自学k8s-k8s集群环境搭建

环境需求

操作系统:centos 7.4 +

硬件需求:CPU>=2c ,内存>=2G

环境初始化设置

下列的环境初始化设置,是要求在所有的节点上即master和node节点上统一要做的操作

1、设置主机名称
hostnamectl set-hostname k8s-node1

hostnamectl set-hostname k8s-master

2、配置主机映射

cat <<EOF > /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.9 k8s-master
192.168.1.10 k8s-node1
EOF

[root@k8s-master ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.9   k8s-master
192.168.1.10  k8s-node1

3、执行ssh免密码登陆配置 

ssh-keygen #一路回车即可
ssh-copy-id k8s-node1 秘钥同步
4、停防火墙、关闭Swap、关闭Selinux、设置内核br_netfilter、K8S的yum源、docker的yum源、安装依赖包、配置ntp

systemctl stop firewalld
systemctl disable firewalld

swapoff -a 
sed -i 's/.*swap.*/#&/' /etc/fstab

setenforce  0 
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux 
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config 

modprobe br_netfilter
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF
sysctl -p /etc/sysctl.d/k8s.conf cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 使用阿里的base镜像源,提高下载的速度 wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo 安装yum-utils 去提供yum-config-manager yum install -y yum-utils
安装阿里的docker 源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install -y epel-release yum install -y yum-utils device-mapper-persistent-data lvm2 net-tools conntrack-tools wget vim ntpdate libseccomp libtool-ltdl
进行时间同步 systemctl enable ntpdate.service echo '*/30 * * * * /usr/sbin/ntpdate time7.aliyun.com >/dev/null 2>&1' > /tmp/crontab2.tmp crontab /tmp/crontab2.tmp systemctl start ntpdate.service echo "* soft nofile 65536" >> /etc/security/limits.conf echo "* hard nofile 65536" >> /etc/security/limits.conf echo "* soft nproc 65536" >> /etc/security/limits.conf echo "* hard nproc 65536" >> /etc/security/limits.conf echo "* soft memlock unlimited" >> /etc/security/limits.conf echo "* hard memlock unlimited" >> /etc/security/limits.conf

5、安装特定版本的docker

yum install container-selinux -y
yum install docker-ce-selinux -y
yum install docker-ce-17.03.0.ce-1.el7.centos -y

systemctl start docker
systemctl enable docker

特别说明,根据k8s官网文档说明,docker的版本最好是17.03版本一下,所以在安装docker版本时,选择特定的版本

6、安装k8s的相关组件

yum install  kubelet kubeadm kubectl -y

systemctl enable kubelet 设置为开机自启动即可,不需要执行systemctl start kubelet,执行的话会报错

特别的说明一下,kubectl包在woker node节点上可以选择行的安装

master节点配置

在master节点上执行如下命令,初始化master节点,由于kubeadm默认情况下,会去k8s的官网上下载相关的组件,但是由于网络限制,把镜像仓库地址,设置为阿里的镜像仓库

kubeadm init --apiserver-advertise-address=192.168.1.9 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16

安装成功之后,根据输出提示,输入如下的命令行

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

查看master节点上各个组件的状态是否正常,执行kubectl get cs命令查看,如果没有问题的话,继续执行下面的操作步骤

在master节点上安装flannel插件

flannel插件的安装命令,只需要在Master节点上安装即可,不需要在node节点上,执行下面的命令行操作。在安装过程中,本来想先从flannel官网上,把flannel的清单文件https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml内容整体搞到本地文件中,再把文件同步到做实验的虚机上,但是实际这样操作的时候,发现格式异常,就在虚机上配置了wget的代码,直接下载到虚机上

1、设置代理的方式如下

用vi/vim编辑器打开/etc/wgetrc,找到代理设置所在行,然后追加如下内容:
# You can set the default proxies for Wget to use for http, https, and ftp.
# They will override the value in the environment.
#https_proxy = http://proxy.yoyodyne.com:18023/
#http_proxy = http://proxy.yoyodyne.com:18023/
#ftp_proxy = http://proxy.yoyodyne.com:18023/

2、flannel的yml文件,下载到本地以后,执行命令行kubectl apply -f  /root/kube-flannel.yml ,来安装flannel组件,通过几分钟的安装以后,执行kubectl get pods -n kube-system 来查看master各个组件的pod处于运行状态

[root@k8s-master ~]# kubectl get pod -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-6d56c8448f-6bl89             1/1     Running   1          19h
coredns-6d56c8448f-fvmkj             1/1     Running   1          19h
etcd-k8s-master                      1/1     Running   1          19h
kube-apiserver-k8s-master            1/1     Running   1          19h
kube-controller-manager-k8s-master   1/1     Running   8          17h
kube-flannel-ds-5jgtm                1/1     Running   2          14h
kube-flannel-ds-5v2ft                1/1     Running   0          14h
kube-proxy-6llzv                     1/1     Running   0          14h
kube-proxy-k8j6v                     1/1     Running   1          19h
kube-scheduler-k8s-master            1/1     Running   7          17h
[root@k8s-master ~]# 

worker node 节点上操作

1、获取token

[root@k8s-master ~]# kubeadm token list
TOKEN                     TTL         EXPIRES                     USAGES                   DESCRIPTION                                                EXTRA GROUPS
f4zd7o.zqykvav3ap3kmtix   4h          2020-11-14T22:17:23-08:00   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token
[root@k8s-master ~]# 

2、获取ca证书sha256编码hash值

[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
ce07a7f5b259961884c55e3ff8784b1eda6f8b5931e6fa2ab0b30b6a4234c09a

3、加入k8s集群,向master节点进行注册,node上会自动的去下载kube-proxy,flannel,等镜像来启动对应的pod

kubeadm join --token f4zd7o.zqykvav3ap3kmtix \
--discovery-token-ca-cert-hash sha256:ce07a7f5b259961884c55e3ff8784b1eda6f8b5931e6fa2ab0b30b6a4234c09a 192.168.1.9:6443 \
--skip-preflight-check

验证结果

通过执行kubectl get node命令,来获取当前节点的node信息,来确认master和node节点都已经被成功的启动起来

[root@k8s-master ~]# kubectl get node -o wide
NAME         STATUS   ROLES    AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION          CONTAINER-RUNTIME
k8s-master   Ready    master   19h   v1.19.4   192.168.1.9    <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://19.3.13
k8snode1     Ready    <none>   14h   v1.19.4   192.168.1.10   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://19.3.13
[root@k8s-master ~]# 

  

  

 

 

 

 

 

  

  

 

  

 

posted @ 2020-11-15 10:03  一切都是当下  阅读(665)  评论(0编辑  收藏  举报