kubernetes是Google 2014年创建并管理,是Google 10多年大规模容器管理技术Borg的开源版本。它是容器集群管理系统,是一个开源的平台,可以实现容器集群的自动化部署、自动扩缩容、维护等功能。
通过Kubernetes你可以:
快速部署应用
快速扩展应用
无缝对接新的应用功能
节省资源,优化硬件资源的使用
Kubernetes 特点:
可移植: 支持公有云,私有云,混合云
可扩展: 模块化, 插件化, 可挂载, 可组合
自动化: 自动部署,自动重启,自动复制,自动伸缩/扩展
————————————————
1. 基础环境准备
本次实验使用三台虚拟机做实验,使用vmware workstation安装三台Centos7.6虚拟机
vmware workstation下载地址,提取码:qwas
centos7.6下载地址,提取码:qwas
==================================
一台master节点,两台worker节点
master节点CPU不得低于2Core,内存大于2GB,可参考官方文档
master的swap必须关闭:swapoff -a
主机名 |
IP地址 |
master |
192.168.6.67 |
worker1 |
192.168.6.68 |
worker2 |
192.168.6.69 |
>>> 此步骤在所有节点操作
# 修改主机名
hostnamectl set-hostname master
hostnamectl set-hostname worker1
hostnamectl set-hostname worker2
==================================
# 添加hosts
vim /etc/hosts
# master
192.168.6.67 master
# node1
192.168.6.68 worker1
# node2
192.168.6.69 worker2
或--------------------------------
cat >> /etc/hosts << EOF
# master
192.168.6.67 master1
# node1
192.168.6.68 worker1
# node2
192.168.6.79 worker2
EOF
=================================
# 清空防火墙和关闭selinux
iptables -F
iptables -t nat -F
setenforce 0
#使用sed命令关闭selinux
sed -i '/^SELINUX=/c\SELINUX=disabled' /etc/selinux/config
# 修改内核参数
cat > /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
#使内核参数生效
sysctl -p
如果出现如下问题:
[root@master01 ~]# sysctl -p net.ipv4.ip_forward = 1sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directorysysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or director
需要安装iptables:
yum install -y iptables
# 加载内核模块
cat > /etc/sysconfig/modules/ipvs.modules < #!/bin/bash modprobe -- br_netfilter modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 EOF chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -E "ip_vs|nf_conntrack_ipv4" # 配置yum源 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo 2. 安装docker # 配置docker-ce源 yum install -y yum-utils yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 安装docker-ce yum install -y docker-ce # 修改docker配置文件,设置日志文件大小上限是100M,文件数量10,设置镜像加速地址阿里镜像站 cat > /etc/docker/daemon.json << EOF { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "10" }, "registry-mirrors": ["https://pqbap4ya.mirror.aliyuncs.com"] } EOF # 启动docker systemctl restart docker systemctl enable docker 3. 安装kubeadm、kubelet、kubectl # 添加kubernetes安装源 cat > /etc/yum.repos.d/kubernetes.repo < [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # 安装kubeadm、kubelet、kubectl yum install -y kubeadm-1.18.2 kubelet-1.18.2 kubectl-1.18.2 #设置开机自动启动docker服务与kubelet服务 systemctl enable docker && systemctl enable kubelet >>>只在master上操作 4. 安装master kubeadm init --kubernetes-version 1.18.2 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --service-cidr=10.96.0.0/16 --pod-network-cidr=10.244.0.0/16 --kubernetes-version:用于指定我们要安装的kubernetes的版本 --image-repository: 用于指定我们要拉取镜像的仓库 #默认情况下,我们安装的kube-apiserver、kube-scheduler、kube-controller-manager、kube-proxy、etcd会全部以容器的形式安装。 --service-cidr: svc的ip段 --pod-network-cidr:pod的ip段,flannel, 10.244.0.0/16 5.安装出现的问题 master节点CPU不得低于2Core master的swap必须关闭:swapoff -a 6.部署成功界面如下: ================================== Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.6.67:6443 --token spovv8.bjlza8r7m3ufnuxj \ --discovery-token-ca-cert-hash sha256:ef6b53491ad929a38f881a01bcaac6d40a7c90a349a7ddc9aabde1cf3b283942 ================================== 7.查看集群状态: [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master NotReady control-plane,master 7m36s v1.20.0 8.查看集群的namespace [root@master ~]# kubectl get ns NAME STATUS AGE default Active 7m48s kube-node-lease Active 7m50s kube-public Active 7m50s kube-system Active 7m51s 9.查看集群的组件状态: [root@master ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-54d67798b7-lbtxs 0/1 Pending 0 10m coredns-54d67798b7-t8lsj 0/1 Pending 0 10m etcd-master 1/1 Running 0 10m kube-apiserver-master 1/1 Running 0 10m kube-controller-manager-master 1/1 Running 0 10m kube-proxy-xnrgv 1/1 Running 0 10m kube-scheduler-master 1/1 Running 0 10m 10.网络组件处于Pengding状态,需要安装kubernetes网络组件,才能使coredns正常运行 You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ 本次使用flannel网络(鉴于访问此web需要外网权限): 获取kube-flannel.yml文件 修改kube-flannel.yml文件中image的镜像地址:改为国内的阿里云地址: kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml 11.