欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

centos7使用kubeadm搭建一个k8s集群

程序员文章站 2022-03-07 10:23:01
...

centos7使用kubeadm搭建一个k8s集群

简介

kubeadm默认情况下并不会安装一个网络解决方案,所以用kubeadm安装完之后,需要自己来安装一个网络的插件。

部署

系统环境(准备工作)

注意事项

1、SWAP必须被关闭,否则kubelet会出错!

2、集群的机器之间必须能通过网络互相通信

3、2GB或者以上的RAM(否则将没有足够空间留给app)

4、2核以上CPU

各节点安装docker
# yum install -y docker
# systemctl enable docker && sudo systemctl start docker
首先关闭selinux防火墙
vim /etc/sysconfig/selinux

把SELINUX改成disabled,然后保存退出。 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
关闭防火墙
# systemctl stop firewalld.service
# systemctl disable firewalld.service
修改hosts文件 对应两台物理机

修改hosts

# vim /etc/hosts

添加映射

192.168.1.223  k8s-master
192.168.1.218  node1
网络设置

k8s在RHEL/CentOS 7 系统上可能会路由失败,我们需要设置一下:

# vim /etc/sysctl.d/k8s.conf

修改为

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

并使它生效

# sysctl -p /etc/sysctl.d/k8s.conf

安装kubeadm

#####配置文件
安装kubeadm,kubelet和kubectl时因为需要访问google的库下载镜像源,我们这里设置一下访问阿里云的库

# vim /etc/yum.repos.d/kubernetes.repo

修改为

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
安装
# yum install -y kubelet kubeadm kubectl
# systemctl enable kubelet && systemctl start kubelet

使用kubeadm初始化master节点

注意:如没有*需添加 --image-repository registry.aliyuncs.com/google_containers 下载需要的包源,也可以自行下载包源离线安装

这里我们用的是阿里云镜像的k8s包源

# kubeadm init --kubernetes-version=v1.14.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.1.223 --image-repository registry.aliyuncs.com/google_containers

初始化成功

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.1.223:6443 --token dlceft.lcix67fmvte12o8g \
    --discovery-token-ca-cert-hash sha256:f0c3e0eb01b861d5db32bf5475a047eff720c021598aa4889e9fb4eb0aafb1c5

通过上面成功的提示可以看到,要开始使用集群,还需要一些配置

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

最下面的这行kubeadm join 是在子节点操作加入集群的方法,后面的sha256是kubenetes的token值,这个值默认为24小时有效时间,如果有需要可以自行百度配置永久token

# kubeadm join 192.168.1.223:6443 --token dlceft.lcix67fmvte12o8g \
	    --discovery-token-ca-cert-hash sha256:f0c3e0eb01b861d5db32bf5475a047eff720c021598aa4889e9fb4eb0aafb1c5

完成以上步骤后测试看一下

# kubectl get pods --all-namespaces

结果是

NAMESPACE     NAME                                 READY   STATUS             RESTARTS   AGE
kube-system   coredns-8686dcc4fd-h746r             0/1     CrashLoopBackOff   6          8m45s
kube-system   coredns-8686dcc4fd-qm27q             0/1     CrashLoopBackOff   6          8m45s
kube-system   etcd-k8s-master                      1/1     Running            0          7m47s
kube-system   kube-apiserver-k8s-master            1/1     Running            0          8m4s
kube-system   kube-controller-manager-k8s-master   1/1     Running            0          8m6s
kube-system   kube-proxy-h2zgr                     1/1     Running            0          8m45s
kube-system   kube-scheduler-k8s-master            1/1     Running            0          7m54s

可以看到coredns是没启动起来的,这是因为我们还没有安装network addon,部署k8s集群是不会帮你配置默认网络的,所以我们要安装一个network addon,kubeadm只支持CNI-based networks(不支持kubenet)

配置CNI

常见的network addon有很多 这里我们用Flannel

# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml

然后配置网络

# vim /etc/cni/net.d/10-mynet.conf

配置网桥

{
        "name": "mynet",
        "type": "bridge",
        "bridge": "br_eno1",
        "isDefaultGateway": false,
        "forceAddress": false,
        "ipMasq": false,
        "hairpinMode": false,
        "ipam": {
                "type": "host-local",
                "subnet": "192.168.1.0/24",
                "rangeStart": "192.168.1.125",
                "rangeEnd": "192.168.1.200",
                "gateway": "192.168.1.1",
                "routes": [
                    { "dst": "0.0.0.0/0" }
                 ]

        }
}

配置CNI部分蜜汁能用,还需后期验证找原因,有待补充。

加入node节点

现在我们开始加入一些k8s节点到集群中
连接到我们的节点上,执行刚才kubeadm init时的最后一行,这行命令每个人都不一样,上面提到token值每个人不一样。

# kubeadm join 192.168.1.223:6443 --token dlceft.lcix67fmvte12o8g \
    --discovery-token-ca-cert-hash sha256:f0c3e0eb01b861d5db32bf5475a047eff720c021598aa4889e9fb4eb0aafb1c5

然后我们回到master节点看一下node添加成没成功

# kubectl get nodes

可以看到node已经成功添加

NAME         STATUS     ROLES    AGE   VERSION
k8s-master   Ready      master   35m   v1.14.2
k8s1         NotReady   <none>   12s   v1.14.1

至此,kubernetes集群master部署和node节点部署已完成。

相关标签: k8s kubeadm kubernetes 部署k8s 部署kubernetes

上一篇: Resumable HTML5 File API 的文件上传

下一篇: PHP操作MySQL数据库详解(二)

推荐阅读