k8s的二进制部署
k8s的二进制部署的实验:
源码包部署
k8s的master01:192.168.233.91
组件:kube-apiserver kube-controller-manager kube-scheduler etcd
k8s的master02:192.168.233.92
组件:kube-apiserver kube-controller-manager kube-scheduler
node节点01:192.168.233.93 kubelet kube-proxy etcd
node节点02:192.168.233.94 kubelet kube-proxy etcd
负载均衡:nginx+keepalived:master:192.168.233.95
backup:192.168.233.96
etcd:192.168.233.91
192.168.233.93
192.168.233.94
91、93、94主机:
![](https://file.jishuzhan.net/article/1741740955590987778/acecaec30b21e1b97373161dbe348978.webp)
清空iptables的所有策略
![](https://file.jishuzhan.net/article/1741740955590987778/cc33c86d21c389f54dbccb9648afe0d6.webp)
关闭交换分区
swapoff -a
![](https://file.jishuzhan.net/article/1741740955590987778/80a0dfc6d66f39263c50fdf925ad6e4f.webp)
k8s在设计时,为了提升性能,默认是不使用swap交换分区的,kubenetes在初始化时,会检测swap是否关闭
91:
![](https://file.jishuzhan.net/article/1741740955590987778/6b67616297ca9a78f6e333b9564bad43.webp)
93:
![](https://file.jishuzhan.net/article/1741740955590987778/63d6e78818647dc296e4523d794d4081.webp)
94:
![](https://file.jishuzhan.net/article/1741740955590987778/7980c7fb70eb00107443e7882f9ffda2.webp)
91、93、94:
![](https://file.jishuzhan.net/article/1741740955590987778/372b3df4922cddf1e00ab49614a8567d.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/12e1bbef2309e2222c20587b8d8eda54.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/e67c5eddb416383cba3001b64039b4e1.webp)
#开启网桥模式
net.bridge.brideg-nf-call-ip6tables=1
net.bridge.brideg-nf-call-iptables=1
#网桥的流量传给iptables链,实现地址映射
#关闭ipv6的流量(可关也可以不关)
net.ipv6.conf.all.disable_ipv6=1
#根据工作中的实际情况,自定
net.ipv4.ip_forward=1
![](https://file.jishuzhan.net/article/1741740955590987778/667e334ba25f39ef0218de11033c51ea.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/a6cef578df6774d6b3c59f9e36e9c166.webp)
时间同步
yum install ntpdate -y
ntpdate ntp.aliyun.com
![](https://file.jishuzhan.net/article/1741740955590987778/007d517611dae4f45848233586eadb17.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/ff78c2191f6b990588e9754e0d8b9605.webp)
date
![](https://file.jishuzhan.net/article/1741740955590987778/d43dc8e8334aae4732d5afb7e2607a38.webp)
部署 docker引擎
91、93、94:
yum install -y yum-utils device-mapper-persistent-data lvm2
![](https://file.jishuzhan.net/article/1741740955590987778/ccbace75e0c016fcc470657f42c273b7.webp)
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
![](https://file.jishuzhan.net/article/1741740955590987778/d8bab53cb2b87fdce5ac9946d129a316.webp)
yum install -y docker-ce docker-ce-cli containerd.io
systemctl start docker.service
systemctl enable docker.service
![](https://file.jishuzhan.net/article/1741740955590987778/c0c2ba46bc72388ef4d38a86d8e63667.webp)
部署 etcd 集群
(部署第一个组件,存储k8s的集群信息和用户配置组件)
(etcd是一个高可用----分布式的键值存储数据库,采用raft算法保证节点的信息一致性。etcd是go语言写的)
(etcd的端口:2379:api接口,对外为客户端提供通信
2380:内部服务的通信端口
etcd一般都是集群部署,etcd也有选举leader的机制,至少要三台,或者奇数台)
k8s的内部通信依靠证书认证,密钥认证:证书的签发环境
91:
把三个证书拖进来
![](https://file.jishuzhan.net/article/1741740955590987778/d194e7bfb996b01087a11c26cb2dcb03.webp)
sfssl:证书签发的命令工具
cfssl-certinfo:查看证书信息的工具
cfssljson:把证书的格式转化成json格式,变成文件的承载式证书
移到bin目录下面
mv cfssl-certinfo cfssljson cfssl /usr/local/bin/
![](https://file.jishuzhan.net/article/1741740955590987778/9d77f773c21a273346874e4cc001d1cf.webp)
chmod 777 /usr/local/bin/cfssl*
![](https://file.jishuzhan.net/article/1741740955590987778/4b2d324313fa501a76133fca32088a10.webp)
cd到opt,然后创建一个mkdir k8s的目录
mkdir /opt/k8s
