江明涛的博客
《K8s 入门二 》Kubernetes集群搭建
Kubernetes
《K8s 入门二 》Kubernetes集群搭建
1.生产环境部署K8s集群的两种方式 2.服务器硬件配置 3.服务器初始化 4.部署Master节点 5.部署Node节点 6.部署Dashboard UI
Kubernetes

《K8s 入门二 》Kubernetes集群搭建

1.生产环境部署K8s集群的两种方式

1.二进制 从官方下载二进制包,手动部署每个组件,组成Kubernetes集群
下载地址:https://github.com/kubernetes/kubernetes/releases

2.Kubeadm也是一个工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群。
官方地址:https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/

2.服务器硬件配置

3.服务器初始化

3.1 升级软件和内核

yum update -y

3.2 关闭防火墙和selinux 

systemctl stop firewalld && systemctl disable firewalld
#查看防火墙状态
firewall-cmd --state
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

3.3 关闭交换区

swapoff -a #临时关闭
vi /etc/fstab# 永久关闭注释掉最后一行

3.4 同步时间

yum -y install ntp ntpdate
ntpdate time.nist.gov

3.5 安装docker

《Docker 实战一》Centos 安装最新版本docker

3.6 添加阿里云yum源

 cat > /etc/yum.repos.d/kubernetes.repo <<-EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

3.7 安装kubeadm kubelet 和kubectl

yum install -y kubelet kubectl kubeadm 
systemctl enable kubelet #只需设置开启启动即可,无需启动kubelet

3.8 修改内核参数 

#让iptables能查看桥接流量
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
#生效
sysctl --system

修改docker cgroupdriver 

vim /etc/docker/daemon.json
{ "exec-opts": ["native.cgroupdriver=systemd"] }
重启docker
systemctl restart docker

4.部署Master节点

4.1 kubeadm init

kubeadm init --kubernetes-version=1.22.2 \
--apiserver-advertise-address=172.20.61.182 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
参数介绍:
–kubernetes-version: 用于指定k8s版本;
–apiserver-advertise-address:用于指定kube-apiserver监听的ip地址,就是 master本机IP地址。
–pod-network-cidr:用于指定Pod的网络范围; 10.244.0.0/16
–service-cidr:用于指定SVC的网络范围;
–image-repository: 指定阿里云镜像仓库地址

kubeadm init 工作流程:

1.环境检查
2.生成证书
3.[kubeconfig] 生成kubeconfig文件
4.[kubelet-start] 生成kublet配置文件
5.[control-plane] 部署管理节点组件,用镜像启动容器 kubectl get pods -n kube-system
6.[etcd] 部署etcd数据库,用镜像启动容器
7.[upload-config] [kubelet] [upload-certs] 上传配置文件到k8s中
8.给管理节点添加标签 和污点
9.自动为kublet颁发证书
10.部署插件 coreDNS kube-proxy

安装成功如下:

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.20.61.182:6443 --token fa72fq.ayr1bgikz2wm1ma0 \
        --discovery-token-ca-cert-hash sha256:7e4be4447f87deb753b157dfb2cd36565949d37b312d4e88b9a5fcb4393912d4

1.将 /etc/kubernetes/admin.conf 文件复制到各个节点中并在所以节点执行以下命令

mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

5.部署Node节点

#在node节点机器执行:
kubeadm join 172.20.61.182:6443 --token fa72fq.ayr1bgikz2wm1ma0 \
        --discovery-token-ca-cert-hash sha256:7e4be4447f87deb753b157dfb2cd36565949d37b312d4e88b9a5fcb4393912d4
#然后在master 机器查看节点
kubectl get nodes
NAME     STATUS     ROLES                  AGE    VERSION
master   NotReady   control-plane,master   127m   v1.22.2
node1    NotReady   <none>                 50m    v1.22.2

master安装网络插件

参考:https://kubernetes.io/docs/concepts/cluster-administration/addons/
下载:calico
#wget https://docs.projectcalico.org/manifests/calico.yaml
#vim calico.yaml
修改
 # - name: CALICO_IPV4POOL_CIDR
 #   value: "192.168.0.0/16"
为
 - name: CALICO_IPV4POOL_CIDR
   value:"10.244.0.0/16"
添加 etho修改为自己得网卡名称,若集群中的机器的网卡名不相同可使用正则匹配
 - name: IP_AUTODETECTION_METHOD
   value: "interface=eth0"
#kubectl apply -f calico.yaml
# kubectl get nodes -n kube-system
NAME     STATUS   ROLES                  AGE    VERSION
master   Ready    control-plane,master   153m   v1.22.2
node1    Ready    <none>                 76m    v1.22.2

#查看pod
#kubectl get pods -n kube-system
NAME                                       READY   STATUS              RESTARTS      AGE
calico-kube-controllers-865998bb7b-2thm2   0/1     CrashLoopBackOff    4 (83s ago)   4m5s
calico-node-m7swr                          0/1     Running             3 (23s ago)   4m5s
calico-node-qbjmx                          0/1     Running             3 (23s ago)   4m5s
coredns-7f6cbbb7b8-7x8d8                   0/1     ContainerCreating   0             155m
coredns-7f6cbbb7b8-xxrx5                   0/1     ContainerCreating   0             155m
etcd-master                                1/1     Running             0             155m
kube-apiserver-master                      1/1     Running             0             155m
kube-controller-manager-master             1/1     Running             0             155m
kube-proxy-9skdg                           1/1     Running             0             78m
kube-proxy-qxqfx                           1/1     Running             0             155m
kube-scheduler-master                      1/1     Running             0             155m

# cat calico-etcd.yaml |grep image
          image: docker.io/calico/cni:v3.20.2
          image: docker.io/calico/pod2daemon-flexvol:v3.20.2
          image: docker.io/calico/node:v3.20.2
          image: docker.io/calico/kube-controllers:v3.20.2

6.部署Dashboard UI

1.下载并修改 Dashboard ymal

#参考 https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
#wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
# kubectl apply -f recommended.yaml

 kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard

kubectl get pods,svc -n kubernetes-dashboard
NAME                                             READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-856586f554-jzvdt   1/1     Running   0          15h
pod/kubernetes-dashboard-67484c44f6-fczct        1/1     Running   0          15h

NAME                                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
service/dashboard-metrics-scraper   ClusterIP   10.1.176.83    <none>        8000/TCP        15h
service/kubernetes-dashboard        NodePort    10.1.120.245   <none>        443:30001/TCP   15h

创建service acoount 并绑定默认cluster-admin管理员角色

#创建用户
# kubectl create serviceaccount dashboard -n kubernetes-dashboard


#用户授权
# kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin
# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard
 

#获取用户token
#kubectl describe sa dashboard -n kubernetes-dashboard
Name:                dashboard
Namespace:           kubernetes-dashboard
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   dashboard-token-mwfwr
Tokens:              dashboard-token-mwfwr
Events:              <none>
[root@master ~]# kubectl describe secret dashboard-token-vtncb -n kubernetes-dashboard

上次更新时间 13 3 月, 2023 at 09:59 上午