linux(centos8):kubeadm单机安装kubernetes(kubernetes 1.18.3)
一,kubernetes安装的准备工作:
1,准备工作的各步骤请参见:
2, master节点默认不承担node角色的工作,
我们这里为了在单机上做测试,允许master节点也运行pod
ip:192.168.219.130
hostname:kubemaster,
hostname和ip的对应也加入到了/etc/hosts
说明:刘宏缔的架构森林是一个专注架构的博客,
网站:https://blog.imgtouch.com
本文: https://blog.imgtouch.com/index.php/2023/05/22/centos8linuxkubeadm-dan-ji-an-zhuang-kubernetes-kubernetes1183/
对应的源码可以访问这里获取: https://github.com/liuhongdi/
说明:作者:刘宏缔 邮箱: 371125307@qq.com
二,在kubemaster这台server上安装kubernetes的kubelet/kubectl/kubeadm
1,新建kubernetes的repo
[root@kubemaster ~]# vi /etc/yum.repos.d/kubernetes.repo
内容:
[kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
2,安装kube三大件:(当前版本均为:1.18.3)
说明:三大件的作用:
kubelet:是systemd管理的一个daemon,负责启动pod和容器,
它是k8s中唯一在宿主机中启动的后台进程;
kubeadm: 负责安装初始化集群,部署完成之后不会再使用
kubectl: k8s的命令行工具,是管理k8s使用的主要工具
用于管理pod/service
安装:
[root@kubemaster ~]# dnf install kubectl kubelet kubeadm
说明:如果提示是否确定导入 GPG 公钥,
输入y后回车即可
3,查看安装后的效果:查看版本:
[root@kubemaster ~]# kubectl version Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40",
GitTreeState:"clean", BuildDate:"2020-05-20T12:52:00Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"} The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@kubemaster ~]# kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40",
GitTreeState:"clean", BuildDate:"2020-05-20T12:49:29Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
[root@kubemaster ~]# kubelet --version Kubernetes v1.18.3
4,把kubelet配置为自启动
[root@centos8 ~]# systemctl enable kubelet.service Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service. [root@kubemaster ~]# systemctl is-enabled kubelet.service enabled
三,kubeadm 初始化kubenetes
1,执行初始化:
#--apiserver-advertise-address: apiserver的地址:使用本机的ip
#--image-repository:kubeadm 默认从官网k8s.grc.io下载所需镜像,需要FQ才能访问,所以用–image-repository指定阿里云镜像仓库地址
[root@kubemaster ~]# kubeadm init --kubernetes-version=1.18.3 --apiserver-advertise-address=192.168.219.130 \
--image-repository registry.aliyuncs.com/google_containers
说明:此过程要下需下载kubenetes所需容器的镜像,
速度稍慢,需要等待
如果另开一个终端执行ps,可以看到的它的子进程正在执行docker pull
[root@kubemaster ~]# ps auxfww ... root 1530 0.0 0.2 152904 10540 ? Ss 13:41 0:00 \_ sshd: root [priv] root 1666 0.0 0.1 152904 5392 ? S 13:41 0:00 | \_ sshd: root@pts/0 root 1673 0.0 0.1 25588 3980 pts/0 Ss 13:41 0:00 | \_ -bash root 8076 0.0 0.8 142068 32836 pts/0 Sl+ 14:22 0:00 | \_ kubeadm init --kubernetes-version=1.18.3 --apiserver-advertise-address=192.168.219.130 --image-repository registry.aliyuncs.com/google_containers root 8450 0.3 1.6 711476 63136 pts/0 Sl+ 14:24 0:00 | \_ docker pull registry.aliyuncs.com/google_containers/etcd:3.4.3-0 …
init输出内容中需要注意的地方:
生成配置文件
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
配置网络
You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/
添加worker node到集群
Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.219.130:6443 --token up139x.98qlng4m7qk61p0z \ --discovery-token-ca-cert-hash sha256:c718e29ccb1883715489a3fdf53dd810a7764ad038c50fd62a2246344a4d9a73
2,查看init操作下载的images