![](https://file.jishuzhan.net/article/1741740955590987778/684b83d70aa9d8308e8cf7bc1dfda0ca.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/aadd708dcc26c06b35cf5fb2219c4d8d.webp)
拖两个证书包到k8s
![](https://file.jishuzhan.net/article/1741740955590987778/9a49e14fc166e764e3cac1889aa9b7c3.webp)
vim etcd-cert.sh
![](https://file.jishuzhan.net/article/1741740955590987778/2ace38d1bc3e318cc8ae50249b346352.webp)
记得改文件里的IP地址
![](https://file.jishuzhan.net/article/1741740955590987778/59251bf95960386589ef5f3e1b22985a.webp)
赋权
chmod 777 etcd-cert.sh etcd.sh
![](https://file.jishuzhan.net/article/1741740955590987778/bc84b7ce7fae9a37c0b694285853d86b.webp)
mkdir /opt/k8s/etcd-cert
![](https://file.jishuzhan.net/article/1741740955590987778/2ecb6316fb7f3e4c5369fb54252ec8dd.webp)
mv etcd-cert.sh etcd-cert
![](https://file.jishuzhan.net/article/1741740955590987778/287d655d00fafd88155e095b967d75cc.webp)
cd etcd-cert/
./etcd-cert.sh
![](https://file.jishuzhan.net/article/1741740955590987778/9e7af1e45e7b4af051ef59122e6076f9.webp)
ca-config.json:配置了证书生成策略,定义了默认过期时间和一个名为 "www" 的配置模板
ca-csr.json:用于生成根证书和私钥的签名请求文件。包括了Common Name(CN),密钥算法和一些组织信息
ca.pem:根证书文件
server-csr:服务器证书签名请求文件
server-key.pem:生成etcd服务器证书和私钥
server.pem:etcd服务器的证书文件,用于加密和认证etcd节点之间的通信
![](https://file.jishuzhan.net/article/1741740955590987778/10e498a98f7ee0cf8682b5d363715098.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/1c6cd71c28177e8f827a231f88f36043.webp)
tar zxvf etcd-v3.4.9-linux-amd64.tar.gz
![](https://file.jishuzhan.net/article/1741740955590987778/45fdf493ea275889e78f033d631b65dd.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/7e1b5ecf4d75b9302f316f59bdceb030.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/6d008247431a52edaf10f034d5771e82.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/47c899c007aede0b4943e1c052edf0a0.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/2060c645d8bf20410c971874d5116291.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/c4040dac2f2e3190cdb3de2be9811c58.webp)
cd /opt/k8s/etcd-cert/
cp *.pem /opt/etcd/ssl/
![](https://file.jishuzhan.net/article/1741740955590987778/71c4346da22bb90a9300a9382eccf89b.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/58e930cf578ed283b272d7d7480bcdcf.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/8173022e8fc7b09563ddb5af23e1a61f.webp)
./etcd.sh etcd01 192.168.233.31 etcd02=https://192.168.233.33:2380,etcd03=https://192.168.233.34:2380
![](https://file.jishuzhan.net/article/1741740955590987778/94bfe53fb89ec43909e7aabde2f4cbd9.webp)
再开一台91的终端:
传参到93和94的主机
scp -r /opt/etcd/ root@192.168.233.93:/opt/
![](https://file.jishuzhan.net/article/1741740955590987778/0749ecc6a1c36929b2e746369309e9c7.webp)
scp -r /opt/etcd/ root@192.168.233.94:/opt/
![](https://file.jishuzhan.net/article/1741740955590987778/19f998edf78c5d0e780203ecfe8d3c5e.webp)
scp /usr/lib/systemd/system/etcd.service root@192.168.233.93:/usr/lib/systemd/system/
![](https://file.jishuzhan.net/article/1741740955590987778/1dfdaf5bb9feae08851c57e8daf47ba8.webp)
scp /usr/lib/systemd/system/etcd.service root@192.168.233.94:/usr/lib/systemd/system/
![](https://file.jishuzhan.net/article/1741740955590987778/f2dfaf003c0350c63f96b98803ebd9ef.webp)
93:
![](https://file.jishuzhan.net/article/1741740955590987778/3b83f63d326eea89311e1dd5ab34c5cb.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/5c494a0d5610c09f427862288dce1630.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/3bf8600e72bb5a584211183844f0367b.webp)
94:
