网络及主要程序版本如下:
name | 版本 | ip |
---|---|---|
master | Centos7.2 | 172.30.31.80 |
node1 | Centos7.2 | 172.30.31.90 |
node2 | Centos7.2 | 172.30.31.91 |
docker-ce | 20.10.17 | |
kubectl | 1.19.0 |
参考:马哥视频教K8S-docker安装.docx
参考:https://blog.51cto.com/loong576/2398136
本文所有脚本和配置文件已上传github:https://github.com/loong576/Centos7.6-install-k8s-v1.14.2-cluster.git
cat /sys/class/net/ens32/address
cat /sys/class/dmi/id/product_uuid
仅用于测试,生产请不要使用
systemctl disable --now firewalld
### 关闭 SELinux
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
timedatectl set-timezone Asia/Shanghai
systemctl enable --now chronyd
#将当前的 UTC 时间写入硬件时钟
timedatectl set-local-rtc 0
#重启依赖于系统时间的服务
systemctl restart rsyslog && systemctl restart crond
2、Docker安装,所有机器上
yum install -y yum-utils device-mapper-persistent-data lvm2
yum -y install yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 或者下载源
# cd etc/yum.repos.d/
# wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
注意: 如果是nfs系统,下载后的docker-ce.repo需要修改里面的变量,nfs3改为7,nfs4改为8即可
# nfs操作
sed -i -e 's/$releasever/7/g' -e 's/$basearch/x86_64/g' /etc/yum.repos.d/docker-ce.repo
### 重建yum缓存
yum makecache fast
yum install -y docker-ce-18.09.6
systemctl start docker
systemctl enable docker
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://cd6xo91e.mirror.aliyuncs.com"]
}
EOF
##重启服务
systemctl daemon-reload
systemctl restart docker
##验证
docker --version
docker run hello-world
安装Centos是已经禁用了防火墙和selinux并设置了阿里源。master和node节点都执行本部分操作。
more /etc/hostname
cat >> /etc/hosts << EOF
172.30.31.80 master
172.30.31.90 node01
172.30.31.91 node02
EOF
##临时修改
swapoff -a
##永久修改
sed -i.bak '/swap/s/^/#/' /etc/fstab
##临时修改 # 修改daemon.json,新增‘"exec-opts": ["native.cgroupdriver=systemd"’ ### 5.1. 设置kubernetes源 hostnamectl set-hostname master 用apiserver-advertise-address #指定master的interface,pod-network-cidr指定Pod网络的范围,这里使用flannel网络方案。 kubeadm init --apiserver-advertise-address 192.168.0.100 --pod-network-cidr=10.244.0.0/16 或者用马哥的,指定版本 kubeadm init --kubernetes-version="v1.19.0" --pod-network-cidr="10.244.0.0/16" --ignore-preflight-errors=Swap Your Kubernetes control-plane has initialized successfully!表示成功 记录kubeadm join的输出,在各node运行,将各个节点加入集群中。 kubeadm join 172.30.31.80:6443 --token cgfdbp.o6s4db05la737szv \ --discovery-token-ca-cert-hash sha256:f8bc85cecd7fa7b5a7b176cfd70047d583d62da8ef1ff4d29ebffd1e94189ec5 echo "export KUBECOnFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile 安装pod网络,因为raw.githubusercontent.com被污染,可以打开https://ping.chinaz.com/通过ping检测找到其他ip节点如185.199.109.133 echo -e "185.199.109.133 raw.githubusercontent.com" >>/etc/hosts 应该有master node和kube-system pod kubectl get nodes hostnamectl set-hostname node01 tee image.sh <<-'EOF' ##执行master上的 问题1:前面4.3忘记记录可以重新查看一下: kubeadm token create --print-join-command 问题2:令牌超过24小时,需要重新生成 #1 查看令牌 kubectl get nodes 循环上面一、二、三、五步骤,看看结果 kubectl get node 1 下载yaml文件 echo -e "185.199.109.133 raw.githubusercontent.com" >>/etc/hosts 2 修改Service类型为nodeport sed -i '/targetPort: 8443/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' recommended.yaml 3 创建管理员账号 cat >> recommended.yaml << EOF #部署dashboard 火狐浏览器访问https://master_ip:30001/,使用刚获取的token进行认证即可登录。 # 创建nginx-deploy的pod,replicas副本数为3 注意:在K8s v1.18.0版本以后,–replicas已弃用 ,推荐用配置文件创建 pods cat >> nginx.yaml << EOF #-----------1查看节点状态 172.30.31.80:30001 kubectl expose deployment nginx-app --port=80 --type=LoadBalancer 查看服务状态(查看对外的端口) kubectl get services 80:30531/TCP 16s 浏览器校验 http://Master+NodeIP端口 至此完成Centos7.6下k8s(v1.14.2)集群部署。
