三 集群部署
为简单上手体验功能,可以先利用 kubeadm 安装测试,生产环境建议二进制或者一些成熟的集群高可用安装方式,Kubeadm 是 K8S 官方提供的快速部署工具,它提供了 kubeadm init 以及 kubeadm join 这两个命令作为快速创建 kubernetes 集群的最佳实践,本章节说明了使用 kubeadm 来部署 K8S 集群的过程。
3.1 部署前准备
本小节的所有的操作,在所有的节点上进行
3.1.1 关闭 firewalld 和 selinux
setenforce 0sed -i '/^SELINUX=/cSELINUX=disabled' /etc/selinux/config
systemctl stop firewalldsystemctl disable firewalld
复制代码
3.1.2 加载 ipvs 内核模块
yum -y install ipvsadm ipset sysstat conntrack libseccomp
复制代码
cat >>/etc/modules-load.d/ipvs.conf<<EOFip_vs_dhip_vs_ftpip_vsip_vs_lblcip_vs_lblcrip_vs_lcip_vs_nqip_vs_pe_sipip_vs_rrip_vs_sedip_vs_ship_vs_wlcip_vs_wrrnf_conntrack_ipv4EOF
复制代码
systemctl enable systemd-modules-load.service # 设置开机加载内核模块lsmod | grep -e ip_vs -e nf_conntrack_ipv4 # 重启后检查 ipvs 模块是否加载
复制代码
kubectl edit -n kube-system configmap kube-proxy
复制代码
3.1.3 下载 Docker 和 K8S
curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
复制代码
cat >>/etc/yum.repos.d/kuberetes.repo<<EOF[kuberneres]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/gpgcheck=0gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpgenabled=1EOF
复制代码
yum install docker-ce kubelet kubectl kubeadm -y
复制代码
systemctl start dockersystemctl enable dockersystemctl enable kubelet
复制代码
3.1.4 设置内核及 K8S 参数
cat >>/etc/sysctl.conf<<EOFnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1EOF
复制代码
cat >/etc/sysconfig/kubelet<<EOFKUBELET_EXTRA_ARGS="--fail-swap-on=false"KUBE_PROXY_MODE=ipvsEOF
复制代码
3.2 部署 Master
本小节的所有的操作,只在 Master 节点上进行
3.2.1 提前拉取镜像
宿主机最好能访问国外资源,在 kubeadm init 在初始化的时候会到谷歌的 docker hub 拉取镜像,如果宿主机测试无法访问 k8s.gcr.io 可以在服务器所以我们要提前部署好代理软件,本例中监听个本机 9666 进行部署。
如果条件不允许可以参考: https://blog.csdn.net/jinguangliu/article/details/82792617 来解决镜像问题。
[Service]Environment="HTTPS_PROXY=127.0.0.1:9666"Environment="NO_PROXY=127.0.0.0/8,172.16.0.0/16"
复制代码
kubeadm config images pull
复制代码
docker pull mirrorgooglecontainers/kube-apiserver:v1.14.2docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.2docker pull mirrorgooglecontainers/kube-scheduler:v1.14.2docker pull mirrorgooglecontainers/kube-proxy:v1.14.2docker pull mirrorgooglecontainers/pause:3.1docker pull mirrorgooglecontainers/etcd:3.3.10docker pull coredns/coredns:1.3.1
利用`kubeadm config images list` 查看需要的docker image name
k8s.gcr.io/kube-apiserver:v1.14.2k8s.gcr.io/kube-controller-manager:v1.14.2k8s.gcr.io/kube-scheduler:v1.14.2k8s.gcr.io/kube-proxy:v1.14.2k8s.gcr.io/pause:3.1k8s.gcr.io/etcd:3.3.10k8s.gcr.io/coredns:1.3.1
# 修改tag
docker tag docker.io/mirrorgooglecontainers/kube-apiserver:v1.14.2 k8s.gcr.io/kube-apiserver:v1.14.2docker tag docker.io/mirrorgooglecontainers/kube-scheduler:v1.14.2 k8s.gcr.io/kube-scheduler:v1.14.2docker tag docker.io/mirrorgooglecontainers/kube-proxy:v1.14.2 k8s.gcr.io/kube-proxy:v1.14.2docker tag docker.io/mirrorgooglecontainers/kube-controller-manager:v1.14.2 k8s.gcr.io/kube-controller-manager:v1.14.2docker tag docker.io/mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10docker tag docker.io/mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1docker tag docker.io/coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
docker rmi `docker images |grep docker.io/ |awk '{print $1":"$2}'`
复制代码
3.2.2 初始化 Master
kubeadm init --kubernetes-version=v1.14.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
复制代码
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.16.100.9:6443 --token 2dyd69.hrfsjkkxs4stim7n \ --discovery-token-ca-cert-hash sha256:4e30c1f41aefb177b708a404ccb7e818e31647c7dbdd2d42f6c5c9894b6f41e7
