|
|
[一文教你从零快速搭建k8s集群](https://blog.csdn.net/m0_37719874/article/details/120966546?share_token=6d60db3d-9637-406f-ac3a-cb1d7301a06b)
|
|
|
|
|
|
|
|
|
|
|
|
## 搭建$k8s$集群
|
|
|
|
|
|
**1.1 准备环境**
|
|
|
|
|
|
```apl
|
|
|
k8s-master 10.10.14.200
|
|
|
k8s-node1 10.10.14.201
|
|
|
k8s-node2 10.10.14.202
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
**2.2 系统初始化**
|
|
|
|
|
|
设置系统时区为上海
|
|
|
|
|
|
```shell
|
|
|
timedatectl set-timezone Asia/Shanghai
|
|
|
clock -w
|
|
|
|
|
|
# 查看时区
|
|
|
ls -l /etc/localtime
|
|
|
```
|
|
|
|
|
|
关闭防火墙:
|
|
|
|
|
|
```shell
|
|
|
systemctl stop firewalld
|
|
|
systemctl disable firewalld
|
|
|
sed -i 's/enforcing/disabled/' /etc/selinux/config
|
|
|
setenforce 0
|
|
|
```
|
|
|
|
|
|
关闭swap分区:
|
|
|
|
|
|
```shell
|
|
|
sed -ri 's/.*swap.*/#&/' /etc/fstab
|
|
|
swapoff -a
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
在master上执行
|
|
|
|
|
|
```shell
|
|
|
hostnamectl set-hostname K8S-MASTER
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
在node1上执行
|
|
|
|
|
|
```shell
|
|
|
hostnamectl set-hostname K8S-NODE1
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
在node2上执行
|
|
|
|
|
|
```shell
|
|
|
hostnamectl set-hostname K8S-NODE2
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
在每个节点添加hosts:
|
|
|
|
|
|
```shell
|
|
|
cat >> /etc/hosts << EOF
|
|
|
10.10.14.200 K8S-MASTER
|
|
|
10.10.14.201 K8S-NODE1
|
|
|
10.10.14.202 K8S-NODE2
|
|
|
EOF
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
将桥接的IPv4流量传递到iptables的链:
|
|
|
|
|
|
在每个节点添加如下的命令:
|
|
|
|
|
|
```shell
|
|
|
cat > /etc/sysctl.d/k8s.conf << EOF
|
|
|
net.bridge.bridge-nf-call-ip6tables = 1
|
|
|
net.bridge.bridge-nf-call-iptables = 1
|
|
|
net.ipv4.ip_forward = 1
|
|
|
vm.swappiness = 0
|
|
|
EOF
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
加载br_netfilter模块
|
|
|
|
|
|
```
|
|
|
modprobe br_netfilter
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
查看是否加载
|
|
|
|
|
|
```
|
|
|
lsmod | grep br_netfilter
|
|
|
```
|
|
|
|
|
|
生效
|
|
|
|
|
|
```
|
|
|
sysctl --system
|
|
|
```
|
|
|
|
|
|
|
|
|
在每个节点添加时间同步:
|
|
|
|
|
|
安装ntpdate时间同步插件
|
|
|
|
|
|
```
|
|
|
yum install ntpdate -y
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
开启时间同步
|
|
|
|
|
|
```
|
|
|
ntpdate time.windows.com
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
在每个节点安装ipset和ipvsadm:
|
|
|
|
|
|
安装
|
|
|
|
|
|
```
|
|
|
yum -y install ipset ipvsadm
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
配置
|
|
|
|
|
|
```
|
|
|
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
|
|
|
#!/bin/bash
|
|
|
modprobe -- ip_vs
|
|
|
modprobe -- ip_vs_rr
|
|
|
modprobe -- ip_vs_wrr
|
|
|
modprobe -- ip_vs_sh
|
|
|
modprobe -- nf_conntrack_ipv4
|
|
|
EOF
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
授权、运行、检查是否加载:
|
|
|
|
|
|
```
|
|
|
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
|
|
|
```
|
|
|
|
|
|
|
|
|
4.3 所有节点安装Docker/kubeadm/kubelet/kubectl
|
|
|
|
|
|
k8s默认CRI(容器运行时)为Docker,因此需要先安装Docker!
