部署K8S

防火强的初始化:

[root@k8s-node-12 ~]# systemctl stop firewalld NetworkManager
[root@k8s-node-12 ~]# systemctl disable firewalld NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@k8s-node-12 ~]# sed -ri 's#(SELINUX=).*#\1disabled#' /etc/selinux/config
[root@k8s-node-12 ~]# setenforce 0
[root@k8s-node-12 ~]# iptables -F
[root@k8s-node-12 ~]# iptables -X
[root@k8s-node-12 ~]# iptables -Z
[root@k8s-node-12 ~]# iptables -P FORWARD ACCEPT

关闭swap:

k8s默认禁用swap功能
[root@k8s-node-11 ~]# swapoff -a
防止开机自动挂载swap分区
[root@k8s-node-11 ~]# sed -i '/ swap /  s/^\(.*\)$/#\1/g'  /etc/fstab

yum源的配置:

[root@k8s-node-11 yum.repos.d]# cat CentOS-Base.repo 
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates 
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

[root@k8s-node-11 yum.repos.d]# 

源配置具体步骤一:
[root@k8s-node-11 network-scripts]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2523  100  2523    0     0    287      0  0:00:08  0:00:08 --:--:--   777
[root@k8s-node-11 network-scripts]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   664  100   664    0     0     77      0  0:00:08  0:00:08 --:--:--   162
[root@k8s-node-11 network-scripts]# sed -i '/aliyuncs/d' /etc/yum.repos.d/*.repo
[root@k8s-node-11 network-scripts]# yum clean all && yum makecache fast
已加载插件:fastestmirror, langpacks
正在清理软件源: base epel extras updates
Cleaning up list of fastest mirrors
已加载插件:fastestmirror, langpacks
Determining fastest mirrors
base                                                                                                                                                                                        | 3.6 kB  00:00:00     
epel                                                                                                                                                                                        | 4.7 kB  00:00:00     
extras                                                                                                                                                                                      | 2.9 kB  00:00:00     
updates                                                                                                                                                                                     | 2.9 kB  00:00:00     
(1/7): epel/x86_64/group_gz                                                                                                                                                                 |  99 kB  00:00:08     
(2/7): epel/x86_64/updateinfo                                                                                                                                                               | 1.0 MB  00:00:08     
(3/7): base/7/x86_64/group_gz                                                                                                                                                               | 153 kB  00:00:08     
(4/7): epel/x86_64/primary_db                                                                                                                                                               | 7.0 MB  00:00:01     
(5/7): base/7/x86_64/primary_db                                                                                                                                                             | 6.1 MB  00:00:09     
(6/7): updates/7/x86_64/primary_db                                                                                                                                                          |  24 MB  00:00:02     
(7/7): extras/7/x86_64/primary_db                                                                                                                                                           | 250 kB  00:00:12     
元数据缓存已建立
[root@k8s-node-11 network-scripts]#

源配置具体步骤二:
[root@k8s-master-10 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2523  100  2523    0     0    288      0  0:00:08  0:00:08 --:--:--   783
[root@k8s-master-10 ~]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   664  100   664    0     0     76      0  0:00:08  0:00:08 --:--:--   160
[root@k8s-master-10 ~]# sed -i '/aliyuncs/d' /etc/yum.repos.d/*.repo
[root@k8s-master-10 ~]# yum clean all && yum makecache fast
已加载插件:fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository contrib is listed more than once in the configuration
正在清理软件源: base docker-ce-stable epel extras updates
Cleaning up list of fastest mirrors
已加载插件:fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository contrib is listed more than once in the configuration
Determining fastest mirrors
base                                                                                                                                                                                        | 3.6 kB  00:00:00     
docker-ce-stable                                                                                                                                                                            | 3.5 kB  00:00:00     
epel                                                                                                                                                                                        | 4.7 kB  00:00:00     
extras                                                                                                                                                                                      | 2.9 kB  00:00:00     
updates                                                                                                                                                                                     | 2.9 kB  00:00:00     
(1/9): epel/x86_64/group_gz                                                                                                                                                                 |  99 kB  00:00:08     
(2/9): base/7/x86_64/group_gz                                                                                                                                                               | 153 kB  00:00:08     
(3/9): docker-ce-stable/7/x86_64/updateinfo                                                                                                                                                 |   55 B  00:00:08     
(4/9): docker-ce-stable/7/x86_64/primary_db                                                                                                                                                 | 117 kB  00:00:08     
(5/9): epel/x86_64/updateinfo                                                                                                                                                               | 1.0 MB  00:00:00     
(6/9): base/7/x86_64/primary_db                                                                                                                                                             | 6.1 MB  00:00:09     
(7/9): epel/x86_64/primary_db                                                                                                                                                               | 7.0 MB  00:00:00     
(8/9): extras/7/x86_64/primary_db                                                                                                                                                           | 250 kB  00:00:08     
(9/9): updates/7/x86_64/primary_db                                                                                                                                                          |  24 MB  00:00:10     
元数据缓存已建立
[root@k8s-master-10 ~]#

