1. 安装要求
- 一台或多台机器,操作系统CentOS-7以上
- 硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘30GB或- 更多
- 集群中所有机器网络互通
- 可以访问外网,需要拉取镜像
- 禁止swap分区
2. 准备环境
本人买了三台云服务器,配置如下:
| node_name | ip | CPU | RAM | 硬盘 | 宽带 |
|---|---|---|---|---|---|
| k8s-master | 172.31.0.60 | 2核 | 4G | 40G | 3Mb/s |
| k8s-node01 | 172.31.0.224 | 2核 | 4G | 40G | 3Mb/s |
| k8s-node02 | 172.31.0.237 | 2核 | 4G | 40G | 3Mb/s |
# 关闭swap分区
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 关闭selinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
设置主机名
hostnamectl set-hostname <hostname>
在master添加hosts
cat >> /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.31.0.60 k8s-master
172.31.0.224 k8s-node01
172.31.0.237 k8s-node02
EOF
3 安装Docker、kubeadm、kubelet【所有节点】
Kubernetes默认CRI(容器进行时)为Docker,因此先安装Docker
3.1 安装Docker
# 安装依赖包
yum install -y yum-utils
# 添加Docker软件包源
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# 安装Docker CE
yum install -y docker-ce
# 启动Docker服务并设置开机启动
systemctl start docker
systemctl enable docker
# 配置阿里云镜像加速器
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://obhube46.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
}
}
EOF
# 重启docker,使其生效
systemctl restart docker
3.2 添加阿里云YUM软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
3.3 安装Kubeadm,kubelet和kubectl
由于版本更新频繁,这里指定版本号部署
# 查看kubelet kubeadm kubectl版本
yum list kubelet kubeadm kubectl --showduplicates|sort -r
# 安装指定版本
yum -y install kubeadm-1.20.0 kubectl-1.20.0 kubelet-1.20.0
systemctl enable kubelet.service
4 部署Kubernetes Master
kubernetes-version:具体安装的实际版本
kubelet --version 命令获取;
apiserver-advertise-address:master机器的IP
kubeadm init --kubernetes-version=1.20.0 \
--apiserver-advertise-address=172.31.0.60 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
# 配置kubectl配置
mkdir -p $HOME/.kube
sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 获取node状态
kubectl get nodes
# 可能报错1:Unable to connect to the server: dial tcp: lookup localhost on 114.114.114.114:53: no such host
# 解决办法:添加/etc/hosts localhost映射
cat >> /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
# 可能报错2:The connection to the server localhost:8080 was refused - did you specify the right host or port?
# 解决办法:添加配置文件到环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
kubeadm init做了哪些工作:
- [preflight] 环境监察和拉取镜像(kubeadm config images pull)
- [certs]创建证书目录/etc/kubernetes/pki,生成证书
- [kubeconfig]创建连接apiserver的配置文件目录/etc/kubernetes
- [kubelet-start]生成kubelet配置文件和启动
- [control-plane]使用静态的pod启动master组件/etc/kubernetes/maintests
- [upload-config][upload-certs][kubelet]使用ConfigMap存储kubelet配置
- [mark-control-plane]给master节点添加标签
- [bootstrap-token]kubelet自动申请证书机制
- [addons]安装插件CoreDNS和kube-proxy
5 加入Kubernetes Node
分别在k8s-node01,k8s-node02上执行(kubeadm init时的log)
kubeadm join 172.31.0.60:6443 --token i8px88.bpy0zxxc7jjgbnv8 \
--discovery-token-ca-cert-hash sha256:cf418940ea74bf58ba99eca57e960fdef8a381932cad2f77c37e45e79610e02f
6 部署容器网络CNI
在master节点安装
wget https://docs.projectcalico.org/manifests/calico.yaml
sed -i 's/192.168.0.0/10.244.0.0/g' calico.yaml
kubectl apply -f calico.yaml
过一会,可看到节点由NotReady状态转为Ready状态,即安装完成.
kubectl get nodes
# NAME STATUS ROLES AGE VERSION
# k8s-master Ready control-plane,master 16m v1.20.0
# k8s-node01 Ready <none> 16m v1.20.0
# k8s-node02 Ready <none> 15m v1.20.0
7 测试kubernetes集群之快速部署一个网站
在Kubernetes集群中创建一个pod,验证是否正常运行
# 使用Deployment控制器部署镜像
kubectl create deployment nginx --image=nginx
# 使用Service将Pod暴露出去
kubectl expose deployment nginx --port=80 --target-port=80 --type=NodePort
# 获取随机生成的端口
kubectl get pod,svc
访问地址,需要使用公网Ip,端口随机生成,通过get svc获取,在安全组配置端口,允许入方向
http://NodeIP:Port
# 可能报错:get pod时,pod一直处于"ContainerCreating"状态,通过 describe pod 查看日志得到报错如下
kubectl get pod
kubectl describe pod <nginx-pod-name>
# stat /var/lib/calico/nodename: no such file or directory: check that the calico/node container is running and has mounted /var/lib/calico/
# 解决办法:
#创建目录和文件
mkdir /var/lib/calico/
touch /var/lib/calico/nodename
#将本机ip写进nodename文件中
echo "172.31.0.60" > /var/lib/calico/nodename
- 验证port工作
kubectl get pod
# nginx的pod处于running状态
- 验证Pod网络通信
kubectl get pods -o wide
#NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
#nginx-6799fc88d8-zt54g 1/1 Running 0 12m 10.244.85.193 k8s-node01 <none> <none>
# 在所有节点ping Pod IP,能正常ping通
ping 10.244.85.193
- 验证DNS解析
kubectl get pods -n kube-system
# coredns 处于running状态
8 部署Dashboard
wget http://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
mv recommended.yaml kubernetes-dashboard.yaml
vim kubernetes-dashboard.yaml
# 添加 nodePort: 30001 , type: NodePort
....
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
type: NodePort
---
...
# 更改完成后,运行启动dashboard
kubectl apply -f kubernetes-dashboard.yaml
# 获取pod状态,确认为running状态,则安装成功
kubectl get pods -n kubernetes-dashboard
访问地址:
https://公网Ip:30001
创建service account并绑定默认的cluster-admin管理员集群角色:
# 创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
# 用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# 获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
版权声明:本文为weixin_43872526原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。