kubeadm 部署k8s集群

部署方式:kubeadm ---k8s部署成容器

部署信息:

IP地址   主机名 系统版本 角色
192.168.10.10 k8s-master 7.5 master 
192.168.10.20 k8s-node01 7.5  node
192.168.10.30 k8s-node02 7.5  node

 

一、系统基础配置

1、设定时钟同步:

# yum install chrony -y

# timedatectl set-timezone Asia/Shanghai  (更改系统时区为上海)

#启动服务
# systemctl start chronyd.service
# systemctl enable chronyd.service

2、设置主机名称解析

# hostnamectl set-hostname k8s-master

cat >> /etc/hosts << EOF
192.168.10.10  k8s-master
192.168.10.20  k8s-node01
192.168.10.30  k8s-node02
EOF

3、关闭iptables或firewalld防火墙

# systemctl stop firewalld.service
# systemctl disable firewalld.service

4、关闭selinux

# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config  && setenforce 0

5、关闭swap设备

# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab #永久

# swapoff -a # 临时

6、内核调整,将桥接的IPv4流量传递到iptables的链

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# sysctl -p

 二、安装docker服务

# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
# yum -y install docker-ce-18.06.1.ce-3.el7

# systemctl enable docker && systemctl start docker
# docker --version

三、安装Kubernetes

1、配置kubenetes的yum仓库(这里使用阿里云仓库)

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
        https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2、安装kubeadm,kubelet和kubectl

# yum -y install kubelet-1.15.2 kubeadm-1.15.2 kubectl-1.15.2

# rpm -aq kubelet kubectl kubeadm
 
# systemctl enable kubelet

3、配置忽略swap报错

# vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"

4、初始化 Kubernetes Master (只在master节点执行)

kubeadm init \
--apiserver-advertise-address=192.168.10.10 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.15.2 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=Swap


......
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.10.10:6443 --token 8nvmlq.wbmmws0ymbszk1yb \
    --discovery-token-ca-cert-hash sha256:ec5385c0abbc1cc14c3c9e40f6ca021e8ae24a11e1c557c285882ffe0b20124d 

参数解析:

--kubernetes-version    #指定Kubernetes版本
--image-repository      #由于kubeadm默认是从官网k8s.grc.io下载所需镜像,国内无法访问,所以这里通过--image-repository指定为阿里云镜像仓库地址
--pod-network-cidr      #指定pod网络段
--service-cidr          #指定service网络段
--ignore-preflight-errors=Swap    #忽略swap报错信息

5、按照上面初始化成功提示创建配置文件

[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config

6、初始化完成后可以看到所需镜像也拉取下来了

[root@k8s-master ~]# docker image ls 
REPOSITORY                                                        TAG                 IMAGE ID            CREATED             SIZE
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.15.2             9f5df470155d        12 months ago       159MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.15.2             88fa9cb27bd2        12 months ago       81.1MB
registry.aliyuncs.com/google_containers/kube-proxy                v1.15.2             167bbf6c9338        12 months ago       82.4MB
registry.aliyuncs.com/google_containers/kube-apiserver            v1.15.2             34a53be6c9a7        12 months ago       207MB
registry.aliyuncs.com/google_containers/coredns                   1.3.1               eb516548c180        19 months ago       40.3MB
registry.aliyuncs.com/google_containers/etcd                      3.3.10              2c4adeb21b4f        21 months ago       258MB
registry.aliyuncs.com/google_containers/pause                     3.1                 da86e6ba6ca1        2 years ago         742kB
[root@k8s-master ~]# 

7、查看master状态:

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE   VERSION
k8s-master   Ready    master   60m   v1.15.2

8、添加flannel网络组件

添加flannel网络组件,(在master执行) 经过实践发现,node节点上必须有quay.io/coreos/flannel的镜像,,不然状态一直为NotReady

flannel地址:https://github.com/coreos/flannel

[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

报错:The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port?  

