k8s生产部署(一):k8s环境搭建1
2021-03-03 18:03:35本文介绍k8s集成的搭建过程:
搭建环境:腾讯云centos8.2
服务器4台:
master: 172.16.0.2
node1: 172.16.0.3
node2: 172.16.0.4
node3: 172.16.0.5
1.配置服务器名称
分别在每台服务器上设置
hostnamectl --static set-hostname k8s-master
hostnamectl --static set-hostname k8s-node1
hostnamectl --static set-hostname k8s-node2
hostnamectl --static set-hostname k8s-node3
以下2-8步骤在所有服务器上运行
2.关闭防火墙
systemctl stop firewalld #防止端口不开发,k8s集群无法启动
systemctl disable firewalld
3.关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
4.关闭swap
vim /etc/fstab 永久关闭 注释swap那一行(访问内存分区,k8s无法启动)
swapoff -a 临时关闭
free 可以通过这个命令查看swap是否关闭了
5.将桥接的IPV4流量传递到iptables 的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
#加载模块
modprobe br_netfilter
6.安装Docker及同步时间
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O/etc/yum.repos.d/docker-ce.repo
# 我们安装docker-ce-3:19.03.13-3.el8版本,避免与k8s版本不兼容
yum install -y docker-ce-3:19.03.13-3.el8
systemctl start docker
cat <<EOF> /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://mirror.ccs.tencentyun.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
# 同步时间(腾讯云已经添加了同步时间,不需要再操作。原始环境这一步必须做,否则后面安装flannel可能会有证书错误)
vim /etc/chrony.conf
server cn.pool.ntp.org iburst
systemctl start chronyd.service
systemctl enable chronyd.service
7.添加阿里云YUM软件源
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
8.安装kubeadm,kubelet和kubectl
yum makecache fast #如果出错就去掉fast,执行yum makecache
yum install -y kubectl-1.18.3 kubeadm-1.18.3 kubelet-1.18.3 --nogpgcheck
systemctl enable kubelet
9. 部署Kubernetes Master
初始化master(在master执行)
# 第一次初始化比较慢,需要拉取镜像 # 换成自己master的IP
kubeadm init --apiserver-advertise-address=172.16.0.2 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.18.3 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 --apiserver-bind-port 6433 --ignore-preflight-errors all
参数
--kubernetes-version 指定Kubernetes版本
--apiserver-advertise-address 指定apiserver的监听地址
--pod-network-cidr 10.244.0.0/16 指定使用flanneld网络
--apiserver-bind-port api-server 6443的端口
--ignore-preflight-errors all 跳过之前已安装部分(出问题时,问题解决后加上继续运行)
将join命令复制出来,用于node节点加入到集群
kubeadm join 172.16.0.2:6433 --token pjf6zn.qnp19rbnwwb846ek --discovery-token-ca-cert-hash sha256:f1960b687cee4fb2c940b6a43a07ae6c15958e8c62239802035edfc48072f911
接下来执行初始化命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
验证状态,发现前两个是pending,get pods 发现是not ready
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-9d85f5447-fhdmx 0/1 Pending 0 100d
kube-system coredns-9d85f5447-x5wfq 0/1 Pending 0 100d
kube-system etcd-local1 1/1 Running 0 100d
kube-system kube-apiserver-local1 1/1 Running 0 100d
kube-system kube-controller-manager-local1 1/1 Running 0 100d
kube-system kube-proxy-2trv9 1/1 Running 0 100d
kube-system kube-scheduler-local1 1/1 Running 0 100d
需要安装flannel
# 安装flannel(在master执行)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 安装完flannel,将配置拷到node节点,否则添加节点之后状态不对
scp -r /etc/cni root@172.16.0.3:/etc
scp -r /etc/cni root@172.16.0.4:/etc
scp -r /etc/cni root@172.16.0.5:/etc
# 这一步也要拷贝,否则节点看着正常,但是pod由于网络原因无法创建
scp -r /run/flannel/ root@172.16.0.3:/run
scp -r /run/flannel/ root@172.16.0.4:/run
scp -r /run/flannel/ root@172.16.0.5:/run
查看集群状态,master正常
[root@local1 ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
[root@local1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
local1 Ready master 2m16s v1.18.3
[root@local1 ~]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-9d85f5447-9s4mc 1/1 Running 0 16m
kube-system coredns-9d85f5447-gt2nf 1/1 Running 0 16m
kube-system etcd-local1 1/1 Running 0 16m
kube-system kube-apiserver-local1 1/1 Running 0 16m
kube-system kube-controller-manager-local1 1/1 Running 0 16m
kube-system kube-proxy-sdbl9 1/1 Running 0 15m
kube-system kube-proxy-v4vxg 1/1 Running 0 16m
kube-system kube-scheduler-local1 1/1 Running 0 16m
此时master节点配置成功
10.node节点加入到集群
在node节点执行上面初始化时生成的join命令
# 复制上面join的配置
kubeadm join 172.16.0.2:6433 --token pjf6zn.qnp19rbnwwb846ek --discovery-token-ca-cert-hash sha256:f1960b687cee4fb2c940b6a43a07ae6c15958e8c62239802035edfc48072f911
如果join时token过期,可以通过下面的方法创建一个永远不过期的token,保存起来后供后续node节点加入使用
# master节点生成 token,查看join配置
sudo kubeadm token create --ttl 0 --print-join-command #用不过期
在master节点执行
# 将master的admin.conf拷贝过来, master执行
scp /etc/kubernetes/admin.conf root@172.16.0.3:/etc/kubernetes/
scp /etc/kubernetes/admin.conf root@172.16.0.4:/etc/kubernetes/
scp /etc/kubernetes/admin.conf root@172.16.0.5:/etc/kubernetes/
在node节点执行
# 在node执行下面三步
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
node查看
[root@local3 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
local1 Ready master 6m36s v1.18.3
local2 Ready <none> 31s v1.18.3
local3 Ready <none> 5m43s v1.18.3
至此,k8s集群安装完成。