![](https://file.jishuzhan.net/article/1741740955590987778/13bc76eab85bae6b43aa7d4ca1a900f8.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/5c494a0d5610c09f427862288dce1630.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/b2d7288bed33712b91ba051518c52311.webp)
91、93、94:
(谁先启动谁是主)
![](https://file.jishuzhan.net/article/1741740955590987778/cdf01e86dc1882ab5ceb4e5344f88b08.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/f434bf8735bbf5267fcee2fc7bde924c.webp)
91:
检查etcd群集状态
ETCDCTL_API=3 /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.233.91:2379,https://192.168.233.93:2379,https://192.168.233.94:2379" endpoint health --write-out=table
![](https://file.jishuzhan.net/article/1741740955590987778/22ba21789f36e09ad4734a31f035a3aa.webp)
master节点的部署:
91:
上传 master.zip 和 k8s-cert.sh 到 /opt/k8s 目录中,解压 master.zip 压缩包
![](https://file.jishuzhan.net/article/1741740955590987778/a2cac9576340b908077f01430ef5bf0f.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/99dbd93af00ae56bfa389b56f6bcfa6a.webp)
91是主节点
92是从节点
95和96是nginx的IP地址
![](https://file.jishuzhan.net/article/1741740955590987778/9a3b09924e29fed19a7c76ab1216dd45.webp)
unzip master.zip
![](https://file.jishuzhan.net/article/1741740955590987778/1138a0a0cc004d0ce5c72473cf1e4990.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/90230ec9861118bf7fed3504c3b8638e.webp)
指向apiserver的ip地址
![](https://file.jishuzhan.net/article/1741740955590987778/8ce29bee1d7ee4645ce6f24caf2bb54f.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/198bb18b7b415437fe577df49403365b.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/23be94315a91e4753b5c0ebcf395a34f.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/b98cef45def7eb07b229e0b733898856.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/d7232e4159f53cab5d47f8e4f9ab2005.webp)
chmod 777 *.sh
![](https://file.jishuzhan.net/article/1741740955590987778/25ee5ce77ec39d0f63840f33ea8e1f94.webp)
mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs}
![](https://file.jishuzhan.net/article/1741740955590987778/e7663d381e5c143180e551a8a4962f7b.webp)
mkdir /opt/k8s/k8s-cert
![](https://file.jishuzhan.net/article/1741740955590987778/830bf46cd0763bc12bebdc371f76e1e6.webp)
mv /opt/k8s/k8s-cert.sh /opt/k8s/k8s-cert
![](https://file.jishuzhan.net/article/1741740955590987778/30da40ac4e64d5ad4787ebf858719fb3.webp)
cd /opt/k8s/k8s-cert/
./k8s-cert.sh
cp ca*pem apiserver*pem /opt/kubernetes/ssl/
![](https://file.jishuzhan.net/article/1741740955590987778/56ce1a9913300a9d28eee1ab052d2849.webp)
cd /opt/k8s/
![](https://file.jishuzhan.net/article/1741740955590987778/b14aae4faecfd1e451a9f6baf1dc56c7.webp)
拖软件包
![](https://file.jishuzhan.net/article/1741740955590987778/4ce3b31749a8e3f364f9f4b60f997ed0.webp)
tar zxvf kubernetes-server-linux-amd64.tar.gz
![](https://file.jishuzhan.net/article/1741740955590987778/5765a1f870541e0459073956db143bdd.webp)
cp kube-apiserver kubectl kube-controller-manager kube-scheduler /opt/kubernetes/bin/
![](https://file.jishuzhan.net/article/1741740955590987778/3f81dd5bcd61e64e76f7e9438d827dd5.webp)
ln -s /opt/kubernetes/bin/* /usr/local/bin/
![](https://file.jishuzhan.net/article/1741740955590987778/d72c64d6f7931065751a90ce1ec2743a.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/41c9f284d082c0f23de22547de2ecf3e.webp)
#!/bin/bash
#获取随机数前16个字节内容,以十六进制格式输出,并删除其中空格
BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
#生成 token.csv 文件,按照 Token序列号,用户名,UID,用户组 的格式生成
