Kubernetes叢集部署
阿新 • • 發佈:2020-08-22
Oh! Kubernetes!
基礎配置
| 角色 | IP | 系統版本 |
|---|---|---|
| k8s-master | 172.19.158.107 | CentOS8.2 |
| k8s-node1 | 172.19.158.108 | CentOS8.2 |
| k8s-node2 | 172.19.158.109 | CentOS8.2 |
在每臺機器的hosts檔案中新增所有角色名稱及對應的ip
各節點進行時間同步
核心引數調整
cat << EOF | tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 EOF sysctl -p /etc/sysctl.d/k8s.conf
關閉swap並註釋相關啟動項
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
安裝Docker
# 安裝必要的一些系統工具 [root@k8s-master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 # 新增軟體源資訊 [root@k8s-master ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 構建映象快取 [root@k8s-master ~]# yum makecache # 安裝containerd.io [root@k8s-master ~]# yum install -y https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/edge/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm #安裝docker [root@k8s-master ~]# yum -y install docker-ce #開啟Docker服務並設定為自啟動 [root@k8s-master ~]# systemctl start docker
安裝Kubeadm kubectl kubelet
#匯入阿里雲k8s倉庫 [root@k8s-master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF #禁用selinux [root@k8s-master ~]# setenforce 0 #安裝kubelet kubeadm kubectl [root@k8s-master ~]# yum install kubelet-1.18.3 kubeadm-1.18.3 kubectl-1.18.3 -y #啟動kubectl並設定為自啟動 [root@k8s-master ~]# systemctl enable kubelet && systemctl start kubelet
初始化Kubernetes叢集
[root@k8s-master ~]# kubeadm init --apiserver-advertise-address 172.19.158.107 --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.18.3
W0729 10:11:06.680899 5631 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.18.3
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING FileExisting-tc]: tc not found in system path
[WARNING Hostname]: hostname "k8s-master" could not be reached
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
注意:1、detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd"解決方法:官方建議使用systemd作為Docker的cgroup的驅動,需要在/etc/docker/daemon.json新增 "exec-opts": ["native.cgroupdriver=systemd"]
2、--pod-network-cidr必須是10.244.0.0/16,這個值是和flannel中的Network值一致的。
3、--image-repository=registry.aliyuncs.com/google_containers 指明k8s映象的拉取地址為阿里雲k8s映象地址,不指定會預設從谷歌映象倉庫拉取。由於眾所周知的原因造成一直初始化停滯
Your Kubernetes control-plane has initialized successfully!
出現上述內容表示初始化完成
配置kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
注意:這項必須執行,否則會無法使用kubectl命令
加入叢集
在初始化結束後,最後會提示其他節點加入叢集需要的命令
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.19.158.107:6443 --token hh3dh6.brp9nfb2s0soby9h \
--discovery-token-ca-cert-hash sha256:42b48189d75ac6e145873d1248b8e3b2b3354db3516e57f1159d9ab49928fba0
注意:其他節點加入主節點需要需首先安裝docker及kubernetes的三元件才能執行
安裝pod網路
要使kubernetes叢集正常工作,必須安裝pod網路,否則pod之間無法通訊。kubernetes支援多種網路元件,flannel,calico等,這裡安裝flannel網路
在master節點上部署flannel網路外掛:
[root@aliyun ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
新增工作節點
按上面的加入叢集將工作節點加入到叢集中,如果master節點未儲存相應命令,可以使用kudeadm token list檢視。
[root@k8s-node1 ~]# kubeadm join 172.19.158.107:6443 --token hh3dh6.brp9nfb2s0soby9h
如果結果中出現了表示加入成功
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
在master節點執行kubectl get nodes檢視已新增工作節點
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 105m v1.18.3
k8s-node1 NotReady <none> 104m v1.18.3
k8s-node2 NotReady <none> 104m v1.18.3
此時會發現所有節點都是NotReady狀態,原因可能是多種多樣的,這是需要藉助命令檢視詳細原因
kubectl get pod --all-namespaces:檢視所有名稱空間下的pod及執行狀態
通過kubectl describe pod <podname> --namespace=<namespace>檢視分析該pod不能執行的詳細原因。
等處理完上面的問題,再次執行kubectl get nodes之後,就會發現所有節點都是Running狀態,此時Kubernetes叢集才算構建完成。
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 26m v1.18.3
k8s-node1 Ready <none> 17m v1.18.3
k8s-node2 Ready <none> 17m v1.18.3