自学k8s-k8s集群环境搭建
环境需求
操作系统:centos 7.4 +
硬件需求:CPU>=2c ,内存>=2G
环境初始化设置
下列的环境初始化设置,是要求在所有的节点上即master和node节点上统一要做的操作
1、设置主机名称
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-master
2、配置主机映射
cat <<EOF > /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.9 k8s-master
192.168.1.10 k8s-node1
EOF
[root@k8s-master ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.9 k8s-master 192.168.1.10 k8s-node1
3、执行ssh免密码登陆配置
ssh-keygen #一路回车即可
ssh-copy-id k8s-node1 秘钥同步
4、停防火墙、关闭Swap、关闭Selinux、设置内核br_netfilter、K8S的yum源、docker的yum源、安装依赖包、配置ntp
systemctl stop firewalld systemctl disable firewalld swapoff -a sed -i 's/.*swap.*/#&/' /etc/fstab setenforce 0 sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config modprobe br_netfilter
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF
sysctl -p /etc/sysctl.d/k8s.conf cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 使用阿里的base镜像源,提高下载的速度 wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo 安装yum-utils 去提供yum-config-manager yum install -y yum-utils
安装阿里的docker 源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install -y epel-release yum install -y yum-utils device-mapper-persistent-data lvm2 net-tools conntrack-tools wget vim ntpdate libseccomp libtool-ltdl
进行时间同步 systemctl enable ntpdate.service echo '*/30 * * * * /usr/sbin/ntpdate time7.aliyun.com >/dev/null 2>&1' > /tmp/crontab2.tmp crontab /tmp/crontab2.tmp systemctl start ntpdate.service echo "* soft nofile 65536" >> /etc/security/limits.conf echo "* hard nofile 65536" >> /etc/security/limits.conf echo "* soft nproc 65536" >> /etc/security/limits.conf echo "* hard nproc 65536" >> /etc/security/limits.conf echo "* soft memlock unlimited" >> /etc/security/limits.conf echo "* hard memlock unlimited" >> /etc/security/limits.conf
5、安装特定版本的docker
yum install container-selinux -y
yum install docker-ce-selinux -y
yum install docker-ce-17.03.0.ce-1.el7.centos -y
systemctl start docker
systemctl enable docker
特别说明,根据k8s官网文档说明,docker的版本最好是17.03版本一下,所以在安装docker版本时,选择特定的版本
6、安装k8s的相关组件
yum install kubelet kubeadm kubectl -y
systemctl enable kubelet 设置为开机自启动即可,不需要执行systemctl start kubelet,执行的话会报错
特别的说明一下,kubectl包在woker node节点上可以选择行的安装
master节点配置
在master节点上执行如下命令,初始化master节点,由于kubeadm默认情况下,会去k8s的官网上下载相关的组件,但是由于网络限制,把镜像仓库地址,设置为阿里的镜像仓库
kubeadm init --apiserver-advertise-address=192.168.1.9 \ --image-repository registry.aliyuncs.com/google_containers \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16
安装成功之后,根据输出提示,输入如下的命令行
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看master节点上各个组件的状态是否正常,执行kubectl get cs命令查看,如果没有问题的话,继续执行下面的操作步骤
在master节点上安装flannel插件
flannel插件的安装命令,只需要在Master节点上安装即可,不需要在node节点上,执行下面的命令行操作。在安装过程中,本来想先从flannel官网上,把flannel的清单文件https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml内容整体搞到本地文件中,再把文件同步到做实验的虚机上,但是实际这样操作的时候,发现格式异常,就在虚机上配置了wget的代码,直接下载到虚机上
1、设置代理的方式如下
用vi/vim编辑器打开/etc/wgetrc,找到代理设置所在行,然后追加如下内容: # You can set the default proxies for Wget to use for http, https, and ftp. # They will override the value in the environment. #https_proxy = http://proxy.yoyodyne.com:18023/ #http_proxy = http://proxy.yoyodyne.com:18023/ #ftp_proxy = http://proxy.yoyodyne.com:18023/
2、flannel的yml文件,下载到本地以后,执行命令行kubectl apply -f /root/kube-flannel.yml ,来安装flannel组件,通过几分钟的安装以后,执行kubectl get pods -n kube-system 来查看master各个组件的pod处于运行状态
[root@k8s-master ~]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE coredns-6d56c8448f-6bl89 1/1 Running 1 19h coredns-6d56c8448f-fvmkj 1/1 Running 1 19h etcd-k8s-master 1/1 Running 1 19h kube-apiserver-k8s-master 1/1 Running 1 19h kube-controller-manager-k8s-master 1/1 Running 8 17h kube-flannel-ds-5jgtm 1/1 Running 2 14h kube-flannel-ds-5v2ft 1/1 Running 0 14h kube-proxy-6llzv 1/1 Running 0 14h kube-proxy-k8j6v 1/1 Running 1 19h kube-scheduler-k8s-master 1/1 Running 7 17h [root@k8s-master ~]#
worker node 节点上操作
1、获取token
[root@k8s-master ~]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS f4zd7o.zqykvav3ap3kmtix 4h 2020-11-14T22:17:23-08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token [root@k8s-master ~]#
2、获取ca证书sha256编码hash值
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' ce07a7f5b259961884c55e3ff8784b1eda6f8b5931e6fa2ab0b30b6a4234c09a
3、加入k8s集群,向master节点进行注册,node上会自动的去下载kube-proxy,flannel,等镜像来启动对应的pod
kubeadm join --token f4zd7o.zqykvav3ap3kmtix \ --discovery-token-ca-cert-hash sha256:ce07a7f5b259961884c55e3ff8784b1eda6f8b5931e6fa2ab0b30b6a4234c09a 192.168.1.9:6443 \
--skip-preflight-check
验证结果
通过执行kubectl get node命令,来获取当前节点的node信息,来确认master和node节点都已经被成功的启动起来
[root@k8s-master ~]# kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME k8s-master Ready master 19h v1.19.4 192.168.1.9 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://19.3.13 k8snode1 Ready <none> 14h v1.19.4 192.168.1.10 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://19.3.13 [root@k8s-master ~]#