Kubernetes

Kubernetes部署

本文主要是介绍Kubernetes部署,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

Kubernetes部署

设置主机名
[root@master ~]# hostnamectl set-hostname master.example.com
[root@master ~]# bash
[root@master ~]# hostname
master.example.com

[root@node1 ~]# hostnamectl set-hostname node1.example.com
[root@node1 ~]# bash
[root@node1 ~]# hostname
node1.example.com

[root@node2 ~]# hostnamectl set-hostname node2.example.com
[root@node2 ~]# bash
[root@node2 ~]# hostname
node2.example.com


以下操作在三台机器都要进行
关闭防火墙关闭selinux
[root@master ~]# systemctl disable --now firewalld.service 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master ~]# vim /etc/selinux/config 
[root@master ~]# setenforce 0


关闭swap分区空间
[root@master ~]# vim /etc/fstab 
# 
# /etc/fstab
# Created by anaconda on Fri Nov 12 08:04:53 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/cs-root     /                       xfs     defaults        0 0
UUID=b63f82a7-55fa-4e7c-b94e-71f1a1e3cb74 /boot                   xfs     defaults        0 0

# 把下面一行删除掉或注释即可
# 把下面一行删除掉或注释即可
/dev/mapper/cs-swap     none                    swap    defaults        0 0

在master节点配置DNS域名解析 IPv4流量传递到iptables

[root@master ~]# vim /etc/hosts 
[root@master ~]# cat /etc/hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.145.188 master master.example.com
192.168.145.189 node1 node1.example.com
192.168.145.190 node2 node2.example.com

master上配置流量传递
[root@master ~]# vim /etc/sysctl.d/k8s.conf 
[root@master ~]# cat /etc/sysctl.d/
99-sysctl.conf  k8s.conf        
[root@master ~]# cat /etc/sysctl.d//k8s.conf 
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

让配置生效
[root@master ~]# sysctl --system
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
net.core.optmem_max = 81920
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
kernel.pid_max = 4194304
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
* Applying /etc/sysctl.conf ...

在三台主机机箱时间同步和免密登陆

以master为例子
root@master ~]# yum clean all    清理缓存
21 文件已删除
[root@master ~]# yum makecache    建立新的缓存

安装chrony时间同步
[root@master ~]# yum -y install chrony

配置chrony、并设置开机自启
[root@master ~]# vim /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool time1.aliyun.com iburst

[root@master ~]# systemctl enable --now chronyd
[root@master ~]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendo>
   Active: active (running) since Sat 2021-12-18 6:11:23 CST; 2min 4s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
 Main PID: 32676 (chronyd)
    Tasks: 1 (limit: 49298)
   Memory: 936.0K
   CGroup: /system.slice/chronyd.service
           └─32676 /usr/sbin/chronyd


//在master上做免密登录
[root@master ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:iboOp9y7jAyN5tpKKu2MeJ/4FMGEpebXe6u8EgUKfIY root@master.example.com
The key's randomart image is:
+---[RSA 3072]----+
|. .oo            |
|.E.*.            |
| .=.o.           |
| o.  o.. .       |
|  . o.o S        |
| o ..o .         |
|o+o +.. .        |
|BBoX.+ . .       |
|O=X+@++o.        |
+----[SHA256]-----+
[root@master ~]# ssh-copy-id master
[root@master ~]# ssh-copy-id node1
[root@master ~]# ssh-copy-id node2

准备工作完成后重启主机

所有节点安装Docker/kubeadm/kubelet

Kubernetes默认CRI(容器运行时)为Docker,因此先安装Docker。

安装docker

以master为例子 三台机器全都要安装
[root@master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
安装Docker
[root@master ~]# systemctl enable --now docker

[root@master ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

查看版本号
[root@master ~]# docker --version
Docker version 20.10.12, build e91ed57

配置加速器
[root@master ~]#  mkdir -p /etc/docker
[root@master ~]# cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://pvurwzu6.mirror.aliyuncs.com"]
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF
[root@master ~]#  systemctl daemon-reload
[root@master ~]#  systemctl restart docker

添加kubernetes阿里云yum源

[root@master ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装kubeadm,kubelet和kubectl
[root@master ~]# yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0

[root@master ~]# systemctl enable kubelet //设置开机自启,但是不启动
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service.

以上操作在三台主机都要进行

部署Kubernetes Master

master

kubeadm init \  //master主机的IP
  --apiserver-advertise-address=192.168.145.188 \
  --image-repository registry.aliyuncs.com/google_containers \ //使用阿里云的谷歌镜像仓库,因为国内登陆不了谷歌官网
  --kubernetes-version v1.20.0 \  //kubernetes版本号
  --service-cidr=10.96.0.0/12 \    //service的网段
  --pod-network-cidr=10.244.0.0/16   //pod的网段
[root@master ~]# kubeadm init \
>   --apiserver-advertise-address=192.168.145.188 \
>   --image-repository registry.aliyuncs.com/google_containers \
>   --kubernetes-version v1.20.0 \
>   --service-cidr=10.96.0.0/12 \
>   --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.20.0
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING FileExisting-tc]: tc not found in system path
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
.......................
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:
# 如果你想启用使用集群的话就要用下面的命令;如果是普通用户就执行下面的操作
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:
如果你是管理员用户就执行下面的操作,但是我们一般不会这样操作。 
# 因为这是临时的,我们需要做成永久生效的。下面会有教程
  export KUBECONFIG=/etc/kubernetes/admin.conf
# 设置一个环境变量告诉系统使用的哪个配置文件
  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.  # 你需要设置一个pod网络到集群中,使用下面的命令
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:
下面的命令是用来在被控主机上执行的,在被控主机执行过会 这台主机就会被加入到集群中
kubeadm join 192.168.145.188:6443 --token 3sqb85.fgnkx1ewvmiikpjp \
    --discovery-token-ca-cert-hash sha256:ff25704567e6e9271433aca5fa32aa27dc56c61e6cee21c88edd2cf46e8f6710 

