目 录
- 一、使用kubeadm方式搭建K8S集群
-
- ①Kubeadm方式搭建K8S集群
- ②安装要求
- 二、话不多说直接部署
-
- ①在所有主机上进行部署
-
- (2)设置主机的前期基本操作(所有主机)
- (2)各个主机之间的免密操作(仅在master上做一次即可所有主机免密登陆)
- (3)配置镜像源(所有主机)
- (4)安装常用工具、主机时间和系统时间同步(所有主机)
- (5)系统内核的升级(所有主机)
- (6)安装docker(所有主机)
- (7)安装kubelet(所有主机)
- ②在master节点上进行部署
-
- (1)初始化master节点(master节点)
- (2)创建 kubernetes 必要文件(master节点)
- (3)在Kubernetes集群中添加Node节点(master节点)
- (4)检查集群的状态(master节点)
- (5)测试k8s集群是否搭建成功(master节点)
- (6)测试集群部署的nginx服务是否成功(谷歌浏览器)
一、使用kubeadm方式搭建K8S集群
kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具。
这个工具能通过两条指令完成一个kubernetes集群的部署:
# 创建一个 Master 节点
kubeadm init
# 将一个 Node 节点加入到当前集群中
kubeadm join <Master节点的IP和端口 >
①Kubeadm方式搭建K8S集群
使用kubeadm方式搭建K8s集群主要分为以下几步
- 准备三台虚拟机,同时安装操作系统CentOS 7.x
- 对三个安装之后的操作系统进行初始化操作
- 在三个节点安装 docker kubelet kubeadm kubectl
- 在master节点执行kubeadm init命令初始化
- 在node节点上执行 kubeadm join命令,把node节点添加到当前集群
- 配置CNI网络插件,用于节点之间的连通【失败了可以多试几次】
- 通过拉取一个nginx进行测试,能否进行外网测试
②安装要求
在开始之前,部署Kubernetes集群机器需要满足以下几个条件:
- 一台或多台机器,操作系统 CentOS7.x-86_x64
- 硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘30GB或更多【注意master需要两核】
- 可以访问外网,需要拉取镜像,如果服务器不能上网,需要提前下载镜像并导入节点
- 禁止swap分区
二、话不多说直接部署
机器准备:
| 角色 | IP |
|---|---|
| master | 192.168.17.33 |
| node1 | 192.168.17.66 |
| node2 | 192.168.17.99 |
①在所有主机上进行部署
(2)设置主机的前期基本操作(所有主机)
# 设置主机名
[[email protected] ~]# hostnamectl set-hostname k8s-master-01
# 添加hosts解析
[[email protected] ~]# cat >> /etc/hosts << EOF
192.168.17.33 k8s-master-01
192.168.17.66 k8s-node-01
192.168.17.99 k8s-node-02
EOF
# 查看是否添加
[[email protected] ~]# cat /etc/hosts | tail -3
192.168.17.33 k8s-master-01
192.168.17.66 k8s-node-01
192.168.17.99 k8s-node-02
注:下面为系统优化(所有主机)
# 关闭防火墙
[[email protected] ~]# systemctl disable --now firewalld
# 关闭Selinux
[[email protected] ~]# setenforce 0
setenforce: SELinux is disabled
# 关闭swap交换分区(以下三种情况各选一种)
(1)(临时关闭swap分区)
[[email protected] ~]# swapoff -a
(2)(永久关闭swap分区)
[[email protected] ~]# sed -i.bak '/swap/s/^/#/' /etc/fstab
(3)(修改/etc/fstab 让kubelet忽略swap分区)
[[email protected] ~]# echo 'KUBELET_EXTRA_ARGS="--fail-swap-on=false"' > /etc/sysconfig/kubelet
# 查看swap交换分区(确认关闭状态)
[[email protected] ~]# free -h
total used free shared buff/cache available
Mem: 2.9G 205M 2.6G 9.4M 132M 2.6G
Swap: 0B 0B 0B
(2)各个主机之间的免密操作(仅在master上做一次即可所有主机免密登陆)
# 创建密钥对(所有主机都需要创建)
[[email protected] ~]# ssh-keygen -t rsa
# 集群互传公钥(所有主机都需要执行该循环)
[[email protected] ~]# for i in k8s-master-01 k8s-node-01 k8s-node-02;do ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]$i; done
# 测试公钥是否互传成功(所有主机都需要测试)
[[email protected] ~]# ssh k8s-master-01
Last login: Sat Aug 7 12:31:37 2021 from 192.168.17.1
[[email protected] ~]# ssh k8s-node-01
Last login: Sat Aug 7 12:31:37 2021 from 192.168.17.1
[[email protected] ~]# ssh k8s-node-02
Last login: Sat Aug 7 12:31:37 2021 from 192.168.17.1
(3)配置镜像源(所有主机)
# 添加阿里云镜像源
[[email protected] ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
# 清空yum缓存和重新生成yum源
[[email protected] ~]# yum clean all && yum makecache
(4)安装常用工具、主机时间和系统时间同步(所有主机)
# 更新系统
[[email protected] ~]# yum update -y --exclud=kernel*
# 安装常用软件工具包
[[email protected] ~]# yum install wget expect vim net-tools ntp bash-completion ipvsadm ipset jq iptables conntrack sysstat libseccomp -y
# 下载ntpdate工具
[[email protected] ~]# yum install ntpdate -y
