公网搭建Kubernetes集群

更新：可参考以下博客实现：

https://www.jianshu.com/p/897e0f14be60

https://www.zhoujiangang.com/p/iptables-redirect-ip/

https://zhuanlan.zhihu.com/p/410371256

https://blog.csdn.net/mayi_xiaochaun/article/details/121402679

此贴作废，以下内容虽然能创建k8s集群，但是节点间网络不通，之后会出现一系列问题。

由于本次软分大作业采用一台华为云服务器和两台阿里云服务器，两者之间内网不互通，无法搭建内网k8s集群，不得已才在公网搭建。

公网搭建会出各种问题，有条件的话还是建议在内网搭建。

一个很详细的教程：https://zhuanlan.zhihu.com/p/627310856

一、服务器配置

主机名	ip	系统版本	角色
master	----	centos7.9	master
node1	----	centos7.9	node
node2	----	centos7.9	node

二、准备工作（每个节点都执行）

 编辑4台服务器的 /etc/hosts 文件 ,添加下面内容（每个节点都执行一遍）：

<服务器1公网ip> master
<服务器2公网ip> node1
<服务器3公网ip> node2

设置hostname（以master为例）：

hostnamectl set-hostname  master  # master是自定义名字

 

# 启动chronyd服务
systemctl start chronyd
systemctl enable chronyd
date

 

systemctl stop firewalld
systemctl disable firewalld

sed -i 's/enforcing/disabled/' /etc/selinux/config # 重启后生效

 

# 临时禁用swap分区
swapoff -a

# 永久禁用swap分区
vi /etc/fstab 
# 注释掉下面的设置
# /dev/mapper/centos-swap swap
# 之后需要重启服务器生效

cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

# 然后执行,生效
sysctl --system

# 1、切换镜像源
[root@master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d.docker-ce.repo

# 2、查看当前镜像源中支持的docker版本
[root@master ~]# yum list docker-ce --showduplicates

# 3、安装特定版本的docker-ce
# 必须制定--setopt=obsoletes=0，否则yum会自动安装更高版本
# 如果提示不存在 docker-ce-18.06.3.ce-3.el7 执行下方命令添加阿里云docker-ce.repo再执行
# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@master ~]# yum install --setopt=obsoletes=0 docker-ce-18.06.3.ce-3.el7 -y

# 4、添加一个配置文件
#Docker 在默认情况下使用Vgroup Driver为cgroupfs，而Kubernetes推荐使用systemd来替代cgroupfs
[root@master ~]# mkdir /etc/docker
[root@master ~]# cat <<EOF> /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://kn0t2bca.mirror.aliyuncs.com"]
}
EOF

# 5、启动dokcer
[root@master ~]# systemctl restart docker
[root@master ~]# systemctl enable docker

 

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

所有节点安装指定版本 kubeadm，kubelet 和 kubectl（我这里选择1.23.0版本的）：

yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0

# 设置kubelet开机启动（看你自己）
systemctl enable kubelet

 

sudo vi /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf

添加--node-ip=<公网IP>

# 所有主机都要创建虚拟网卡，并绑定对应的公网 ip
# 临时生效，重启会失效
ifconfig eth0:1 <你的公网IP>

# 永久生效

ifconfig eth0:1 <你的公网IP>
cat > /etc/sysconfig/network-scripts/ifcfg-eth0:1 <<EOF
BOOTPROTO=static
DEVICE=eth0:1
IPADDR=<你的公网IP>
PREFIX=32
TYPE=Ethernet
USERCTL=no
ONBOOT=yes
EOF

三、部署Kubernetes集群（master执行）

[root@node1 home]# kubeadm config images list
I0418 18:26:04.047449   19242 version.go:255] remote version is much newer: v1.27.1; falling back to: stable-1.23
k8s.gcr.io/kube-apiserver:v1.23.17
k8s.gcr.io/kube-controller-manager:v1.23.17
k8s.gcr.io/kube-scheduler:v1.23.17
k8s.gcr.io/kube-proxy:v1.23.17
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6

[root@node1 home]# kubeadm config images list  --image-repository registry.aliyuncs.com/google_containers
I0418 18:28:18.740057   20021 version.go:255] remote version is much newer: v1.27.1; falling back to: stable-1.23
registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.17
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.17
registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.17
registry.aliyuncs.com/google_containers/kube-proxy:v1.23.17
registry.aliyuncs.com/google_containers/pause:3.6
registry.aliyuncs.com/google_containers/etcd:3.5.1-0
registry.aliyuncs.com/google_containers/coredns:v1.8.6

[root@node1 home]# kubeadm config images pull  --image-repository registry.aliyuncs.com/google_containers
I0418 18:28:31.795554   20088 version.go:255] remote version is much newer: v1.27.1; falling back to: stable-1.23
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.17
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.17
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.17
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.23.17
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.6
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.1-0
[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.8.6

[root@node1 home]# kubeadm init \
  --apiserver-advertise-address=<master公网ip> \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.23.0 \
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=10.244.0.0/16 \
  --ignore-preflight-errors=all

[root@node1 home]# mkdir -p $HOME/.kube
[root@node1 home]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@node1 home]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@node1 home]# 
[root@node1 home]# vim /root/.bash_profile

设定kubeletl网络

[root@node1 home]# wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

[root@node1 home]# kubectl apply -f kube-flannel.yml

四、从节点加入集群

执行kubeadminit时生成的kubeadm join命令

解决k8s master节点无法ping node节点中的IP或Service NodePort的IP

https://blog.csdn.net/weixin_42675423/article/details/134523963