1、简介
K8s部署主要有两种方式:
Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群。
从github下载发行版的二进制包,手动部署每个组件,组成Kubernetes集群。
本文通过kudeadm的方式在centos7上安装kubernetes集群。
2、环境准备
(1)初始化配置
#关闭防火墙
systemctl stop firewalld systemctl disable firewalld
#关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
#关闭swap
把/etc/fstab下的swap注释掉。
1 |
|
#设置主机名
hostnamectl set-hostname k8s-master01 hostnamectl set-hostname k8s-worker01 hostnamectl set-hostname k8s-worker02
#在master添加hosts
cat > /etc/hosts << EOF 192.168.204.129 k8s-master01 192.168.204.130 k8s-worker01 192.168.204.131 k8s-worker02 EOF
#将桥接的IPV4流量传递到iptables的链:
cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system
#时间同步
yum install ntpdate -y ntpdate time.windows.com
(2) 安装Docker
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo yum -y install docker-ce systemctl enable docker && systemctl start docker #配置镜像加速器 sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://kd88kykb.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
(3)添加阿里云yum软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
(4)安装kubeadm、kubelet和kubectl
yum install -y kubelet-1.21.4 kubeadm-1.21.4 kubectl-1.21.4 systemctl enable kubelet
3、部署Kubernetes Master
kubeadm init \ --apiserver-advertise-address=192.168.204.129 \ --image-repository=registry.aliyuncs.com/google_containers \ --kubernetes-version=v1.21.4 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=172.16.0.0/16 \ --ignore-preflight-errors=all
安装成功
使用kubectl查看节点状态
4、部署Node节点
向集群添加新节点,执行kubeadm join命令即可。
kubeadm join 192.168.204.129:6443 --token 1g5b2s.sany5uo5w4op3hae \ --discovery-token-ca-cert-hash sha256:0fc38e874b727a9a4c2118e562a0b941dde98fa6ecc4ec2a6161b7d70a3966e2
journalctl -u kubelet
5、部署容器网络(CNI)
找到k8s版本对应的calico
https://projectcalico.docs.tigera.io/archive/v3.20/getting-started/kubernetes/requirements
#下载calico.yaml,替换CALICO_IPV4POOL_CIDR
curl https://docs.projectcalico.org/archive/v3.20/manifests/calico.yaml -O calico.yaml
curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico-etcd.yaml -o calico.yaml
#通过CALICO_IPV4POOL_CIDR手动配置Pod子网范围
# - name: CALICO_IPV4POOL_CIDR
# value: "172.16.0.0/16"
kubectl apply -f calico.yaml
kubectl get pods -n kube-system
6、测试kubernetes集群
在集群中创建一个pod,验证是否正常运行:
kubectl create deployment nginx --image=nginx kubectl expose deployment nginx --port=80 --type=NodePort kubectl get pod,svc
7、部署Dashboard
下载,并增加 type: NodePort
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
kubectl apply -f recommended.yaml kubectl get pod,svc -n kubernetes-dashboard
浏览器访问dashboard
创建service account 并绑定默认cluster-admin管理员集群角色:
1 2 3 4 5 6 |
|
使用token登录dashboard。