解决办法:

# 在https://www.ipaddress.com/查询raw.githubusercontent.com的真实IP。
sudo vim /etc/hosts
199.232.28.133 raw.githubusercontent.com

如果flannel的pod状态还不正常,可以卸载掉网络

# kubectl delete -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

四、将node加入集群:

[root@k8s-node01 ~]# kubeadm join 192.168.10.10:6443 --token 8nvmlq.wbmmws0ymbszk1yb     \
    --discovery-token-ca-cert-hash sha256:ec5385c0abbc1cc14c3c9e40f6ca021e8ae24a11e1c557c285882ffe0b20124d \
    --ignore-preflight-errors=Swap

查看状态:

#  kubectl config view

# kubectl get pods -n kube-system|grep flannel

使用命令查看节点信息时候 node 节点的STATUS 为NotReady

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS     ROLES    AGE    VERSION
k8s-master   Ready      master   108m   v1.15.2
k8s-node01   NotReady   <none>   16m    v1.15.2
k8s-node02   NotReady   <none>   12m    v1.15.2

出现这个错误可以在节点机器上执行journalctl -f -u kubelet查看kubelet的输出日志信息.

# journalctl -f -u kubelet

发现以下错误:

Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized

我们可以执行命令docker images|grep flannel来查看flannel镜像是否已经成功拉取下来.经过排查master端的已经安装好,node节点没有flannel插件,安装即可.

master需要flannel,node也需要flannel。

# docker save -o flannel.tar quay.io/coreos/flannel

# docker load -i flannel.tar

 

 

#################################################################

准备三台服务器

服务器ip            服务器名称
192.168.10.20        k8s-master
192.168.10.30        k8s-node01
192.168.10.40        k8s-node02

1. 初始化系统环境,以下命令三台服务器全部执行
1.1 关闭防火墙

# systemctl stop   firewalld.service
# systemctl disable firewalld.service

1.2 关闭selinux和关闭swap

# setenforce 0
# swapoff -a
# sed  -i 's/enforcing/disabled'  /etc/selinux/config

1.3 修改主机名,并写入三台服务器的host中

# hostnamectl  set-hostname K8S-master
# hostnamectl  set-hostname K8S-node01
# hostnamectl  set-hostname K8S-node02

cat  >>  /etc/hosts  << EOF
192.168.10.20     K8S-master
192.168.10.30     K8S-node01
192.168.10.40     K8S-node02
EOF

1.4 将桥接的IPV4流量传递到iptables的链:

cat  >  /etc/sysctl.d/k8s.conf  <<  EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

1.5 同步时间
# ntpdate  time.windows.com

#如果时区不对执行下面命令,然后在同步
cp  /usr/share/zoneinfo/Asia/Shanghai   /etc/localtime


1.6 配置阿里源,下载相应的软件包

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF


# yum  install -y   kubelet-1.18.0  kubeadm-1.18.0  kubectl-1.18.0

#kubectl-1.18.0命令行管理工具,kubeadm-1.18.0是引导K8S集群,kubelet-1.18.0管理容器

# systemctl  enable  kubelet

2.部署kubernetes Master节点(master节点上执行)

kubeadm init \
--apiserver-advertise-address=192.168.10.20 \                    #指定master监听的地址
--image-repository registry.aliyuncs.com/google_containers \    #指定下载源
--kubernetes-version v1.18.0 \                                    #指定kubernetes版本
--service-cidr=10.1.0.0/16 \                                    #设置集群内部的网络
--pod-network-cidr=10.244.0.0/16 \                                #设置pod的网络
--ignore-preflight-errors=Swap


......

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.10.20:6443 --token z5dftx.kfgw69e9v3bpt63c \
    --discovery-token-ca-cert-hash sha256:6832b66e03e1f58e782d24ce83a32ae501f59f2e88fbd845604e9713dbbad059 
[root@k8s-master ~]#



[root@k8s-master ~]# kubectl get node
NAME         STATUS     ROLES    AGE   VERSION
k8s-master   NotReady   master   11m   v1.18.0
[root@k8s-master ~]# kubectl  get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-7ff77c879f-4d2wt             0/1     Pending   0          11m
coredns-7ff77c879f-kjvtg             0/1     Pending   0          11m
etcd-k8s-master                      1/1     Running   0          11m
kube-apiserver-k8s-master            1/1     Running   0          11m
kube-controller-manager-k8s-master   1/1     Running   0          11m
kube-proxy-dj6gz                     1/1     Running   0          11m
kube-scheduler-k8s-master            1/1     Running   0          11m
[root@k8s-master ~]# 

2.1 安装Pod网络插件

# wget http://120.78.77.38/file/kube-flannel.yaml #下载镜像,国外源,我已经下载到本地
# kubectl apply  -f  kube-flannel.yaml #原始镜像有问题改成如下图所示的镜像名

启动镜像,启动完查看镜像,会增加一个flannel镜像。支持多主机容器网络通信的

# docker pull lizhenliang/flannel:v0.11.0-amd64  #建议先下载镜像
# kubectl apply  -f  kube-flannel.yaml
# kubectl  get   pods  -n  kube-system


部署网络插件后

[root@k8s-master ~]# kubectl  get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-7ff77c879f-4d2wt             1/1     Running   0          16m
coredns-7ff77c879f-kjvtg             1/1     Running   0          16m
etcd-k8s-master                      1/1     Running   0          17m
kube-apiserver-k8s-master            1/1     Running   0          17m
kube-controller-manager-k8s-master   1/1     Running   0          17m
kube-flannel-ds-amd64-49dr9          1/1     Running   0          73s
kube-proxy-dj6gz                     1/1     Running   0          16m
kube-scheduler-k8s-master            1/1     Running   0          17m
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl get node
NAME         STATUS   ROLES    AGE   VERSION
k8s-master   Ready    master   17m   v1.18.0
[root@k8s-master ~]# 

如上所示说明K8S master pod正常启动

3. k8s-node节点加入master节点(两台主机分别执行)

kubeadm join 192.168.10.20:6443 --token z5dftx.kfgw69e9v3bpt63c \
    --discovery-token-ca-cert-hash sha256:6832b66e03e1f58e782d24ce83a32ae501f59f2e88fbd845604e9713dbbad059

# kubectl get nodes     #master节点运行

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   29m     v1.18.0
k8s-node01   Ready    <none>   7m7s    v1.18.0
k8s-node02   Ready    <none>   6m56s   v1.18.0
[root@k8s-master ~]# 


至此K8S集群部署完成!!!

4. master节点安装管理页面dashboard

可以先手动下载dashboard镜像:

# docker pull kubernetesui/dashboard:v2.0.0-beta8
# docker pull kubernetesui/metrics-scraper:v1.0.1


# wget   http://120.78.77.38/file/kubernetes-dashboard.yaml
# kubectl apply -f  kubernetes-dashboard.yaml

[root@k8s-master ~]# kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-694557449d-nhxc9   1/1     Running   0          8m44s
kubernetes-dashboard-9774cc786-r2qnx         1/1     Running   0          8m44s
[root@k8s-master ~]# 

[root@k8s-master ~]# kubectl get pod -n kubernetes-dashboard  -o wide
NAME                                         READY   STATUS    RESTARTS   AGE     IP           NODE         NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-694557449d-nhxc9   1/1     Running   0          9m20s   10.244.1.2   k8s-node01   <none>           <none>
kubernetes-dashboard-9774cc786-r2qnx         1/1     Running   0          9m20s   10.244.2.4   k8s-node02   <none>           <none>
[root@k8s-master ~]# 


登录地址:
https://192.168.10.20:30001        #需要用火狐浏览器打开访问

#创建token

[root@k8s-master ~]# kubectl create serviceaccount  dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@k8s-master ~]# kubectl create  clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@k8s-master ~]# 
[root@k8s-master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret |awk '/dashboard-admin/{pirnt $1}')

......