cat > /opt/kubernetes/cfg/token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF
![](https://file.jishuzhan.net/article/1741740955590987778/e7d6e170cb67dd1b03b8bbad7c40e307.webp)
chmod 777 token.sh
![](https://file.jishuzhan.net/article/1741740955590987778/2c2170ecb4e8230e1e87f53762390fbc.webp)
./token.sh
![](https://file.jishuzhan.net/article/1741740955590987778/5da6ede936319c1d0dd197810fa8bcfa.webp)
cat /opt/kubernetes/cfg/token.csv
![](https://file.jishuzhan.net/article/1741740955590987778/2be8aab7b051a24152625cf6be61c0fa.webp)
二进制文件、token、证书都准备好后,开启 apiserver 服务
cd /opt/k8s/
./apiserver.sh 192.168.233.91 https://192.168.233.91:2379,https://192.168.233.93:2379,https://192.168.233.94:2379
![](https://file.jishuzhan.net/article/1741740955590987778/b475ca51a4eb3770ff297cad78f51044.webp)
netstat -antp | grep 6443
![](https://file.jishuzhan.net/article/1741740955590987778/eae9317c4f0c908ace171145addb4f64.webp)
./scheduler.sh
![](https://file.jishuzhan.net/article/1741740955590987778/17b77ac1d8b510fd73eb72e6b4d6ad12.webp)
./controller-manager.sh
![](https://file.jishuzhan.net/article/1741740955590987778/543e8441d2899e0c6fc27a6e45ffd0d3.webp)
./admin.sh
![](https://file.jishuzhan.net/article/1741740955590987778/3c3df43daea441c0ef50e0246f6e4e6b.webp)
通过kubectl工具查看当前集群组件状态
kubectl get cs
![](https://file.jishuzhan.net/article/1741740955590987778/0da9550e36ab2e24b86e9dbf7580b474.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/9f277595b82ff7b342df6c9360333319.webp)
node节点的部署:
93、94:
mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs}
![](https://file.jishuzhan.net/article/1741740955590987778/7c8a3227adb8ea0255e44ec40d078471.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/aef508c8f9a67f5d4933aec1d64c85db.webp)
拖软件包
![](https://file.jishuzhan.net/article/1741740955590987778/55c0fa939914e3e9a2ee08aded817012.webp)
unzip node.zip
![](https://file.jishuzhan.net/article/1741740955590987778/7572e76f8cf1159730c8d9f1734d06ec.webp)
91:
![](https://file.jishuzhan.net/article/1741740955590987778/4dad4826202cff388359cecb5946b61a.webp)
scp kubelet kube-proxy root@192.168.233.93:/opt/kubernetes/bin/
![](https://file.jishuzhan.net/article/1741740955590987778/6bf70e659e061b386eee2b63c16dcdbd.webp)
scp kubelet kube-proxy root@192.168.233.94:/opt/kubernetes/bin/
![](https://file.jishuzhan.net/article/1741740955590987778/eab142c6ff5bbd4ffbd592e9ce66113a.webp)
91:
![](https://file.jishuzhan.net/article/1741740955590987778/5a28bf33645059576724c5cca171add4.webp)
拖软件包
![](https://file.jishuzhan.net/article/1741740955590987778/f39bf45f7fde2cbe3a13e073a45dc8af.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/43fa4df1f7b9617a47275839438a5ba3.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/1476767444986d6da2498237985194b5.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/03cf41820263c87e693c1a8b6967a65b.webp)
chmod 777 kubeconfig.sh
![](https://file.jishuzhan.net/article/1741740955590987778/13f8a4407d12e74dd3efe75f6081616d.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/ad57382c8c5775cb581181326de8910d.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/77b20dfd61e4d923bcfda152089dffff.webp)
scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.233.93:/opt/kubernetes/cfg/
![](https://file.jishuzhan.net/article/1741740955590987778/f8f128534f8a40afe6bab544102d0e4f.webp)
scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.233.94:/opt/kubernetes/cfg/
![](https://file.jishuzhan.net/article/1741740955590987778/d0d90b55f966aae2809321fb2f1710ba.webp)
