diff --git a/操作文档/1、K8S搭建/K8S搭建【新版本】.md b/操作文档/1、K8S搭建/K8S搭建【新版本】.md new file mode 100644 index 00000000..bc224ece --- /dev/null +++ b/操作文档/1、K8S搭建/K8S搭建【新版本】.md @@ -0,0 +1,474 @@ +## 搭建$k8s$集群 + +**1.1 准备环境** + +```apl +# Linux版本 +Rocky Linux 9.4 Mini + +# 更新系统 +dnf clean all +dnf update + +# K8S的三台服务器 +10.10.14.200 k8s-master +10.10.14.201 k8s-node1 +10.10.14.202 k8s-node2 + +# Docker镜像仓库 +K8S-IMAGES 10.10.14.203 +``` + + + +**2.2 系统初始化** + +设置系统时区为上海 + +```shell +timedatectl set-timezone Asia/Shanghai +clock -w + +# 查看时区 + ls -l /etc/localtime +``` + +关闭防火墙: + +```shell +systemctl stop firewalld +systemctl disable firewalld +sed -i 's/enforcing/disabled/' /etc/selinux/config +setenforce 0 +``` + +关闭$swap$分区: + +```shell +sed -ri 's/.*swap.*/#&/' /etc/fstab +swapoff -a +``` + +在$master$上执行 + +```shell +hostnamectl set-hostname k8s-master +``` + +在$node1$上执行 + +```shell +hostnamectl set-hostname k8s-node1 +``` + + + +在$node2$上执行 + +```shell +hostnamectl set-hostname k8s-node2 +``` + + + +在每个节点添加$hosts$: + +```shell +cat >> /etc/hosts << EOF +10.10.14.200 k8s-master +10.10.14.201 k8s-node1 +10.10.14.202 k8s-node2 +EOF +``` + + + +将桥接的$IPv4$流量传递到$iptables$的链: + +在每个节点添加如下的命令: + +```shell +cat > /etc/sysctl.d/k8s.conf << EOF +net.bridge.bridge-nf-call-ip6tables = 1 +net.bridge.bridge-nf-call-iptables = 1 +net.ipv4.ip_forward = 1 +vm.swappiness = 0 +EOF +``` + + + +在每个节点加载$br\_netfilter$模块 + +```shell +modprobe br_netfilter + +# 生效 +sysctl --system +``` + + + +查看是否加载 + +``` +lsmod | grep br_netfilter +``` + + + + +在每个节点添加时间同步: + +安装$ntpdate$时间同步插件 + +```shell +dnf install chrony -y +systemctl enable --now chronyd +``` + +编辑内容 + +``` +vi /etc/chrony.conf +``` + +``` +server 0.pool.ntp.org iburst +server 1.pool.ntp.org iburst +server 2.pool.ntp.org iburst +server 3.pool.ntp.org iburst +``` + +重新启动 + +``` +systemctl restart chronyd +``` + +手工同步 + +``` +chronyc makestep +``` + + + +在每个节点安装$ipset$和$ipvsadm$: + +安装 + +```shell +yum -y install ipset ipvsadm +``` + + + +配置 + +``` +mkdir -p /etc/sysconfig/modules/ +cat > /etc/sysconfig/modules/ipvs.modules < 该操作只需要在master节点机器上执行 + +``` +#原命令 +kubeadm init --apiserver-advertise-address=master的ip --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 + +#根据机器实际修改后的命令 +kubeadm init --apiserver-advertise-address=10.10.14.200 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 +``` + + + +``` +[addons] Applied essential addon: CoreDNS +[addons] Applied essential addon: kube-proxy + +Your Kubernetes control-plane has initialized successfully! + +To start using your cluster, you need to run the following as a regular user: + + mkdir -p $HOME/.kube + sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config + sudo chown $(id -u):$(id -g) $HOME/.kube/config + +Alternatively, if you are the root user, you can run: + + export KUBECONFIG=/etc/kubernetes/admin.conf + +You should now deploy a pod network to the cluster. +Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: + https://kubernetes.io/docs/concepts/cluster-administration/addons/ + +Then you can join any number of worker nodes by running the following on each as root: + +kubeadm join 10.10.14.200:6443 --token ivocyb.4f2p3qu1nc5jptwf \ + --discovery-token-ca-cert-hash sha256:e088f075df466e689b8db3ace62a7650f27a11b6f7b36ee61d1ebbbd8a720c16 +``` + +**再根据日志提示命令结果在对应机器上执行** + +Master机器 + +```shell +mkdir -p $HOME/.kube +cp -i /etc/kubernetes/admin.conf $HOME/.kube/config +chown $(id -u):$(id -g) $HOME/.kube/config +``` + +Node机器 + +``` +#将两台node加入到集群中,分别在node1根node2执行刚刚 kubeadm init成功后下面打印的命令 +#注:日志里复制的“\”换行符要记得去掉 +kubeadm join 10.10.14.200:6443 --token ivocyb.4f2p3qu1nc5jptwf \ + --discovery-token-ca-cert-hash sha256:e088f075df466e689b8db3ace62a7650f27a11b6f7b36ee61d1ebbbd8a720c16 +``` + + + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101137042.png) + +**Node机器都执行完成后,在master节点机器执行该命令** + +三台都下载yml文件 + +```shell +wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml +``` + +三台都安装flannel的pod + +```shell +kubectl apply -f kube-flannel.yml +``` + +```shell +kubectl get nodes +``` + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101340481.png) + +```shell +kubectl get pod -A +``` + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101341823.png) + +#### 部署 $k8s$可视化界面$dashboard$ + +``` +#命令执行【被墙了,需要科学上网后下载】 +wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml + +rz -be 选择:recommended.yaml + +kubectl apply -f recommended.yaml + +kubectl apply -f dashboard.yaml + +# 将 type: ClusterIP 改为 type: NodePort +kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard +``` + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101348621.png) + +``` +# 查询端口 +kubectl get svc -A |grep kubernetes-dashboard + +``` + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101349088.png) + +如上所示,$Dashboard$已经在$31475$端口上公开,现在可以在外部使用https://10.10.14.202:31475进行访问。 + +注意:在多节点的集群中,必须找到运行$Dashboard$节点的IP来访问,而不是[$Master$节点](https://zhida.zhihu.com/search?q=Master节点&zhida_source=entity&is_preview=1)的IP;可以通过如下命令查询: + +``` +kubectl get pod -owide --namespace kubernetes-dashboard +``` + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101350711.png) + +可以看到dashboard 部署在k8s-node2,而本例中,master的ip为:10.10.14.203 故访问:https://10.10.14.202:31475 + + + +1)界面打开大概率会提示“你的连接不是专用连接.....”,直接点击“继续访问” + +(注:如果没有“继续访问”的提示,则多换个浏览器,笔者是从Google、edge换到火狐才行的) + +(2)打开之后,会显示如下 + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101359239.png) + +此时暂不点击界面,执行以下操作 + +``` +#创建访问账号 +rz -be +选择: D:\dsWork\dsExam\操作文档\dash.yaml + +#执行语句 +kubectl apply -f dash.yaml + +#获取访问令牌 +kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}" + +``` + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101402040.png) + +``` +eyJhbGciOiJSUzI1NiIsImtpZCI6ImpWR1F0b3o3LUEzeXR2NXlhNE5xUDNLUnNmUkoyaHkzWmNocC1NQURBZjQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWo1a3piIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyN2FjNDJiYi05ODk5LTQzNjctOGQzNC01NzZjYjEyNWYwZGMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.p6SzEz6JTEtqAiXGHEeXp1nSRfNgQtUIu0kF3obON_bsmev5p-vw14SAYKoU7Tw320hzJpD-Db7mv3nQ5ppXKxzO6HdOhSyrOldwS_2PpA8omSdIb2rQefxrjoXqdn1QWD4wwffyFadjLpAlKla4D33TKlgXYEtItWRjMphhG7aj_rFJFqWJ3LYXB6kbWKx23mXl5lMMTIjGWc_kHJo_a_8Sr7kshNcuZSYeyjVP42vYZMLPRA0_GCT_K-MXYlFlaLwLogTt9hDnnlXMgs5H8zEap1ARXfzIs1EYDGZgPDDj86RfDD2zX74SnEdqtBvEdW_roQpyihzMIgTAX7-Giw +``` + +#将运行结果下述白色内容复制到之前dashboard的登陆界面 + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101403620.png) + +登录成功如下图所示 + +![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101403561.png) + +官方镜像站 【似乎需要翻墙~】 + +https://hub.docker.com/ + + + +**参考文档** + +[[BUG] runtime network not ready: NetworkReady=false reason:NetworkPluginNotRead](https://blog.csdn.net/keyuchen_01/article/details/128070052) + +https://zhuanlan.zhihu.com/p/672518868 + +https://zhuanlan.zhihu.com/p/693571878 + diff --git a/操作文档/1、K8S搭建/K8S搭建.md b/操作文档/1、K8S搭建/K8S搭建【旧版本】.md similarity index 100% rename from 操作文档/1、K8S搭建/K8S搭建.md rename to 操作文档/1、K8S搭建/K8S搭建【旧版本】.md