k8s公网集群搭建基于v1.22.4

k8s公网集群搭建

环境准备

两台centos7.6

开放服务器端口

10250/10260 #TCP端口：给kube-schedule、kube-controll，kube-proxy、kubelet等使用
6443 #TCP端口：给kube-apiserver使用
2379 2380 2381 #TCP商品：ETCD使用
8472 #UDP端口：vxlan使用端口

分别修改hostname

vim /etc/hostname
hostname k8s-master/k8s-node

k8s-master添加hosts域名解析

vim /etc/hosts
公网ip k8s-master
公网ip k8s-node

关闭交换区

swapoff -a #临时关闭 
sed -i 's/.*swap.*/#&/' /etc/fstab #永久关闭交换区

禁用selinux

setenforce 0 #临时关闭
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config #永久关闭

关闭防火墙

systemctl stop firewalld.service
systemctl disable firewalld.service

将桥接的ipv4流量传递到iptables的链

cat > /etc/sysctl.d/k8s.conf << EOF 
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1 
EOF

配置系统基本安装源（阿里源）

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
yum -y update

安装docker

安装docker

yum install -y yum-utils device-mapper-persistent-data lvm2 net-tools
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce-20.10.4-3.el7

使用docker加速

mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://3f9839**.mirror.aliyuncs.com"]
}
EOF

修改docker驱动

vim /usr/lib/systemd/system/docker.service
​
# 在ExecStart命令中添加
--exec-opt native.cgroupdriver=systemd

重启docker

systemctl daemon-reload
systemctl enable docker
systemctl restart docker
docker info | grep Cgroup

安装k8s

添加K8s安装源

vim /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

安装kubectl、kubelet、kubeadm

yum install -y kubelet-1.22.4 kubeadm-1.22.4 kubectl-1.22.4
systemctl enable kubelet
systemctl start kubelet
​
kubeadm version
kubectl version --client
kubelet --version

kubelet和docker 都需要使用systemd驱动！！！

vim /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
在KUBELET_KUBECONFIG_ARGS 后面追加 --cgroup-driver=systemd

部署master

初始化kubernetes集群

kubeadm init \
--apiserver-advertise-address=master公网ip \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.22.4 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16

vim /etc/kubernetes/manifests/etcd.yaml #将2379~2381的ip改为127.0.0.1
- --listen-client-urls=https://127.0.0.1:2379
- --listen-metrics-urls=http://127.0.0.1:2381
- --listen-peer-urls=https://127.0.0.1:2380

创建目录

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装flannel网络

# 内容参见flannel.yaml https://gitee.com/poorbusy-k8s/k8s
kubectl apply -f kube-flannel.yaml

master桥接node内网ip到公网

iptables -t nat -A OUTPUT -d 内网ip -j DNAT --to-destination 公网ip

部署node

kubeadm join master公网ip:6443 --token zixvve.japbwcjjy43fq2te --discovery-token-ca-cert-hash sha256:b638784c8f5f44d7ebc8387d525743fd497700d9e68d9ae9297533cded0ff959

kubectl命令行提示

yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

部署ingress-controller

# 参见ingress-controller.yaml https://gitee.com/poorbusy-k8s/k8s
kubectl apply -f ingress-controller.yaml

kubectl使用

# 部署deployment
kubectl create deployment tomcat --image=tomcat:8
# 部署service
kubectl expose deployment tomcat --port=8080 --target-port=8080 --type=ClusterIP
# 部署ingress
kubectl apply -f ingress.yaml
# 如果报错执行
kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission