系统初始化
生产环境肯定要更高配置,虚拟机以保守的最低配置。
机器ip规格master192.168.203.111核2线程、2G内存、40G磁盘node2192.168.203.121核2线程、2G内存、40G磁盘node3192.168.203.131核2线程、2G内存、40G磁盘
修改为静态ip
vi /etc/resolv.conf
追加内容后保存并退出
nameserver 223.5.5.5
nameserver 223.6.6.6
sudovi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO="dhcp"改成BOOTPROTO=“static”,如果是复制的机器UUID、IPADDR也要不一致
TYPE="Ethernet"PROXY_METHOD="none"BROWSER_ONLY="no"BOOTPROTO="static"DEFROUTE="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_FAILURE_FATAL="no"IPV6_ADDR_GEN_MODE="stable-privacy"NAME="ens33"UUID="0ef41c81-2fa8-405d-9ab5-3ff34ac815cf"DEVICE="ens33"ONBOOT="yes"IPADDR="192.168.203.11"PREFIX="24"GATEWAY="192.168.203.2"IPV6_PRIVACY="no"
重启网络使配置生效
sudo systemctl restart network
永久关闭防火墙(所有机器)
sudo systemctl stop firewalld && systemctl disable firewalld
永久关闭selinux(所有机器)
sudosed-i's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
启用selinux命令:setenforce 0【不需要执行,只是作为一种记录】
永久禁止swap分区(所有机器)
sudosed-ri's/.*swap.*/#&/' /etc/fstab
永久设置hostname(根据机器分别设置mster、node1、node2)
三台机器分别为mster、node1、node2
sudo hostnamectl set-hostname master
使用hostnamectl或hostname命令验证是否修改成功
在hosts文件添加内容(仅master设置)
sudocat>> /etc/hosts <<EOF
192.168.203.11 master
192.168.203.12 node1
192.168.203.13 node2
EOF
将桥接的IPv4流量传递到iptables的链(所有机器)
sudocat> /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
使k8s.conf立即生效
sudosysctl--system
时间同步(所有机器)
sudo yum install-y ntpdate
安装好后执行同步时间命令
sudo ntpdate time.windows.com
所有机器安装Docker、Kubeadm、Kubelet、Kubectl
安装Docker
安装必要的一些系统工具
yum install-y net-tools
yum install-ywgetsudo yum install-y yum-utils device-mapper-persistent-data lvm2
安装配置管理和设置镜像源
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudosed-i's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
查找Docker-CE的版本
sudo yum list docker-ce.x86_64 --showduplicates|sort-r
安装指定版本的docker-ce
sudo yum -y install docker-ce-[VERSION]
sudo yum -yinstall docker-ce-18.06.1.ce-3.el7
启动docker服务
sudo systemctl enabledocker&&sudo systemctl start docker
查看docker是否启动成功【注意docker的Client和Server要一致,否则某些情况下会报错】
sudodocker--version
创建/etc/docker/daemon.json文件并设置docker仓库为aliyun仓库
sudocat> /etc/docker/daemon.json <<EOF
{
"registry-mirrors":["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
重启docker查看配置是否生效
sudodocker info
重启
sudoreboot now
添加yum软件源kubernetes.repo为阿里云
cat<<EOF> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
安装 kubelet、kubeadm、kubectl
sudo yum install-y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
设置开机启动和启动
sudo systemctl enable kubelet && systemctl start kubelet
部署Kubernetes
apiserver-advertise-address表示master主机ip
image-repository表示镜像仓库
kubernetes-version表示k8s的版本,跟上面的kubelet、kubeadm、kubectl版本一致
service-cidr表示集群内部虚拟网络,Pod统一访问入口
pod-network-cidr表示Pod网络,与下面部署的CNI网络组件yaml中保持一致
Kubernetes初始化【仅master执行,过程可能会有点久,请耐心等待命令行输出】
–v=5可加可不加,建议加,输出完整的日志,方便排查问题
kubeadm init \--v=5\
--apiserver-advertise-address=192.168.203.11 \
--image-repository=registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.18.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
输出以下内容表示初始化成功
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir-p$HOME/.kube
sudocp-i /etc/kubernetes/admin.conf $HOME/.kube/config
sudochown$(id-u):$(id-g)$HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join192.168.203.11:6443 --token 51c0rb.ehwwxemgec75r1g6 \
--discovery-token-ca-cert-hash sha256:fad429370f462b36d2651e3e37be4d4b34e63d0378966a1532442dc3f67e41b4
根据上面的提示执行对应的To start using your cluster, you need to run the following as a regular user:命令
master节点执行,node节点不执行
kubectl get nodes查看节点信息
mkdir-p$HOME/.kube
sudocp-i /etc/kubernetes/admin.conf $HOME/.kube/config
sudochown$(id-u):$(id-g)$HOME/.kube/config
kubectl get nodes
node节点根据上面的提示执行对应的Then you can join any number of worker nodes by running the following on each as root:命令
node节点执行,master节点不执行
kubeadm join192.168.203.11:6443 --token 51c0rb.ehwwxemgec75r1g6 \
--discovery-token-ca-cert-hash sha256:fad429370f462b36d2651e3e37be4d4b34e63d0378966a1532442dc3f67e41b4
node1和node2执行命令
安装cni
kube-flannel-ds-amd.yml文件
---apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:name: psp.flannel.unprivileged
annotations:seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:privileged:falsevolumes:- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:-pathPrefix:"/etc/cni/net.d"-pathPrefix:"/etc/kube-flannel"-pathPrefix:"/run/flannel"readOnlyRootFilesystem:false# Users and groupsrunAsUser:rule: RunAsAny
supplementalGroups:rule: RunAsAny
fsGroup:rule: RunAsAny
