ca.pem /etc/kubernetes/pki/etcd/
cp /opt/etcd/ssl/server.pem /etc/kubernetes/pki/apiserver-etcd-client.pem
cp /opt/etcd/ssl/server-key.pem /etc/kubernetes/pki/apiserver-etcd-client-key.pem

初始化

kubeadm init --config=kubeadm-init.yaml

添加配置（待初始化完成後）

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

配置flannel

kubectl apply -f kube-flannel.yaml

驗證

[[email protected] bin]# kubectl get node
NAME            STATUS   ROLES    AGE   VERSION
k8s-master-01   Ready    master   1m   v1.18.18

添加k8s-master-02、k8s-master-03

1）、修改hosts映射(此處很重要)

# vim /etc/hosts
172.17.47.101k8s-api-server
# 注：在接入後，重新修改為本機位址

2）、将k8s-master-01證書傳輸到 master-02、master-03伺服器中

scp /etc/kubernetes/pki/ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/ca.key [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.pub [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.key [email protected]:/etc/kubernetes/pki/

scp /etc/kubernetes/pki/ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/ca.key [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.pub [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.key [email protected]:/etc/kubernetes/pki/

3）、建立k8s-master-02、k8s-master-03

# 此處在master 初始化完成後會生成使用即可
kubeadm join k8s-api-server:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:6997d9c13cf7d9f108b2a6c8b3ce8d0838fa9ed9fda7a14e3513b3e4bd123456 \
    --control-plane

驗證

[[email protected] bin]# kubectl get node
NAME            STATUS   ROLES    AGE   VERSION
k8s-master-01   Ready    master   45h   v1.18.18
k8s-master-02   Ready    master   45h   v1.18.18
k8s-master-03   Ready    master   45h   v1.18.18

4、配置SLB

SLB(6443)->ECS(6443)

SLB指定：172.17.47.101:6443、172.17.47.102:6443、172.17.47.103:6443

三、部署k8s-node

1、修改配置

echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables

2、初始化

kubeadm join k8s-api-server:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:6997d9c13cf7d9f108b2a6c8b3ce8d0838fa9ed9fda7a14e3513b3e4bd123456

3、傳flannel網絡配置

scp -r /etc/cni/ [email protected]:/etc/
scp -r /etc/cni/ [email protected]:/etc/

4、驗證

[[email protected] bin]# kubectl get node
NAME            STATUS   ROLES    AGE   VERSION
k8s-master-01   Ready    master   45h   v1.18.18
k8s-master-02   Ready    master   45h   v1.18.18
k8s-master-03   Ready    master   45h   v1.18.18
k8s-node-01     Ready    <none>   43h   v1.18.18
k8s-node-02     Ready    <none>   43h   v1.18.18

阿裡雲-ECS部署k8s叢集阿裡雲-ECS部署k8s叢集

阿裡雲-ECS部署k8s叢集

一、伺服器資源規劃

二、部署k8s-master

三、部署k8s-node

繼續閱讀

Docker docker部署以及運作你的第一個容器

Docker-compose 進行Doris自動化編排部署

錯誤:the input device is not a TTY

【Linux 報錯】com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure The las

docker run mysql 報錯：ERROR 2002 (HY000)

RedHat8線上安裝docker

使用kubeadm+calico部署kubernetes v1.25.3

阿裡雲發短信驗證碼注冊

雲虛拟主機進入容器時代

Docker安裝和部署WeCenter3.3.5開源問答平台

docker容器網絡配置docker容器網絡配置

因overlay2檔案夾占用過大而引起的docker資料遷移之戰（上）前言正文

Docker - Dockerfile之ADD、COPY、WORKDIR、USER、EXPOSE指令詳解

(SpringBoot)日志種類：log、monitor、access、out、gc、backup

CentOS 7,docker安裝

【Docker】端口映射問題操作步驟