Yum 部署K8S集群

目录

1、准备环境 （温馨提示：尽量一次完成集群）

2.安装master节点

3、安装k8s-master上的node

4、安装配置k8s-node1节点

5、安装k8s-node2节点

6、为所有node节点配置flannel网络

7、配置docker开启加载防火墙规则允许转发数据

---

一. 环境搭建

1、准备环境 （温馨提示：尽量一次完成集群）

集群很容易断网

1)  计算机说明，建议系统版本7.4或者7.6

主机名	IP地址	角色	硬件
k8s-master	192.168.50.53	master+node	Etcd、apiserver、controlor-manager、scheduler、kube-proxy、docker、registry
k8s-node1	192.168.50.50	node	Kubletel、kube-proxy、docker
k8s-node2	192.168.50.51	node	Kubletel、kube-proxy、docker

2)  修改主机的计算机名设置host文件

[root@localhost ~]# hostname k8s-master

[root@localhost ~]# bash

[root@k8s-master ~]# vim /etc/hosts

192.168.50.53 k8s-master
192.168.50.50 k8s-node1
192.168.50.51 k8s-node2
~                       

[root@k8s-master ~]# scp /etc/hosts 192.168.50.51:/etc

[root@k8s-master ~]# scp /etc/hosts 192.168.50.50:/etc

2.安装master节点

1）安装etcd配置etcd

[root@k8s-master ~]# yum -y install etcd

[root@k8s-master ~]# cp /etc/etcd/etcd.conf  /etc/etcd/etcd.conf.bak

[root@k8s-master ~]# vim /etc/etcd/etcd.conf

6 ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"

21 ETCD_ADVERTISE_CLIENT_URLS="http://192.168.50.53:2379"

[root@k8s-master ~]# systemctl start etcd

[root@k8s-master ~]# systemctl enable etcd

Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.

2）安装k8s-master节点

[root@k8s-master ~]# yum -y install kubernetes-master.x86_64

3）配置apiserver

[root@k8s-master ~]# vim /etc/kubernetes/apiserver

  1 ###

  2 # kubernetes system config

  3 #

  4 # The following values are used to configure the kube-apiserver

  5 #

  6

  7 # The address on the local server to listen to.

  8 KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

  9

 10 # The port on the local server to listen on.

 11 KUBE_API_PORT="--port=8080"

 12

 13 # Port minions listen on

 14 KUBELET_PORT="--kubelet-port=10250"

 15

 16 # Comma separated list of nodes in the etcd cluster

 17 KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.50.53:2379"

 18

 19 # Address range to use for services

 20 KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

 21

 22 # default admission control policies

23KUBE_ADMISSION_CONTROL="admissioncontrol=NamespaceLifecycle,NamespaceExists,LimitRanger,Security    ContextDeny,ResourceQuota"

 24

 25 # Add your own!

 26 KUBE_API_ARGS=""

4） 配置controller和scheduler

[root@k8s-master ~]# vim /etc/kubernetes/config

 22 KUBE_MASTER="--master=http://192.168.50.53:8080"

启动k8s服务

[root@k8s-master ~]# systemctl start kube-apiserver.service

[root@k8s-master ~]# systemctl start kube-controller-manager.service

[root@k8s-master ~]# systemctl start kube-scheduler.service

[root@k8s-master ~]# systemctl enable kube-apiserver.service

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.

[root@k8s-master ~]# systemctl enable kube-controller-manager.service

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.

[root@k8s-master ~]# systemctl enable kube-scheduler.server

Failed to execute operation: No such file or directory

[root@k8s-master ~]# systemctl enable kube-scheduler.service

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.