NTP配置:

[root@k8s-node-12 network-scripts]# yum install chrony -y
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
软件包 chrony-3.4-1.el7.x86_64 已安装并且是最新版本
无须任何处理
[root@k8s-node-12 network-scripts]# systemctl start chronyd
[root@k8s-node-12 network-scripts]# systemctl enable chronyd
[root@k8s-node-12 network-scripts]# date
2023年 10月 24日 星期二 21:01:39 CST
[root@k8s-master-10 ~]# ntpdate -u ntp.aliyun.com
24 Oct 21:21:01 ntpdate[2672]: adjust time server 203.107.6.88 offset 0.005337 sec
[root@k8s-master-10 ~]# hwclock -w

修改Linux内核参数,开启数据包转发功能:

#容器跨主机通信,底层走的iptables,内核级别的数据包转发:
[root@k8s-master-10 ~]# cat <<EOF> /etc/sysctl.d/k8s.conf
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> net.ipv4.ip_forward = 1
> vm.max_map_count=262144
> EOF

加载读取内核参数配置文件:
[root@k8s-node-12 network-scripts]# sysctl -p /etc/sysctl.d/k8s.conf
报错如下:
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: 没有那个文件或目录
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: 没有那个文件或目录
net.ipv4.ip_forward = 1
vm.max_map_count = 262144
解决方法:
root@k8s-node-12 network-scripts]# modprobe br_netfilter
[root@k8s-node-12 network-scripts]# sysctl -p
完美解决:
[root@k8s-node-12 network-scripts]# sysctl -p /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.max_map_count = 262144

安装docker基础环境:

yum remove docker docker-common docker-selinux docker-engine -y
curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum list docker-ce --showduplicates
yum install docker-ce-19.03.15 docker-ce-cli-19.03.15 -y
mkdir -p /etc/docker/
vi daemon.json
{
  "registry-mirrors":["https://ms9glx6x.mirror.aliyuncs.com"],

  "exec-opts":["native.cgroupdriver=systemd"]
}

systemctl start docker && systemctl enable docker

安装K8S的初始化工具kubeadm命令(主节点执行)

# 安装k8s集群环境初始化的工具
# kubelet-1.19.3  #组件,增删改查pod在具体机器上,pod可以运行主节点上,node节点上;
# kubeadm-1.19.3  #k8s版本 1.19.3,自动拉取k8s基础组件镜像的一个工具;
# kubectl-1.19.3  #管理,维护k8s客户端和服务端交付的一个命令行工具;

所有机器执行

设置阿里云源
curl -o /etc/yum.repos.d/Centos-7.repo  http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes] 
name=Kubernetes 
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1 
gpgcheck=0 
repo_gpgcheck=0 
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg 
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum clean all && yum makecache

yum list kubeadm --showduplicates

yum install kubelet-1.19.3 kubeadm-1.19.3 kubectl-1.19.3 ipvsadm

k8s安装完毕后,设置所有节点的kubelet开机运行

#查看kubeadm版本信息,初始化k8s版本信息
[root@k8s-node-12 ~]#  kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:47:53Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

