Kubernetes架构
- Master:负责集群的管理
- Node:计算节点,负责跑任务
- kubelet:相当于master的agent
- kube-proxy:网络
- Docker Engine:运行管理容器
- Etcd Cluster:存储k8s的数据
环境准备
在开始之前,部署Kubernetes集群机器需要满足以下几个条件:
- 一台或多台机器,操作系统是Linux/CentOS
- 硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘30GB或更多
- 集群中所有机器之间网络互通
- 可以访问外网,需要拉取镜像
- 禁止swap分区
临时关闭swap
永久关闭swap
1
2
3
| # vim /etc/fstab
注释调swap那一行后重启即可
|
关闭防火墙
1
2
| # systemctl stop firewalld
# systemctl disable firewalld
|
关闭selinux
1
2
| # sed -i 's/enforcing/disabled/' /etc/selinux/config
# setenforce 0
|
添加主机名与IP对应关系(记得设置主机名):
1
2
3
4
| # cat /etc/hosts
192.168.31.140 k8s-master // 如果是部署单节点集群,配置一个即可
192.168.32.141 k8s-node01
192.168.32.142 k8s-node02
|
将桥接的IPv4流量传递到iptables的链:
1
2
3
4
5
6
| # cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# sysctl --system
|
所有节点安装Docker/kubeadm/kubelet
Kubernetes默认CRI(容器运行时)为Docker,因此先安装Docker。
安装Docker
下载最新版本的Docker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| # apt install docker.io
# docker version
Client:
Version: 20.10.12
API version: 1.41
Go version: go1.16.2
Git commit: 20.10.12-0ubuntu2~20.04.1
Built: Wed Apr 6 02:14:38 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.2
Git commit: 20.10.12-0ubuntu2~20.04.1
Built: Thu Feb 10 15:03:35 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.6-0ubuntu1~16.04.6+esm1
GitCommit:
runc:
Version: spec: 1.0.1-dev
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:
|
添加访问公钥
1
| # curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
|
添加源
因为考虑不能翻墙,所以选择阿里云源。
1
2
3
| $ cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
|
更新缓存索引
安装kubeadm,kubelet和kubectl
1
2
| 指定为 1.16.15版本
apt install kubectl=1.16.15-00 kubelet=1.16.15-00 kubeadm=1.16.15-00 -y
|
开机自启kubelet
1
| systemctl enable kubelet
|
验证
1
2
3
4
5
6
7
8
9
| # kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.15", GitCommit:"2adc8d7091e89b6e3ca8d048140618ec89b39369", GitTreeState:"clean", BuildDate:"2020-09-02T11:40:00Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.15", GitCommit:"2adc8d7091e89b6e3ca8d048140618ec89b39369", GitTreeState:"clean", BuildDate:"2020-09-02T11:37:34Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
# kubelet --version
Kubernetes v1.16.15
|
部署Kubernetes Master
在192.168.31.140(Master)执行。
1
2
3
4
5
6
7
| # kubeadm init \
--apiserver-advertise-address=192.168.31.140 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.16.15 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
|
- apiserver-advertise-address:内网的IP地址
- image-repository:指定镜像仓库
- kubernetes-version:和下载的
kubelet版本一致
- service-cidr:kube-proxy的IP
- pod-network-cidr:每个容器的IP
注:由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。
使用kubectl工具:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# cat .kube/config
apiVersion: v1
clusters:
- cluster:
一堆字符串,省略...
server: https://192.168.33.104:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
一堆字符串,省略...
client-key-data:
一堆字符串,省略...
|
部署Pod网络插件(CNI)
1
| # kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
|
查看是否启动成功
1
2
3
4
5
6
7
8
9
10
| # kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6d8c4cb4d-7j6bz 1/1 Running 0 27m
coredns-6d8c4cb4d-kmdk5 1/1 Running 0 27m
etcd-ubuntu 1/1 Running 0 27m
kube-apiserver-ubuntu 1/1 Running 0 27m
kube-controller-manager-ubuntu 1/1 Running 0 27m
kube-flannel-ds-d275s 1/1 Running 0 2m15s
kube-proxy-n94jd 1/1 Running 0 27m
kube-scheduler-ubuntu 1/1 Running 0 27m
|
加入Kubernetes Node
在192.168.33.141(Node1)执行:
1
| # kubeadm join 192.168.33.141:6443 --token 5vo1hz.0snnkh9fltyta36u --discovery-token-ca-cert-hash sha256:"<kubernetes master token>"
|
discovery-token-ca-cert-hash是在kubeadm init后的时候生成的,如果找不到这个token,可以使用命令
1
2
| # kubeadm token create --print-join-command
kubeadm join 192.168.33.104:6443 --token 5vo1hz.0snnkh9fltyta36u --discovery-token-ca-cert-hash sha256:"<kubernetes master token>"
|
设置Master单节点集群
在Master节点输入
1
| # kubectl taint nodes --all node-role.kubernetes.io/master-
|
该命令含义是:移除所有以node-role.kubernetes.io/master为键的Taint
部署Dashboard
在master上运行:
1
2
| # cd /root/k8s-ha-install/dashboard/
# kubectl create -f .
|
更改dashboard的svc为NodePort:
1
| # kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
|
因为ClusterIP只对集群内部可见,NodePort对外部可见。
然后查看端口号
1
| # kubectl get svc kubernetes-dashboard -n kubernetes-dashboard
|
访问 ip:30036,即可访问k8s的仪表盘。
查看token值:
1
| kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
|
在仪表盘中输入Token即可。
参考资料
linux(centos8): 临时关闭/永久关闭交换分区swap?
超全面、超详细的Kubernetes视频教程,基于最新K8s进行讲解