93:
![](https://file.jishuzhan.net/article/1741740955590987778/6798cd5bdcecc9363c39da97d97cf99e.webp)
94:
![](https://file.jishuzhan.net/article/1741740955590987778/6798cd5bdcecc9363c39da97d97cf99e.webp)
91:
RBAC授权,生成和赋权用户,使用户 kubelet-bootstrap 能够有权限发起 CSR 请求证书
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
![](https://file.jishuzhan.net/article/1741740955590987778/167d77247c327291a13a0e235bb4e3a1.webp)
若执行失败,可先给kubectl绑定默认cluster-admin管理员集群角色,授权对整个集群的管理员权限
kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
![](https://file.jishuzhan.net/article/1741740955590987778/c382f81d76d04d0c26977a07ba016348.webp)
93:
chmod 777 kubelet.sh
![](https://file.jishuzhan.net/article/1741740955590987778/d18271d9279a691a5e2506fe2140f2c9.webp)
./kubelet.sh 192.168.233.93
![](https://file.jishuzhan.net/article/1741740955590987778/410f40486dfcb1d7c7e34cadc71bf2cd.webp)
91:
![](https://file.jishuzhan.net/article/1741740955590987778/dfd55394c69fc77fc068202f2f003a16.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/ddbd2bd60025ea9095b2b782cc9510ce.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/b49bdbe56c991ac653b6a3e7aeb59a65.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/55e91c886ef6902c596455f3185aa8b3.webp)
94:
![](https://file.jishuzhan.net/article/1741740955590987778/fb98248d2df832e5264e4efb7d55af5c.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/2d082c76e27db43f5e7b014d1ec71fe3.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/efeace5a50fb93727cf5556d8ffccb4c.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/d3ace5cb697f25a6f848206af8b27843.webp)
91:
![](https://file.jishuzhan.net/article/1741740955590987778/eb095dc91fb4dc6fd0b5f866e117fa50.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/b49bdbe56c991ac653b6a3e7aeb59a65.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/55e91c886ef6902c596455f3185aa8b3.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/5e32eddbd06e168a75fbf02af9f059ff.webp)
kube-proxy节点上的网络代理部署:
93:
cd /opt
![](https://file.jishuzhan.net/article/1741740955590987778/fef104d3a978ccb2ae63117fcb8fb568.webp)
for i in (ls /usr/lib/modules/(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done
![](https://file.jishuzhan.net/article/1741740955590987778/891f91546ba82c61658f9b7abf778165.webp)
chmod 777 proxy.sh
![](https://file.jishuzhan.net/article/1741740955590987778/c240fc70f8f3dd7b9e5caf27b32fafe1.webp)
./proxy.sh 192.168.233.93
![](https://file.jishuzhan.net/article/1741740955590987778/a4d060568f8ca394f53e1a1f654bf609.webp)
ps aux | grep kube-proxy
![](https://file.jishuzhan.net/article/1741740955590987778/43c8728a0a5a46a3e8d4b4a65ebdb58d.webp)
94:
cd /opt
![](https://file.jishuzhan.net/article/1741740955590987778/4f895677b839c1a59560456f6c464749.webp)
for i in (ls /usr/lib/modules/(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done
![](https://file.jishuzhan.net/article/1741740955590987778/1cce896b637e1b577d4169c8063a484e.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/6a012f15ed1b03762c20e38dc807af02.webp)
安装flannel:
93、94:
把软件包拖到opt目录
![](https://file.jishuzhan.net/article/1741740955590987778/582e6f216cc0ccfdd0dd15052ca99dd7.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/318a777ac252c9c57a445d221b657628.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/9282d58716abd8a697a0728d07295ac8.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/192eca5b64a69888be29da4dac04126a.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/f2867a162210b8aa82a1eb079c1cba01.webp)