设置开机自启
systemctl enable docker
systemctl enable kubelet

初始化k8s-master主节点(只在主节点执行)

kubeadm init \
--apiserver-advertise-address=192.168.208.128 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.19.3 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.2.0.0/16 \
--service-dns-domain=cluster.local \
--ignore-preflight-errors=Swap \
--ignore-preflight-errors=NumCPU

k8s-master成功装好

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

===========================================================================================
#创建k8s集群配置文件
#制定了,默认的ssl证书在那?api-server的地址等
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

===========================================================================================
#pod分布再多机器上,pod互相之间链接,得部署,集群网络,选用flannel网络插件
#安装使用即可。
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

#使用如下命令,将k8s-node加入集群即可
Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.208.128:6443 --token n8zyxz.7w7kbbd1rjiygo21 \
    --discovery-token-ca-cert-hash sha256:e0f3fa4a1f0b2edd106828f586f7d9d78cb6ca51334f05456cc70a7ead7bceac 

查看工作节点信息

[root@k8s-master-10 docker]# kubectl get nodes
NAME            STATUS     ROLES    AGE   VERSION
k8s-master-10   NotReady   master   26m   v1.19.3
[root@k8s-master-10 docker]# kubectl get nodes -owide
NAME            STATUS     ROLES    AGE   VERSION   INTERNAL-IP       EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION           CONTAINER-RUNTIME
k8s-master-10   NotReady   master   27m   v1.19.3   192.168.208.128   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   docker://19.3.15
NotReady:未就绪,因为网络环境没配置;

其他节点加入集群

kubeadm join 192.168.208.128:6443 --token n8zyxz.7w7kbbd1rjiygo21 \
    --discovery-token-ca-cert-hash sha256:e0f3fa4a1f0b2edd106828f586f7d9d78cb6ca51334f05456cc70a7ead7bceac 

加入集群后,查看工作节点信息。查看k8s集群用到了那些节点。

[root@k8s-master-10 docker]# kubectl get nodes -owide
NAME            STATUS     ROLES    AGE     VERSION   INTERNAL-IP       EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION           CONTAINER-RUNTIME
k8s-master-10   NotReady   master   41m     v1.19.3   192.168.208.128   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   docker://19.3.15
k8s-node-11     NotReady   <none>   8m21s   v1.19.3   192.168.208.130   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   docker://19.3.15
k8s-node-12     NotReady   <none>   8m14s   v1.19.3   192.168.208.129   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   docker://19.3.15

如何让集群就绪?部署网络插件

#1、下载网络插件,配置文件,yaml以及配置文件
git clone --depth 1 https://github.com/coreos/flannel.git
#2、在k8s主节点上,应用这个yaml,基于yaml,创建具体的pod过程
#3、如果需要修改pod运行网络话,要修改配置文件
/root/flannel-master/Documentation/kube-flannel.yml

#创建k8s资源,都是写这种yml文件了;
[root@k8s-master-10 Documentation]# grep 'Network' -A 5 kube-flannel.yml 
      "Network": "10.2.0.0/16",
      "Backend": {
        "Type": "vxlan"
      }
    }
---
--
      hostNetwork: true
      priorityClassName: system-node-critical
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
[root@k8s-master-10 Documentation]

#修改第二处,夸主机的容器通信,最终不得走宿主机的物理网卡。
#告诉flannel物理网卡是谁
containers:
       - name: kube-flannel
         image: docker.io/flannel/flannel:v0.22.3
         command:
         - /opt/bin/flanneld
         args:
         - --ip-masq
         - --kube-subnet-mgr
         - --iface=ens33