# 同步阿里云时间
[[email protected] ~]# ntpdate ntp1.aliyun.com
7 Aug 15:13:12 ntpdate[23233]: adjust time server 120.25.115.20 offset 0.000932 sec
[[email protected] ~]# hwclock --systohc
[[email protected] ~]# hwclock
2021年08月07日 星期六 15时13分23秒 -0.444250 秒
[[email protected] ~]# date
2021年 08月 07日 星期六 15:13:27 CST
(5)系统内核的升级(所有主机)
# 下载更新内核的安装包
[[email protected] ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
# 更新内核
[[email protected] ~]# yum --enablerepo=elrepo-kernel install -y kernel-lt
# 查看当前主机可使用的的所有内核版本
[[email protected] ~]# cat /boot/grub2/grub.cfg | grep menuentry
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
menuentry_id_option=""
export menuentry_id_option
menuentry 'CentOS Linux (5.4.137-1.el7.elrepo.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.el7.x86_64-advanced-3c49ddca-eb95-4f55-bccd-1781694c9ca6' {
menuentry 'CentOS Linux (3.10.0-1160.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.el7.x86_64-advanced-3c49ddca-eb95-4f55-bccd-1781694c9ca6' {
menuentry 'CentOS Linux (0-rescue-e7501b1c2d764242907ae8bd3ebbfbb9) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-e7501b1c2d764242907ae8bd3ebbfbb9-advanced-3c49ddca-eb95-4f55-bccd-1781694c9ca6' {
# 查看当前主机正在使用的内核版本
[[email protected] ~]# grub2-editenv list
saved_entry=CentOS Linux (3.10.0-1160.el7.x86_64) 7 (Core)
# 修改启动内核版本,设置开机启动新内核(默认调动版本),设置完内核后,需要重启服务器才会生效
[[email protected] ~]# grub2-set-default 'CentOS Linux (5.4.137-1.el7.elrepo.x86_64) 7 (Core)'
# 关闭默认的内核,启动新的内核 (5.4.137-1.el7.elrepo.x86_64)
[[email protected] ~]# grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.4.137-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-5.4.137-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-1160.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-1160.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-e7501b1c2d764242907ae8bd3ebbfbb9
Found initrd image: /boot/initramfs-0-rescue-e7501b1c2d764242907ae8bd3ebbfbb9.img
done
# 查看当前默认启动的内核
[[email protected] ~]# grubby --default-kernel
/boot/vmlinuz-5.4.137-1.el7.elrepo.x86_64
# 重启后查询内核
[[email protected] ~]# reboot
[[email protected] ~]# uname -r
5.4.137-1.el7.elrepo.x86_64
注释:安装ipvs(所有主机)和优化内核参数(所有主机)
# 安装IPVS
[[email protected] ~]# for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done
# 查看IPVS模块
[[email protected] ~]# lsmod | grep ip_vs
ip_vs_ftp 16384 0
nf_nat 40960 1 ip_vs_ftp
ip_vs_sed 16384 0
ip_vs_nq 16384 0
ip_vs_fo 16384 0
ip_vs_sh 16384 0
ip_vs_dh 16384 0
ip_vs_lblcr 16384 0
ip_vs_lblc 16384 0
ip_vs_wrr 16384 0
ip_vs_rr 16384 0
ip_vs_wlc 16384 0
ip_vs_lc 16384 0
ip_vs 155648 24 ip_vs_wlc,ip_vs_rr,ip_vs_dh,ip_vs_lblcr,ip_vs_sh,ip_vs_fo,ip_vs_nq,ip_vs_lblc,ip_vs_wrr,ip_vs_lc,ip_vs_sed,ip_vs_ftp
nf_conntrack 147456 2 nf_nat,ip_vs
nf_defrag_ipv6 24576 2 nf_conntrack,ip_vs
libcrc32c 16384 4 nf_conntrack,nf_nat,xfs,ip_vs
# 修改内核启动参数
[[email protected] ~]#vim /etc/sysctl.d/k8s.conf
#将下面内容复制进去
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp.keepaliv.probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp.max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp.max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.top_timestamps = 0
net.core.somaxconn = 16384
# 立即生效
[[email protected] ~]# sysctl --system
...
