k8s集群部署

集群结构

角色	IP
master	192.168.35.135
node1	192.168.35.136
node2	192.168.35.137

部署

#需在三台主机上操作
//关闭防火墙
[root@master ~]# systemctl disable --now firewalld//关闭selinux
[root@master ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config//关闭swap分区
[root@master ~]# vim /etc/fstab
注释掉swap分区就行//设置主机名
[root@master ~]# hostnamectl set-hostname master.example.com//添加host
[root@master ~]# cat >> /etc/hosts << EOF
192.168.35.135 master master.example.com
192.168.35.136 node1 node1.example.com
192.168.35.137 node2 node2.example.com
EOF//将桥接的IPv4流量传递到iptables的链
[root@master ~]# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[root@master ~]#  sysctl --system  #生效//时间同步
[root@master ~]# yum -y install chrony
[root@master ~]# systemctl enable --now chronyd//免密认证[root@master ~]# ssh-keygen -t rsa
[root@master ~]# ssh-copy-id master
[root@master ~]# ssh-copy-id node1
[root@master ~]# ssh-copy-id node2// 重启主机，使上面的一些配置生效
[root@master ~]# reboot

在所有节点安装 Docker/kubeadm/kubelet

Kubernetes默认CRI（容器运⾏时）为Docker，因此先安装Docker。

安装Docker

[root@master ~]# cat > /etc/yum.repos.d/docker-ce.repo << EOF
[Docker-ce]
name=Docker-ce
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/8/x86_64/stable/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
EOF
[root@master ~]# yum -y install docker-ce
[root@master ~]# systemctl enable --now docker
[root@master ~]# cat > /etc/docker/daemon.json << EOF
{"registry-mirrors": ["https://kmny1apu.mirror.aliyuncs.com"],"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"storage-driver": "overlay2"
}
EOF

添加kubernetes阿⾥云YUM软件源

[root@master ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装kubeadm，kubelet和kubectl

由于版本更新频繁，这⾥指定版本号部署：

[root@master ~]# yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0
[root@master ~]# systemctl enable kubelet

部署Kubernetes

在master执行

[root@master ~]# kubeadm init \--apiserver-advertise-address=192.168.35.135 \--image-repository registry.aliyuncs.com/google_containers \--kubernetes-version v1.20.0 \--service-cidr=10.96.0.0/12 \--pod-network-cidr=10.244.0.0/16// 记录下面的这些东西，后面会用到
kubeadm join 192.168.35.135:6443 --token mwi5m0.3kbhf6mxg703sagu \--discovery-token-ca-cert-hash sha256:d0dc18109262c5592f79cb200d8bb12da523fc75df6fa7bd59be

由于默认拉取镜像地址k8s.gcr.io国内⽆法访问，这⾥指定阿⾥云镜像仓库地址。

使⽤kubectl⼯具：

[root@master ~]# mkdir -p $HOME/.kube
root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# kubectl get nodes
NAME                 STATUS     ROLES                  AGE     VERSION
master.example.com   NotReady   control-plane,master   4m49s   v1.20.0

安装Pod网络插件

[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

确保能够访问到quay.io这个registery。

加⼊Kubernetes Node

在192.168.35.136、192.168.35.137上（Node）执⾏。

向集群添加新节点，执⾏在kubeadm init输出的kubeadm join命令

kubeadm join 192.168.35.135:6443 --token mwi5m0.3kbhf6mxg703sagu \--discovery-token-ca-cert-hash sha256:d0dc18109262c5592f79cb200d8bb12da523fc75df6fa7bd59be

测试kubernetes集群

[root@master ~]# kubectl get nodes
NAME                 STATUS   ROLES                  AGE   VERSION
master.example.com   Ready    control-plane,master   17m   v1.20.0
node1.example.com    Ready    <none>                 89s   v1.20.0
node2.example.com    Ready    <none>                 82s   v1.20.0在Kubernetes集群中创建⼀个pod，验证是否正常运⾏
[root@master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@master ~]#  kubectl get pod,svc
NAME                         READY   STATUS              RESTARTS   AGE
pod/nginx-6799fc88d8-hbj7q   0/1     ContainerCreating   0          14s
NAME                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.96.0.1     <none>        443/TCP        19m
service/nginx        NodePort    10.98.72.65   <none>        80:31040/TCP   5s