linux上部署K8S集群
生活随笔
收集整理的這篇文章主要介紹了
linux上部署K8S集群
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
部署K8S集群
服務器硬件要求:三臺虛擬機服務器,操作系統都為centos;
? 硬盤最低配置:內存2GB,CPU2核,硬盤30GB。
master 192.168.200.110
node1 192.168.200.120
node2 192.168.200.130
系統初始化
- 關閉防火墻,禁止開機自啟
- 關閉selinux
- 關閉swap分區
- 設置主機名
- 在每個節點添加hosts
- 將橋接的IPv4流量傳遞到iptables的鏈;(三臺服務配置一樣)有一些ipv4的流量不能走iptables鏈【linux內核的一個過濾器,每個流量都會經過他,然后再匹配是否可進入當前應用進程去處理】,導致流量丟失
- 每個節點添加時間同步
-
在每個節點安裝ipset和ipvsadm:(ipset是iptables的擴展,允許你創建匹配整個地址sets(地址集合)的規則。而不像普通的iptables鏈是線性的存儲和過濾,ipvsadm命令功能:用于 設置,維護,檢查Linux內核中的虛擬服務表)
[root@node2 ~]# yum -y install ipset ipvsadm 安裝ipset和ipsadm [root@master ~]# cat > /etc/sysconfig/modules/ipvs.modules <<EOF 配置文件 > #!/bin/bash > modprobe -- ip_vs > modprobe -- ip_vs_rr > modprobe -- ip_vs_wrr > modprobe -- ip_vs_sh > modprobe -- nf_conntrack_ipv4 > EOF ## 授權、運行、檢查是否加載: [root@master ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules &&bash/etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4三臺節點安裝docker K8s
默認CRI(容器運行時)為Docker,因此需要先安裝Docker!
- 獲取阿里云鏡像
所有節點都要配置kubeadm,kubelet,kubectl鏡像
kubelet:運行在集群所有節點上,負責啟動POD和容器kubeadm:用于初始化集群kubectl:kubenetes命令行工具,通過kubectl可以部署和管理應用,查看各種資源,創建,刪除和更新組件– apiserver-advertise-address 集群通告地址
– image-repository 由于默認拉取鏡像地址k8s.gcr.io國內無法訪問,這里指定阿里云鏡像倉庫地址
– kubernetes-version K8s版本,與上面安裝的一致
– service-cidr 集群內部虛擬網絡,Pod統一訪問入口
– pod-network-cidr Pod網絡,與下面部署的CNI網絡組件yaml中保持一致
拷貝k8s認證文件
安裝pod網絡
[root@master flannel]# wget https://docs.projectcalico.org/v3.20/manifests/calico.yaml --no-check-certificate[root@master flannel]# kubectl apply -f calico.yaml configmap/calico-config unchanged customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org configured customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org configured customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org configured customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org configured ##驗證集群及組件 [root@master flannel]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready control-plane,master 11h v1.23.0 node1 Ready <none> 11h v1.23.0 node2 Ready <none> 11h v1.23.0 [root@master flannel]# kubectl get pods --namespace kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-7c845d499-n6kv4 1/1 Running 0 9m41s calico-node-85rhs 1/1 Running 0 9m41s calico-node-d4n4q 1/1 Running 0 9m41s calico-node-zqjtn 1/1 Running 0 9m41s coredns-6d8c4cb4d-l78gv 1/1 Running 0 12h coredns-6d8c4cb4d-r6mvw 1/1 Running 0 12h etcd-master 1/1 Running 0 12h kube-apiserver-master 1/1 Running 0 12h kube-controller-manager-master 1/1 Running 2 (11h ago) 12h kube-proxy-9wbvj 1/1 Running 0 12h kube-proxy-g72xh 1/1 Running 2 (11h ago) 11h kube-proxy-w54v6 1/1 Running 0 11h kube-scheduler-master 1/1 Running 1 (11h ago) 12h [root@master flannel]# kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 12h [root@master flannel]# kubectl get svc --namespace kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 12h測試kubernetes集群
在Kubernetes集群中創建一個pod,驗證是否正常運行:以nginx為例子
[root@master flannel]# kubectl create deployment nginx --image=nginx deployment.apps/nginx created [root@master flannel]# kubectl expose deployment nginx --port=88 --type=NodePort --target-port=80 --name=nginx-service service/nginx-service exposed [root@master flannel]# kubectl get pod,svc 顯示正常運行 NAME READY STATUS RESTARTS AGE pod/nginx-85b98978db-6685d 1/1 Running 0 90sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 12h service/nginx-service NodePort 10.105.133.186 <none> 88:31441/TCP 9s [root@master flannel]# curl http://192.168.200.110:31441 從任意一個主機訪問 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p><p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p> </body> </html>至此,我們已經成功部署了一個nginx的deployment,deployment控制對應的pod的生命周期,service則對外提供相應的服務。
[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-5CsLjGo1-1665476260040)(C:\Users\十七\AppData\Roaming\Typora\typora-user-images\image-20220504134146103.png)]