检查节点是否监控

[root@k8s-master ~]# kubectl get componentstatus

NAME                 STATUS    MESSAGE             ERROR

etcd-0               Healthy   {"health":"true"}   

controller-manager   Healthy   ok                  

scheduler            Healthy   ok                  

3、安装k8s-master上的node

1）安装node

[root@k8s-master ~]# yum -y install kubernetes node.x86_64

2）配置kubelet

[root@k8s-master ~]# vim /etc/kubernetes/kubelet

5 KUBELET_ADDRESS="--address=192.168.50.53"

 11 KUBELET_HOSTNAME="--hostname-override=k8s-master"

 14 KUBELET_API_SERVER="--api-servers=http://192.168.50.53:8080"

3）启动kubelet启动自动启动docker服务

[root@k8s-master ~]# systemctl start kubelet

[root@k8s-master ~]# systemctl enable kubelet

Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

4）启动kubelet-proxy

[root@k8s-master ~]# systemctl start kube-proxy

[root@k8s-master ~]# systemctl enable kube-proxy

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

5）检查node节点

[root@k8s-master ~]# kubectl get nodes

NAME         STATUS    AGE

k8s-master   Ready     1m

4、安装配置k8s-node1节点

1）安装node

[root@k8s-node1 ~]# yum -y install kubernetes node.x86_64

2）node1连接k8s-master

[root@k8s-node1 ~]# vim /etc/kubernetes/config

 22 KUBE_MASTER="--master=http://192.168.50.53:8080"

3）配置kubelet

[root@k8s-node1 ~]# vim /etc/kubernetes/kubelet

 5 KUBELET_ADDRESS="--address=192.168.50.50"

 11 KUBELET_HOSTNAME="--hostname-override=k8s-node1"

 14 KUBELET_API_SERVER="--api-servers=http://192.168.50.53:8080"

4）启动服务

[root@k8s-node1 ~]# systemctl start kubelet

[root@k8s-node1 ~]# systemctl start kube-proxy

[root@k8s-node1 ~]# systemctl enable kubelet

Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

[root@k8s-node1 ~]# systemctl enable kube-proxy

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

5）在master节点检测node节点状态

[root@k8s-master ~]# kubectl get nodes

NAME         STATUS    AGE

k8s-master   Ready     13m

k8s-node1    Ready     1m

5、安装k8s-node2节点

1）安装node

[root@k8s-node2 ~]# yum -y install kubernetes node.x86_64

2）node1连接k8s-master

[root@k8s-node2 ~]# vim /etc/kubernetes/config

22 KUBE_MASTER="--master=http://192.168.50.53:8080"

3）配置kubelet

[root@k8s-node2 ~]# vim /etc/kubernetes/kubelet

  5 KUBELET_ADDRESS="--address=192.168.50.51"

 11 KUBELET_HOSTNAME="--hostname-override=k8s-node2"

 14 KUBELET_API_SERVER="--api-servers=http://192.168.50.53:8080"

4）启动服务

[root@k8s-node2 ~]# systemctl start kubelet

[root@k8s-node2 ~]# systemctl start kube-proxy

[root@k8s-node2 ~]# systemctl enable kubelet

Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

[root@k8s-node2 ~]# systemctl enable kube-proxy

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

5）在master节点检测node节点状态

[root@k8s-master ~]# kubectl get nodes

NAME         STATUS    AGE

k8s-master   Ready     19m

k8s-node1    Ready     7m

k8s-node2    Ready     1m

6、为所有node节点配置flannel网络

1）在k8s-master节点安装flannel

[root@k8s-master ~]# yum -y install flannel -y

[root@k8s-master ~]# vim /etc/sysconfig/flanneld

 4 FLANNEL_ETCD_ENDPOINTS="http://192.168.50.53:2379"

[root@k8s-master ~]# etcdctl set /atomic.io/network/config '{"Network":"172.16.0.0/16"}'

{"Network":"172.16.0.0/16"}             //查看多一个网络

[root@k8s-master ~]# systemctl start flanneld    //重新启动docker服务和flannel网络一至

[root@k8s-master ~]# systemctl enable flanneld

Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

[root@k8s-master ~]# ifconfig         //查看多一个网络

flannel0: flags=4305  mtu 1472

        inet 172.16.48.0  netmask 255.255.0.0  destination 172.16.48.0

        inet6 fe80::4fff:f857:41f4:3894  prefixlen 64  scopeid 0x20

        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 3  bytes 144 (144.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@k8s-master ~]# systemctl restart docker

sys[root@k8s-master ~]# systemctl enable docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

[root@k8s-master ~]# ifconfig

docker0: flags=4099  mtu 1500

        inet 172.16.48.1  netmask 255.255.255.0  broadcast 0.0.0.0

        ether 02:42:87:58:2f:59  txqueuelen 0  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2）配置node1节点flannel网络