|
|
|
|
|
|
所有节点安装Docker:
|
|
|
|
|
|
获取镜像源
|
|
|
|
|
|
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
|
|
|
# 安装
|
|
|
yum -y install docker-ce-18.06.3.ce-3.el7
|
|
|
# 设置开机自启动并启动
|
|
|
systemctl enable docker && systemctl start docker
|
|
|
# 查看版本
|
|
|
docker version
|
|
|
# 设置镜像加速器
|
|
|
sudo mkdir -p /etc/docker
|
|
|
sudo tee /etc/docker/daemon.json <<-'EOF'
|
|
|
{
|
|
|
"exec-opts": ["native.cgroupdriver=systemd"],
|
|
|
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
|
|
|
}
|
|
|
EOF
|
|
|
# 重载配置
|
|
|
sudo systemctl daemon-reload
|
|
|
# 重启docker
|
|
|
sudo systemctl restart docker
|
|
|
# 添加阿里云的yum软件源
|
|
|
cat > /etc/yum.repos.d/kubernetes.repo << EOF
|
|
|
[kubernetes]
|
|
|
name=Kubernetes
|
|
|
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
|
|
|
enabled=1
|
|
|
gpgcheck=0
|
|
|
repo_gpgcheck=0
|
|
|
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
|
|
|
EOF
|
|
|
|
|
|
1
|
|
|
2
|
|
|
3
|
|
|
4
|
|
|
5
|
|
|
6
|
|
|
7
|
|
|
8
|
|
|
9
|
|
|
10
|
|
|
11
|
|
|
12
|
|
|
13
|
|
|
14
|
|
|
15
|
|
|
16
|
|
|
17
|
|
|
18
|
|
|
19
|
|
|
20
|
|
|
21
|
|
|
22
|
|
|
23
|
|
|
24
|
|
|
25
|
|
|
26
|
|
|
27
|
|
|
28
|
|
|
29
|
|
|
30
|
|
|
安装kubeadm、kubelet和kubectl:
|
|
|
|
|
|
# 指定版本号安装
|
|
|
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
|
|
|
# 为了实现Docker使用的cgroup drvier和kubelet使用的cgroup drver一致,需要修改"/etc/sysconfig/kubelet"文件的内容:
|
|
|
vim /etc/sysconfig/kubelet
|
|
|
# 修改
|
|
|
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
|
|
|
# 设置开机自启动
|
|
|
systemctl enable kubelet
|
|
|
1
|
|
|
2
|
|
|
3
|
|
|
4
|
|
|
5
|
|
|
6
|
|
|
7
|
|
|
8
|
|
|
4.4 部署k8s的Master节点
|
|
|
|
|
|
# 由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里需要指定阿里云镜像仓库地址
|
|
|
# 只在master执行
|
|
|
kubeadm init \
|
|
|
# 此处填写实际ip,其他地方不用动
|
|
|
--apiserver-advertise-address=192.168.40.136 \
|
|
|
--image-repository registry.aliyuncs.com/google_containers \
|
|
|
--kubernetes-version v1.18.0 \
|
|
|
--service-cidr=10.96.0.0/12 \
|
|
|
--pod-network-cidr=10.244.0.0/16
|
|
|
# 配置环境变量(只在master执行)
|
|
|
mkdir -p $HOME/.kube
|
|
|
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
|
|
|
sudo chown $(id -u):$(id -g) $HOME/.kube/config
|
|
|
1
|
|
|
2
|
|
|
3
|
|
|
4
|
|
|
5
|
|
|
6
|
|
|
7
|
|
|
8
|
|
|
9
|
|
|
10
|
|
|
11
|
|
|
12
|
|
|
13
|
|
|
4.5 添加k8s的Node节点
|
|
|
|
|
|
# 在master节点获取token:
|
|
|
kubeadm token create --print-join-command --ttl 0
|
|
|
# 在node1和node2添加如下的命令向k8s集群中添加Node节点(为上方命令返回的内容,复制即可):
|
|
|
kubeadm join 192.168.40.136:6443 --token yruyio.n4hal2qdb5iweknf --discovery-token-ca-cert-hash sha256:0ac7ed632224e1e07cef223b1159d03b2231dfc0456817db7eaf3c8651eef49c
|
|
|
# 获取所有节点(正常可以获取到master,node1和node2)
|
|
|
kubectl get nodes
|
|
|
1
|
|
|
2
|
|
|
3
|
|
|
4
|
|
|
5
|
|
|
6
|
|
|
4.6 部署CNI网络插件
|
|
|
|
|
|
在master节点部署CNI网络插件:
|
|
|
|
|
|
# 此链接被墙了,需要科学上网解决,或者在文末获取相关资源
|
|
|
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
|
|
|
kubectl apply -f kube-flannel.yml
|
|
|
# 查看部署进度(可能会出现镜像拉取失败的情况,耐心等待一会就好了)
|
|
|
kubectl get pods -n kube-system
|
|
|
1
|
|
|
2
|
|
|
3
|
|
|
4
|
|
|
5
|
|
|
查看集群健康状态:
|
|
|
|
|
|
kubectl get cs
|
|
|
kubectl cluster-info
|
|
|
1
|
|
|
2
|
|
|
至此,k8s集群基本搭建完毕!
