Ubuntu 20.04.2 搭建 Kubernetes 1.21.0 集群环境

随笔8个月前发布 草民认为
84 0 0

1.环境准备

IP地址 节点角色 cpu Memory Hostname
172.16.0.71 master >=2c >=2G k8s-master
172.16.0.72 worker >=2c >=2G k8s-node1

默认都安装了docker

2.Ubuntu操作(默认在root下操作,所有节点)

  • 设置hostname
    临时
    hostname k8s-master
    永久:
    vi /etc/hostname
    reboot

  • 设置时区(date查看时间)
    tzselect Asia–China–Beijing Time
    cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

  • 防火墙
    ufw status 查看防火墙状态 inactive:关闭, active:开启
    ufw enable 开启防火墙
    ufw disable 关闭防火墙

  • 设置hosts

cat >> /etc/hosts <<EOF
172.16.0.71 k8s-master
172.16.0.72 k8s-node1
EOF

  • 禁用Swap
    swapoff -a

vim /etc/fstab //注释掉最后一行
...
#/swap.img      none    swap    sw      0       0

  • 允许 iptables 检查桥接流量

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sysctl --system

3.安装kubelet、kubectl 、kubeadm(所有节点)

curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -

cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF

apt update

apt install kubelet=1.21.0-00 kubeadm=1.21.0-00 kubectl=1.21.0-00 -y
systemctl enable kubelet

4.kubeadm初始化(master节点)

kubeadm init 
--apiserver-advertise-address=172.16.0.71 
--image-repository registry.aliyuncs.com/google_containers 
--kubernetes-version=v1.21.0 
--service-cidr=10.96.0.0/12 
--pod-network-cidr=10.244.0.0/16 
--token-ttl=0

--apiserver-advertise-address apiserver通告给其它组件的IP地址,一般应该为Master节点用于集群内部通信的IP地址
--image-repository 指定要使用的镜像仓库,默认为gcr.io
--kubernetes-version kubernetes程序组件的版本号,必须要与前面安装的版本一致
--pod-network-cidr Pod网络的地址范围,其值为CIDR格式的网络地址,通常,Flannel网络插件的默认为10.244.0.0/16,Project Calico插件的默认值为192.168.0.0/16
---token-ttl 共享令牌(token)的过期时长,默认为24小时,0表示永不过期;为防止不安全存储等原因导致的令牌泄露危及集群安全,建议为其设定过期时长。未设定该选项时,在token过期后,若期望再向集群中加入其它节点,可以使用如下命令重新创建token,并生成节点加入命令 kubeadm token create --print-join-command

有些镜像阿里云上可能不存在,在能够翻墙的电脑上通过docker下载镜像,然后导出上传到服务器,然后导入

  • 查看kubeadm所需镜像
    kubeadm config images list

  • 导入镜像
    docker pull k8s.gcr.io/coredns/coredns:v1.8.0
    docker save k8s.gcr.io/coredns/coredns:v1.8.0 > corens.tar
    docker load -i corens.tar

  • 修改镜像的tag
    docker tag 4d k8s.gcr.io/kube-apiserver:v1.21.0

  • 重新创建token
    kubeadm token create --print-join-command

  • 成功初始化后

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:
  #第1个步骤提示,Kubernetes集群管理员认证到Kubernetes集群时使用的kubeconfig配置文件
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

#我们也可以不做上述设定,而使用环境变量KUBECONFIG为kubelet等指定默认使用的kubeconfig
Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

#第2个步骤提示,管理员需要使用网络插件为Kubernetes集群部署Pod网络,具体选用的插件取决于管理员
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

#第3个步骤提示,向Kubernetes集群添加工作节点
Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.16.0.71:6443 --token pn9klr.49wyqriora9wazrj 
        --discovery-token-ca-cert-hash sha256:e822db73be11647ce3b0bd5e2837be446286c1475a9f47d7491f728c71937903

  • 重置kubeadm
    kubeadm reset
    rm -rf $HOME/.kube 如果不执行这部,可能会出现

Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kubernetes”)

5.部署网络插件(master节点)

curl -O https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml

6.加入集群(node节点)

kubeadm join 172.16.0.71:6443 --token pn9klr.49wyqriora9wazrj --discovery-token-ca-cert-hash sha256:e822db73be11647ce3b0bd5e2837be446286c1475a9f47d7491f728c71937903

需要先下载好k8s.gcr.io/kube-proxyk8s.gcr.io/pause 两个镜像

7.查看集群状态(master节点)

  • kubectl get cs 查看集群状态

root@k8s-master:/# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS      MESSAGE                                                                                       ERROR
controller-manager   Unhealthy   Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused   
scheduler            Unhealthy   Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused   
etcd-0               Healthy     {"health":"true"} 

因为我们没有做端口的处理,这个时候scheduler和controller-manager的端口并未开放,状态为unhealthy,我们选择修改配置的方式来解决这个问题

sed -i 's/- --port=0/#- --port=0/g' /etc/kubernetes/manifests/kube-scheduler.yaml
sed -i 's/- --port=0/#- --port=0/g' /etc/kubernetes/manifests/kube-controller-manager.yaml

再次查看集群状态

root@k8s-master:/home/hpc# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"} 

  • kubectl get nodes 查看节点状态

root@k8s-master:/home/hpc# kubectl get nodes
NAME         STATUS   ROLES                  AGE   VERSION
k8s-master   Ready    control-plane,master   18h   v1.21.0
k8s-node1    Ready    <none>                 18h   v1.21.0

  • kubectl get pods --all-namespaces 查看所有pods的状态

root@k8s-master:/home/hpc# kubectl get pods --all-namespaces
NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   coredns-558bd4d5db-d4vsr             1/1     Running   0          18h
kube-system   coredns-558bd4d5db-pkv7m             1/1     Running   0          18h
kube-system   etcd-k8s-master                      1/1     Running   0          18h
kube-system   kube-apiserver-k8s-master            1/1     Running   0          18h
kube-system   kube-controller-manager-k8s-master   1/1     Running   0          8m26s
kube-system   kube-flannel-ds-28gpz                1/1     Running   5          17h
kube-system   kube-flannel-ds-9jxb8                1/1     Running   0          17h
kube-system   kube-proxy-nx7vs                     1/1     Running   0          18h
kube-system   kube-proxy-qkjkf                     1/1     Running   0          18h
kube-system   kube-scheduler-k8s-master            1/1     Running   0          9m4s

  • kubectl describe pod kube-proxy-qkjkf -n kube-system 查看某一个pod的详细信息

8.测试集群

kubectl create deployment nginx --image=nginx 创建一个nginx的pod
kubectl expose deployment nginx --port=80 --type=LoadBalancer 以负载均衡的方式暴露服务
kubectl get pod,svc 查看pod和service的状态

root@k8s-master:/home/hpc# kubectl get pod,svc
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-6799fc88d8-6dtc2   1/1     Running   0          4m2s

NAME                 TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP      10.96.0.1       <none>        443/TCP        18h
service/nginx        LoadBalancer   10.111.142.27   <pending>     80:31625/TCP   2m51s

访问172.16.0.71:31625 和 172.16.0.72:31625 都可以打开nginx的欢迎界面

© 版权声明

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...