K8S v1.23.6公网集群安装部署
卸载当前版本docker & 安装指定版本docker(如果版本大于20.10.24 则需替换docker)如何在node节点也可以使用kubectl指令?
·
K8S v1.23.6公网集群安装部署
基本环境
centOS-7.9 最少2台 - 一主(master)一从(node)
docker - v20.10.24
端口开放说明
安装步骤
docker安装(所有节点都需要)
卸载当前版本docker & 安装指定版本docker(如果版本大于20.10.24 则需替换docker)
# 卸载docker
yum remove -y docker
yum remove -y docker-ce
yum remove docker-common docker-selinux docker-engine
# 下载docker-ce的yum源
sudo wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 重新安装新版本docker
yum install docker-ce-20.10.24-3.el7
# 启动docker
systemctl start docker
# 开机自动启动docker
systemctl enable docker
#### docker driver 修改成systemd ####
# 修改配置
vim /etc/docker/daemon.json
# 添加配置项
"exec-opts": ["native.cgroupdriver=systemd"]
# 保存
:x
# 重启docker
systemctl daemon-reload
systemctl restart docker
master节点执行操作
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 临时
# 关闭swap
swapoff -a # 临时
sed -ri 's/.*swap.*/#&/' /etc/fstab #永久
# 关闭swap后,一定要重启机器!
# 根据规划设置主机名
hostnamectl set-hostname <hostname>
# 在master添加hosts 根据实际机器ip地址
##### 注意这里的ip 根据自己的服务器公网ip自行做替换
cat >> /etc/hosts << EOF
111.56.11.11 k8s-master1
122.54.12.12 k8s-node1
EOF
# 将桥接的IPV4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 生效
# 时间同步
yum install ntpdate -y
ntpdate time.windows.com
# 添加阿里云 kubernetes 源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseUrl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装kubeadm、kubelet、kubectl
yum install -y kubelet-1.23.6 kubeadm-1.23.6 kubectl-1.23.6
# 开机自动启动
systemctl enable kubelet
# 看一下你的公网IP是否在机器中存在
ip a | grep 111.56.11.11
# 如果没有就执行下面这段代码新增一个和公网IP一样的虚拟网卡IP(master node都要配置)
cat > /etc/sysconfig/network-scripts/ifcfg-eth0:1 << EOF
BOOTPROTO=static
DEVICE=eth0:1
IPADDR=111.56.11.11
PREFIX=32
TYPE=Ethernet
USERCTL=no
ONBOOT=yes
EOF
# 初始化kubeadm
systemctl restart network
# 修改 kubelet 启动参数
#添加 kubelet 的启动参数--node-ip=公网IP, 每个主机都要添加并指定对应的公网 ip, 添加了这一步才能使用公网 ip 来注册进集群
sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS --node-ip=111.56.11.11
# 初始化
kubeadm init \
--apiserver-advertise-address=111.56.11.11 \
--control-plane-endpoint=111.56.11.11 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=1.23.6 \
--pod-network-cidr=10.244.0.0/16
# 如果出现报错就执行这个 然后再重新执行初始化
echo 1 > /proc/sys/net/ipv4/ip_forward
## 初始化日志出现init Successfully字样代表初始化成功!
## 执行以下操作 进行kubectl指令的关联 别遗漏了此步骤
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
## 在 master 节点
kube-apiserver 添加--bind-address和修改--advertise-addres
sudo vi /etc/kubernetes/manifests/kube-apiserver.yaml
安装 flannel 网络
# 下载 flannel 的 yaml 配置文件
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
vi kube-flannel.yml
name: kube-flannel
image: ...
args:
- --public-ip=$(PUBLIC_IP)
- --iface=eth0
env:
- name: PUBLIC_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
# 找到这些关键字修改保存即可
# 修改完成之后
kubectl apply -f kube-flannel.yml
# 执行如下命令,等待一会儿,直到所有的容器组处于 Running 状态
watch -n 1 kubectl get pod -n kube-system -o wide
# 等待所有需要加入的节点加入成功后,在 master 节点执行下面命令,并等待所有节点状态变为 Ready (笔者搭建的一主两从的集群,均使用的公网 ip)
kubectl get nodes
node节点执行操作
## 执行下列操作前先安装上述步骤的docker
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 临时
# 关闭swap
swapoff -a # 临时
sed -ri 's/.*swap.*/#&/' /etc/fstab #永久
# 关闭swap后,一定要重启机器!
# 根据规划设置主机名
hostnamectl set-hostname <hostname>
# 将桥接的IPV4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 生效
# 时间同步
yum install ntpdate -y
ntpdate time.windows.com
# 看一下你的公网IP是否在机器中存在
ip a | grep <你的node节点的公网ip>
# 添加阿里云 kubernetes 源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseUrl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装kubeadm、kubelet、kubectl
yum install -y kubelet-1.23.6 kubeadm-1.23.6 kubectl-1.23.6
# 开机自动启动
systemctl enable kubelet
# 看一下你的公网IP是否在机器中存在
ip a | grep <你的node节点的公网ip>
# 如果没有就执行下面这段代码新增一个和公网IP一样的虚拟网卡IP(master node都要配置)
cat > /etc/sysconfig/network-scripts/ifcfg-eth0:1 << EOF
BOOTPROTO=static
DEVICE=eth0:1
IPADDR=122.54.12.12
PREFIX=32
TYPE=Ethernet
USERCTL=no
ONBOOT=yes
EOF
# 初始化kubeadm
systemctl restart network
# 修改 kubelet 启动参数
#添加 kubelet 的启动参数--node-ip=公网IP, 每个主机都要添加并指定对应的公网 ip, 添加了这一步才能使用公网 ip 来注册进集群
sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS --node-ip=<你的node节点的公网ip>
# 此时切换到master节点 输入以下指令查看加入集群指令
kubeadm token create --print-join-command
## 如果在输入join的时候报错 可以输入以下指令 然后再重新输入加入的指令
echo 1 > /proc/sys/net/ipv4/ip_forward
如何在node节点也可以使用kubectl指令?
# 先在master节点上执行 将master节点上admin.conf文件同步到node上
scp /etc/kubernetes/admin.conf root@k8s-node1:/etc/kubernetes
输入目标机器密码..
scp /etc/kubernetes/admin.conf root@k8s-node2:/etc/kubernetes
输入目标机器密码..
# 然后切换到node机器上看看文件是否存在 如果存在就执行一下指令
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
# 然后查看node机器上使用kubectl是否生效
kubectl get nodes
测试是否互通
# 生成deployment
kubectl create deployment nginx --image=nginx --replicas=3
# 生成service
kubectl expose deployment nginx --port=80 --type=NodePort
# 查看服务对应端口
kubectl get svc
curl xxx.xx.xx.xx:xxxxx
节点与节点之间无法 ping 通?
如果发现节点和节点 pod和pod之间无法ping通的话 需要查看所有节点的udp端口是否正常开放 云服务器放开8472 UDP端口即可
更多推荐
已为社区贡献1条内容
所有评论(0)