sysctl net.bridge.bridge-nf-call-iptables=1
sysctl net.bridge.bridge-nf-call-ip6tables=1
##永久修改
cat <
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system3.4 修改Cgroup Driver
cat <
{
"registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
### 重新加载,并重启
systemctl daemon-reload
systemctl restart docker3.5 安装kubelet、kubeadm和kubectl,并启动
cat <
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
##更新缓存
yum clean all
yum -y makecache
### 5.2. 版本查看
yum list kubelet --showduplicates | sort -r
### 5.3. 安装并启动kubelet、kubeadm和kubectl
yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0
systemctl enable kubelet && systemctl start kubelet4、Master节点安装
4.1 更换k8s.gcr.io为阿里,下载K8s镜像
##====自己创建vi image.sh文件,内容如下:============================
tee image.sh <<-'EOF'
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.19.0
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]}; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
EOF
##====结束========================================================
chmod u+x image.sh
./image.sh
docker images
#+--------------------------------------------------------------------------------------------------+
#|这里出现如下结果表示成功:
#|k8s.gcr.io/kube-proxy v1.19.0 bc9c328f379c 2 months ago 118MB
#|k8s.gcr.io/kube-controller-manager v1.19.0 09d665d529d0 2 months ago 111MB
#|k8s.gcr.io/kube-apiserver v1.19.0 1b74e93ece2f 2 months ago 119MB
#|k8s.gcr.io/kube-scheduler v1.19.0 cbdc8369d8b1 2 months ago 45.6MB
#|k8s.gcr.io/etcd 3.4.9-1 d4ca8726196c 4 months ago 253MB
#|k8s.gcr.io/coredns 1.7.0 bfe3a36ebd25 4 months ago 45.2MB
#|k8s.gcr.io/pause 3.2 80d28bedfe5d 8 months ago 683kB
#+--------------------------------------------------------------------------------------------------+4.2 初始化Master
4.3 记录kubeadm join输出
4.4 加载环境变量
source ~/.bash_profile
# 本文所有操作都在root用户下执行,若为非root用户,则执行如下操作:
# mkdir -p $HOME/.kube
# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# sudo chown $(id -u):$(id -g) $HOME/.kube/config4.5 安装pod网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml4.6 检查
# NAME STATUS ROLES AGE VERSION
# master NoReady master 10m v1.19.0
#只有master节点,且处于NoReady未就绪状态
kubectl get pods -n kube-system
# NAME READY STATUS RESTARTS AGE
# coredns-f9fd979d6-c5jbg 1/1 Running 0 88m
# coredns-f9fd979d6-zczxg 1/1 Running 0 88m
# etcd-master 1/1 Running 0 88m
# kube-apiserver-master 1/1 Running 0 88m
# kube-controller-manager-master 1/1 Running 0 88m
# kube-proxy-7vg4f 1/1 Running 0 88m
# kube-proxy-ck99m 1/1 Running 0 24m
# kube-scheduler-master 1/1 Running 0 88m
# 出现任何一个不是Running,请用kubectl describe看看原因并解决5、Node节点安装
5.1 更换k8s.gcr.io为阿里,并下载K8s镜像
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.19.0
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]}; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
EOF
chmod u+x image.sh
./image.sh
docker images5.2 加入集群