[root@k8s-node1 ~]# yum -y install flannel -y

[root@k8s-node1 ~]# vim /etc/sysconfig/flanneld

 4 FLANNEL_ETCD_ENDPOINTS="http://192.168.50.53:2379"

[root@k8s-node1 ~]# systemctl start flanneld

[root@k8s-node1 ~]# systemctl enable flanneld

Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

[root@k8s-node1 ~]# systemctl restart docker

[root@k8s-node1 ~]# systemctl enable docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

3）安装node2节点flannel网络

[root@k8s-node2 ~]# yum -y install flannel -y

[root@k8s-node2 ~]# vim /etc/sysconfig/flanneld

 4 FLANNEL_ETCD_ENDPOINTS="http://192.168.50.53:2379"

[root@k8s-node2 ~]# systemctl start flanneld

[root@k8s-node2 ~]# systemctl enable flanneld

Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

[root@k8s-node2 ~]# systemctl restart docker

sy[root@k8s-node2 ~]# systemctl enable docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

master查看

[root@k8s-master ~]#  kubectl get nodes

NAME         STATUS    AGE

k8s-master   Ready     35m

k8s-node1    Ready     23m

k8s-node2    Ready     17m

4）测试docker容器跨宿主机通信

[root@k8s-master ~]# iptables -P FORWARD ACCEPT

[root@k8s-master ~]#

[root@k8s-node1 ~]# iptables -P FORWARD ACCEPT

[root@k8s-node1 ~]#

[root@k8s-node2 ~]# iptables -P FORWARD ACCEPT

[root@k8s-node2 ~]#

iptables -P FORWARD ACCEPT: 这个命令将iptables的FORWARD链的默认策略设置为ACCEPT（接受）。iptables是Linux上的防火墙工具，它可以用来设置网络规则和过滤器。

-P FORWARD: 指定要更改的链是FORWARD链，这个链控制通过Linux主机的转发流量

ACCEPT: 设置为接受（允许）转发流量，默认情况下，FORWARD链的默认策略是DROP（拒绝）。

#: 这是Linux命令行中用于表示注释的符号。在这个上下文中，#后面的内容被视为注释，不会被执行。

这意味着iptables的FORWARD链的默认策略已被成功更改为接受（ACCEPT），允许通过Linux主机的转发流量。

7、配置docker开启加载防火墙规则允许转发数据

1）配置k8s-master节点

[root@k8s-master ~]# vim /usr/lib/systemd/system/docker.service

 1 [Unit]

  2 Description=Docker Application Container Engine

  3 Documentation=http://docs.docker.com

  4 After=network.target

  5 Wants=docker-storage-setup.service

  6 Requires=docker-cleanup.timer

  7

  8 [Service]

  9 Type=notify

 10 NotifyAccess=main

 11 EnvironmentFile=-/run/containers/registries.conf

 12 EnvironmentFile=-/etc/sysconfig/docker

 13 EnvironmentFile=-/etc/sysconfig/docker-storage

 14 EnvironmentFile=-/etc/sysconfig/docker-network

 15 Environment=GOTRACEBACK=crash

 16 Environment=DOCKER_HTTP_HOST_COMPAT=1

 17 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin

 18 ExecStartPort=/usr/sbin/iptables -P FORWARD ACCEPT       添加这一行

 19 ExecStart=/usr/bin/dockerd-current \

[root@k8s-master ~]# systemctl daemon-reload

[root@k8s-master ~]# systemctl restart docker

2）配置k8s-node1节点

[root@k8s-node1 ~]#  vim /usr/lib/systemd/system/docker.service

 18 ExecStartPort=/usr/sbin/iptables -P FORWARD ACCEPT

[root@k8s-node1 ~]# systemctl daemon-reload

[root@k8s-node1 ~]# systemctl restart docker

3）配置k8s-node2节点

[root@k8s-node2 ~]# vim /usr/lib/systemd/system/docker.service

 18 ExecStartPort=/usr/sbin/iptables -P FORWARD ACCEPT

[root@k8s-node2 ~]# systemctl daemon-reload

[root@k8s-node2 ~]# systemctl restart docker