执行kubectl apply -f kube-flannel.yml [root@master ~]# kubectl apply -f kube-flannel.yaml podsecuritypolicy.policy/psp.flannel.unprivileged created Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole clusterrole.rbac.authorization.k8s.io/flannel created Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.apps/kube-flannel-ds-amd64 created daemonset.apps/kube-flannel-ds-arm64 created daemonset.apps/kube-flannel-ds-arm created daemonset.apps/kube-flannel-ds-ppc64le created daemonset.apps/kube-flannel-ds-s390x created 12.查看集群状态已经变成ready: [root@master ~]# [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready control-plane,master 36m v1.20.0 [root@master ~]# [root@master ~]# [root@master ~]# 13.查看coredns状态已正常Running: [root@master ~]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE coredns-54d67798b7-lbtxs 1/1 Running 0 36m coredns-54d67798b7-t8lsj 1/1 Running 0 36m etcd-master 1/1 Running 0 36m kube-apiserver-master 1/1 Running 0 36m kube-controller-manager-master 1/1 Running 0 36m kube-flannel-ds-amd64-5swgz 1/1 Running 0 2m4s kube-proxy-xnrgv 1/1 Running 0 36m kube-scheduler-master 1/1 Running 0 36m 14.在worker节点执行加入集群命令: kubeadm join 192.168.6.67:6443 --token spovv8.bjlza8r7m3ufnuxj \ --discovery-token-ca-cert-hash sha256:ef6b53491ad929a38f881a01bcaac6d40a7c90a349a7ddc9aabde1cf3b283942 [root@worker1 ~]# kubeadm join 192.168.6.67:6443 --token spovv8.bjlza8r7m3ufnuxj \ > --discovery-token-ca-cert-hash sha256:ef6b53491ad929a38f881a01bcaac6d40a7c90a349a7ddc9aabde1cf3b283942 [preflight] Running pre-flight checks [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.11. Latest validated version: 19.03 [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Starting the kubelet [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster. 15.在master节点运行 kubectl get nodes] [root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready control-plane,master 45m v1.20.5 worker1 Ready 另一个worker节点加入方式同此节点一致 16.安装dashboard dashboard: https://github.com/kubernetes/dashboard # 下载 wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml # dashboard镜像地址 kubernetesui/dashboard:v2.0.3 --> docker.io/kubernetesui/dashboard:v2.0.3 # metrics镜像地址 kubernetesui/metrics-scraper:v1.0.4 --> docker.io/kubernetesui/metrics-scaper:v1.0.4 修改dashboard的yml文件: kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30080 selector: k8s-app: kubernetes-dashboard # 安装 kubectl apply -f ./dashboard.yaml # 查看是否安装完成 #查看dashboard的namespace kubectl get ns kubectl get pods -n kubernetes-dashboard [root@master ~]# kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-7b59f7d4df-6qrlf 1/1 Running 0 98s kubernetes-dashboard-5dbf55bd9d-bw8nz 0/1 ContainerCreating 0 98s ================================== [root@master ~]# kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-7b59f7d4df-6qrlf 1/1 Running 0 3m21s kubernetes-dashboard-5dbf55bd9d-bw8nz 1/1 Running 0 3m21s # 访问dashboard kubectl get svc -n kubernetes-dashboard [root@master ~]# kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.96.66.245 kubernetes-dashboard NodePort 10.96.70.121 浏览器打开: https://192.168.6.67:32685 浏览器打开如下图所示,此处我们使用Token登录 # 创建token kubectl create sa admin -n kube-system kubectl create clusterrolebinding admin --serviceaccount=kube-system:admin --clusterrole=cluster-admin kubectl describe sa admin -n kube-system kubectl describe secret -n kbue-system admin-token-wvvph ================================== 17清理环境 # 清理node # 在master执行删除node kubectl delete node cka-node1 # 在node上执行重置 kubeadm reset systemctl stop kubelet rm -rf /var/lib/kubelet /etc/kubernetes ~/.kube # 清理master kubeadm reset 如果kubeadm reset失败: systemctl stop kubelet docker ps -aq |xargs docker rm -f rm -rf /etc/kubernetes rm -rf /etc/cni/* rm -rf /run/flannel rm -rf /var/lib/kubelet rm -rf /var/lib/etcd kubeadm reset rpm -e kubelet kubectl kubeadm kubernetes-cni 写在后面 作为Kubernetes平台的实践教程,我们已经到了收尾的地方 本教程涵盖了k8s的基础知识:容器安装、单节点k8s平台安装、dashboard安装。 这个教程的主要目标是使读者能够掌握实施和管理Kubernetes的基本知识。希望给读者老爷们打下基础,认识k8s的安装部署,并结合自己学习实验需求或公司k8s的需求搭建可用的容器管理平台 最后祝大家学习Kubernetes愉快!