91:
cd /opt/k8s
传 kube-flannel.yml 文件到 /opt/k8s 目录中,部署 CNI 网络
![](https://file.jishuzhan.net/article/1741740955590987778/90b96bfaa65c60f3da8be4f693bdead0.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/87a2b8ecae068cfc640a5e3d435ce1e1.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/f40893b84f68d297f2f707178db3cb60.webp)
93、94:
ifconfig查看一下有没有flannel.1
部署 CoreDNS
CoreDNS:可以为集群中的 service 资源创建一个域名与 IP 的对应关系解析。
service是对外提供访问的地址,现在我们加入DNS机制之后,可以直接访问服务名
在所有 node 节点上操作
93、94:
#上传 coredns.tar 到 /opt 目录中
cd /opt
docker load -i coredns.tar
![](https://file.jishuzhan.net/article/1741740955590987778/7f6916af147e40567b7b83f283d2cefa.webp)
//在 master01 节点上操作
91:
#上传 coredns.yaml 文件到 /opt/k8s 目录中,部署 CoreDNS
cd /opt/k8s
kubectl apply -f coredns.yaml
![](https://file.jishuzhan.net/article/1741740955590987778/f47c5aec0fe8a7f4a9e3f6041cdc1f09.webp)
kubectl get pods -n kube-system
![](https://file.jishuzhan.net/article/1741740955590987778/d98a2e1c261722e93ad7ced81468a267.webp)
#DNS 解析测试
kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
![](https://file.jishuzhan.net/article/1741740955590987778/5ceca600df46bfbb84cd55b66e2ed6e5.webp)
kubectl run -it --rm dns-test --image=busybox:1.28.4 sh
![](https://file.jishuzhan.net/article/1741740955590987778/91b1c07083fb2fe58d81accabf2f9e70.webp)
/ # nslookup kubernetes
![](https://file.jishuzhan.net/article/1741740955590987778/5166bfb2af0522a3ffddda61e812b10d.webp)
Server: 10.0.0.2
Address 1: 10.0.0.2 kube-dns.kube-system.svc.cluster.local
Name: kubernetes
Address 1: 10.0.0.1 kubernetes.default.svc.cluster.local
![](https://file.jishuzhan.net/article/1741740955590987778/16b44fdc125b476529c6f3b68a77ecb1.webp)
exit
master02 节点部署
92:
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
![](https://file.jishuzhan.net/article/1741740955590987778/e1a55f4f7d3852838ab7c7f91e12feb1.webp)
#在master添加hosts
cat >> /etc/hosts << EOF
192.168.233.91 master01
192.168.233.93 node01
192.168.233.94 node02
EOF
![](https://file.jishuzhan.net/article/1741740955590987778/932d2eaa5c7a7bcd275d387948696d17.webp)
91:
![](https://file.jishuzhan.net/article/1741740955590987778/affbd8308384b76b32f1a4dad5b63ce1.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/c702a76242415a1fcdc20a4e0a4d9000.webp)
92:
![](https://file.jishuzhan.net/article/1741740955590987778/affbd8308384b76b32f1a4dad5b63ce1.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/81e676d9ab3b751f2a7cf12e1e9f5a0e.webp)
93:
如上同步
94:
如上同步
91、92、93、94同步操作:
![](https://file.jishuzhan.net/article/1741740955590987778/71a9a250847b835712b18ea518d14a72.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/67bbd65ba38423c7ab1e1cdedb1b92a3.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/2fd739fc7d4192665a731df9ca883239.webp)
91:
从 master01 节点上拷贝证书文件、各master组件的配置文件和服务管理文件到 master02 节点
scp -r /opt/etcd/ root@192.168.233.92:/opt/
scp -r /opt/kubernetes/ root@192.168.233.92:/opt
scp -r /root/.kube root@192.168.233.92:/root
scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.233.92:/usr/lib/systemd/system/
92:
修改配置文件kube-apiserver中的IP
vim /opt/kubernetes/cfg/kube-apiserver
KUBE_APISERVER_OPTS="--logtostderr=true \
--v=4 \
--etcd-servers=https://192.168.233.91:2379,https://192.168.233.93:2379,https://192.168.233.94:2379 \
--bind-address=192.168.233.92 \ #修改
--secure-port=6443 \
--advertise-address=192.168.233.92 \ #修改
在 master02 节点上启动各服务并设置开机自启