# Privilege EscalationallowPrivilegeEscalation:falsedefaultAllowPrivilegeEscalation:false# CapabilitiesallowedCapabilities:['NET_ADMIN']defaultAddCapabilities:[]requiredDropCapabilities:[]# Host namespaceshostPID:falsehostIPC:falsehostNetwork:truehostPorts:-min:0max:65535# SELinuxseLinux:# SELinux is unused in CaaSPrule:'RunAsAny'---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: flannel
rules:-apiGroups:['extensions']resources:['podsecuritypolicies']verbs:['use']resourceNames:['psp.flannel.unprivileged']-apiGroups:-""resources:- pods
verbs:- get
-apiGroups:-""resources:- nodes
verbs:- list
- watch
-apiGroups:-""resources:- nodes/status
verbs:- patch
---kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: flannel
roleRef:apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:-kind: ServiceAccount
name: flannel
namespace: kube-system
---apiVersion: v1
kind: ServiceAccount
metadata:name: flannel
namespace: kube-system
---kind: ConfigMap
apiVersion: v1
metadata:name: kube-flannel-cfg
namespace: kube-system
labels:tier: node
app: flannel
data:cni-conf.json:|
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}net-conf.json:|
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}---apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-amd64
namespace: kube-system
labels:tier: node
app: flannel
spec:selector:matchLabels:app: flannel
template:metadata:labels:tier: node
app: flannel
spec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:-matchExpressions:-key: beta.kubernetes.io/os
operator: In
values:- linux
-key: beta.kubernetes.io/arch
operator: In
values:- amd64
hostNetwork:truetolerations:-operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:-name: install-cni
image: quay.io/coreos/flannel:v0.13.0-rc2
command:- cp
args:--f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:-name: cni
mountPath: /etc/cni/net.d
-name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:-name: kube-flannel
image: quay.io/coreos/flannel:v0.13.0-rc2
command:- /opt/bin/flanneld
args:---ip-masq
---kube-subnet-mgr
resources:requests:cpu:"100m"memory:"50Mi"limits:cpu:"100m"memory:"50Mi"securityContext:privileged:falsecapabilities:add:["NET_ADMIN"]env:-name: POD_NAME
valueFrom:fieldRef:fieldPath: metadata.name
-name: POD_NAMESPACE
valueFrom:fieldRef:fieldPath: metadata.namespace
volumeMounts:-name: run
mountPath: /run/flannel
-name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:-name: run
hostPath:path: /run/flannel
-name: cni
hostPath:path: /etc/cni/net.d
-name: flannel-cfg
configMap:name: kube-flannel-cfg
---apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-arm64
namespace: kube-system
labels:tier: node
app: flannel
spec:selector:matchLabels:app: flannel
template:metadata:labels:tier: node
app: flannel
spec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:-matchExpressions:-key: beta.kubernetes.io/os
operator: In
values:- linux
-key: beta.kubernetes.io/arch
operator: In
values:- arm64
hostNetwork:truetolerations:-operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:-name: install-cni
image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-arm64
command:- cp
args:--f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:-name: cni
mountPath: /etc/cni/net.d
-name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:-name: kube-flannel
image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-arm64
command:- /opt/bin/flanneld
args:---ip-masq
---kube-subnet-mgr
resources:requests:cpu:"100m"memory:"50Mi"limits:cpu:"100m"memory:"50Mi"securityContext:privileged:falsecapabilities:add:["NET_ADMIN"]env:-name: POD_NAME
valueFrom:fieldRef:fieldPath: metadata.name
-name: POD_NAMESPACE
valueFrom:fieldRef:fieldPath: metadata.namespace
volumeMounts:-name: run
mountPath: /run/flannel
-name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:-name: run
hostPath:path: /run/flannel
-name: cni
hostPath:path: /etc/cni/net.d
-name: flannel-cfg
configMap:name: kube-flannel-cfg
---apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-arm
namespace: kube-system
labels:tier: node
app: flannel
spec:selector:matchLabels:app: flannel
template:metadata:labels:tier: node
app: flannel
spec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:-matchExpressions:-key: beta.kubernetes.io/os
operator: In
values:- linux
-key: beta.kubernetes.io/arch
operator: In
values:- arm
hostNetwork:truetolerations:-operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:-name: install-cni
image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-arm
command:- cp