|
|
|
|
|
|
5.测试kubernetes集群
|
|
|
在Kubernetes集群中创建一个pod,验证是否正常运行,这里以nginx为例:
|
|
|
|
|
|
# 创建deployment
|
|
|
kubectl create deployment nginx --image=nginx
|
|
|
# 修改端口类型为nodePort供外界访问 编辑方式跟vim一样
|
|
|
kubectl edit svc nginx
|
|
|
...
|
|
|
spec:
|
|
|
clusterIP: 10.106.212.113
|
|
|
externalTrafficPolicy: Cluster
|
|
|
ports:
|
|
|
# 外界暴露指定端口 32627(30000-32767)
|
|
|
- nodePort: 32627
|
|
|
# 容器暴露的端口
|
|
|
port: 80
|
|
|
protocol: TCP
|
|
|
# 集群内访问的单口
|
|
|
targetPort: 80
|
|
|
selector:
|
|
|
app: nginx
|
|
|
sessionAffinity: None
|
|
|
# type改为NodePort
|
|
|
type: NodePort
|
|
|
...
|
|
|
|
|
|
1
|
|
|
2
|
|
|
3
|
|
|
4
|
|
|
5
|
|
|
6
|
|
|
7
|
|
|
8
|
|
|
9
|
|
|
10
|
|
|
11
|
|
|
12
|
|
|
13
|
|
|
14
|
|
|
15
|
|
|
16
|
|
|
17
|
|
|
18
|
|
|
19
|
|
|
20
|
|
|
21
|
|
|
22
|
|
|
访问 http://192.168.40.136:32627:
|
|
|
|
|
|
至此,我们已经成功部署了一个nginx的deployment,deployment控制对应的pod的生命周期,service则对外提供相应的服务。
|
|
|
|
|
|
6.部署 Dashboard
|
|
|
Dashboard是k8s的一套桌面管理应用,通过Dashboard我们可以通过可视化的方式查看k8s集群的状态,执行相关的操作,但没有kubectl来的简单直接,了解一下即可。
|
|
|
|
|
|
首先需要下载kubernetes-dashboard.yaml,这个文件现在也被墙了,大家可以通过科学上网或者文末获取!
|
|
|
|
|
|
在master执行以下命令:
|
|
|
|
|
|
kubectl apply -f kubernetes-dashboard.yaml
|
|
|
# 开启代理 ip写自己实际ip
|
|
|
kubectl proxy --address=192.168.40.136 --disable-filter=true &
|
|
|
1
|
|
|
2
|
|
|
3
|
|
|
访问https://192.168.40.136:30001
|
|
|
|
|
|
谷歌访问可能会被禁止,可以通过以下操作解决:
|
|
|
|
|
|
mkdir key && cd key
|
|
|
#生成证书
|
|
|
openssl genrsa -out dashboard.key 2048
|
|
|
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.246.200'
|
|
|
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
|
|
|
#删除原有的证书secret
|
|
|
kubectl delete secret kubernetes-dashboard-certs -n kube-system
|
|
|
#创建新的证书secret
|
|
|
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system
|
|
|
#查看pod复制dashboard的pod名称
|
|
|
kubectl get pod -n kube-system
|
|
|
#重启pod(删除会自动重启)
|
|
|
kubectl delete pod <pod name> -n kube-system
|
|
|
1
|
|
|
2
|
|
|
3
|
|
|
4
|
|
|
5
|
|
|
6
|
|
|
7
|
|
|
8
|
|
|
9
|
|
|
10
|
|
|
11
|
|
|
12
|
|
|
13
|
|
|
如下,通过令牌方式访问:
|
|
|
|
|
|
获取token:
|
|
|
|
|
|
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/cluster-admin/{print $1}')
|
|
|
1
|
|
|
复制,点击登录,稍等片刻即可:
|
|
|
|
|
|
结语
|
|
|
本文到这里就结束了,主要介绍了k8s集群的部署方式以及具体步骤,感兴趣的朋友可以在本地虚拟机搭建一套,至于k8s中组件的作用以及使用方式,大家可以在网上自行查阅,在集群中执行相关命令自行体会学习,k8s在实际的生产中主要用于系统的自动化部署,自动扩缩容等,帮助我们提升运维效率,作为程序员我们也要熟悉其常用的命令以及原理,掌握到一定程度之后可以尝试基于k8s开发一套自动化运维管理平台,可以扩充我们的知识面,提升自己的技术水平!
|
|
|
|
|
|
|
|
|
|
|
|
搭建自己的的docker本地仓库
|
|
|
https://blog.csdn.net/gaoxiangfei/article/details/130941906?share_token=c035c4fd-224f-4503-b057-7fb1030d97c2 |
