K8S實踐Ⅰ(集羣安裝配置)

原創 一語成讖灬 2020-05-31 23:33

一、環境準備

1.關閉防火牆
2.關閉selinux
3.配置hosts

二、docker安裝

1.安裝yum管理軟件

yum install -y yum-utils device-mapper-persistent-data lvm2

2.添加yum源

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

3.查看可用版本

yum list docker-ce --showduplicates | sort -r

K8S實踐Ⅰ(集羣安裝配置)

4.安裝指定版本

yum -y install docker-ce-18.09.6

5.配置國內鏡像加速

cat /etc/docker/daemon.json 
{
"registry-mirrors": ["https://registry.docker-cn.com" ]
}

其他鏡像加速器

6.啓動服務

systemctl start docker && systemctl enable docker

三、使用kubeadm安裝kubernetes集羣

1.添加yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2.臨時關閉swap

swapoff -a

Kubernetes 1.8 開始要求關閉系統的Swap,如果不關閉,默認配置下 kubelet 將無法啓動。可以通過修改 kubelet 的啓動參數/etc/sysconfig/kubelet中 --fail-swap-on=false 更改這個限制

3.安裝並啓動

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
#--disableexcludes=kubernetes  禁掉除了這個之外的別的倉庫

安裝指定版本:kubeadm-1.14.2

systemctl enable kubelet && systemctl start kubelet

4.更改swap限制

# cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=--fail-swap-on=false

5.kubeadm config

kubeadm config upload from-file 由配置文件上傳到集羣中生成ConfigMap
kubeadm config upload from-flags 由配置參數生成ConfigMap
kubeadm config view 查看當前集羣中的配置值
kubeadm config print init-defaults 輸出init-defaults默認參數文件內容
kubeadm config print join-defaults 輸出join-defaults默認參數文件內容
kubeadm config migrate 在新舊版本之間進行配置轉換
kubeadm config images list 列出所需鏡像列表
kubeadm config images pull 拉去鏡像到本地

#查看默認參數文件
kubeadm config print init-defaults

6.新建init-config.yaml文件定製鏡像倉庫地址和Pod地址段

# cat init-config.yaml 
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
imageRepository: docker.io/dustise
kubernetesVersion: v1.14.0
networking:
  podSubnet: "192.168.0.0/16"

7.下載所需鏡像

# kubeadm config images pull --config=init-config.yaml
[config/images] Pulled docker.io/dustise/kube-apiserver:v1.14.0
[config/images] Pulled docker.io/dustise/kube-controller-manager:v1.14.0
[config/images] Pulled docker.io/dustise/kube-scheduler:v1.14.0
[config/images] Pulled docker.io/dustise/kube-proxy:v1.14.0
[config/images] Pulled docker.io/dustise/pause:3.1
[config/images] Pulled docker.io/dustise/etcd:3.3.10
[config/images] Pulled docker.io/dustise/coredns:1.3.1

K8S實踐Ⅰ(集羣安裝配置)