被拉去的镜像
[root@master ~]# docker images
REPOSITORY                                                        TAG        IMAGE ID       CREATED         SIZE
registry.aliyuncs.com/google_containers/kube-proxy                v1.20.0    10cc881966cf   12 months ago   118MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.20.0    3138b6e3d471   12 months ago   46.4MB
registry.aliyuncs.com/google_containers/kube-apiserver            v1.20.0    ca9843d3b545   12 months ago   122MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.20.0    b9fa1895dcaa   12 months ago   116MB
registry.aliyuncs.com/google_containers/etcd                      3.4.13-0   0369cf4303ff   15 months ago   253MB
registry.aliyuncs.com/google_containers/coredns                   1.7.0      bfe3a36ebd25   18 months ago   45.2MB
registry.aliyuncs.com/google_containers/pause                     3.2        80d28bedfe5d   22 months ago   683kB


根据官方推荐的方式做管理员的操作 把环境变量写成永久的
[root@master kubernetes]# pwd
/etc/kubernetes
[root@master kubernetes]# echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' > /etc/profile.d/k8s.sh
[root@master kubernetes]#  source /etc/profile.d/k8s.sh

查看是否有控制节点
[root@master ~]# kubectl get nodes
NAME                 STATUS     ROLES                  AGE     VERSION
master.example.com   NotReady   control-plane,master   2m48s   v1.20.0

安装pod网络插件 
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created

加入Kubernetes Node
[root@node1 ~]# kubeadm join 192.168.145.188:6443 --token 3sqb85.fgnkx1ewvmiikpjp \
>     --discovery-token-ca-cert-hash sha256:ff25704567e6e9271433aca5fa32aa27dc56c61e6cee21c88edd2cf46e8f6710
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING FileExisting-tc]: tc not found in system path
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
        [WARNING Hostname]: hostname "node1.example.com" could not be reached
        [WARNING Hostname]: hostname "node1.example.com": lookup node1.example.com on 192.168.145.2:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

node2同理
[root@node2 ~]# kubeadm join 192.168.145.188:6443 --token 3sqb85.fgnkx1ewvmiikpjp \
>     --discovery-token-ca-cert-hash sha256:ff25704567e6e9271433aca5fa32aa27dc56c61e6cee21c88edd2cf46e8f6710
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING FileExisting-tc]: tc not found in system path
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
        [WARNING Hostname]: hostname "node2.example.com" could not be reached
        [WARNING Hostname]: hostname "node2.example.com": lookup node2.example.com on 192.168.145.2:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

在master查看受控节点
[root@master ~]#  kubectl get nodes
NAME                 STATUS   ROLES                  AGE     VERSION
master.example.com   Ready    control-plane,master   11m     v1.20.0
node1.example.com    Ready    <none>                 2m44s   v1.20.0
node2.example.com    Ready    <none>                 57s     v1.20.0

管理容器

[root@master ~]# kubectl get ns  
[root@master ~]# kubectl get ns
NAME              STATUS   AGE
default           Active   12m
kube-node-lease   Active   12m
kube-public       Active   12m
kube-system       Active   12m
[root@master ~]# kubectl get pods -n kube-system
NAME                                         READY   STATUS    RESTARTS   AGE
coredns-7f89b7bc75-485pb                     1/1     Running   0          13m
coredns-7f89b7bc75-5rxfz                     1/1     Running   0          13m
etcd-master.example.com                      1/1     Running   0          13m
kube-apiserver-master.example.com            1/1     Running   0          13m
kube-controller-manager-master.example.com   1/1     Running   0          13m
kube-flannel-ds-79h4b                        1/1     Running   0          2m47s
kube-flannel-ds-gfs8s                        1/1     Running   0          4m34s
kube-flannel-ds-s7r5t                        1/1     Running   0          6m35s
kube-proxy-94cq2                             1/1     Running   0          4m34s
kube-proxy-czd2x                             1/1     Running   0          2m47s
kube-proxy-vffq9                             1/1     Running   0          13m
kube-scheduler-master.example.com            1/1     Running   0          13m

测试

在Kubernetes集群创建一个pod 验证

创建一个deployment类型的的容器 名字叫nginx 镜像使用nginx
root@master ~]# kubectl create deployment nginx --image nginx
deployment.apps/nginx created

暴露端口号
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed

查看service的IP地址、端口号等
[root@master ~]# kubectl get svc   
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP        17m
nginx        NodePort    10.103.57.41   <none>        80:31164/TCP   5s
访问测试
[root@master ~]# curl http://10.103.57.41
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
这篇关于Kubernetes部署的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!