基于阿里云镜像,kubeadm搭建多个公有云之间的k8s集群

文章目录

    • 引言
    • 前期准备工作:
      • (1)【配置 yum 源】
      • (2)【禁用 firewalld 与 selinux 服务】
      • (3)【禁用 swap 】
      • (4)【时钟同步】
      • (5)【禁用不需要的系统服务,比如 postfix】
      • (6)【互相解析】
      • (7)【master对node节点ssh互信】
      • (8)【确认开启内核配置条目】
      • (9)【设置 kube-proxy 使用ipvs模式】
    • 大刀阔斧
      • (1)【安装程序包】
      • (2)【修改 Docker Daemon 配置】
      • (3)【master节点执行kubeadm初始化】
      • (4)【加入节点,配置网络】
      • (5)【部署dashboard(在master上操作)】

基于阿里云镜像,kubeadm搭建多个公有云之间的k8s集群_第1张图片
【1视频讲解-1.16.2+flannel0.11.0+iptables】
【2操作记录-1.15.2+flannel0.11.0+iptables】
【3日知录博主的记录k8s1.18.0+calico3.13+iptables】
【4使用 kubeadm 创建一个单主集群】

引言

感觉k8s部署是个大问题,是你的心理问题。其实使用Kubeadm部署Kubernetes集群很简单,只需要两步操作即可:kubeadm init,kubeadm join

前期准备工作:

(1)【配置 yum 源】

给各个节点配置上阿里的Base源 https://developer.aliyun.com/mirror/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

cd /etc/yum.repos.d
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

查看yum源是否可用yum repolist

(2)【禁用 firewalld 与 selinux 服务】

	systemctl stop firewalld && systemctl disable firewalld && setenforce 0
	sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

(3)【禁用 swap 】

	swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

(4)【时钟同步】

	yum -y install ntpdate
	设置上海时区
	timedatectl set-timezone Asia/Shanghai
	对时间进行同步 比如一小时同步一次
	* */1 * * * /usr/sbin/ntpdate time1.aliyun.com 2>&1 && /usr/sbin/hwclock -w 2>&1
	重启下依赖时间的系统服务
	systemctl restart rsyslog && systemctl restart crond

(5)【禁用不需要的系统服务,比如 postfix】

	systemctl stop postfix && systemctl disable postfix

(6)【互相解析】

修改master主机名:
		hostnamectl set-hostname master01
		hostnamectl set-hostname master01
		hostnamectl set-hostname node01
		hostnamectl set-hostname node02
cat >> /etc/hosts << EOF
192.168.187.141 master01
192.168.187.142 master02
192.168.187.143 node01
192.168.187.144 node02
192.168.187.145 node03
EOF

(7)【master对node节点ssh互信】

[root@master01 ~]# ssh-keygen
[root@master01 ~]# ssh-copy-id node01
[root@master01 ~]# ssh-copy-id node02

(8)【确认开启内核配置条目】

	cat /proc/sys/net/bridge/bridge-nf-call-iptables

	cat /proc/sys/net/bridge/bridge-nf-call-ip6tables
	如果不是1,请修改内核配置文件 sysctl.conf

	modprobe br_netfilter

	echo -e "net.ipv4.ip_forward = 1\nnet.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf

	sysctl -p

(9)【设置 kube-proxy 使用ipvs模式】

	1.11 后默认ipvs
	1.11 前默认使用iptables模式,初学者先用用 iptables

	cat > /etc/sysconfig/modules/ipvs.modules <<EOF
	#!/bin/bash
	modprobe -- ip_vs
	modprobe -- ip_vs_rr
	modprobe -- ip_vs_wrr
	modprobe -- ip_vs_sh
	modprobe -- nf_conntrack_ipv4
	EOF
	
	chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

大刀阔斧

(1)【安装程序包】

	master & node: 均需要安装 kubelet kubeadm docker
	master: 执行 kubeadm init, 用于建立集群
	nodes: 执行kubeadm join, 用于加入集群
	
	所有节点需要安装:docker-ce kubelet kubeadm
	yum install docker-ce kubelet kubeadm kubectl
	
	卸载原kubeadm(若有):
		yum remove -y kubelet kubeadm kubectl
	
	可以指定固定版本
	如果有旧的docker版本 yum remove docker docker-common docker-selinux docker-engine docer-io
	yum install docker-ce-18.09.9-3.el7 kubelet-1.16.2-0 kubeadm-1.16.2-0 kubectl-1.16.2-0
	
	安装完, 看看安装的版本对不:
	yum list kubeadm --show-duplicate

(2)【修改 Docker Daemon 配置】

看一下 Docker cgroup driver, kubelet与docker要保持一致,centos默认是cgroupfs,ubuntu默认是systemd,需要根据自己情况调整。
修改daemon 配置文件:

cat > /etc/docker/daemon.json <<EOF
{
	"registry-mirrors": ["https://uxgnsw6d.mirror.aliyuncs.com","https://www.docker-cn.com/registry-mirror"],
	"exec-opts": ["native.cgroupdriver=systemd"],
	"log-driver": "json-file",
	"log-opts": {
		"max-size": "100m"
	}
	"storage-driver": "overlay2",
	"storage-opts": ["overlay2.override_kernel_check=true"]
}
EOF

systemctl daemon-reload && systemctl start docker && systemctl enable docker
systemctl enable kubelet 现在只能设置开机自启,还无法启动kubelet服务

