參考資料:從Docker到Kubernetes進階-陽明
目錄标題
- 一. kubeadm介紹
- 二. 準備系統環境
-
- 1. 基礎環境
- 2. 禁用Firewalld,Selinux,Swap
- 3. 節點添加Hosts資訊
- 4. 修改系統核心參數
- 5. 使用ipvs代替iptables
- 三. 安裝docker
- 四. 安裝Kubeadm
- 五. 初始化叢集
-
- 1. kubeadm初始化流程
- 2. 初始化叢集
- 3. 節點加入叢集
- 六. 安裝叢集插件
-
- 1. 部署calico網絡插件
- 2. 部署Dashboard可視化插件
一. kubeadm介紹
kubeadm是Kubernetes官方提供的用于快速安裝 Kubernetes 叢集的工具,它提供了
kubeadm init
以及
kubeadm join
這兩個指令作為快速建立 kubernetes 叢集的最佳實踐,隻需将
kubeadm
,
kubelet
,
kubectl
安裝到伺服器,其他核心元件以容器化方式快速部署,在1.13 版本中 GA,已可用于生産環境,⽀持多 master,多 etcd 叢集化部署。
二. 準備系統環境
1. 基礎環境
[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[[email protected] ~]# uname -r
3.10.0-1062.1.2.el7.x86_64
2. 禁用Firewalld,Selinux,Swap
$ systemctl stop firewalld
$ systemctl disable firewalld
$ setenforce 0
$ sed -i "s/enforcing/disabled/g" /etc/selinux/config
$ swapoff -a
3. 節點添加Hosts資訊
$ cat <<EOF >> /etc/hosts
172.16.1.100 k8s-master
172.16.1.101 k8s-node01
EOF
4. 修改系統核心參數
$ cat << EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
$ modprobe br_netfilter #報錯使用yum -y update 更新核心子產品
$ sysctl -p /etc/sysctl.d/k8s.conf
5. 使用ipvs代替iptables
$ yum install ipvsadm ipset
$ cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
$ chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
三. 安裝docker
添加docker源并安裝社群版docker
$ yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
$ yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
$ yum list docker-ce --showduplicates | sort -r
$ yum install docker-ce-19.03.1-3.el7
配置 Docker 鏡像加速
$ mkdir /etc/docker
$ cat << EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors" : [
"https://ot2k4d59.mirror.aliyuncs.com/"
]
}
EOF
啟動docker并設定開機自啟
$ systemctl start docker
$ systemctl enable docker
四. 安裝Kubeadm
添加鏡像源
$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
安裝 kubeadm、kubelet、kubectl
$ yum -y install kubectl-1.15.3-0 kubeadm-1.15.3-0 kubelet-1.15.3-0
$ kubeadm version #檢視版本
$ kubeadm version: &version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:11:18Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
$ systemctl enable kubelet.service # 設定開機自啟
五. 初始化叢集
1. kubeadm初始化流程
首先我們可以使用
kubeadm init
指令來進行初始化工作,其中kubeadm 首先要做的,是一系列的檢查工作,以确定這台機器可以用來部署 Kubernetes,比如檢查核心版本是否是3.10以上,Cgroups 子產品是否可用,Docker是否正确安裝等,然後以Pod的形式來部署
kube-apiserver、kube-controller-manager、kube-scheduler
這些元件,最後則是部署
kube-proxy
和
DNS
這些插件。
如果我們需要使用一些自定義的配置,在Master節點可以導出預設的初始化檔案進行修改。
$ kubeadm config print init-defaults > kubeadm.yaml
根據自己需求修改預設配置
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 172.16.1.100 #修改apiserverIP
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: kubesphere
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: gcr.azk8s.cn/google_containers #修改鏡像倉庫位址
kind: ClusterConfiguration
kubernetesVersion: v1.15.3
networking:
dnsDomain: cluster.local
podSubnet: 192.168.0.0/16 #Pod的IP網段,後面使用calico插件
serviceSubnet: 10.96.0.0/12
scheduler: {}
--- #添加以下,修改kube-proxy模式
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
2. 初始化叢集
$ kubeadm init --config kubeadm.yaml
------
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.16.1.100:6443 --token szu5t8.z6m03rxaamo8jzy1 --discovery-token-ca-cert-hash sha256:0455a39d0ff4cca1a9c947fa902ac635c09da5b4d7a30363e9376a9a2eb97a24
拷貝 kubeconfig 檔案
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
3. 節點加入叢集
在Master節點生成token後,然後在任意一台安裝了 kubelet 和 kubeadm 的機器上執行
kubeadm join
指令 即可加入到kubernetes叢集中。
$ kubeadm join 172.16.1.100:6443 --token szu5t8.z6m03rxaamo8jzy1 --discovery-token-ca-cert-hash sha256:0455a39d0ff4cca1a9c947fa902ac635c09da5b4d7a30363e9376a9a2eb97a24
上面的Key如果忘掉可以在master節點使用kubeadm token create --print-join-command指令重新擷取。
六. 安裝叢集插件
1. 部署calico網絡插件
$ wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
$ kubectl apply -f calico.yaml
檢視Pod運作狀态
$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-5df986d44c-hpqrr 1/1 Running 0 67m
calico-node-nvhfh 1/1 Running 0 63m
calico-node-vgft9 1/1 Running 0 63m
coredns-cf8fb6d7f-q5kw6 1/1 Running 0 2d19h
coredns-cf8fb6d7f-z92hh 1/1 Running 0 2d19h
etcd-kubesphere 1/1 Running 0 2d19h
kube-apiserver-kubesphere 1/1 Running 0 2d19h
kube-controller-manager-kubesphere 1/1 Running 0 2d19h
kube-proxy-68n9f 1/1 Running 0 2d19h
kube-proxy-6ht99 1/1 Running 0 73m
kube-scheduler-kubesphere 1/1 Running 0 2d19h
tiller-deploy-74cd79795-p26l5 1/1 Running 0 173m
檢視節點運作狀态
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-node01 Ready <none> 74m v1.15.3
k8s-master Ready master 2d19h v1.15.3
2. 部署Dashboard可視化插件
下載下傳資源檔案并修改鏡像名稱和Service類型
$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
$ vim kubernetes-dashboard.yaml #修改鏡像名稱
......
containers:
- args:
- --auto-generate-certificates
image: gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1 # 修改鏡像名稱
imagePullPolicy: IfNotPresent
......
selector:
k8s-app: kubernetes-dashboard
type: NodePort # 修改Service為NodePort類型
......
建立服務
$ kubectl apply -f kubernetes-dashboard.yaml
$ kubectl get pods -n kube-system -l k8s-app=kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-fcfb4cbc-wr79d 1/1 Running 0 39s
$ kubectl get svc -n kube-system -l k8s-app=kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.96.168.30 <none> 443:31445/TCP 53s
建立一個具有所有權限的使用者來登入Dashboard:
$ vim admin.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: admin
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
建立使用者擷取token
$ kubectl apply -f admin.yaml
$ kubectl get secret -n kube-system|grep admin-token
admin-token-4fjvq kubernetes.io/service-account-token 3 58s
$ kubectl get secret admin-token-4fjvq -o jsonpath={.data.token} -n kube-system |base64 -d
使用火狐浏覽器通路Dashboard的NodePort端口
https://172.16.1.100:31445/
上篇文章:k8s一 | 基本概念與元件原理
系列文章:深入了解Kuerneters
關注公衆号回複【k8s】關鍵詞擷取視訊教程及更多資料:
