实践展示openEuler部署Kubernetes 1.29.4版本集群
1.面试官:你能简单聊聊MyBatis执行流程2.一文详解应用安全防护ESAPI3.一个线程,从“生”到“死”经历的过程4.KubeEdge v1.16.0 版本发布!10项新增特性5.解密JavaChassis3:易扩展的多种注册中心支持6.解析Sermant热插拔能力:服务运行时动态挂载JavaAgent和插件7.想设计一个高并发的消息中间件前,先熟悉一下这些知识点8.华为云GES助力九洲平台:探索确定性运维的新实践9.0-overlay和underlay,这两种容器网络你分得清吗10.教你用Rust实现Smpp协议11.基于OpenTelemetry实现Java微服务调用链跟踪12.揭开华为云ADN提高网络质量的秘密13.详解网络知识:iptables规则14.实例详解在Go中构建流数据pipeline15.面试官让我讲讲MySQL三大核心日志实现原理16.华为云帕鲁服务器-云耀云容器版,到底强在哪?17.掌握云容器网络:何为ipvs18.一文带你了解容器探针19.教你如何判断Java代码中异步操作是否完成20.深入解析Python并发编程的多线程和异步编程21.教你如何用Keepalived和HAproxy配置高可用 Kubernetes 集群22.容器化环境中,JVM最佳参数配置实践23.关于Python中math 和 decimal 模块的解析与实践24.运维一款月变更70+次的服务,是一种什么体验?25.详解Python中sys模块的功能与应用26.教你用Ubuntu快速搭建饥荒服务器27.分享一个能让你的研发效率提升超过20%的工具28.下一代积木式智能组装编排,集成开发效率10倍提升29.如何基于容器网络流量指标进行弹性伸缩30.Sermant运行流程学习笔记,速来抄作业31.用几张图实战讲解MySQL主从复制32.速存,详细罗列香橙派AIpro外设接口样例大全(附源码)33.CCE集群VPC网络模式下几种访问场景34.聊聊CWE 4.14 与 ISA/IEC 62443中,如何保障工业软件的安全性35.20个Python random模块的代码示例36.Java获取堆栈信息的3种方法37.Prometheus多集群监控的3种方案,你选哪种?38.手把手的使用Toolkit插件在诗情画意中完成AI诗朗诵39.从基础到代码实战,带你进阶正则表达式的全方位应用40.掌握Python库的Bokeh,就能让你的交互炫目可视化41.从0带你设计与实现基于STM32的智慧农业管理系统42.Python实践:基于Matplotlib实现某产品全年销量数据可视化43.何为代码检查服务的门禁级检查44.深入分析Java中的PriorityQueue底层实现与源码45.如何在Docker容器启动时自动运行脚本46.从静态到动态化,Python数据可视化中的Matplotlib和Seaborn47.无人不识又无人不迷糊的this48.保姆级教程:教你UniMRCP对接华为云ASR(Linux版)49.华为云亮相KubeCon EU 2024,以持续开源创新开启智能时代50.如何用Flask中的Blueprints构建大型Web应用51.手把手带你用香橙派AIpro开发AI推理应用52.保护主机安全,我来buff加成53.探索华为云CCE敏捷版金融级高可用方案实践案例54.Python数据库编程全指南SQLite和MySQL实践55.标准库unsafe:带你突破golang中的类型限制56.【重磅干货】大模型时代,开发者云上成长指南57.探索Django REST框架构建强大的API58.实例演示如何使用CCE XGPU虚拟化59.浅谈JVM整体架构与调优参数60.Redis开源协议调整,我们怎么办?61.一文教你实战构建消息通知系统Django62.kube-apiserver限流机制原理63.详解Java Chassis 3与Spring Cloud的互操作64.大量数据如何做分页处理65.基于istio实现单集群地域故障转移66.基于istio实现多集群流量治理67.实例讲解昇腾 CANN YOLOV8 和 YOLOV9 适配68.20个Python 正则表达式应用与技巧69.详解K8s 镜像缓存管理kube-fledged70.如何使用Plotly和Dash进行数据可视化71.Python中两种网络编程方式:Socket和HTTP协议72.教你解决CCE集群中容器出网73.Spring开发:动态代理的艺术与实践74.Python中2种常用数据可视化库:Bokeh和Altair75.K8s集群nginx-ingress监控告警最佳实践76.如何基于Django中的WebSockets和异步视图来实现实时通信功能
77.实践展示openEuler部署Kubernetes 1.29.4版本集群
78.根据Nginx Ingress指标对指定后端进行HPA79.教你如何进行Prometheus 分片自动缩放80.世界读书日 | 开发者必读书单重磅来袭,华为云DTSE专家天团力荐81.认识一下JavaScrip中的元编程82.一次故障演练,十分钟自动搞定?83.实践探讨Python如何进行异常处理与日志记录84.6个实例带你解读TinyVue 组件库跨框架技术85.11个Python循环技巧86.华为云FunctionGraph构建高可用系统的实践87.从原始边列表到邻接矩阵Python实现图数据处理的完整指南88.教你用Perl实现Smgp协议89.Python文本统计与分析从基础到进阶90.Sermant在异地多活场景下的实践91.华为云开发者桌面全新发布CodeArts IDE for Python,极致优雅云原生开发体验92.关于Java Chassis 3的契约优先(API First)开发93.带你熟悉CCE集群增强型CPU管理策略enhanced-static94.从XML配置角度理解Spring AOP95.Java Chassis 3:接口维度负载均衡96.Python函数与模块的精髓与高级特性97.地理数据可视化的神奇组合:Python和Geopandas98.openGemini v1.2.0版本正式发布,IoT 场景性能大幅提升!99.聊聊MySQL是如何处理排序的100.教你如何搞定springboot集成kafka本文分享自华为云社区《openEuler部署Kubernetes 1.29.4版本集群》,作者:江晚正愁余。
一、Kubernetes集群节点准备
1.1 主机操作系统说明
序号 操作系统及版本 备注
1 CentOS7u9或 OpenEuler2203
1.2 主机硬件配置说明
需求 CPU 内存 硬盘 角色 主机名
值 8C 8G 1024GB master k8s-master01
值 8C 16G 1024GB worker(node) k8s-worker01
值 8C 16G 1024GB worker(node) k8s-worker02
1.3 主机配置
1.3.1 主机名配置
由于本次使用3台主机完成kubernetes集群部署,其中1台为master节点,名称为k8s-master01;其中2台为worker节点,名称分别为:k8s-worker01及k8s-worker02
# master节点 hostnamectl set-hostname k8s-master01 #worker01节点 hostnamectl set-hostname k8s-worker01 #worker02节点 hostnamectl set-hostname k8s-worker02
1.3.2 IP地址,名称解析与互信