[root@kubemaster ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-proxy v1.18.3 3439b7546f29 3 weeks ago 117MB registry.aliyuncs.com/google_containers/kube-apiserver v1.18.3 7e28efa976bd 3 weeks ago 173MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.18.3 da26705ccb4b 3 weeks ago 162MB registry.aliyuncs.com/google_containers/kube-scheduler v1.18.3 76216c34ed0c 3 weeks ago 95.3MB registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 4 months ago 683kB registry.aliyuncs.com/google_containers/coredns 1.6.7 67da37a9a360 4 months ago 43.8MB registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 7 months ago 288MB
3,添加kubectl的默认配置
注意:这些就是 kubeadm init的提示命令
按命令执行一遍即可:
生成.kube这个隐藏目录
[root@kubemaster ~]# mkdir -p $HOME/.kube
把admin.conf复制为config文件
[root@kubemaster ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
配置config文件的所有者
[root@kubemaster ~]# chown $(id -u):$(id -g) $HOME/.kube/config
查看效果
[root@kubemaster ~]# ll .kube/config -rw------- 1 root root 5451 6月 16 18:25 .kube/config
四,安装网络插件
1,查看node/pod
查看node
[root@kubemaster ~]# kubectl get node NAME STATUS ROLES AGE VERSION kubemaster NotReady master 5m39s v1.18.3
查看pod
[root@kubemaster ~]# kubectl get pod --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-7ff77c879f-ttnr9 0/1 Pending 0 6m41s kube-system coredns-7ff77c879f-x5vps 0/1 Pending 0 6m41s kube-system etcd-kubemaster 1/1 Running 0 6m40s kube-system kube-apiserver-kubemaster 1/1 Running 0 6m40s kube-system kube-controller-manager-kubemaster 1/1 Running 0 6m40s kube-system kube-proxy-gs7q7 1/1 Running 0 6m40s kube-system kube-scheduler-kubemaster 1/1 Running 0 6m40s
说明:node状态是NotReady
pod中coredns的状态是Pending
原因在于我们还没有安装网络pod
2,安装calico
calico的用途?
calico是一个虚拟网络解决方案,
它利用路由规则实现动态组网,
通过BGP协议通告路由
[root@kubemaster ~]# kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
然后稍后查看pod状态:
[root@kubemaster ~]# kubectl get pod --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-kube-controllers-76d4774d89-nnp4h 1/1 Running 0 20m kube-system calico-node-xmmj4 1/1 Running 0 20m kube-system coredns-7ff77c879f-ttnr9 1/1 Running 0 36m kube-system coredns-7ff77c879f-x5vps 1/1 Running 0 36m kube-system etcd-kubemaster 1/1 Running 1 36m kube-system kube-apiserver-kubemaster 1/1 Running 1 36m kube-system kube-controller-manager-kubemaster 1/1 Running 1 36m kube-system kube-proxy-gs7q7 1/1 Running 1 36m kube-system kube-scheduler-kubemaster 1/1 Running 1 36m
状态都是Running,表示网络插件安装无误
查看node状态:
[root@kubemaster ~]# kubectl get node NAME STATUS ROLES AGE VERSION kubemaster Ready master 41m v1.18.3
状态已变成了Ready
查看calico安装的镜像:
[root@kubemaster ~]# docker images | grep calico calico/node v3.14.1 04a9b816c753 2 weeks ago 263MB calico/pod2daemon-flexvol v3.14.1 7f93af2e7e11 2 weeks ago 112MB calico/cni v3.14.1 35a7136bc71a 2 weeks ago 225MB calico/kube-controllers v3.14.1 ac08a3af350b 2 weeks ago 52.8MB
3,安装colico后报错的一个情况:
如果pod的状态出现Init:ImagePullBackOff或Init:ErrImagePull,
表示docker在下载calico的镜像时出错:
可以在docker的配置文件中增加aliyun的镜像地址:
例如:
[root@kubemaster ~]# more /etc/docker/daemon.json { "registry-mirrors":["https://o3trwnyj.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"] }
修改完成后重启docker服务即可:
[root@kubemaster ~]# systemctl restart docker
五,开启单机模式:配置master节点也作为worker node可运行pod
1,删除原有的taint设置
[root@kubemaster ~]# kubectl taint nodes kubemaster node-role.kubernetes.io/master-
node/kubemaster untainted
说明:此命令的作用是删除taint
2,如何查看当前taint的情况?