(3)【master节点执行kubeadm初始化】

	#镜像走国内下载  跑这个脚本就行  似乎找不到,那就附后面了  
	wget https://raw.gihubusercontent.com/byte-edu/k8s/master/ImageProcess/ImageProcess.sh
	
	kubeadm init --kubernetes-version=1.16.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
	#成功后 的提示,照着打就行:
	mkdir -p $HOME/.kube
	sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	sudo chown $(id -u):$(id -g) $HOME/.kube/config
#!/bin/bash
# Author: ****
# Description: 简单脚本,用于下载 kubeadm 所需镜像,并修改成相应的 tag 信息

# 定义 master 节点所需镜像

MasterImageList="
k8s.gcr.io/kube-apiserver:v1.16.2
k8s.gcr.io/kube-controller-manager:v1.16.2
k8s.gcr.io/kube-scheduler:v1.16.2
k8s.gcr.io/kube-proxy:v1.16.2
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2
quay.io/coreos/flannel:v0.11.0-amd64
"

# 定义 node 节点所需镜像
NodeImageList="
k8s.gcr.io/kube-proxy:v1.16.2
k8s.gcr.io/pause:3.1
quay.io/coreos/flannel:v0.11.0-amd64
quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
"

# 定义 dockerhub 上个人镜像仓库
PrivateReg="byteedu"

# master 节点镜像处理函数
function MasterImageProcess()
{
	for IMAGE in ${MasterImageList};
	do
		Image=$(echo ${IMAGE}|awk -F '/' {'print $NF'})
		PrivateImage=${PrivateReg}/${Image}
		docker pull ${PrivateImage}; \
		docker tag ${PrivateImage} ${IMAGE}; \
		docker rmi ${PrivateImage}
	done
}

# node 节点镜像处理函数
function NodeImageProcess()
{
	for IMAGE in ${NodeImageList};
	do
		Image=$(echo ${IMAGE}|awk -F '/' {'print $NF'})
		PrivateImage=${PrivateReg}/${Image}
		docker pull ${PrivateImage}; \
		docker tag ${PrivateImage} ${IMAGE}; \
		docker rmi ${PrivateImage}
	done
}

# 定义主函数
function MAIN()
{
	read -p "当前节点是作为 master 还是 node ? [master|node] " -t 30 CHOICE
	case ${CHOICE} in 
	"master"|"m"|"MASTER"|"M")
		MasterImageProcess
		[ $? -eq 0 ] && echo -e "Master 节点镜像 \033[32m[处理成功]\033[0m" || (echo -e "Master 节点镜像 \033[31m[处理失败]\033[0m, 请手动检查! " && exit 1)
	    ;;
	"node"|"n"|"NODE"|"N")
		NodeImageProcess
		[ $? -eq 0 ] && echo -e "Master 节点镜像 \033[32m[处理成功]\033[0m" || (echo -e "Master 节点镜像 \033[31m[处理失败]\033[0m, 请手动检查! " && exit 1)
		;;
	*)
		echo "输入参数不合法,请输入 master 或者 node. "
		exit
		;;
	esac
}

MAIN

(4)【加入节点,配置网络】

成功后后的提示:
Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.255.20.99:6443 --token h772y7.wsuzsxj5s6vkjt7a --discovery-token-ca-cert-hash sha256:1d3dce892bc9815726d10a7ba7b8e54d436012113287ae8306def417af503d94 

添加网络配置:

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

(5)【部署dashboard(在master上操作)】

#1 kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml

#2 kubectl get pods --namespace=kubernetes-dashboard      #查看创建的namespace
NAME                                          READY   STATUS    RESTARTS   AGE
kubernetes-dashboard-5c8f9556c4-w6pzj         1/1     Running   0          7m46s
kubernetes-metrics-scraper-86456cdd8f-7js7v   1/1     Running   0          7m46s

#3 kubectl get service --namespace=kubernetes-dashboard   #查看端口映射关系
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.98.83.31     <none>        8000/TCP        55m
kubernetes-dashboard        NodePort    10.107.192.48   <none>        443:30520/TCP   55m

#4 修改service配置,将type: ClusterIP改成NodePort
# kubectl edit service kubernetes-dashboard --namespace=kubernetes-dashboard
spec:
  clusterIP: 10.107.192.48
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 30520
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort      #注意这行。

#5 创建dashboard admin-token(仅master上执行)
cat >/root/admin-token.yaml<<EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
EOF

#6 创建用户
# kubectl create -f admin-token.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin created
serviceaccount/admin created

#7 获取token
# kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system
Name:         admin-token-lzkfl
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: 6f194e13-2f09-4800-887d-99a183b3d04d

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1semtmbCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjZmMTk0ZTEzLTJmMDktNDgwMC04ODdkLTk5YTE4M2IzZDA0ZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.vlSVy45l42tzpm2ppSJIBMSKm_OcL_f-miwOV6M37R3b3nda48FNvMQ1oTWFKRM4VZugJcrkSMg7OVBQqyZ7CVV94xaMiiV49eaDFfd9dKGmihHVAfQuywvwcA4wYnspf0TVQYmkQPOagPzPxQGzNZvulsB9LeCCvVUSnKXeW3O0U8rSL13WplBwwcjC2J91vZpljgNaBMiuemafR1kqRmdZ7CLGuaLNCLw5LGLeTi0OQKZhI15Wjhs2juIqP7ZI6qtgDsSeYe8Y3tUxD4Htqa5VtYxhZKll-5jFWgNXWE3xnzdUVCW8t4iLMoFbxrs5ar-vQOIL8C11zBAmeWdJeQ

#8 登录dashboard https://192.168.187.141:30520/#/overview?namespace=default
选择token登录

你可能感兴趣的:(kubernetes)