#IP配置这里不再讲解 #下面是名称解析配置 [root@k8s-master01 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.11 k8s-master01 192.168.0.12 k8s-worker01 192.168.0.13 k8s-worker02 #主机互信配置 [root@k8s-master01 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:Rr6W4rdnY350fzMeszeWFR/jUJt0VOZ3yZECp5VJJQA root@k8s-master01 The key's randomart image is: +---[RSA 3072]----+ | E.o+=++*| | ++o*+| | . . +oB| | o . *o| | S o =| | . o . ..o| | . + . . +o| | . o. = . *B| | ...*.o oo*| +----[SHA256]-----+ [root@k8s-master01 ~]# for i in {11..13};do ssh-copy-id 192.168.0.${i};done /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established. ED25519 key fingerprint is SHA256:s2R582xDIla4wyNozHa/HEmRR7LOU4WAciEcAw57U/Q. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Authorized users only. All activities may be monitored and reported. root@192.168.0.11's password: Number of key(s) added: 1
1.3.4 防火墙配置
所有主机均需要操作。
关闭现有防火墙firewalld
# systemctl disable firewalld
# systemctl stop firewalld
或
systemctl disable --now firewalld
查看firewalld状态
# firewall-cmd --state
not running
参考运行命令:
[root@k8s-master01 ~]# for i in {11..13};do ssh 192.168.0.${i} 'systemctl disable --now firewalld' ;done Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. [root@k8s-master01 ~]# for i in {11..13};do ssh 192.168.0.${i} 'firewall-cmd --state' ;done Authorized users only. All activities may be monitored and reported. not running Authorized users only. All activities may be monitored and reported. not running Authorized users only. All activities may be monitored and reported. not running
1.3.5 SELINUX配置
所有主机均需要操作。修改SELinux配置需要重启操作系统。
# sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config # sestatus
参考运行命令:
[root@k8s-master01 ~]# for i in {11..13};do ssh 192.168.0.${i} 'sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config' ;done Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. [root@k8s-master01 ~]# for i in {11..13};do ssh 192.168.0.${i} 'sestatus' ;done Authorized users only. All activities may be monitored and reported. SELinux status: disabled Authorized users only. All activities may be monitored and reported. SELinux status: disabled Authorized users only. All activities may be monitored and reported. SELinux status: disabled
1.3.6 时间同步配置
所有主机均需要操作。最小化安装系统需要安装ntpdate软件。
# crontab -l 0 */1 * * * /usr/sbin/ntpdate time1.aliyun.com for i in {11..13};do ssh 192.168.0.${i} ' echo '0 */1 * * * /usr/sbin/ntpdate time1.aliyun.com' >> /etc/crontab' ;done #设置上海时区,东八区 timedatectl set-timezone Asia/Shanghai for i in {11..13};do ssh 192.168.0.${i} ' timedatectl set-timezone Asia/Shanghai' ;done
1.3.7 升级操作系统内核
centos系统需要升级内容,具体百度,OpenEuler2203不需要
1.3.8 配置内核路由转发及网桥过滤
所有主机均需要操作。
添加网桥过滤及内核转发配置文件
sed -i 's/net.ipv4.ip_forward=0/net.ipv4.ip_forward=1/g' /etc/sysctl.conf # cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness = 0 EOF # 配置加载br_netfilter模块 cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF #加载br_netfilter overlay模块 modprobe br_netfilter modprobe overlay #查看是否加载 # lsmod | grep br_netfilter br_netfilter 22256 0 bridge 151336 1 br_netfilter # 使其生效 sysctl --system # 使用默认配置文件生效 sysctl -p # 使用新添加配置文件生效 sysctl -p /etc/sysctl.d/k8s.conf
1.3.9 安装ipset及ipvsadm
所有主机均需要操作。
安装ipset及ipvsadm # yum -y install ipset ipvsadm 配置ipvsadm模块加载方式 添加需要加载的模块 # cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack EOF 授权、运行、检查是否加载 chmod 755 /etc/sysconfig/modules/ipvs.module && /etc/sysconfig/modules/ipvs.module 查看对应的模块是否加载成功 # lsmod | grep -e ip_vs -e nf_conntrack_ipv4
1.3.10 关闭SWAP分区
修改完成后需要重启操作系统,如不重启,可临时关闭,命令为swapoff -a