kubeadm join 172.30.31.80:6443 --token cgfdbp.o6s4db05la737szv \
--discovery-token-ca-cert-hash sha256:f8bc85cecd7fa7b5a7b176cfd70047d583d62da8ef1ff4d29ebffd1e94189ec5
kubeadm token list
# j5eoyz.zu0x6su7wzh752b3
# 发现之前初始化时的令牌已过期
#2 生成新的令牌
kubeadm token create
# 1zl3he.fxgz2pvxa3qkwxln
#3 生成新的加密串
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
# 5f656ae26b5e7d4641a979cbfdffeb7845cc5962bbfcd1d5435f00a25c02ea50
#4 node节点加入集群
#在node节点上分别执行如下操作:
kubeadm join 172.27.9.131:6443 --token 1zl3he.fxgz2pvxa3qkwxln --discovery-token-ca-cert-hash sha256:5f656ae26b5e7d4641a979cbfdffeb7845cc5962bbfcd1d5435f00a25c02ea505.2 检查,msater上查看
# NAME STATUS ROLES AGE VERSION
# master Ready master 100m v1.19.0
# node01 Ready
#只有node1节点已经加入,且处于Ready就绪状态5.3 添加其他node
#NAME STATUS ROLES AGE VERSION
#master Ready master 2d1h v1.19.0
#node01 Ready
#node02 Ready 6、Dashboard的安装
6.1.准备yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml
#由于默认的镜像仓库网络访问不通,故改成阿里镜像
sed -i 's/k8s.gcr.io/registry.cn-hangzhou.aliyuncs.com\/kuberneters/g' kubernetes-dashboard.yaml
---
# ------------------- dashboard-admin ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
EOF6.2 部署dashboard
kubectl apply -f recommended.yaml
#查看状态
kubectl get all -n kubernetes-dashboard
#获取令牌
kubectl describe secrets -n kubernetes-dashboard dashboard-admin6.3 访问检测
7 集群测试
7.1 部署应用
1.1 命令方式:部署apache服务
kubectl run nginx-deploy --image=nginx:1.14-alpine --port=80 --replicas=3
# 会反馈以下错误:
# Flag --replicas has been deprecated, has no effect and will be removed in the future.
# pod/nginx-deploy created
# 查看
kubectl get pods
# 删除nginx-deploy
kubectl delete pods nginx-deploy1.2 配置文件方式:部署nginx服务
# API 版本号
apiVersion: apps/v1
# 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
kind: Deployment
metadata:
# Kind 的名称
name: nginx-app
spec:
selector:
matchLabels:
# 容器标签的名字,发布 Service 时,selector 需要和这里对应
app: nginx
# 部署的实例数量
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
# 配置容器,数组类型,说明可以配置多个容器
containers:
# 容器名称
- name: nginx
# 容器镜像
image: nginx:1.17
# 只有镜像不存在时,才会进行镜像拉取
imagePullPolicy: IfNotPresent
ports:
# Pod 端口
- containerPort: 80
EOF
# 创建Pod
kubectl apply -f nginx.yaml7.2 状态查看
2.1 命令查看
kubectl get pods
# NAME READY STATUS RESTARTS AGE
# nginx-app-7f4fc68488-lg6l2 1/1 Running 0 58s
# nginx-app-7f4fc68488-s2g58 1/1 Running 0 58s
#-----------2查看pod状态
kubectl get pod --all-namespaces
# NAMESPACE NAME READY STATUS RESTARTS AGE
# default nginx-app-7f4fc68488-lg6l2 1/1 Running 0 2m7s
# default nginx-app-7f4fc68488-s2g58 1/1 Running 0 2m7s
# kube-flannel kube-flannel-ds-b4t5c 1/1 Running 0 2d3h
# .。。。。。
#-----------3查看副本数
kubectl get deployments
# NAME READY UP-TO-DATE AVAILABLE AGE
# nginx-app 2/2 2 2 80s
kubectl get pod -o wide
# NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
# nginx-app-7f4fc68488-lg6l2 1/1 Running 0 10m 10.244.3.3 node02
# nginx-app-7f4fc68488-s2g58 1/1 Running 0 10m 10.244.1.4 node01
# 可以看到nginx和httpd的3个副本pod均匀分布在3个节点上
#-----------4查看deployment详细信息
kubectl describe deployments
#-----------5查看集群基本组件状态
kubectl get cs2.2 dashboard查看
7.3 暴露服务
# NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
# kubernetes ClusterIP 10.96.0.1
# nginx-app LoadBalancer 10.100.15.94
172.30.31.80:30531