K8s 安装部署-Master和Minion(Node)文档

K8s 安装部署-Master和Minion(Node)文档

操作系统版本:CentOS 7.4

Master :172.20.26.167

Minion-1 :172.20.26.198

Minion-2 :172.20.26.210(后增加节点)

ETCD :172.20.27.218

先安装部署ETCD

yum install etcd -y

cd /etc/etcd/

cp etcd.conf etcd.conf.bak #备份etcd.conf 文件

grep -aivE "#|^$" etcd.conf #去掉#、空行的显示

root@localhost etcd\]# grep -aivE "#\|\^$" etcd.conf ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" ETCD_NAME="default" ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" ![](https://file.jishuzhan.net/article/1751791037010939905/f563ca1d4c24e7a9edd558349cf557a0.webp) vim etcd.conf ![](https://file.jishuzhan.net/article/1751791037010939905/e7486c1c76897e887e474318d31d76e9.webp) \[root@localhost etcd\]# mkdir -p /data/etcd/ #创建ETCD的数据目录 \[root@localhost etcd\]# id etcd #看看ETCD用户 uid=997(etcd) gid=995(etcd) 组=995(etcd) \[root@localhost etcd\]# chown -R etcd.etcd /data/etcd/ #对数据目录授权etcd用户和组 \[root@localhost etcd\]# ls -ld /data/etcd/ #查看数据目录权限 drwxr-xr-x. 2 etcd etcd 6 4月 17 13:32 /data/etcd/ ![](https://file.jishuzhan.net/article/1751791037010939905/9cb1176cd7058b49bc9457e48f0345cf.webp) 启动ETCD 服务 systemctl start etcd.service ps -ef \|grep -aiE etcd ![](https://file.jishuzhan.net/article/1751791037010939905/747a09ad5d8158291564843e8cf1115d.webp) 创建key etcdctl mk /atomic.io/network/config '{"Network":"172.17.0.0/16"}' ![](https://file.jishuzhan.net/article/1751791037010939905/84277777a7f7125e7849a892109c54fd.webp) **安装部署Master** **yum install kubernetes-master flannel -y** ![](https://file.jishuzhan.net/article/1751791037010939905/42c28bdbdae58670d984b693cc050853.webp) ![](https://file.jishuzhan.net/article/1751791037010939905/5069bf80c3d6f1a9ffacba7e82d6ecf5.webp) **\[root@bogon kubernetes\]# vim apiserver** KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" KUBE_API_PORT="--port=8080" KUBE_ETCD_SERVERS="--etcd-servers=http://172.20.26.218:2379" KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota" ![](https://file.jishuzhan.net/article/1751791037010939905/695790fc88cf1ca204b1b7c9bc51707a.webp) **因为我们没有配置账号和密码,所以要把"ServiceAccount,"删除掉,否则会出问题** **\[root@bogon kubernetes\]# vim config** KUBE_ALLOW_PRIV="--allow-privileged=true" KUBE_MASTER="--master=http://172.20.26.167:8080" ![](https://file.jishuzhan.net/article/1751791037010939905/7d3a8c9460c78ab249fc3dddf47cf610.webp) \[root@bogon kubernetes\]# systemctl start kube-apiserver \[root@bogon kubernetes\]# systemctl start kube-controller-manager \[root@bogon kubernetes\]# systemctl start kube-scheduler \[root@bogon\]#ps -ef \| grep kube ![](https://file.jishuzhan.net/article/1751791037010939905/81044d8fa4e9894f0d8d68c006ec6533.webp) 查看kube-apiserver、kube-controller-manager、kube-scheduler服务进程都起来了,到此Master 端部署完成。 也可以使用for I in 命令重新启动各个服务: for I in etcd kube-apiserver kube-controller-manager kube-scheduler; do systemctl restart $I systemctl enable $I systemctl status $I done **安装部署(Node)Minion端** yum install kubernetes-node docker flannel \*rhsm\* -y \[root@bogon \~\]# cd /etc/kubernetes/ ![](https://file.jishuzhan.net/article/1751791037010939905/c179112d2eef676c48ef1f51e2923a24.webp) **\[root@bogon kubernetes\]# vim config** KUBE_ALLOW_PRIV="--allow-privileged=true" 在web管理界面中,让勾选"以特权身份运行"生效 KUBE_MASTER="--master=http://172.20.26.167:8080" ![](https://file.jishuzhan.net/article/1751791037010939905/0cf07114cfd63313048a02f67121c0a9.webp) \[root@bogon kubernetes\]# vim kubelet KUBELET_ADDRESS="--address=0.0.0.0" KUBELET_HOSTNAME="--hostname-override=172.20.26.198" KUBELET_API_SERVER="--api-servers=http://172.20.26.167:8080" ![](https://file.jishuzhan.net/article/1751791037010939905/1647637a852de253642b4fe4938f8a2b.webp) vim /etc/sysconfig/flanneld #配置flannel网络 ![](https://file.jishuzhan.net/article/1751791037010939905/1cd4caa43abe164e6120c8da3a7862bb.webp) service flanneld start #先启动flanneld服务 service docker start #再启动docker 服务 ![](https://file.jishuzhan.net/article/1751791037010939905/fde89a9f516df5b8d8166798c37b5da0.webp) **在Master端也要配置flannel网络** \[root@bogon \~\]# vim /etc/sysconfig/flanneld ![](https://file.jishuzhan.net/article/1751791037010939905/d755e64f20bb9f433e35ae8b07e44723.webp) service flanneld start #启动flanneld服务 ![](https://file.jishuzhan.net/article/1751791037010939905/0938d4c4ff47d702c030fe3f9b9ac60c.webp) **回到Minion端** 启动kubelet、kube-proxy服务 \[root@bogon \~\]# service kubelet start Redirecting to /bin/systemctl start kubelet.service \[root@bogon \~\]# service kubelet restart Redirecting to /bin/systemctl restart kubelet.service \[root@bogon \~\]# service kube-proxy start Redirecting to /bin/systemctl start kube-proxy.service ![](https://file.jishuzhan.net/article/1751791037010939905/4fc410bc027f3a6e272d66ee595109b5.webp) 查看相关进程 \[root@bogon \~\]# ps -ef \|grep kube \[root@bogon \~\]# ps -ef \|grep docker \[root@bogon \~\]# ps -ef \|grep flanneld ![](https://file.jishuzhan.net/article/1751791037010939905/17c084dff087ab8aa1e3075904049238.webp) **至此Minion端配置完成。** **在Master端输入kubectl get nodes**验证是否成功?看到STATUS 的状态为Read 即可 \[root@bogon \~\]# kubectl get nodes ![](https://file.jishuzhan.net/article/1751791037010939905/5d0cad4c7e1e884089c7daeaa7acd28f.webp) 在Master端查看IP地址信息 ![](https://file.jishuzhan.net/article/1751791037010939905/10666dfd993fcf01670f865ad3691e0a.webp) 在Minion端查看IP地址信息 ![](https://file.jishuzhan.net/article/1751791037010939905/67a711cb1e3004e2e55b0635cbc279bb.webp) 在Master端查看FORWARD参数策略是否为ACEEPT(允许)? \[root@bogon \~\]# iptables -t filter -L -n ![](https://file.jishuzhan.net/article/1751791037010939905/6045c702ecf9da3885fb97e90a3c169b.webp) Ping Minion端IP地址是通的 \[root@bogon \~\]# ping 172.17.60.1 \[root@bogon \~\]# ping 172.17.60.0 ![](https://file.jishuzhan.net/article/1751791037010939905/1d27b05e27fb15d13fbfa9c5f09f75ff.webp) 在Minion 端ping 172.17.34.0 看是否通 ![](https://file.jishuzhan.net/article/1751791037010939905/d33b454268b0d107b420957c5ed40062.webp) 至此,Master和Minion端网络已打通。 在Minion端查看FORWARD 规则参数为DROP(丢弃)状态 ![](https://file.jishuzhan.net/article/1751791037010939905/e14ccedc6dbf39abc791c954335062e8.webp) 需要将FORWARD 规则设置为ACCEPT(允许)状态 \[root@bogon \~\]# iptables -P FORWARD ACCEPT \[root@bogon \~\]# iptables -t filter -L -n ![](https://file.jishuzhan.net/article/1751791037010939905/1a5fa3b110162bff115b46dbb99c149e.webp) K8S集群搭建完成。 **创建K8S的web 管理界面** 在**Minion** **端**导入两个镜像文件:pod-infrastructure、kubernetes-dashboard-amd64 这两个镜像文件直接从网络上下载可能会超时,导致导入失败,所以可以先从本地上传后进行导入。 ![](https://file.jishuzhan.net/article/1751791037010939905/6188b00733c41fd5261b0e05ac1cc2d2.webp) Docker镜像导入指令如下: docker load \1 {print $1,$NF}'\|awk '{print $1,$NF}' ![](https://file.jishuzhan.net/article/1751791037010939905/6353ab6dfe9d77a39b8045943ed8c57f.webp) 可以通过宿主机重启容器 \[root@bogon \~\]# docker ps \|grep tomcat 查看tomcat容器ID \[root@bogon \~\]# docker restart 574bf1497167 重启tomcat容器 ![](https://file.jishuzhan.net/article/1751791037010939905/6108468e90ee7ed659c9834f95f65010.webp) 重启,数据不会丢失 如果是删除云主机,会自动产生一台云主机,但是数据丢失 **创建本地私有仓库** 在172.20.26.198上创建本地私有仓库 docker pull docker.io/registry ![](https://file.jishuzhan.net/article/1751791037010939905/3234faa382d446de554e242ad7b561d1.webp) mkdir -p /data/registry/ docker run -itd -p 5000:5000 -v /data/registry:/var/lib/registry docker.io/registry ![](https://file.jishuzhan.net/article/1751791037010939905/97d9b5d2f685f06895dfd4d0f8a5487a.webp) \[root@bogon \~\]# vim /etc/docker/daemon.json "insecure-registries":\["172.20.26.198:5000"