永远关闭swap分区,需要重启操作系统
# cat /etc/fstab ...... # /dev/mapper/centos-swap swap swap defaults 0 0 在上一行中行首添加#
二、containerd容器环境安装
2.1 安装containerd环境包
所有主机均需要操作。
# 打包的文件 for i in {11..13};do ssh 192.168.0.${i} ' wget https://blog-source-mkt.oss-cn-chengdu.aliyuncs.com/resources/k8s/kubeadm%20init/k8s1.29.tar.gz'; done # 解压containerd并安装 for i in {11..13};do ssh 192.168.0.${i} ' tar -zxvf /root/k8s1.29.tar.gz'; done for i in {11..13};do ssh 192.168.0.${i} ' tar -zxvf /root/workdir/containerd-1.7.11-linux-amd64.tar.gz && mv /root/bin/* /usr/local/bin/ && rm -rf /root/bin'; done # 创建服务,所有主机都要操作 cat << EOF > /usr/lib/systemd/system/containerd.service [Unit] Description=containerd container runtime Documentation=https://containerd.io After=network.target local-fs.target [Service] ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/local/bin/containerd Type=notify Delegate=yes KillMode=process Restart=always RestartSec=5 # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not supports it. # Only systemd 226 and above support this version. TasksMax=infinity OOMScoreAdjust=-999 [Install] WantedBy=multi-user.target EOF # 启动容器服务 for i in {11..13};do ssh 192.168.0.${i} 'systemctl daemon-reload && systemctl enable --now containerd '; done # 安装runc for i in {11..13};do ssh 192.168.0.${i} 'install -m 755 /root/workdir/runc.amd64 /usr/local/sbin/runc '; done # 安装cni插件 for i in {11..13};do ssh 192.168.0.${i} 'mkdir -p /opt/cni/bin && tar -xzvf /root/workdir/cni-plugins-linux-amd64-v1.4.0.tgz -C /opt/cni/bin/ '; done # 生成容器配置文件并修改 for i in {11..13};do ssh 192.168.0.${i} 'mkdir -p /etc/containerd && containerd config default | sudo tee /etc/containerd/config.toml '; done # 修改沙箱镜像,所有主机都要操作 sed -i 's#sandbox_image = "registry.k8s.io/pause:.*"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"#' /etc/containerd/config.toml #重启containerd systemctl restart containerd
2.2 master主机安装k8s
# 配置k8s v2.19源,所有节点均要安装 cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/rpm/ enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/rpm/repodata/repomd.xml.key EOF # 安装k8s工具,所有节点均要安装 yum clean all && yum makecache yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes # 配置kubelet为了实现docker使用的cgroupdriver与kubelet使用的cgroup的一致性,建议修改如下文件内容。所有节点均要安装 # vim /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" 或是下面命令 echo 'KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"' > /etc/sysconfig/kubelet systemctl enable kubelet #注意,kubelet不要启动,kubeadm会自动启动,如果已启动,安装会报错。 # 安装k8s命令,主master节点执行,这里只有1.29.4版本镜像 kubeadm init --apiserver-advertise-address=192.168.0.11 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.29.4 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.224.0.0/16 # 最后执行以下命令 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config export KUBECONFIG=/etc/kubernetes/admin.conf
2.3 安装calico网络插件
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml # 最后查看节点与pod支行情况 kubectl get nodes kubectl get pods -A
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 【.NET】调用本地 Deepseek 模型
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· DeepSeek “源神”启动!「GitHub 热点速览」
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库
· 我与微信审核的“相爱相杀”看个人小程序副业
2022-04-22 带你了解极具弹性的Spark架构的原理
2022-04-22 运行npm install命令的时候会发生什么?
2022-04-22 华为云媒体査勇:华为云在视频AI转码领域的技术实践
2022-04-22 Kafka生成消息时的3种分区策略
2021-04-22 轻松带你学习java-agent
2021-04-22 https如何使用python+flask来实现
2021-04-22 三步法助你快速定位网站性能问题