* Applying /etc/sysctl.conf ...
(6)安装docker(所有主机)
# 卸载之前安装过得docker(若之前没有安装过docker,直接跳过此步)
[[email protected] ~]# sudo yum remove docker docker-common docker-selinux docker-engine
# 安装docker需要的依赖包 (之前执行过,可以省略)
[[email protected] ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker软件
[[email protected] ~]# yum install docker-ce -y
# 配置镜像下载加速器
# 建立缓存加速文件
# 去阿里云找到镜像加速器服务,查看自己的加速器地址(每个人有专属的加速器地址)
#(查看本机加速器地址)
https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
[[email protected] ~]# mkdir /etc/docker
[[email protected] ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["本机的加速器地址"]
}
# 启动docker并加入开机自启动
[[email protected] ~]# systemctl enable docker && systemctl start docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# 查看docker详细信息,也可看docker运行状态
[[email protected] ~]# docker info
(7)安装kubelet(所有主机)
# 添加kubernetes镜像源
[[email protected] ~]#vim /etc/yum.repos.d/kubernetes.repo
#复制下面内容
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
#到此结束
# 安装kubeadm、kubelet、kubectl (版本更新频繁,指定版本号部署安装)
[[email protected] ~]# yum install -y kubelet-1.21.3 kubeadm-1.21.3 kubectl-1.21.3
#注:此处如果安装K8S失败的话,请yum clean all && yum makecache
# 启动kubelet并加入开机自启动
[[email protected] ~]# systemctl enable --now kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
②在master节点上进行部署
(1)初始化master节点(master节点)
# master节点初始化
# 注意--apiserver-advertise-address后面的IP地址!!!
[[email protected] ~]# kubeadm init \
--apiserver-advertise-address=这边填写自己master节点的IP地址 \
--image-repository=registry.cn-shanghai.aliyuncs.com/yosigo \
--kubernetes-version=v1.21.3 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
#--ignore-preflight-errors=all
#参数详解:
–apiserver-advertise-address # 集群通告地址
–image-repository # 由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址
–kubernetes-version # K8s版本,与安装的一致
–service-cidr # 集群内部虚拟网络,Pod统一访问入口
–pod-network-cidr # Pod网络,与下面部署的CNI网络组件yaml中保持一致
# 查看下载的镜像
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-shanghai.aliyuncs.com/yosigo/kube-apiserver v1.21.3 3d174f00aa39 2 weeks ago 126MB
registry.cn-shanghai.aliyuncs.com/yosigo/kube-scheduler v1.21.3 6be0dc1302e3 2 weeks ago 50.6MB
registry.cn-shanghai.aliyuncs.com/yosigo/kube-controller-manager v1.21.3 bc2bb319a703 2 weeks ago 120MB
registry.cn-shanghai.aliyuncs.com/yosigo/kube-proxy v1.21.3 adb2816ea823 2 weeks ago 103MB
registry.cn-shanghai.aliyuncs.com/yosigo/pause 3.4.1 0f8457a4c2ec 6 months ago 683kB
registry.cn-shanghai.aliyuncs.com/yosigo/coredns v1.8.0 7916bcd0fd70 9 months ago 42.5MB
registry.cn-shanghai.aliyuncs.com/yosigo/etcd 3.4.13-0 8855aefc3b26 11 months ago 253MB
(2)创建 kubernetes 必要文件(master节点)
# 创建 kubernetes 必要文件(kuberctl执行文件)
[[email protected] ~]# mkdir -p $HOME/.kube
[[email protected] ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[[email protected] ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 查看当前的node节点
[[email protected] ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master-01 NotReady control-plane,master 7m36s v1.21.3
