【20140317】k8s学习-基础环境配置

之前学习k8s做的笔记,迁过来掘金存档o( ̄▽ ̄)o

环境

VMware虚拟主机2台(双核4G内存)、CentOS7.9。

步骤

以下步骤没有特殊标明的,不管是作为master还是node的服务器都要做。

静态ip配置

为了在局域网内使用xshell连接虚拟机,也为了几台虚拟机可以相互ping通,可以利用VMWare的每台虚拟机分配一个局域网地址。步骤如下:

VMWare的虚拟机属性->网络连接采用桥接模式:

bash 复制代码
vi /etc/sysconfig/network-scripts/ifcfg-ens33

修改完重启网络服务就可以了:

systemctl restart network

修改主机名

修改主机名并添加到本地hosts文件:

bash 复制代码
# 修改 hostname
hostnamectl set-hostname xxx
# 查看修改结果
hostnamectl status
# 设置 hostname 解析
echo "127.0.0.1   $(hostname)" >> /etc/hosts

配置yum源

由于谷歌的服务国内访问不了,需要配置镜像源:

ini 复制代码
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
repo_gpgcheck=0
exclude=kube*
EOF

# 刷新yum缓存

yum makecache
yum clean all

配置主机环境

停用防火墙:

arduino 复制代码
systemctl stop firewalld
systemctl disable firewalld

禁用selinux:

arduino 复制代码
sed -i 's/enforcing/disabled/' /etc/selinux/config 
setenforce 0

关闭swap:

bash 复制代码
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab 

时间同步:

yum install ntpdate -y
ntpdate ntp.aliyun.com

网络配置调整:

bash 复制代码
echo "net.ipv4.ip_forward = 1">> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-ip6tables = 1">> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-iptables = 1">> /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1">> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1">> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1">> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding = 1">> /etc/sysctl.conf	
sysctl -p /etc/sysctl.conf 

安装相关软件

安装docker

bash 复制代码
# 添加官方yum源
yum-config-manager --add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

yum install docker-ce-19.03.9 docker-ce-cli-19.03.9 containerd.io

systemctl start docker
# 开机自启动
systemctl enable docker

下面是官方文档的描述:

由于 kubeadm 把 kubelet 视为一个系统服务来管理,所以对基于 kubeadm 的安装, 我们推荐使用 systemd 驱动,不推荐 cgroupfs 驱动。

因此,我们需要修改docker的cgroup driver为systemd,顺便配置一下docker镜像仓库源:

bash 复制代码
vi /etc/docker/daemon.json

如果文件为空直接新建json对象:

json 复制代码
{
  "registry-mirrors": ["http://hub-mirror.c.163.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}

如果原本有数据的话就加上上面两项,之后重启docker就好了:

systemctl restart docker 

安装kubelet/kubeadm/kubectl

由于K8S1.24版本默认移除 docker 的依赖,所以我们安装1.23版本的k8s:

ini 复制代码
# 卸载旧版本
yum remove -y kubelet kubeadm kubectl

yum install -y kubelet-1.23.1 kubeadm-1.23.1 kubectl-1.23.1  --disableexcludes=kubernetes

# 开机自启动
systemctl enable kubelet

初始化master节点并添加node节点

在充当master的服务器中执行:

ini 复制代码
# 配置国内镜像源
kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers
# 安装K8S
kubeadm init \
  --kubernetes-version=v1.23.1 \
  --pod-network-cidr=10.244.0.0/16 \
  --image-repository registry.aliyuncs.com/google_containers

初始化成功后会有对应的kubeconfig如下:

复制到node节点执行即可。

安装Flannel

Flannel是 CoreOS 团队针对 Kubernetes 设计的一个覆盖网络(Overlay Network)工具,其目的在于帮助每一个使用 Kuberentes 的 CoreOS 主机拥有一个完整的子网,简单来说,它的功能是让集群中的不同节点主机创建的Docker容器都具有全集群唯一的虚拟IP地址。

该安装步骤仅需要在充当master的机器上执行。

首先创建flannel.yml:

ruby 复制代码
wget -c https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

由于github在国内被dns污染,所以需要通过本地host或代理下载这个文件,比较麻烦。可以复制下面的代码到根目录自行创建:

flannel.yml:(已更换镜像源)

yaml 复制代码
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: psp.flannel.unprivileged
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
  privileged: false
  volumes:
  - configMap
  - secret
  - emptyDir
  - hostPath
  allowedHostPaths:
  - pathPrefix: "/etc/cni/net.d"
  - pathPrefix: "/etc/kube-flannel"
  - pathPrefix: "/run/flannel"
  readOnlyRootFilesystem: false
  # Users and groups
  runAsUser:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  # Privilege Escalation
  allowPrivilegeEscalation: false
  defaultAllowPrivilegeEscalation: false
  # Capabilities
  allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
  defaultAddCapabilities: []
  requiredDropCapabilities: []
  # Host namespaces
  hostPID: false
  hostIPC: false
  hostNetwork: true
  hostPorts:
  - min: 0
    max: 65535
  # SELinux
  seLinux:
    # SELinux is unused in CaaSP
    rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: flannel
rules:
- apiGroups: ['extensions']
  resources: ['podsecuritypolicies']
  verbs: ['use']
  resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes/status
  verbs:
  - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: flannel
  namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-system
  labels:
    tier: node
    app: flannel
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "Backend": {
        "Type": "vxlan"
      }
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
      hostNetwork: true
      priorityClassName: system-node-critical
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: jmgao1983/flannel:latest
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: jmgao1983/flannel:latest
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
            add: ["NET_ADMIN", "NET_RAW"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
      - name: run
        hostPath:
          path: /run/flannel
      - name: cni
        hostPath:
          path: /etc/cni/net.d
      - name: flannel-cfg
        configMap:
          name: kube-flannel-cfg

前面我们以及配置了docker的源,所以上面的配置文件中的镜像地址改成用docker search找到的镜像地址就可以了:

接着安装Flannel:

kubectl apply -f kube-flannel.yml 

到了这一步可能会有报错:

这时候需要设置环境变量:

bash 复制代码
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile

设置以后在执行上述命令就没问题了:

可以通过一下命令查看对应的pod的运行情况:

arduino 复制代码
kubectl get pod -A

在过一段时间之后状态会变成下面这样:

至此,K8s基础环境搭建完成。

相关推荐
Youkiup几秒前
【linux 常用命令】
linux·运维·服务器
qq_297504614 分钟前
【解决】Linux更新系统内核后Nvidia-smi has failed...
linux·运维·服务器
_oP_i9 分钟前
.NET Core 项目配置到 Jenkins
运维·jenkins·.netcore
weixin_4373982117 分钟前
Linux扩展——shell编程
linux·运维·服务器·bash
小燚~19 分钟前
ubuntu开机进入initramfs状态
linux·运维·ubuntu
小林熬夜学编程26 分钟前
【Linux网络编程】第十四弹---构建功能丰富的HTTP服务器:从状态码处理到服务函数扩展
linux·运维·服务器·c语言·网络·c++·http
上海运维Q先生31 分钟前
面试题整理15----K8s常见的网络插件有哪些
运维·网络·kubernetes
hhhhhhh_hhhhhh_40 分钟前
ubuntu18.04连接不上网络问题
linux·运维·ubuntu
冷心笑看丽美人1 小时前
探秘 DNS 服务器:揭开域名解析的神秘面纱
linux·运维·服务器·dns
wenxiaocsdn1 小时前
某科技局国产服务器PVE虚拟化技术文档
运维·服务器