公网搭建Kubernetes集群
更新:可参考以下博客实现:
https://www.jianshu.com/p/897e0f14be60
https://www.zhoujiangang.com/p/iptables-redirect-ip/
https://zhuanlan.zhihu.com/p/410371256
https://blog.csdn.net/mayi_xiaochaun/article/details/121402679
此贴作废,以下内容虽然能创建k8s集群,但是节点间网络不通,之后会出现一系列问题。
由于本次软分大作业采用一台华为云服务器和两台阿里云服务器,两者之间内网不互通,无法搭建内网k8s集群,不得已才在公网搭建。
公网搭建会出各种问题,有条件的话还是建议在内网搭建。
一个很详细的教程:https://zhuanlan.zhihu.com/p/627310856
一、服务器配置
主机名 | ip | 系统版本 | 角色 |
master | ---- | centos7.9 | master |
node1 | ---- | centos7.9 | node |
node2 | ---- | centos7.9 | node |
二、准备工作(每个节点都执行)
编辑4台服务器的 /etc/hosts
文件 ,添加下面内容(每个节点都执行一遍):
<服务器1公网ip> master <服务器2公网ip> node1 <服务器3公网ip> node2
设置hostname(以master为例):
hostnamectl set-hostname master # master是自定义名字
# 启动chronyd服务 systemctl start chronyd systemctl enable chronyd date
systemctl stop firewalld systemctl disable firewalld sed -i 's/enforcing/disabled/' /etc/selinux/config # 重启后生效
# 临时禁用swap分区 swapoff -a # 永久禁用swap分区 vi /etc/fstab # 注释掉下面的设置 # /dev/mapper/centos-swap swap # 之后需要重启服务器生效
cat > /etc/sysctl.d/kubernetes.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF # 然后执行,生效 sysctl --system
# 1、切换镜像源
[root@master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d.docker-ce.repo# 2、查看当前镜像源中支持的docker版本
[root@master ~]# yum list docker-ce --showduplicates# 3、安装特定版本的docker-ce
# 必须制定--setopt=obsoletes=0,否则yum会自动安装更高版本
# 如果提示不存在 docker-ce-18.06.3.ce-3.el7 执行下方命令添加阿里云docker-ce.repo再执行
# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@master ~]# yum install --setopt=obsoletes=0 docker-ce-18.06.3.ce-3.el7 -y# 4、添加一个配置文件
#Docker 在默认情况下使用Vgroup Driver为cgroupfs,而Kubernetes推荐使用systemd来替代cgroupfs
[root@master ~]# mkdir /etc/docker
[root@master ~]# cat <<EOF> /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://kn0t2bca.mirror.aliyuncs.com"]
}
EOF# 5、启动dokcer
[root@master ~]# systemctl restart docker
[root@master ~]# systemctl enable docker
cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
所有节点安装指定版本 kubeadm,kubelet 和 kubectl(我这里选择1.23.0
版本的):
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0 # 设置kubelet开机启动(看你自己) systemctl enable kubelet
sudo vi /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
添加--node-ip=<公网IP>
# 所有主机都要创建虚拟网卡,并绑定对应的公网 ip
# 临时生效,重启会失效
ifconfig eth0:1 <你的公网IP>
# 永久生效ifconfig eth0:1 <你的公网IP>
cat > /etc/sysconfig/network-scripts/ifcfg-eth0:1 <<EOF
BOOTPROTO=static
DEVICE=eth0:1
IPADDR=<你的公网IP>
PREFIX=32
TYPE=Ethernet
USERCTL=no
ONBOOT=yes
EOF
三、部署Kubernetes集群(master执行)
[root@node1 home]# kubeadm config images list I0418 18:26:04.047449 19242 version.go:255] remote version is much newer: v1.27.1; falling back to: stable-1.23 k8s.gcr.io/kube-apiserver:v1.23.17 k8s.gcr.io/kube-controller-manager:v1.23.17 k8s.gcr.io/kube-scheduler:v1.23.17 k8s.gcr.io/kube-proxy:v1.23.17 k8s.gcr.io/pause:3.6 k8s.gcr.io/etcd:3.5.1-0 k8s.gcr.io/coredns/coredns:v1.8.6
[root@node1 home]# kubeadm config images list --image-repository registry.aliyuncs.com/google_containers I0418 18:28:18.740057 20021 version.go:255] remote version is much newer: v1.27.1; falling back to: stable-1.23 registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.17 registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.17 registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.17 registry.aliyuncs.com/google_containers/kube-proxy:v1.23.17 registry.aliyuncs.com/google_containers/pause:3.6 registry.aliyuncs.com/google_containers/etcd:3.5.1-0 registry.aliyuncs.com/google_containers/coredns:v1.8.6
[root@node1 home]# kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers I0418 18:28:31.795554 20088 version.go:255] remote version is much newer: v1.27.1; falling back to: stable-1.23 [config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.17 [config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.17 [config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.17 [config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.23.17 [config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.6 [config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.1-0 [config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.8.6
[root@node1 home]# kubeadm init \ --apiserver-advertise-address=<master公网ip> \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.23.0 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16 \ --ignore-preflight-errors=all
[root@node1 home]# mkdir -p $HOME/.kube [root@node1 home]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@node1 home]# sudo chown $(id -u):$(id -g) $HOME/.kube/config [root@node1 home]# [root@node1 home]# vim /root/.bash_profile
设定kubeletl网络
[root@node1 home]# wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
[root@node1 home]# kubectl apply -f kube-flannel.yml
四、从节点加入集群
执行kubeadminit时生成的kubeadm join命令
解决k8s master节点无法ping node节点中的IP或Service NodePort的IP
https://blog.csdn.net/weixin_42675423/article/details/134523963