注:安装集群网络插件flannel(master节点),解决上面的状态还是NotReady,下面我们需要网络插件,来进行联网访问
# flannel插件yml文件下载,下载到当前文件夹(默认文件名:kube-flannel.yml)
[[email protected] ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#若下载不了,请到下面百度云自取kube-flannel.yml文件,然后上传到master节点上
[[email protected] ~]# rz (选取刚刚下载的kube-flannel.yml文件)
#修改kube-flannel.yml文件内容
将 image: 的内容替换成我们自购建的镜像 registry.cn-shanghai.aliyuncs.com/yosigo/flannel:v0.14.0
[[email protected] ~]# sed -i 's#image: quay.io/coreos/flannel:v0.13.0#image: registry.cn-shanghai.aliyuncs.com/yosigo/flannel:v0.14.0#' kube-flannel.yml
# 指定文件进行部署集群网络
[[email protected] ~]# kubectl apply -f kube-flannel.yml
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
(3)在Kubernetes集群中添加Node节点(master节点)
- matser节点操作
# 集群命令生成,在master创建token(标识),生成join(加入master集群的命令,默认生成了CA证书)
[[email protected] ~]# kubeadm token create --print-join-command
kubeadm join 192.168.17.33:6443 --token arfkui.nxm8di1u460qzbrt --discovery-token-ca-cert-hash sha256:abab375165a311c0918a69fa0554eeccceb22fdba4f77ef216e8d7926b70899d
默认token有效期为24小时,当过期之后,该token就不可用了,需要重新创建token。
# 使用openssl命令查看matser节点生成的CA证书信息
# 这步可忽略查看,这仅仅是个查看内容
[[email protected] ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
abab375165a311c0918a69fa0554eeccceb22fdba4f77ef216e8d7926b70899d
- node节点操作
# node加入集群 (复制master节点生成的token输出信息到node节点,即可加入Kubernetes集群)
[[email protected] ~]# kubeadm join 192.168.17.33:6443 --token arfkui.nxm8di1u460qzbrt --discovery-token-ca-cert-hash sha256:abab375165a311c0918a69fa0554eeccceb22fdba4f77ef216e8d7926b70899d
[[email protected] ~]# kubeadm join 192.168.17.33:6443 --token arfkui.nxm8di1u460qzbrt --discovery-token-ca-cert-hash sha256:abab375165a311c0918a69fa0554eeccceb22fdba4f77ef216e8d7926b70899d
(4)检查集群的状态(master节点)
# 查看当前的node节点
[[email protected] ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master-01 Ready control-plane,master 43m v1.21.3
k8s-node-01 Ready <none> 56s v1.21.3
k8s-node-02 NotReady <none> 9s v1.21.3
注:安装命令提示工具(即K8S补全工具)
# 安装命令提示工具
[[email protected] ~]# yum install -y bash-completion
[[email protected] ~]# source /usr/share/bash-completion/bash_completion
[[email protected] ~]# source <(kubectl completion bash)
[[email protected] ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc
(5)测试k8s集群是否搭建成功(master节点)
# 集群创建服务nginx测试
[[email protected] ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
# 启动创建的实列,指定端口
[[email protected] ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
# 查看服务pod状态
[[email protected] ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-9vvht 1/1 ContainerCreating 0 18s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 30m
service/nginx NodePort 10.98.121.81 <none> 80:31316/TCP 7s
# 查看在哪个节点上运行服务
[[email protected] ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-6799fc88d8-9vvht 1/1 Running 0 73m 10.244.2.3 k8s-node-02 <none> <none>
(6)测试集群部署的nginx服务是否成功(谷歌浏览器)
K8S集群服务部署成功!!!
![Kubernetes之Ingress详解与示例[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)