args:--f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:-name: cni
mountPath: /etc/cni/net.d
-name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:-name: kube-flannel
image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-arm
command:- /opt/bin/flanneld
args:---ip-masq
---kube-subnet-mgr
resources:requests:cpu:"100m"memory:"50Mi"limits:cpu:"100m"memory:"50Mi"securityContext:privileged:falsecapabilities:add:["NET_ADMIN"]env:-name: POD_NAME
valueFrom:fieldRef:fieldPath: metadata.name
-name: POD_NAMESPACE
valueFrom:fieldRef:fieldPath: metadata.namespace
volumeMounts:-name: run
mountPath: /run/flannel
-name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:-name: run
hostPath:path: /run/flannel
-name: cni
hostPath:path: /etc/cni/net.d
-name: flannel-cfg
configMap:name: kube-flannel-cfg
---apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-ppc64le
namespace: kube-system
labels:tier: node
app: flannel
spec:selector:matchLabels:app: flannel
template:metadata:labels:tier: node
app: flannel
spec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:-matchExpressions:-key: beta.kubernetes.io/os
operator: In
values:- linux
-key: beta.kubernetes.io/arch
operator: In
values:- ppc64le
hostNetwork:truetolerations:-operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:-name: install-cni
image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-ppc64le
command:- cp
args:--f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:-name: cni
mountPath: /etc/cni/net.d
-name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:-name: kube-flannel
image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-ppc64le
command:- /opt/bin/flanneld
args:---ip-masq
---kube-subnet-mgr
resources:requests:cpu:"100m"memory:"50Mi"limits:cpu:"100m"memory:"50Mi"securityContext:privileged:falsecapabilities:add:["NET_ADMIN"]env:-name: POD_NAME
valueFrom:fieldRef:fieldPath: metadata.name
-name: POD_NAMESPACE
valueFrom:fieldRef:fieldPath: metadata.namespace
volumeMounts:-name: run
mountPath: /run/flannel
-name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:-name: run
hostPath:path: /run/flannel
-name: cni
hostPath:path: /etc/cni/net.d
-name: flannel-cfg
configMap:name: kube-flannel-cfg
---apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-s390x
namespace: kube-system
labels:tier: node
app: flannel
spec:selector:matchLabels:app: flannel
template:metadata:labels:tier: node
app: flannel
spec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:-matchExpressions:-key: beta.kubernetes.io/os
operator: In
values:- linux
-key: beta.kubernetes.io/arch
operator: In
values:- s390x
hostNetwork:truetolerations:-operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:-name: install-cni
image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-s390x
command:- cp
args:--f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:-name: cni
mountPath: /etc/cni/net.d
-name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:-name: kube-flannel
image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-s390x
command:- /opt/bin/flanneld
args:---ip-masq
---kube-subnet-mgr
resources:requests:cpu:"100m"memory:"50Mi"limits:cpu:"100m"memory:"50Mi"securityContext:privileged:falsecapabilities:add:["NET_ADMIN"]env:-name: POD_NAME
valueFrom:fieldRef:fieldPath: metadata.name
-name: POD_NAMESPACE
valueFrom:fieldRef:fieldPath: metadata.namespace
volumeMounts:-name: run
mountPath: /run/flannel
-name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:-name: run
hostPath:path: /run/flannel
-name: cni
hostPath:path: /etc/cni/net.d
-name: flannel-cfg
configMap:name: kube-flannel-cfg
docker pull quay.io/coreos/flannel:v0.13.0-rc2
kubectl apply -f kube-flannel-ds-amd.yml
kubectl get pod -n kube-system 查看kube-flannel-ds-XXX 是否为runnin状态
systemctl restart kubelet
kubectl get pod -n kube-system
master执行
kubectl get node
node1和node2节点处于Ready状态
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 50m v1.18.0
node1 Ready <none> 49m v1.18.0
node2 Ready <none> 49m v1.18.0
master部署CNI网络插件【如果前面没有把–network-plugin=cni移除并重启kubelet,这步很可能会报错】
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl get pods -n kube-system
kubectl get node
master执行测试Kubernetes(k8s)集群
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
输出如下
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21m
service/nginx NodePort 10.108.8.133 <none> 80:30008/TCP 111s
如果nginx启动失败,则进行删除
kubectl delete service nginx
本文转载自: https://blog.csdn.net/weixin_43933728/article/details/137977799
版权归原作者 Meta39 所有, 如有侵权,请联系我们删除。
版权归原作者 Meta39 所有, 如有侵权,请联系我们删除。