systemctl start kube-apiserver.service
systemctl enable kube-apiserver.service
systemctl start kube-controller-manager.service
systemctl enable kube-controller-manager.service
systemctl start kube-scheduler.service
systemctl enable kube-scheduler.service
![](https://file.jishuzhan.net/article/1741740955590987778/f909a8f5e0a67e14b1433636eeaaa539.webp)
查看node节点状态
ln -s /opt/kubernetes/bin/* /usr/local/bin/
kubectl get nodes
![](https://file.jishuzhan.net/article/1741740955590987778/53266ce4b65955a3c1c4447370f0ef96.webp)
弄完之后查看一下node状态 以及pod
![](https://file.jishuzhan.net/article/1741740955590987778/031824380b71e37e0c974c95634150ae.webp)
负载均衡部署 :
35、36同步操作:
![](https://file.jishuzhan.net/article/1741740955590987778/4798d4ca8fadd802f57712b63388d6ce.webp)
配置nginx的官方在线yum源,配置本地nginx的yum源
cat > /etc/yum.repos.d/nginx.repo << 'EOF'
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
EOF
![](https://file.jishuzhan.net/article/1741740955590987778/3bd6e444546718d49477ab8c80c93843.webp)
yum install nginx -y
![](https://file.jishuzhan.net/article/1741740955590987778/df66b68cf3abb99fd3f521c01ec559f9.webp)
修改nginx配置文件,配置四层反向代理负载均衡,指定k8s群集2台master的节点ip和6443端口
vim /etc/nginx/nginx.conf
![](https://file.jishuzhan.net/article/1741740955590987778/6489bfbcd9d976b8276379bac32e1ca0.webp)
(以下内容可以直接把配置文件里的东西全部删掉,然后使用)
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
#添加
stream {
log_format main '$remote_addr upstream_addr - \[time_local] $status $upstream_bytes_sent';
#日志记录格式
#$remote_addr: 客户端的 IP 地址。
#$upstream_addr: 上游服务器的地址。
#[$time_local]: 访问时间,使用本地时间。
#$status: HTTP 响应状态码。
#$upstream_bytes_sent: 从上游服务器发送到客户端的字节数。
access_log /var/log/nginx/k8s-access.log main;
upstream k8s-apiserver {
server 192.168.233.31:6443;
server 192.168.233.32:6443;
}
server {
listen 6443;
proxy_pass k8s-apiserver;
}
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - remote_user \[time_local] "$request" '
'$status body_bytes_sent "http_referer" '
'"http_user_agent" "http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
![](https://file.jishuzhan.net/article/1741740955590987778/b0320573ca33e543a792686b2524d806.webp)
重启和开启自启nginx
![](https://file.jishuzhan.net/article/1741740955590987778/1efd5b3f00fc841829c6386e4f6c2fea.webp)
部署keepalived服务
yum install keepalived -y
![](https://file.jishuzhan.net/article/1741740955590987778/c63a90fc315735d2cce9f93b43107935.webp)
! Configuration File for keepalived
global_defs {
接收邮件地址
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
邮件发送地址
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id NGINX_MASTER
#lb01节点的为 NGINX_MASTER,lb02节点的为 NGINX_BACKUP
#vrrp_strict #注释掉
}
#添加一个周期性执行的脚本
vrrp_script check_nginx {
script "/etc/nginx/check_nginx.sh"
#指定检查nginx存活的脚本路径
}
vrrp_instance VI_1 {
state MASTER
#lb01节点的为 MASTER,lb02节点的为 BACKUP
interface ens33
#指定网卡名称 ens33
virtual_router_id 51
#指定vrid,两个节点要一致
priority 10 0
#lb01节点的为 100,lb02节点的为 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.233.100/24 #指定 VIP
}
track_script {
check_nginx #指定vrrp_script配置的脚本
}
}
![](https://file.jishuzhan.net/article/1741740955590987778/e6bcf0f1fd6fe33f9a105ebe3bc8f824.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/00bc38e3a45dbcfc988261efbb3e748b.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/26b191428ac6af00459673e786b5e61f.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/855bf46cf22d1cc8c67a92cba5119099.webp)
创建nginx状态检查脚本
vim /etc/nginx/check_nginx.sh
