8s的架构
一个kubernetes集群主要是由控制节点(master)、工作节点(node)构成,每个节点上都会安装不同的组件
1 master:集群的控制平面,负责集群的决策
ApiServer : 资源操作的唯一入口,接收用户输入的命令,提供认证、授权、API注册和发现等机制
Scheduler : 负责集群资源调度,按照预定的调度策略将Pod调度到相应的node节点上
ControllerManager : 负责维护集群的状态,比如程序部署安排、故障检测、自动扩展、滚动更新等
Etcd :负责存储集群中各种资源对象的信息
2 node:集群的数据平面,负责为容器提供运行环境
kubelet:负责维护容器的生命周期,同时也负责Volume(CVI)和网络(CNI)的管理
Container runtime:负责镜像管理以及Pod和容器的真正运行(CRI)
kube-proxy:负责为Service提供cluster内部的服务发现和负载均衡
说明
一台虚拟机做master,IP为172.25.254.100
两台为node节点,IP为172.25.254.10和172.25.254.20
hub仓库的IP为172.25.254.200
安装k8s部署工具
在k8s-master上安装kubelet,kubeadm,kubectl
下载并安装docker
剩余可直接传输
在三台主机上配置解析
测试
配置认证
cpp
[root@k8smaster ~]# mkdir -p /etc/docker/certs.d/reg.mqw.org/
cpp
[root@hub harbor]# scp /data/certs/mqw.org.crt root@172.25.254.100:/etc/docker/certs.d/reg.mqw.org/ca.crt
root@172.25.254.100's password:
mqw.org.crt 100% 2114 1.5MB/s 00:00 指定docker默认的dockers仓库
cpp
[root@k8smaster ~]# cd /etc/docker/
[root@k8smaster docker]# vim daemon.json
{ "registry-mirrors": ["https://reg.mqw.org"] }启动docker
激活
查看docker info
在两台主机加载模块
启动docker
配置k8s
安装插件,三台都要
安装
指定网络插件
启动
启动kubelet
在master节点拉取K8S所需镜像
cpp
[root@k8smaster ~]# kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.30.0 --cri-socket=unix:///var/run/cri-dockerd.sock在hub创建一个名为k8s的项目
打上标签后上传
cpp
[root@k8smaster ~]# docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.30.0 reg.mqw.org/k8s/kube-apiserver:v1.30.0
[root@k8smaster ~]# docker push reg.mqw.org/k8s/kube-apiserver:v1.30.0
[root@k8smaster ~]# docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.30.0 reg.mqw.org/k8s/kube-controller-manager:v1.30.0
[root@k8smaster ~]# docker push reg.mqw.org/k8s/kube-controller-manager:v1.30.0
[root@k8smaster ~]# docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.30.0 reg.mqw.org/k8s/kube-scheduler:v1.30.0
[root@k8smaster ~]# docker push reg.mqw.org/k8s/kube-scheduler:v1.30.0
[root@k8smaster ~]# docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.30.0 reg.mqw.org/k8s/kube-proxy:v1.30.0
[root@k8smaster ~]# docker push reg.mqw.org/k8s/kube-proxy:v1.30.0
[root@k8smaster ~]# docker tag registry.aliyuncs.com/google_containers/coredns:v1.11.3 reg.mqw.org/k8s/coredns:v1.11.3
[root@k8smaster ~]# docker push reg.mqw.org/k8s/coredns:v1.11.3
[root@k8smaster ~]# docker tag registry.aliyuncs.com/google_containers/pause:3.9 reg.mqw.org/k8s/pause:3.9
[root@k8smaster ~]# docker push reg.mqw.org/k8s/pause:3.9
[root@k8smaster ~]# docker tag registry.aliyuncs.com/google_containers/etcd:3.5.15-0 reg.mqw.org/k8s/etcd:3.5.15-0
[root@k8smaster ~]# docker push reg.mqw.org/k8s/etcd:3.5.15-0上传结果
集群
配置
指定集群变量
cpp
[root@k8smaster ~]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
[root@k8smaster ~]# source ~/.bash_profile 设置补齐功能
cpp
[root@k8smaster ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc
[root@k8smaster ~]# source ~/.bashrc加载网络插件
创建项目后上传
cpp
[root@k8smaster ~]# docker tag flannel/flannel:v0.25.5 reg.mqw.org/flannel/flannel:v0.25.5
[root@k8smaster ~]# docker push reg.mqw.org/flannel/flannel:v0.25.5
[root@k8smaster ~]# docker tag flannel/flannel-cni-plugin:v1.5.1-flannel1 reg.mqw.org/flannel/flannel-cni-plugin:v1.5.1-flannel1
[root@k8smaster ~]# docker push reg.mqw.org/flannel/flannel-cni-plugin:v1.5.1-flannel1显示
安装flannel网络插件
cpp
[root@k8smaster ~]# kubectl apply -f kube-flannel.yml
namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created复制集群token到node中执行,即可加入
k8s-node和2 上复制完,在最后添加--cri-socket=unix:///var/run/cri-dockerd.sock
两台主机上启动服务i
查看是否配置成功
测试