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlZQeU15aWgyeFZNOS14aTQ0ZVFHaGM5WXMyb2sxMkNMVWRMdkJ1cDBKbncifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJ0dGwtY29udHJvbGxlci10b2tlbi1zcXM2eiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJ0dGwtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjZlY2I3ZjM3LTFkMWQtNDE0Ny1hMGM4LTkyYmMwYzZlZmM0OSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTp0dGwtY29udHJvbGxlciJ9.k1VoJ6UJD0X5tt-ldVNiBLGVf_1PL791_ccNkMWGXQg2YPj_ZJR0G-jaQ8V336JHNtv5LlxPnmGpZhSMcxiMqGDukKIozWoqfiZVCysbPzsqN-NoVtCe90su2apjuHJhDB-2hFUZYJ481p7Q69SQ9pCf5QQv1FORyoHRvWG4a5M_QCgRXnLsNdcIHb56bvs2sA18n6EHDYDr4bLFWKxlEe6eHNgIyQeBJZ4jr7kEJ1DrDrU1Gr5fGAhCAsyONeFoJvv2Fcpk4o_CR1eIAxZHV4JiODl14tDTn5zMCLRYcU2X3QMXB9fc5JE7TI_nGl2INIQ0asYvVTJxmKxp8gFdBA
[root@k8s-master ~]# 

测试kubernetes集群

(1)、创建一个nginx的pod
现在我们在kubernetes集群中创建一个nginx的pod,验证是否能正常运行。
在master节点执行一下步骤:

[root@k8s-master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@k8s-master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@k8s-master ~]# 

现在我们查看pod和service

[root@k8s-master ~]# kubectl get pod,svc -o wide
NAME                        READY   STATUS    RESTARTS   AGE     IP           NODE         NOMINATED NODE   READINESS GATES
pod/nginx-f89759699-rrg5g   1/1     Running   0          3m33s   10.244.2.5   k8s-node02   <none>           <none>

NAME                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE     SELECTOR
service/kubernetes   ClusterIP   10.1.0.1      <none>        443/TCP        71m     <none>
service/nginx        NodePort    10.1.12.175   <none>        80:30990/TCP   3m22s   app=nginx
[root@k8s-master ~]# 

打印的结果中,前半部分是pod相关信息,后半部分是service相关信息。我们看service/nginx这一行可以看出service暴漏给集群的端口是30990。记住这个端口。

然后从pod的详细信息可以看出此时pod在node2节点之上。node2节点的IP地址是192.168.10.402)、访问nginx验证集群
那现在我们访问一下。打开浏览器(建议火狐浏览器),访问地址就是:

http://192.168.10.40:30990



参考文档:

https://mp.weixin.qq.com/s?__biz=MzAxMTkwODIyNA==&mid=2247505692&idx=1&sn=83d7b8acfed9ca96547a2ec4a5483669&chksm=9bbb72f3acccfbe507b10fa766f691e25b10b6db1f6169bbcbac52d3d3ba5d9c66fd716d40c3&cur_album_id=1524878320667049989&scene=189#rd

二进制部署方式:
https://mp.weixin.qq.com/s?__biz=MzAxMTkwODIyNA==&mid=2247505692&idx=1&sn=83d7b8acfed9ca96547a2ec4a5483669&chksm=9bbb72f3acccfbe507b10fa766f691e25b10b6db1f6169bbcbac52d3d3ba5d9c66fd716d40c3&cur_album_id=1524878320667049989&scene=189#rd

k8s 监控:

http://192.168.10.20:31672/metrics

http://192.168.10.20:30003/targets

http://192.168.10.20:30106/?orgId=1
kubeadm 部署k8s 1.18版本集群笔记

 

卸载kubeadm部署的k8s集群:

# 卸载服务
kubeadm reset
# 删除rpm包
rpm -qa|grep kube*|xargs rpm --nodeps -e
# 删除容器及镜像
docker images -qa|xargs docker rmi -f
posted @ 2020-12-16 22:16  梦徒  阅读(296)  评论(0编辑  收藏  举报