部署Dashboard
[root@master ~]# wget http://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml --2022-05-04 13:45:55-- http://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml 正在解析主機 raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.108.133, 185.199.110.133, 185.199.111.133, ... 正在連接 raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:80... 已連接。 已發出 HTTP 請求,正在等待回應... 301 Moved Permanently 位置:https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml [跟隨至新的 URL] --2022-05-04 13:45:55-- https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml 正在連接 raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:443... 已連接。 已發出 HTTP 請求,正在等待回應... 200 OK 長度:7543 (7.4K) [text/plain] 正在保存至: “recommended.yaml”100%[==================================================================================================================================================>] 7,543 --.-K/s 用時 0s 2022-05-04 13:45:56 (28.6 MB/s) - 已保存 “recommended.yaml” [7543/7543])默認Dashboard只能集群內部訪問,修改Service為NodePort類型,暴露到外部: [root@master ~]# vi recommended.yaml spec:ports:- port: 443targetPort: 8443nodePor:30001 可以添加nodePort指定端口,然后訪問地址,必須火狐瀏覽器用https打開:https://NodeIP:30001selector:k8s-app: kubernetes-dashboardtype: NodePort --- [root@master ~]# kubectl apply -f recommended.yaml 配置文件一定要注意空格那些 namespace/kubernetes-dashboard unchanged serviceaccount/kubernetes-dashboard unchanged service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created [root@master ~]# kubectl get pods,svc -n kube-system NAME READY STATUS RESTARTS AGE pod/calico-kube-controllers-7c845d499-n6kv4 1/1 Running 0 64m pod/calico-node-85rhs 1/1 Running 0 64m pod/calico-node-d4n4q 1/1 Running 0 64m pod/calico-node-zqjtn 1/1 Running 0 64m pod/coredns-6d8c4cb4d-l78gv 1/1 Running 0 12h pod/coredns-6d8c4cb4d-r6mvw 1/1 Running 0 12h pod/etcd-master 1/1 Running 0 12h pod/kube-apiserver-master 1/1 Running 0 12h pod/kube-controller-manager-master 1/1 Running 2 (12h ago) 12h pod/kube-proxy-9wbvj 1/1 Running 0 12h pod/kube-proxy-g72xh 1/1 Running 2 (12h ago) 12h pod/kube-proxy-w54v6 1/1 Running 0 12h pod/kube-scheduler-master 1/1 Running 1 (12h ago) 12hNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 12h [root@master ~]# kubectl get pods -n kubernetes-dashboard 全部為運行狀態 NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-799d786dbf-djzvj 1/1 Running 0 4m37s kubernetes-dashboard-6b6b86c4c5-p5s2r 1/1 Running 0 4m37s 瀏覽器登錄,IP前一定要加https,直接加i會提示客戶端向HTTPS服務器發送了一個HTTP請求。創建service account并綁定默認cluster-admin管理員集群角色:
[root@master ~]# kubectl create serviceaccount dashboard-admin -n kube-system 創建用戶 serviceaccount/dashboard-admin created [root@master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin 用戶授權 clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created [root@master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') 獲取token Name: dashboard-admin-token-qdpxb Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-adminkubernetes.io/service-account.uid: db6fba8a-b8c4-466d-88f5-8cc081520de4Type: kubernetes.io/service-account-tokenData ==== ca.crt: 1099 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImFZb0RUWmJvYi11SC1WZDhYX2pjaldJczFzQTdNckZiSmRFWUY5c3poRHcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcWRweGIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZGI2ZmJhOGEtYjhjNC00NjZkLTg4ZjUtOGNjMDgxNTIwZGU0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Kg88J8bsP_6aF01i8l2V1VCbXH8dAKA99AlcR0qkZy6zCgwwfN1iACp36L8sVTqO6e_r-ZLbTWfQ2ex2c1b9cCpaTd1rWJmnjtEi1YRQM4-JehhAnfKmCphbAd5yATOtn7Ew79NCIQ_v5TEgw8YzI50hDhaE62c3fPlXoorPctnSAwMHQznRp4s21I2Ewvb1tC4nVTaxFb-ajVcA5EdKziao901LbM6tIOtvMQ8barOQEyrkvv7O1yyDsCPGZ9kuy53Qrk97JG8sUuBG3nhMdkhsT9pRX98J597a_TMNPrau4q2RRhTjJc2q0Zibbj6F_Py_9Z87SdNXi6V4ke8loQ使用輸出的token登錄Dashboard。總結
以上是生活随笔為你收集整理的linux上部署K8S集群的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: WMS系统
- 下一篇: 阿里云linux系统目录结构