Centos7.9使用kubeadm部署K8S集群
使用kubeadm部署一个k8s集群,单master+2worker节点。
1. 环境信息
- 操作系统:CentOS 7.9.2009
- 内存: 2GB
- CPU: 2
- 网络: 能够互访,能够访问互联网
hostname | ip | 备注 |
---|---|---|
k8s-master | 192.168.0.51 | master |
k8s-node1 | 192.168.0.52 | worker |
k8s-node2 | 192.168.0.53 | worker |
2. 准备工作
在所有节点(包括 Master 和 Worker 节点)上执行以下步骤。
2.1 linux基础配置
sh
# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 关闭 swap
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 关闭 selinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
# 设置时区
timedatectl set-timezone Asia/Shanghai
# 时间同步
yum -y install ntpdate
ntpdate time.windows.com
hwclock --systohc
# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 生效
2.2 安装 Docker
shell
# 添加镜像源
curl https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
# 查看docker-ce的版本列表
yum list docker-ce --showduplicates | sort -r
# 安装20.10
yum -y install docker-ce-20.10.6-3.el7
systemctl start docker
systemctl enable docker
# 换成阿里Docker仓库
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://wnsrsn9i.mirror.aliyuncs.com"]
}
EOF
# 重启配置生效
systemctl restart docker
docker info
...
Registry Mirrors:
https://wnsrsn9i.mirror.aliyuncs.com/
...
2.3 安装 kubeadm、kubelet 和 kubectl
shell
# 添加镜像源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 查看支持的版本
yum list kubelet --showduplicates | sort -r
# 安装
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
# 配置kubelet服务自启动
systemctl enable kubelet
3. 部署k8s集群
设置hosts:
shell
# 设置主机名
hostnamectl set-hostname k8s-master # k8s-node1 / k8s-node2
hostname
# 配置 hosts(只在master执行)
cat >> /etc/hosts << EOF
192.168.0.51 k8s-master
192.168.0.52 k8s-node1
192.168.0.53 k8s-node2
EOF
初始化master:
shell
# 运行初始化命令,apiserver地址为master地址
kubeadm init \
--apiserver-advertise-address=192.168.0.51 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.18.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
...
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.0.51:6443 --token fxaizi.pb73yzhubpffc9zf \
--discovery-token-ca-cert-hash sha256:95b842305c484ffcdcf3d5ccdeb5ada6ee89f418e77709138b491654e88c88ed
...
# 初始化成功后,按照提示执行如下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 查看节点列表,此时节点状态为NotReady
kubectl get nodes
初始化worker:
shell
kubeadm join 192.168.0.51:6443 --token fxaizi.pb73yzhubpffc9zf \
--discovery-token-ca-cert-hash sha256:95b842305c484ffcdcf3d5ccdeb5ada6ee89f418e77709138b491654e88c88ed
master部署网络插件:
shell
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl get pods -n kube-system # 查看运行状态
如果无法下载,手动创建kube-flannel.yml,内容如下:
yaml
---
kind: Namespace
apiVersion: v1
metadata:
name: kube-flannel
labels:
k8s-app: flannel
pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: flannel
name: flannel
namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-flannel
labels:
tier: node
k8s-app: flannel
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"EnableNFTables": false,
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-flannel
labels:
tier: node
app: flannel
k8s-app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
image: docker.io/flannel/flannel-cni-plugin:v1.4.1-flannel1
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
image: docker.io/flannel/flannel:v0.25.4
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: docker.io/flannel/flannel:v0.25.4
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
部署flannel会拉取两个镜像,国内网络环境有时候无法顺利拉取,可以从其他地方获取后离线导入当前环境:
shell
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
flannel/flannel v0.25.4 e6c43605b714 18 hours ago 81MB
flannel/flannel-cni-plugin v1.4.1-flannel1 1e3c860c213d 7 weeks ago 10.3MB
4. 创建测试应用
shell
# 创建一个nginx应用,并暴露到节点外部
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
# 查看部署的应用
kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-f89759699-j9lnv 1/1 Running 0 30s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 34m
service/nginx NodePort 10.102.197.201 <none> 80:30510/TCP 19s
通过k8s节点ip+30510端口即可访问nginx。