1.环境准备
IP地址 | 节点角色 | cpu | Memory | Hostname |
---|---|---|---|---|
172.16.0.71 | master | >=2c | >=2G | k8s-master |
172.16.0.72 | worker | >=2c | >=2G | k8s-node1 |
默认都安装了docker
2.Ubuntu操作(默认在root下操作,所有节点)
-
设置hostname
临时
hostname k8s-master
永久:
vi /etc/hostname
reboot
-
设置时区(date查看时间)
tzselect
Asia–China–Beijing Time
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
-
防火墙
ufw status
查看防火墙状态inactive
:关闭,active
:开启
ufw enable
开启防火墙
ufw disable
关闭防火墙 -
设置hosts
cat >> /etc/hosts <<EOF
172.16.0.71 k8s-master
172.16.0.72 k8s-node1
EOF
- 禁用Swap
swapoff -a
vim /etc/fstab //注释掉最后一行
...
#/swap.img none swap sw 0 0
- 允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
3.安装kubelet、kubectl 、kubeadm(所有节点)
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt update
apt install kubelet=1.21.0-00 kubeadm=1.21.0-00 kubectl=1.21.0-00 -y
systemctl enable kubelet
4.kubeadm初始化(master节点)
kubeadm init
--apiserver-advertise-address=172.16.0.71
--image-repository registry.aliyuncs.com/google_containers
--kubernetes-version=v1.21.0
--service-cidr=10.96.0.0/12
--pod-network-cidr=10.244.0.0/16
--token-ttl=0
--apiserver-advertise-address
apiserver通告给其它组件的IP地址,一般应该为Master节点用于集群内部通信的IP地址
--image-repository
指定要使用的镜像仓库,默认为gcr.io
--kubernetes-version
kubernetes程序组件的版本号,必须要与前面安装的版本一致
--pod-network-cidr
Pod网络的地址范围,其值为CIDR格式的网络地址,通常,Flannel网络插件的默认为10.244.0.0/16,Project Calico插件的默认值为192.168.0.0/16
---token-ttl
共享令牌(token)的过期时长,默认为24小时,0表示永不过期;为防止不安全存储等原因导致的令牌泄露危及集群安全,建议为其设定过期时长。未设定该选项时,在token过期后,若期望再向集群中加入其它节点,可以使用如下命令重新创建token,并生成节点加入命令 kubeadm token create --print-join-command
有些镜像阿里云上可能不存在,在能够翻墙的电脑上通过docker下载镜像,然后导出上传到服务器,然后导入
-
查看kubeadm所需镜像
kubeadm config images list
-
导入镜像
docker pull k8s.gcr.io/coredns/coredns:v1.8.0
docker save k8s.gcr.io/coredns/coredns:v1.8.0 > corens.tar
docker load -i corens.tar
-
修改镜像的tag
docker tag 4d k8s.gcr.io/kube-apiserver:v1.21.0
-
重新创建token
kubeadm token create --print-join-command
-
成功初始化后
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
#第1个步骤提示,Kubernetes集群管理员认证到Kubernetes集群时使用的kubeconfig配置文件
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#我们也可以不做上述设定,而使用环境变量KUBECONFIG为kubelet等指定默认使用的kubeconfig
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
#第2个步骤提示,管理员需要使用网络插件为Kubernetes集群部署Pod网络,具体选用的插件取决于管理员
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
#第3个步骤提示,向Kubernetes集群添加工作节点
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.16.0.71:6443 --token pn9klr.49wyqriora9wazrj
--discovery-token-ca-cert-hash sha256:e822db73be11647ce3b0bd5e2837be446286c1475a9f47d7491f728c71937903
- 重置kubeadm
kubeadm reset
rm -rf $HOME/.kube
如果不执行这部,可能会出现
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kubernetes”)
5.部署网络插件(master节点)
curl -O https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
6.加入集群(node节点)
kubeadm join 172.16.0.71:6443 --token pn9klr.49wyqriora9wazrj --discovery-token-ca-cert-hash sha256:e822db73be11647ce3b0bd5e2837be446286c1475a9f47d7491f728c71937903
需要先下载好k8s.gcr.io/kube-proxy
和k8s.gcr.io/pause
两个镜像
7.查看集群状态(master节点)
-
kubectl get cs
查看集群状态
root@k8s-master:/# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Unhealthy Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused
scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused
etcd-0 Healthy {"health":"true"}
因为我们没有做端口的处理,这个时候scheduler和controller-manager的端口并未开放,状态为unhealthy,我们选择修改配置的方式来解决这个问题
sed -i 's/- --port=0/#- --port=0/g' /etc/kubernetes/manifests/kube-scheduler.yaml
sed -i 's/- --port=0/#- --port=0/g' /etc/kubernetes/manifests/kube-controller-manager.yaml
再次查看集群状态
root@k8s-master:/home/hpc# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
-
kubectl get nodes
查看节点状态
root@k8s-master:/home/hpc# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 18h v1.21.0
k8s-node1 Ready <none> 18h v1.21.0
-
kubectl get pods --all-namespaces
查看所有pods的状态
root@k8s-master:/home/hpc# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-558bd4d5db-d4vsr 1/1 Running 0 18h
kube-system coredns-558bd4d5db-pkv7m 1/1 Running 0 18h
kube-system etcd-k8s-master 1/1 Running 0 18h
kube-system kube-apiserver-k8s-master 1/1 Running 0 18h
kube-system kube-controller-manager-k8s-master 1/1 Running 0 8m26s
kube-system kube-flannel-ds-28gpz 1/1 Running 5 17h
kube-system kube-flannel-ds-9jxb8 1/1 Running 0 17h
kube-system kube-proxy-nx7vs 1/1 Running 0 18h
kube-system kube-proxy-qkjkf 1/1 Running 0 18h
kube-system kube-scheduler-k8s-master 1/1 Running 0 9m4s
-
kubectl describe pod kube-proxy-qkjkf -n kube-system
查看某一个pod的详细信息
8.测试集群
kubectl create deployment nginx --image=nginx
创建一个nginx的pod
kubectl expose deployment nginx --port=80 --type=LoadBalancer
以负载均衡的方式暴露服务
kubectl get pod,svc
查看pod和service的状态
root@k8s-master:/home/hpc# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-6dtc2 1/1 Running 0 4m2s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18h
service/nginx LoadBalancer 10.111.142.27 <pending> 80:31625/TCP 2m51s
访问172.16.0.71:31625 和 172.16.0.72:31625 都可以打开nginx的欢迎界面