基于kubectl命令,应用这个yml文件,读取、以及创建pod资源

配置k8s命令补缺(重要)

k8s命令太多,务必要配置补全
yum install bash-completion -y
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

kubectl create -f ./kube-flannel.yml

查看当前机器的容器,关于flannel网络插件的进程

[root@k8s-master-10 Documentation]# docker ps | grep flannel
53844bcdd167   e23f7ca36333                                        "/opt/bin/flanneld -..."   8 minutes ago   Up 8 minutes             k8s_kube-flannel_kube-flannel-ds-mpgf6_kube-flannel_9cf25cba-14b6-4768-8ff0-6ec821f22769_0
4a86528f1db0   registry.aliyuncs.com/google_containers/pause:3.2   "/pause"                  9 minutes ago   Up 9 minutes             k8s_POD_kube-flannel-ds-mpgf6_kube-flannel_9cf25cba-14b6-4768-8ff0-6ec821f22769_0

status状态都是Ready,至此,所有机器,都走flannel进行集群通信了。

[root@k8s-master-10 Documentation]# kubectl get nodes 
NAME            STATUS   ROLES    AGE     VERSION
k8s-master-10   Ready    master   4h53m   v1.19.3
k8s-node-11     Ready    <none>   4h20m   v1.19.3
k8s-node-12     Ready    <none>   4h20m   v1.19.3
[root@k8s-master-10 Documentation]# kubectl get nodes -o wide
NAME            STATUS   ROLES    AGE     VERSION   INTERNAL-IP       EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION           CONTAINER-RUNTIME
k8s-master-10   Ready    master   4h53m   v1.19.3   192.168.208.128   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   docker://19.3.15
k8s-node-11     Ready    <none>   4h21m   v1.19.3   192.168.208.130   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   docker://19.3.15
k8s-node-12     Ready    <none>   4h21m   v1.19.3   192.168.208.129   <none>        CentOS Linux 7 (Core)   3.10.0-1160.el7.x86_64   docker://19.3.15

创建一个Pod

[root@k8s-master-10 Documentation]# kubectl run linux0224-pod-1-nginx --image=nginx:1.14.1
pod/linux0224-pod-1-nginx created

查看pod信息

[root@k8s-master-10 Documentation]# kubectl get pods -owide
NAME                    READY   STATUS    RESTARTS   AGE    IP         NODE          NOMINATED NODE   READINESS GATES
linux0224-pod-1-nginx   1/1     Running   0          107s   10.2.1.2   k8s-node-11   <none>           <none>

pod的ip是k8s集群,才能访问的一个ip,无法在外部访问,外部访问得设置更多访问规则

[root@k8s-master-10 Documentation]# curl 10.2.1.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@k8s-master-10 Documentation]# 

[root@k8s-master-10 Documentation]# curl 10.2.1.2 -I
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Sun, 29 Oct 2023 12:44:34 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 06 Nov 2018 13:28:31 GMT
Connection: keep-alive
ETag: "5be196ff-264"
Accept-Ranges: bytes

修改页面显示信息

直接在容器上修改
[root@k8s-node-11 docker]# docker exec 9395505ba67d sh -c "echo '<meta charset-utf-8> 书季辛苦了~' > /usr/share/nginx/html/index.html "

[root@k8s-master-10 Documentation]# curl 10.2.1.2
<meta charset-utf-8> 书季辛苦了~

容器集群上修改,基于k8s命令
[root@k8s-master-10 Documentation]# kubectl exec linux0224-pod-1-nginx -- sh -c "echo '辛苦了书季,散会,下午好好消化下' >/usr/share/nginx/html/index.html"
[root@k8s-master-10 Documentation]# curl 10.2.1.2
辛苦了书季,散会,下午好好消化下
相关推荐
打码人的日常分享11 分钟前
商用密码应用安全性评估,密评整体方案,密评管理测评要求和指南,运维文档,软件项目安全设计相关文档合集(Word原件)
运维·安全·web安全·系统安全·规格说明书
A.A呐30 分钟前
【Linux第一章】Linux介绍与指令
linux
Gui林31 分钟前
【GL004】Linux
linux
ö Constancy34 分钟前
Linux 使用gdb调试core文件
linux·c语言·vim
tang_vincent36 分钟前
linux下的spi开发与框架源码分析
linux
xiaozhiwise40 分钟前
Linux ASLR
linux
wellnw40 分钟前
[linux] linux c实现共享内存读写操作
linux·c语言
a_安徒生1 小时前
linux安装TDengine
linux·数据库·tdengine
追风赶月、1 小时前
【Linux】线程概念与线程控制
linux·运维·服务器
小字节,大梦想1 小时前
【Linux】重定向,dup
linux