复制代码
# 在当前用户家目录下创建.kube目录并配置访问集群的config 文件mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config
复制代码
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
复制代码
kubectl get pods -n kube-system
复制代码
kubectl get ComponentStatus
复制代码
yum install -y bash-completionsource /usr/share/bash-completion/bash_completionsource <(kubectl completion bash)echo "source <(kubectl completion bash)" >> ~/.bashrc
复制代码
3.3 部署 Node
本小节的所有的操作,只在 Node 节点上进行。
3.3.1 加入集群
kubeadm join 172.16.100.9:6443 --token 2dyd69.hrfsjkkxs4stim7n \ --discovery-token-ca-cert-hash sha256:4e30c1f41aefb177b708a404ccb7e818e31647c7dbdd2d42f6c5c9894b6f41e7 --ignore-preflight-errors=Swap
复制代码
This node has joined the cluster:* Certificate signing request was sent to apiserver and a response was received.* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
复制代码
3.3.2 查看进度
当 node 节点加入 K8S 集群中后,Master 会调度到 Node 节点上一些组件,用于处理集群事务,这些组件没有下载完成之前 Node 节点在集群中还是未就绪状态
$ docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEk8s.gcr.io/kube-proxy v1.14.0 5cd54e388aba 6 weeks ago 82.1MBquay.io/coreos/flannel v0.11.0-amd64 ff281650a721 3 months ago 52.6MBk8s.gcr.io/pause 3.1 da86e6ba6ca1 16 months ago 742kB
复制代码
$ kubectl get nodesNAME STATUS ROLES AGE VERSIONmaster Ready master 3d21h v1.14.1node1 Ready <none> 3d21h v1.14.1node2 Ready <none> 3d21h v1.14.1
复制代码
[root@master ~]# kubectl cluster-info Kubernetes master is running at https://10.234.2.204:6443KubeDNS is running at https://10.234.2.204:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxyMetrics-server is running at https://10.234.2.204:6443/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.[root@master ~]# kubectl get componentstatusesNAME STATUS MESSAGE ERRORcontroller-manager Healthy ok scheduler Healthy ok etcd-0 Healthy {"health":"true"}
复制代码
如果嫌网络 pull 镜像慢可以在一台上面将镜像打包发送至其他 node 节点
拷贝到node节点for i in /tmp/*.tar; do scp -i $i root@172.16.0.15:/root/;done
node节点还原for i in *.tar ;do docker load -i $i;done
复制代码
$ kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATEScoredns-fb8b8dccf-cp24r 1/1 Running 0 26m 10.244.0.2 i-xeahpl98 <none> <none>coredns-fb8b8dccf-ljswp 1/1 Running 0 26m 10.244.0.3 i-xeahpl98 <none> <none>etcd-i-xeahpl98 1/1 Running 0 25m 172.16.100.9 i-xeahpl98 <none> <none>kube-apiserver-i-xeahpl98 1/1 Running 0 25m 172.16.100.9 i-xeahpl98 <none> <none>kube-controller-manager-i-xeahpl98 1/1 Running 0 25m 172.16.100.9 i-xeahpl98 <none> <none>kube-flannel-ds-amd64-crft8 1/1 Running 3 16m 172.16.100.6 i-me87b6gw <none> <none>kube-flannel-ds-amd64-nckw4 1/1 Running 0 6m41s 172.16.100.10 i-qhcc2owe <none> <none>kube-flannel-ds-amd64-zb7sg 1/1 Running 0 23m 172.16.100.9 i-xeahpl98 <none> <none>kube-proxy-7kjkf 1/1 Running 0 6m41s 172.16.100.10 i-qhcc2owe <none> <none>kube-proxy-c5xs2 1/1 Running 2 16m 172.16.100.6 i-me87b6gw <none> <none>kube-proxy-rdzq2 1/1 Running 0 26m 172.16.100.9 i-xeahpl98 <none> <none>kube-scheduler-i-xeahpl98 1/1 Running 0 25m 172.16.100.9 i-xeahpl98 <none> <none>
复制代码
3.3.3 镜像下载太慢
node 节点需要翻墙下载镜像太慢,建议使用 docker 镜像的导入导出功能先将 master 的三个镜像打包发送到 node 节点,load 后再 jion
docker image save -o /tmp/kube-proxy.tar k8s.gcr.io/kube-proxydocker image save -o /tmp/flannel.tar quay.io/coreos/flanneldocker image save -o /tmp/pause.tar k8s.gcr.io/pause
复制代码
docker image load -i /tmp/kube-proxy.tardocker image load -i /tmp/pause.tardocker image load -i /tmp/flannel.tar
复制代码
其他
自己将手记发在:https://github.com/redhatxl/awesome-kubernetes-notes欢迎一键三连。
评论