[root@kubemaster ~]# kubectl describe node kubemaster
Taints:一项的值如果是:<none>,表示删除taint成功
说明:如果要取消master节点运行pod,使用下面的命令:
kubectl taint nodes kubemaster node-role.kubernetes.io/master=:NoSchedule
这个命令作用是指定:master上的taint权限是:一定不能被调度
三个取值的含义分别是:
NoSchedule: 一定不能被调度
PreferNoSchedule: 尽量不要调度
NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod
说明:默认值就是: node-role.kubernetes.io/master:NoSchedule
六,测试:在master上运行一个tomcat容器:
1,生成rc的配置文件
[root@kubemaster k8s]# vi tomcat-rc.yaml
内容:
apiVersion: v1 kind: ReplicationController metadata: name: tomcat-demo spec: replicas: 1 selector: app: tomcat-demo template: metadata: labels: app: tomcat-demo spec: containers: - name: tomcat-demo image: tomcat ports: - containerPort: 8080
2,创建rc
[root@kubemaster k8s]# kubectl apply -f tomcat-rc.yaml
replicationcontroller/tomcat-demo created
查看效果
[root@kubemaster k8s]# kubectl get pods NAME READY STATUS RESTARTS AGE tomcat-demo-7pnzw 0/1 ContainerCreating 0 23s
状态变为running后可用:
[root@kubemaster k8s]# kubectl get pods NAME READY STATUS RESTARTS AGE tomcat-demo-7pnzw 1/1 Running 0 6m43s
查看ip:
[root@kubemaster k8s]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES tomcat-demo-7pnzw 1/1 Running 0 10m 172.16.141.7 kubemaster <none> <none>
在宿主机上用curl查看,这个默认是一个404报错页面,
[root@kubemaster k8s]# curl http://172.16.141.7:8080 <!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title>
<style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;}
h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;}
.line {height:1px;background-color:#525D76;border:none;}</style></head>
<body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p>
<p><b>Description</b> The origin server did not find a current representation for the target resource
or is not willing to disclose that one exists.</p>
<hr class="line" /><h3>Apache Tomcat/9.0.36</h3>
</body></html>
因为webapps目录下没有可显示的内容
我们登录到容器手动调整一下:
登录到tomcat容器,
[root@kubemaster k8s]# docker exec -it k8s_tomcat-demo_tomcat-demo-7pnzw_default_b59ef37a-6ffe-4ef1-b6dd-1b2186039294_0 /bin/bash
复制文件到webapps目录下:
root@tomcat-demo-7pnzw:/usr/local/tomcat# cp -axv webapps.dist/* webapps/
用curl查看效果:
[root@kubemaster ~]# curl http://172.16.141.7:8080/ <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <title>Apache Tomcat/9.0.36</title> <link href="favicon.ico" rel="icon" type="image/x-icon" /> <link href="favicon.ico" rel="shortcut icon" type="image/x-icon" /> <link href="tomcat.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <div id="navigation" class="curved container"> <span id="nav-home"><a href="https://tomcat.apache.org/">Home</a></span> <span id="nav-hosts"><a href="/docs/">Documentation</a></span> <span id="nav-config"><a href="/docs/config/">Configuration</a></span> <span id="nav-examples"><a href="/examples/">Examples</a></span> <span id="nav-wiki"><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></span> <span id="nav-lists"><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></span> <span id="nav-help"><a href="https://tomcat.apache.org/findhelp.html">Find Help</a></span> <br class="separator" /> </div> …
可以正常显示了
3,生成service配置文件
说明:service此处的作用是把容器端口映射到宿主机端口,允许通过宿主机ip访问
[root@kubemaster k8s]# vi tomcat-svc.yaml
内容:
apiVersion: v1 kind: Service metadata: name: tomcat-demo spec: type: NodePort ports: - port: 8080 nodePort: 30010 selector: app: tomcat-demo
4,创建service
[root@kubemaster k8s]# kubectl apply -f tomcat-svc.yaml
service/tomcat-demo created
查看service是否创建成功?
[root@kubemaster k8s]# kubectl get service -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18h <none> tomcat-demo NodePort 10.111.234.185 <none> 8080:30010/TCP 35s app=tomcat-demo
测试用浏览器从外部访问:
如图:
七,查看linux的版本
[root@kubemaster ~]# cat /etc/redhat-release CentOS Linux release 8.2.2004 (Core) [root@kubemaster ~]# uname -r 4.18.0-193.el8.x86_64
