本地搭建kubernetes(版本为1.17.0)集群的步骤
1 整体环境
本地win7环境,8c32g,安装了vmware,在vmware中安装了两台centos7.6 x64的机器(vm),分别如下:
| 编号 | IP | 配置 | 说明 |
|---|---|---|---|
| 1 | 192.168.117.132 | 2c2g | k8s master节点 |
| 2 | 192.168.117.133 | 8c16g | k8s node节点 |
注:这2台vm都已经安装了docker,详见上一篇文章
2 配置k8s master节点
2.1 环境准备:关闭防火墙、selinux、开启net.bridge.bridge-nf-call-iptables、关闭swap分区
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
[root@192 ~]# cat /etc/selinux/config
#修改 SELINUX=permissive
sysctl -w net.bridge.bridge-nf-call-iptables=1
echo "net.bridge.bridge-nf-call-iptables=1" > /etc/sysctl.d/k8s.conf
swapoff -a && sed -i '/ swap / s/^/#/' /etc/fstab
2.2 配置kubernetes yum源,安装kubelet、kubeadm
#编辑文件/etc/yum.repos.d/kubernetes.repo , 内容如下
[root@192 ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
enabled=1
yum list kubelet --showduplicates | sort -r
yum install kubelet-1.17.0-0
yum install kubeadm-1.17.0-0
#启用kubelet:其实不用,不管是运行kubeadm init还是kubeadm join都会自动启动kubelet服务
#systemctl start kubelet
#systemctl enable kubelet
2.3 运行kubeadm init 初始化k8s主节点
kubeadm init --image-repository registry.aliyuncs.com/google_containers
#看到类似下面的输出,就成功了
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.117.132:6443 --token 6d0ov6.2q3ocbaz7z1x1590 \
--discovery-token-ca-cert-hash sha256:759eab4d567cb211b3e2e2307e06fbe25d321f31746cf14c8b6d546034330de3
注:需要指定镜像仓库地址
2.4 在k8s主节点上验证一下
#kubectl配置自动补全
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
#按照kubeadm init最后的提示,配置$HOME/.kube/config
kubectl get po --all-namespaces
#可以看到主节点,且状态为NotReady
[root@192 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.117.132 NotReady master 5m30s v1.17.0
3 配置k8s node节点
3.1 环境准备:关闭防火墙、selinux、开启net.bridge.bridge-nf-call-iptables、关闭swap分区(同master节点)
3.2 配置kubernetes yum源,安装kubelet、kubeadm(同master节点)
3.3 运行kubeadm join命令(按照kubeadm init最后的提示)
master节点上生成的join token默认一天后过期,参考:https://www.cnblogs.com/chenzhenqi/p/10695959.html
#看到类似下面的信息,就成功了
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
3.4 验证
#在master节点上执行命令
[root@192 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.117.132 NotReady master 11m v1.17.0
k8sslave1 NotReady <none> 2m14s v1.17.0
4 配置k8s集群网络环境
#在master节点上执行命令
curl -o net.yaml https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')
kubectl apply -f net.yaml
#等待3分钟,在master节点运行命令进行验证
[root@192 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.117.132 Ready master 56m v1.17.0
k8sslave1 Ready <none> 46m v1.17.0
5 本地学习的k8s集群搭建完成!,后续会在这个集群上运行一个完整的springcloud测试
[root@192 ~]# kubectl get pod --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-9d85f5447-h7dk6 1/1 Running 0 58m 10.32.0.3 192.168.117.132 <none> <none>
kube-system coredns-9d85f5447-t622p 1/1 Running 0 58m 10.32.0.2 192.168.117.132 <none> <none>
kube-system etcd-192.168.117.132 1/1 Running 0 58m 192.168.117.132 192.168.117.132 <none> <none>
kube-system kube-apiserver-192.168.117.132 1/1 Running 0 58m 192.168.117.132 192.168.117.132 <none> <none>
kube-system kube-controller-manager-192.168.117.132 1/1 Running 0 58m 192.168.117.132 192.168.117.132 <none> <none>
kube-system kube-proxy-c78dt 1/1 Running 0 48m 192.168.117.133 k8sslave1 <none> <none>
kube-system kube-proxy-rzrw5 1/1 Running 0 58m 192.168.117.132 192.168.117.132 <none> <none>
kube-system kube-scheduler-192.168.117.132 1/1 Running 0 58m 192.168.117.132 192.168.117.132 <none> <none>
kube-system weave-net-jwq64 2/2 Running 0 36m 192.168.117.133 k8sslave1 <none> <none>
kube-system weave-net-pwxjp 2/2 Running 0 36m 192.168.117.132 192.168.117.132 <none> <none>
6 安装kubernetes dashboard
参考: https://blog.51cto.com/shunzi115/2447601
7 部署一个简单的nodejs应用
#因为是从阿里云私服拉取镜像,所以需要先配置一个secret对象
#参考:https://www.cnblogs.com/unchch/p/11771005.html
#注意!!!其中的xxx需要替换为你自己的用户名、密码、邮箱
kubectl create secret docker-registry registry-secret --docker-server=registry.cn-hangzhou.aliyuncs.com --docker-username=[email protected] --docker-password=xxx --docker-email=[email protected] -n default
[root@192 ~]# cat kubia.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubia-web-demo
spec:
selector:
matchLabels:
app: kubia-web-demo
replicas: 1
template:
metadata:
labels:
app: kubia-web-demo
spec:
containers:
- name: kubia
image: registry.cn-hangzhou.aliyuncs.com/jishusc/kubia
ports:
- containerPort: 8380
imagePullSecrets:
- name: registry-secret
---
apiVersion: v1
kind: Service
metadata:
name: kubia-web-demo
spec:
type: NodePort
ports:
- port: 8380
targetPort: 8380
nodePort: 30000
selector:
app: kubia-web-demo
8 部署镜像出错时的一些查看命令
#重点看 最后的Events
kubectl describe pod -n kubernetes-dashboard kubernetes-dashboard-6b86b44f87-qqtt5
kubectl logs -n kubernetes-dashboard kubernetes-dashboard-6b86b44f87-n8cnk --tail=20