root@bogon \~\]# service docker restart \[root@bogon \~\]# ps -ef \|grep 5000 查看5000端口状态 ![](https://file.jishuzhan.net/article/1751791037010939905/58b99e45a234a9f243c4ccc1ab4332d2.webp) Docker images 查看一下镜像信息 对centos7-ssh镜像修改tag号 \[root@bogon \~\]# docker tag 5a97f88791d1 172.20.26.198:5000/centos7-ssh:v1 ![](https://file.jishuzhan.net/article/1751791037010939905/d4499243075842bc8b526ddacf2bb037.webp) 将修改好tag号的centos7-ssh镜像上传到本地仓库中 docker push 172.20.26.198:5000/centos7-ssh:v1 ![](https://file.jishuzhan.net/article/1751791037010939905/2f0844fdd1b354924ef62ddb615ce575.webp) \[root@bogon \~\]# docker ps -a 查看docker 容器情况docker.io/registry \[root@bogon \~\]# docker start bf5bd542fba4 启动docker.io/registry \[root@bogon \~\]# ps -ef \|grep 5000 查看5000端口情况 \[root@bogon \~\]# docker push 172.20.26.198:5000/centos7-ssh:v1 再次上传镜像到本地仓库 ![](https://file.jishuzhan.net/article/1751791037010939905/777502f6294bc60fb676a6edfaf6e3cf.webp) 上传成功 ![](https://file.jishuzhan.net/article/1751791037010939905/cd796bde70995c13df668b2544a9f682.webp) 上传一个nginx镜像到本地仓库 \[root@bogon Docker\]# vim Dockerfile_nginx 编写安装nginx的Dockerfile文件 \[root@bogon Docker\]# docker build -t centos7-nginx:v1 - \< Dockerfile_nginx ![](https://file.jishuzhan.net/article/1751791037010939905/bf993502f74ca7db141f78653fc628ee.webp) \[root@bogon \~\]# docker images \[root@bogon \~\]# docker tag 0672328a3122 172.20.26.198:5000/centos7-nginx:v1 修改tag号 \[root@bogon \~\]# docker push 172.20.26.198:5000/centos7-nginx:v1 上传nginx镜像到本地仓库 \[root@bogon \~\]# docker ps \| grep 5000 ![](https://file.jishuzhan.net/article/1751791037010939905/746cb7268f88b2cedf350ea0545aeb59.webp) 查看本地私有仓库里的镜像 ls -l /data/registry/docker/registry/v2/repositories/ ![](https://file.jishuzhan.net/article/1751791037010939905/81ed881aa19614212f6110847b6b1f69.webp) 添加2个nginx"外部"服务的容器,使用本地私有仓库 ![](https://file.jishuzhan.net/article/1751791037010939905/4773d9e67a5b1efa34e5bcf82f9b8ee7.webp) ![](https://file.jishuzhan.net/article/1751791037010939905/8d0916f81568157dd7958c476bcd5c22.webp) ![](https://file.jishuzhan.net/article/1751791037010939905/ba231631c4901ec116750a85f947e3d1.webp) Failed to pull image "172.20.26.198:5000/nginx:latest": Get https://172.20.26.198:5000/v1/_ping: http: server gave HTTP response to HTTPS client Error syncing pod, skipping: failed to "StartContainer" for "nginx" with ErrImagePull: "Get https://172.20.26.198:5000/v1/_ping: http: server gave HTTP response to HTTPS client" 以上错误原因是在172.20.26.210节点上daemon.json文件里要指定本地私有仓库的地址, vim /etc/docker/daemon.json ![](https://file.jishuzhan.net/article/1751791037010939905/2fd021bfe4f08bd1e601931892f550be.webp) 执行以下命令,重启相关服务 for I in kube-proxy kubelet flanneld docker do systemctl restart $I systemctl enable $I done service iptables stop;iptables -P FORWARD ACCEPT 回到k8sweb界面,查看错误状态是否已消失 ![](https://file.jishuzhan.net/article/1751791037010939905/d344ccf04cd00bdab8fb2b5e50c239b9.webp) **故障问题:** 用Dockerfile 做了个镜像,改了tag号,push 到本地仓库,提示连接被拒绝 ![](https://file.jishuzhan.net/article/1751791037010939905/55bb1213be0e2b202eb3ac21622d6739.webp) **解决:** docker run -itd -p 5000:5000 -v /data/registry:/var/lib/registry docker.io/registry docker ps docker push 172.20.26.198:5000/centos7-nginx:v2 ![](https://file.jishuzhan.net/article/1751791037010939905/44e0a6e33443de68ebc636757323aa30.webp) 创建部署外部nginx主机 ![](https://file.jishuzhan.net/article/1751791037010939905/869c1181b2e5939754b8073cc01fcae5.webp) ![](https://file.jishuzhan.net/article/1751791037010939905/cfb5cbef6a217032441a949d114426cf.webp) ![](https://file.jishuzhan.net/article/1751791037010939905/621b2fd86edad1a3a0aa868ed1c12197.webp) **故障问题:** ![](https://file.jishuzhan.net/article/1751791037010939905/d29eb8b433b5bba2fbebe7b524e0e6f4.webp) ![](https://file.jishuzhan.net/article/1751791037010939905/692bbc38044f46a6bfbfa7230933ebe4.webp) **故障问题** ![](https://file.jishuzhan.net/article/1751791037010939905/71955daedc9e63b8da2066ee4e192d86.webp) **Master** **、Minion端排查解决:** Master端: 1、ps -ef \| grep kube 查看kube-apiserver、kube-controller-manager、kube-scheduler服务 2、 ps -ef \|grep flanneld 查看flanneld的状态 3、ifconfig 查看网卡地址情况(是否有flannel0地址) Minion端: 1、ps -ef \|grep kube 查看kubelet、kube-proxy服务 2、ps -ef \|grep docker 查看Docker状态 3、 ps -ef \|grep flanneld 查看flanneld的状态 4、iptables -t filter -L -n 查看是否是Chain FORWARD (policy ACCEPT)状态,如不是,执行iptables -P FORWARD ACCEPT命令

相关推荐
armcsdn8 小时前
基于Docker Compose部署Traccar容器与主机MySQL的完整指南
mysql·docker·容器
铅笔侠_小龙虾10 小时前
Docker 实战 -- Mysql
mysql·docker·容器
阿里云云原生10 小时前
Higress MCP 服务管理,助力构建私有 MCP 市场
云原生
IvanCodes10 小时前
三、Docker常用命令
docker·容器
zzywxc78711 小时前
云原生 Serverless 架构下的智能弹性伸缩与成本优化实践
云原生·架构·serverless
海星船长丶12 小时前
基于docker进行渗透测试环境的快速搭建(在ubantu中docker设置代理)
运维·docker·容器
KubeSphere 云原生12 小时前
Higress 上架 KubeSphere Marketplace,助力企业构建云原生流量入口
云原生
AKAMAI17 小时前
在Akamai平台上进行VOD转码的参考架构
后端·云原生·云计算