之前学习k8s做的笔记,迁过来掘金存档o( ̄▽ ̄)o
环境
VMware虚拟主机2台(双核4G内存)、CentOS7.9。
步骤
以下步骤没有特殊标明的,不管是作为master还是node的服务器都要做。
静态ip配置
为了在局域网内使用xshell连接虚拟机,也为了几台虚拟机可以相互ping通,可以利用VMWare的每台虚拟机分配一个局域网地址。步骤如下:
VMWare的虚拟机属性->网络连接采用桥接模式:
bash
vi /etc/sysconfig/network-scripts/ifcfg-ens33
修改完重启网络服务就可以了:
systemctl restart network修改主机名
修改主机名并添加到本地hosts文件:
bash
# 修改 hostname
hostnamectl set-hostname xxx
# 查看修改结果
hostnamectl status
# 设置 hostname 解析
echo "127.0.0.1 $(hostname)" >> /etc/hosts配置yum源
由于谷歌的服务国内访问不了,需要配置镜像源:
ini
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
repo_gpgcheck=0
exclude=kube*
EOF
# 刷新yum缓存
yum makecache
yum clean all配置主机环境
停用防火墙:
arduino
systemctl stop firewalld
systemctl disable firewalld禁用selinux:
arduino
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0关闭swap:
bash
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab 时间同步:
yum install ntpdate -y
ntpdate ntp.aliyun.com网络配置调整:
bash
echo "net.ipv4.ip_forward = 1">> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-ip6tables = 1">> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-iptables = 1">> /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6 = 1">> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1">> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1">> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding = 1">> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf 安装相关软件
安装docker
bash
# 添加官方yum源
yum-config-manager --add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce-19.03.9 docker-ce-cli-19.03.9 containerd.io
systemctl start docker
# 开机自启动
systemctl enable docker下面是官方文档的描述:
由于 kubeadm 把 kubelet 视为一个系统服务来管理,所以对基于 kubeadm 的安装, 我们推荐使用 systemd 驱动,不推荐 cgroupfs 驱动。
因此,我们需要修改docker的cgroup driver为systemd,顺便配置一下docker镜像仓库源:
bash
vi /etc/docker/daemon.json如果文件为空直接新建json对象:
json
{
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}如果原本有数据的话就加上上面两项,之后重启docker就好了:
systemctl restart docker 安装kubelet/kubeadm/kubectl
由于K8S1.24版本默认移除 docker 的依赖,所以我们安装1.23版本的k8s:
ini
# 卸载旧版本
yum remove -y kubelet kubeadm kubectl
yum install -y kubelet-1.23.1 kubeadm-1.23.1 kubectl-1.23.1 --disableexcludes=kubernetes
# 开机自启动
systemctl enable kubelet初始化master节点并添加node节点
在充当master的服务器中执行:
ini
# 配置国内镜像源
kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers
# 安装K8S
kubeadm init \
--kubernetes-version=v1.23.1 \
--pod-network-cidr=10.244.0.0/16 \
--image-repository registry.aliyuncs.com/google_containers初始化成功后会有对应的kubeconfig如下:
复制到node节点执行即可。
安装Flannel
Flannel是 CoreOS 团队针对 Kubernetes 设计的一个覆盖网络(Overlay Network)工具,其目的在于帮助每一个使用 Kuberentes 的 CoreOS 主机拥有一个完整的子网,简单来说,它的功能是让集群中的不同节点主机创建的Docker容器都具有全集群唯一的虚拟IP地址。
该安装步骤仅需要在充当master的机器上执行。
首先创建flannel.yml:
ruby
wget -c https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml由于github在国内被dns污染,所以需要通过本地host或代理下载这个文件,比较麻烦。可以复制下面的代码到根目录自行创建:
flannel.yml:(已更换镜像源)
yaml
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp.flannel.unprivileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unused in CaaSP
rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: jmgao1983/flannel:latest
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: jmgao1983/flannel:latest
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg前面我们以及配置了docker的源,所以上面的配置文件中的镜像地址改成用docker search找到的镜像地址就可以了:
接着安装Flannel:
kubectl apply -f kube-flannel.yml 到了这一步可能会有报错:
这时候需要设置环境变量:
bash
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile设置以后在执行上述命令就没问题了:
可以通过一下命令查看对应的pod的运行情况:
arduino
kubectl get pod -A在过一段时间之后状态会变成下面这样:
至此,K8s基础环境搭建完成。