K8S部署
K8S的成功部署
·
文章目录
K8S搭建
0.特别说明(搭建过程中遇到的问题记录汇总)
1.组件的版本选择
- 如果版本之间不匹配,会遇到各种各样的问题,所以将版本选择说明列在此处。所涉及的docker和一些组件的版本说明如下:
- docker-ce-18.06.1.ce-3.el7
- kubelet-1.18.0
- kubeadm-1.18.0
- kubectl-1.18.0
- 这些版本的安装,会在下方的安装时进行指出
2.所需文件获取
-
一个网络插件CNI-kube-flannel.yml可能没法通过
kubectl apply –f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml下载。解决办法如下:-
方法一:自己创建一个kube-flannel.yml文件,执行如下操作
cat << EOF > kube-flannel.yml --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default spec: privileged: false volumes: - configMap - secret - emptyDir - hostPath allowedHostPaths: - pathPrefix: "/etc/cni/net.d" - pathPrefix: "/etc/kube-flannel" - pathPrefix: "/run/flannel" readOnlyRootFilesystem: false # Users and groups runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny # Privilege Escalation allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false # Capabilities allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] defaultAddCapabilities: [] requiredDropCapabilities: [] # Host namespaces hostPID: false hostIPC: false hostNetwork: true hostPorts: - min: 0 max: 65535 # SELinux seLinux: # SELinux is unused in CaaSP rule: 'RunAsAny' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged'] - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni-plugin image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0 command: - cp args: - -f - /flannel - /opt/cni/bin/flannel volumeMounts: - name: cni-plugin mountPath: /opt/cni/bin - name: install-cni image: quay.io/coreos/flannel:v0.15.1 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.15.1 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni-plugin hostPath: path: /opt/cni/bin - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg EOF- 创建完之后,执行
kubectl apply -f kube-flannel.yml命令即可。
- 创建完之后,执行
-
方法二:自己下载
kube-flannel.yml文件,然后上传到master节点上,然后执行kubectl apply -f kube-flannel.yml命令即可。- 下载地址:https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml需要能够翻出去。
-
方法三:使用其他人下载后保存的文件(不保证一直有效)
- https://pan.baidu.com/s/1KUzyw0_kYKyJ-mYhNlvWEw,提取码:b1r0
-
3.网络连通说明
- 用于搭建环境的节点需要能够访问网络(至少能够访问阿里云)
1、实验机器说明
-
主机说明
-
台数-3台
- 注:1台作为master节点,2台作为node节点
-
CPU-2核,内存-4G,硬盘-30G
-
操作系统-Centos-7.3
-
-
网络说明:
-
主机网络信息
主机名 主机IP master 192.168.0.11 node1 192.168.0.12 node2 192.168.0.3 -
所有节点都需要能够网络
-
2、系统初始化
2.1设置主机名
-
在预设的master节点,192.168.0.11上执行
hostnamectl set-hostname master -
在预设的node1节点上,192.168.0.12执行
hostnamectl set-hostname node1 -
在预设的node1节点上,192.168.0.3执行
hostnamectl set-hostname node2 -
在所有节点上将主机名静态查询表中添加 3 台主机,执行
cat >> /etc/hosts << EOF 192.168.0.11 master 192.168.0.12 node1 192.168.0.3 node2 EOF
2.2关闭防火墙
-
在3台节点上分别执行
# 关闭防火墙 systemctl stop firewalld # 禁用 firewalld 服务 systemctl disable firewalld
2.3关闭selinux
# 关闭 selinux
# 临时关闭【立即生效】告警,不启用,Permissive,查看使用 getenforce 命令
setenforce 0
# 永久关闭【重启生效】
sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
2.4关闭swap
# 关闭 swap
# 临时关闭【立即生效】查看使用 free 命令
swapoff -a
# 永久关闭【重启生效】
sed -ri 's/.*swap.*/#&/' /etc/fstab
2.5设置时间同步
yum install ntpdate -y
ntpdate time.windows.com
3、安装docker和必要组件(kubeadm,kubelet,kubectl)
- 主要安装源和版本选择
- 3个节点都要执行
3.1安装docker
# 配置一下 Docker 的 yum 源【阿里云】
cat >/etc/yum.repos.d/docker.repo<<EOF
[docker-ce-edge]
name=Docker CE Edge - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/edge
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
EOF
# 然后 yum 方式安装 docker
yum -y install docker-ce-18.06.1.ce-3.el7
# 查看 docker 版本
docker --version
# 配置 docker 的镜像源【阿里云】
cat >> /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
# 启动 docker
systemctl enable docker
systemctl start docker
systemctl status docker
- 注意:
yum -y install docker-ce-18.06.1.ce-3.el7版本不要写错,如果不写版本,则默认安装最新的,可能会出现莫名其妙的错误。
3.2安装kubeadm,kubelet 和 kubectl
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装 kubelet、kubeadm、kubectl,同时指定版本