![](https://file.jishuzhan.net/article/1741740955590987778/f48e2e56743570ca80f53d3dc36f4f6f.webp)
#!/bin/bash
/usr/bin/curl -I http://localhost &>/dev/null
if [ $? -ne 0 ];then
/etc/init.d/keepalived stop
systemctl stop keepalived
fi
![](https://file.jishuzhan.net/article/1741740955590987778/d54b51c031b367703e6a9c136a204595.webp)
chmod +x /etc/nginx/check_nginx.sh
![](https://file.jishuzhan.net/article/1741740955590987778/f208e0ea702219c09455de9dd6720738.webp)
先启动nginx,再启动keepalived
![](https://file.jishuzhan.net/article/1741740955590987778/04d5483d58c51b28eb160233fd8624d4.webp)
ip a查看虚拟ip地址
![](https://file.jishuzhan.net/article/1741740955590987778/8098f59bba034b84fcccd07c2282b615.webp)
可以停主的nginx 看看ip有没有飘到备上
![](https://file.jishuzhan.net/article/1741740955590987778/3bfac03bfab24c2331f20374644ca3ff.webp)
93、94同步操作:
修改node节点上的bootstrap.kubeconfig,kubelet.kubeconfig配置文件为VIP
cd /opt/kubernetes/cfg/
vim bootstrap.kubeconfig
![](https://file.jishuzhan.net/article/1741740955590987778/6713c055a441531b2a7c4b1399d50f5d.webp)
vim kubelet.kubeconfig
server: https://192.168.233.100:6443
vim kube-proxy.kubeconfig
server: https://192.168.233.100:6443
![](https://file.jishuzhan.net/article/1741740955590987778/744beacfb2e76edc38c1b5878e0289f8.webp)
重启kubelet和kube-proxy服务
systemctl restart kubelet.service
systemctl restart kube-proxy.service
![](https://file.jishuzhan.net/article/1741740955590987778/7f9f9d4036489f0db04014a13ad5cce8.webp)
然后用主的有虚拟ip的主机查看端口号6443
![](https://file.jishuzhan.net/article/1741740955590987778/e138477a53341160d8da3ed9dba1e5d7.webp)
##### 在 master01 节点上操作 #####
//测试创建pod
kubectl run nginx --image=nginx
//查看Pod的状态信息
kubectl get pods
部署 Dashboard :
Dashboard:仪表盘,kubernetes的可视化界面,在这个可视化界面上,可以对k8s集群进行管理
91:
在 master01 节点上操作
#上传 recommended.yaml 文件到 /opt/k8s 目录中
![](https://file.jishuzhan.net/article/1741740955590987778/fa8ed89552a86e3f32910e1448d82e74.webp)
kubectl apply -f recommended.yaml
![](https://file.jishuzhan.net/article/1741740955590987778/3363655351b083591a02c9198213cb82.webp)
创建service account并绑定默认cluster-admin管理员集群角色
kubectl create serviceaccount dashboard-admin -n kube-system
![](https://file.jishuzhan.net/article/1741740955590987778/72c06c6c843fc47b3accb5aa62877fbc.webp)
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
![](https://file.jishuzhan.net/article/1741740955590987778/b0770c32facecdc7c9477bca646cf740.webp)
获取token值
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
![](https://file.jishuzhan.net/article/1741740955590987778/8f5a009d23e294f97764bf6ab2a55149.webp)
然后用浏览器登录 (有的浏览器用不了)
![](https://file.jishuzhan.net/article/1741740955590987778/ad78d4d3817efc9fac9126f10c0d659f.webp)
点击高级
![](https://file.jishuzhan.net/article/1741740955590987778/73ce45a8c972c1fe7e4ce6ede24a6ee6.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/04d36b96272bf989331c2d986e8deb54.webp)
这一步的密码就是上面几步中获取token值的密码
![](https://file.jishuzhan.net/article/1741740955590987778/9e3503a4d373f30119c2414a79f13dd7.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/a2db248959ec0578aa51f579e114be6d.webp)
进入到这里算完成创建
![](https://file.jishuzhan.net/article/1741740955590987778/9df398100f3dfc5c454a6bdc283ac613.webp)
补齐的命令部署:
![](https://file.jishuzhan.net/article/1741740955590987778/bf5f61ff244b481ad02a6c47699cb790.webp)
在最后一行
![](https://file.jishuzhan.net/article/1741740955590987778/80edb8a454e54cf7b65823ad2bb4ff7d.webp)
![](https://file.jishuzhan.net/article/1741740955590987778/6ed128ae4be28933a0c38fcc9de245e2.webp)