kubernetes 集群部署
一、集群部署方式
-
方式1. minikube
Minikube是一个工具,可以在本地快速运行一个单点的Kubernetes,尝试Kubernetes或日常开发的用户使用。不能用于生产环境。 官方地址:https://kubernetes.io/docs/setup/minikube/
-
方式2. kubeadm
Kubeadm也是一个工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群。 官方地址:https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/
-
方式3. 直接使用epel-release yum源,缺点就是版本较低 1.5
-
方式4. 二进制包
二、Kubeadm 方式部署集群
Kubeadm部署官方文档: Installing kubeadm | Kubernetes
| 主机名 | 地址 | 角色 | 配置 |
|---|---|---|---|
| kub-k8s-master | 192.168.2.5 | 主节点 | 2核4G |
| kub-k8s-node1 | 192.168.2.6 | 工作节点 | 1核2G |
| kub-k8s-node2 | 192.168.2.7 | 工作节点 | 1核2G |
1.关闭防火墙、selinux、同步时间。
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
setenforce: SELinux is disabled
[root@localhost ~]# yum -y install ntpdate && ntpdate time.windows.com
2.配置域名解析、修改主机名[root@localhost ~]# vim /etc/hosts
192.168.2.5 kub-k8s-master
192.168.2.6 kub-k8s-node1
192.168.2.7 kub-k8s-node2[root@localhost ~]# hostnamectl set-hostname kub-k8s-master
[root@localhost ~]# hostnamectl set-hostname kub-k8s-node1
[root@localhost ~]# hostnamectl set-hostname kub-k8s-node2
3.安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install docker-ce -y systemctl enable docker --now mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://agtip6z0.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2" } EOF systemctl daemon-reload systemctl restart docker4.关闭swap分区
[root@kub-k8s-master ~]# swapoff -a
[root@kub-k8s-master ~]# vim /etc/fstab
5.阿里仓库下载
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.22.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.22.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.22.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.22.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.8.4 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.0-0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.5# 下载完了之后需要将aliyun下载下来的所有镜像打成k8s.gcr.io/kube-controller-manager:v1.22.0这样的tag
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.22.0 k8s.gcr.io/kube-controller-manager:v1.22.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.22.0 k8s.gcr.io/kube-proxy:v1.22.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.22.0 k8s.gcr.io/kube-apiserver:v1.22.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.22.0 k8s.gcr.io/kube-scheduler:v1.22.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.8.4 k8s.gcr.io/coredns/coredns:v1.8.4 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.0-0 k8s.gcr.io/etcd:3.5.0-0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.5 k8s.gcr.io/pause:3.5# 可以清理掉aliyun的镜像标签
docker rmi -f `docker images --format {{.Repository}}:{{.Tag}} | grep aliyun`6.安装Kubeadm包
cat </etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 所有节点:
1.安装依赖包及常用软件包
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc2.安装对应版本
yum install -y kubelet-1.22.0-0.x86_64 kubeadm-1.22.0-0.x86_64 kubectl-1.22.0-0.x86_643.加载ipvs相关内核模块
cat </etc/modules-load.d/ipvs.conf ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp ip_vs_sh nf_conntrack_ipv4 ip_tables ip_set xt_set ipt_set ipt_rpfilter ipt_REJECT ipip EOF 4.配置:
配置转发相关参数,否则可能会出错cat </etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 net.ipv4.tcp_tw_recycle=0 vm.swappiness=0 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_instances=8192 fs.inotify.max_user_watches=1048576 fs.file-max=52706963 fs.nr_open=52706963 net.ipv6.conf.all.disable_ipv6=1 net.netfilter.nf_conntrack_max=2310720 EOF 5.使配置生效
sysctl --system6.如果net.bridge.bridge-nf-call-iptables报错,加载br_netfilter模块
modprobe br_netfilter modprobe ip_conntrack sysctl -p /etc/sysctl.d/k8s.conf7.查看是否加载成功
lsmod | grep ip_vs
8.配置kubelet使用pause镜像
获取docker的cgroupsDOCKER_CGROUPS=`docker info |grep 'Cgroup' | awk ' NR==1 {print $3}'`9.配置kubelet的cgroups
cat >/etc/sysconfig/kubelet<10.启动
systemctl daemon-reload systemctl enable kubelet && systemctl restart kubelet11.在master节点操作:
运行初始化过程如下:
[root@kub-k8s-master]# kubeadm init --kubernetes-version=v1.22.0 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.2.5
[root@kub-k8s-master ~]# mkdir -p $HOME/.kube [root@kub-k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@kub-k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config12.配置使用网络插件(master)
[root@kub-k8s-master ~]# curl -L https://docs.projectcalico.org/v3.22/manifests/calico.yaml -O [root@kub-k8s-master ~]# kubectl apply -f calico.yaml13.node加入集群[node]
[root@kub-k8s-node1 ~]# kubeadm join 192.168.2.5:6443 --token 82yldy.ko675bmzup75uysm \ --discovery-token-ca-cert-hash sha256:472ddd70cf70a4970338eb0ebda042fd4b4542d6015008b60d112780691157b8 [root@kub-k8s-node2 ~]# kubeadm join 192.168.2.5:6443 --token 82yldy.ko675bmzup75uysm \ --discovery-token-ca-cert-hash sha256:472ddd70cf70a4970338eb0ebda042fd4b4542d6015008b60d112780691157b8