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
# 设置开机自启
systemctl enable kubelet
- 注意:
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0版本不要写错,如果不写版本,则默认安装最新的,可能会出现莫名其妙的错误。
4、部署-master节点
4.1master节点初始化
- 在
192.168.0.11(master)节点上执行如下命令
kubeadm init --apiserver-advertise-address=192.168.0.11 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.18.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
- 注:
--service-cidr和--pod-network-cidr保持默认;--apiserver-advertise-address的改成自己的即可。
由于默认拉取镜像地址 k8s.gcr.io 国内无法访问,这里指定阿里云镜像仓库地址,【执行上述命令会比较慢,因为后台其实已经在拉取镜像了】
4.2使用 kubectl 工具
-
部署成功后,【系统提示】运行以下命令使用 kubectl,执行如下命令
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config -
查看节点
kubectl get nodes注:此时状态应该为
NotReady
4.3保存node节点加入集群的命令
-
初始化成功后,会提示保存node节点加入集群的命令
kubeadm join 192.168.0.11:6443 --token 4plo24.0tkkx3vgh4dh41xu --discovery-token-ca-cert-hash sha256:f8589f9f68c4647ee2e1cd8dac0e9bb3f0a1611c7205544326194b97e4d93a96-
默认 token 有效期为 24 小时,若要重新创建 token,执行
kubeadm token create --print-join-command
-
5、部署-node节点
-
分别在node节点,即
192.168.0.12和192.168.0.3上执行kubeadm join 192.168.0.11:6443 --token 4plo24.0tkkx3vgh4dh41xu --discovery-token-ca-cert-hash sha256:f8589f9f68c4647ee2e1cd8dac0e9bb3f0a1611c7205544326194b97e4d93a96- 在 k8smaster1 初始化完成后给出的,每个人的都不一样!!!需要复制自己生成的
-
加入之后,执行kubectl进行查看
kubectl get nodes -
注:此时状态应该为
NotReady
6、部署网络插件
-
在
master节点进行部署网络插件即可。 -
此处需要的文件,已在
第一小节给出。为保证改文章的完整性,此处再重复一遍。# 下载网络插件配置 wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml- 注意:https://raw.githubusercontent.com/需要可以访问外网,如果主机不能访问外网,则会提示连接失败refused。
-
一个网络插件CNI-kube-flannel.yml可能没法通过
kubectl apply –f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml下载。解决办法如下:-
方法一:自己创建一个kube-flannel.yml文件,执行如下操作
cat << EOF > kube-flannel.yml --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default spec: privileged: false volumes: - configMap - secret - emptyDir - hostPath allowedHostPaths: - pathPrefix: "/etc/cni/net.d" - pathPrefix: "/etc/kube-flannel" - pathPrefix: "/run/flannel" readOnlyRootFilesystem: false # Users and groups runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny # Privilege Escalation allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false # Capabilities allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] defaultAddCapabilities: [] requiredDropCapabilities: [] # Host namespaces hostPID: false hostIPC: false hostNetwork: true hostPorts: - min: 0 max: 65535 # SELinux seLinux: # SELinux is unused in CaaSP rule: 'RunAsAny' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged'] - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni-plugin image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0 command: - cp args: - -f - /flannel - /opt/cni/bin/flannel volumeMounts: - name: cni-plugin mountPath: /opt/cni/bin - name: install-cni image: quay.io/coreos/flannel:v0.15.1 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.15.1 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni-plugin hostPath: path: /opt/cni/bin - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg EOF- 创建完之后,执行
kubectl apply -f kube-flannel.yml命令即可。
- 创建完之后,执行
-
方法二:自己下载
kube-flannel.yml文件,然后上传到master节点上,然后执行kubectl apply -f kube-flannel.yml命令即可。- 下载地址:https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml需要能够翻出去。
-
方法三:使用其他人下载后保存的文件(不保证一直有效)
- https://pan.baidu.com/s/1KUzyw0_kYKyJ-mYhNlvWEw,提取码:b1r0
-
-
文件获取后,执行
kubectl apply -f kube-flannel.yml # 等一会! # ...... # 查看状态 kubectl get nodes kubectl get pods -n kube-system
7、测试集群
7.1创建pod
# 下载 nginx 【会联网拉取 nginx 镜像】
kubectl create deployment nginx --image=nginx
# 查看状态
kubectl get pod
7.2暴露端口
# 暴露端口
kubectl expose deployment nginx --port=80 --type=NodePort
# 查看一下对外的端口
kubectl get pod,svc
7.3访问测试
-
在ndoe节点上测试,执行如下命令
curl 192.168.0.11:31563
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献2条内容
所有评论(0)