8.安裝Master

# kubeadm init --config=init-config.yaml
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
~~~~~~

出現[WARNING IsDockerSystemdCheck],是由於docker的Cgroup Driver和kubelet的Cgroup Driver不一致導致的,此處選擇修改docker的和kubelet一致

# docker info | grep Cgroup
Cgroup Driver: cgroupfs

編輯文件/usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd
systemctl daemon-reload
systemctl restart docker
# docker info | grep Cgroup
Cgroup Driver: systemd

使用kubeadm reset重置主機狀態然後重新初始化

# kubeadm init --config=init-config.yaml
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
。。。。。。
。。。。。。
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 20.0.20.101:6443 --token dpgb7h.2svvjnyjc3xuzajk \
    --discovery-token-ca-cert-hash sha256:98d8815cce835d4913076c7a954012afec0bd6ad1116ab1020f02601361fc369

按照提示覆制配置文件到用戶目錄下

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

查看ConfigMap

# kubectl get -n kube-system configmap
NAME                                 DATA   AGE
coredns                              1      8m53s
extension-apiserver-authentication   6      8m57s
kube-proxy                           2      8m53s
kubeadm-config                       2      8m54s
kubelet-config-1.14                  1      8m54s

查看初始化情況

[root@K8S-1 .kube]# kubectl get node
NAME    STATUS     ROLES    AGE   VERSION
k8s-1   NotReady   master   11m   v1.14.2
[root@K8S-1 .kube]# kubectl get pods --all-namespaces
NAMESPACE     NAME                            READY   STATUS    RESTARTS   AGE
kube-system   coredns-6897bd7b5-gpg87         0/1     Pending   0          12m
kube-system   coredns-6897bd7b5-hdthq         0/1     Pending   0          12m
kube-system   etcd-k8s-1                      1/1     Running   0          11m
kube-system   kube-apiserver-k8s-1            1/1     Running   0          11m
kube-system   kube-controller-manager-k8s-1   1/1     Running   0          11m
kube-system   kube-proxy-hxqnk                1/1     Running   0          12m
kube-system   kube-scheduler-k8s-1            1/1     Running   0          11m

9.安裝網絡插件weave

kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

10.配置node加入集羣

新節點的添加環境配置同上,除了5-9

[root@K8S-2 ~]# kubeadm join 20.0.20.101:6443 --token dpgb7h.2svvjnyjc3xuzajk \
>     --discovery-token-ca-cert-hash sha256:98d8815cce835d4913076c7a954012afec0bd6ad1116ab1020f02601361fc369
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

kubeadm init生成的token有效期只有1天,之後可用
kubeadm token create --ttl 0 --print-join-command生成永不過期的token

[root@K8S-1 ~]# kubectl get node
NAME    STATUS   ROLES    AGE     VERSION
k8s-1   Ready    master   16h     v1.14.2
k8s-2   Ready    <none>   9m2s    v1.14.2
k8s-3   Ready    <none>   3m17s   v1.14.2
[root@K8S-1 ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                            READY   STATUS    RESTARTS   AGE
kube-system   coredns-6897bd7b5-gpg87         1/1     Running   0          16h
kube-system   coredns-6897bd7b5-hdthq         1/1     Running   0          16h
kube-system   etcd-k8s-1                      1/1     Running   0          16h
kube-system   kube-apiserver-k8s-1            1/1     Running   0          16h
kube-system   kube-controller-manager-k8s-1   1/1     Running   0          16h
kube-system   kube-proxy-hxqnk                1/1     Running   0          16h
kube-system   kube-proxy-km5dv                1/1     Running   0          9m4s
kube-system   kube-proxy-np89x                1/1     Running   0          3m19s
kube-system   kube-scheduler-k8s-1            1/1     Running   0          16h
kube-system   weave-net-7pdj5                 2/2     Running   1          3m19s
kube-system   weave-net-8kc2p                 2/2     Running   0          21m
kube-system   weave-net-vtwwk                 2/2     Running   0          9m4s

四.安裝dashboard

Kubernetes Dashboard

1.下載yaml文件到本地

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

由於國內無法從谷歌倉庫k8s.gcr.io下載鏡像,這裏使用另一個鏡像倉庫拉取

在kubernetes-dashboard.yaml中修改鏡像地址
k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 爲 mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1

修改Dashboard Service 爲NodePort類型

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard

2.進行部署

kubectl create -f kubernetes-dashboard.yaml

3.查驗

[root@K8S-1 ~]# kubectl get svc --all-namespaces
NAMESPACE     NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
default       kubernetes             ClusterIP   10.96.0.1      <none>        443/TCP                  17h
kube-system   kube-dns               ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   17h
kube-system   kubernetes-dashboard   NodePort    10.99.205.30   <none>        443:30001/TCP            23m
[root@K8S-1 ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE
kube-system   coredns-6897bd7b5-gpg87                 1/1     Running   0          17h
kube-system   coredns-6897bd7b5-hdthq                 1/1     Running   0          17h
kube-system   etcd-k8s-1                              1/1     Running   0          17h
kube-system   kube-apiserver-k8s-1                    1/1     Running   0          17h
kube-system   kube-controller-manager-k8s-1           1/1     Running   0          17h
kube-system   kube-proxy-hxqnk                        1/1     Running   0          17h
kube-system   kube-proxy-km5dv                        1/1     Running   0          114m
kube-system   kube-proxy-np89x                        1/1     Running   0          108m
kube-system   kube-scheduler-k8s-1                    1/1     Running   0          17h
kube-system   kubernetes-dashboard-68ddcc97fc-f5lhj   1/1     Running   1          23m
kube-system   weave-net-7pdj5                         2/2     Running   1          108m
kube-system   weave-net-8kc2p                         2/2     Running   0          126m
kube-system   weave-net-vtwwk                         2/2     Running   0          114m

4.創建管理員

[root@K8S-1 ~]# cat k8s-admin.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
kubectl create -f k8s-admin.yaml

5.查看token

[root@K8S-1 ~]# kubectl describe serviceaccount admin -n kube-system
Name:                admin
Namespace:           kube-system
Labels:              k8s-app=kubernetes-dashboard
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   admin-token-znvmk
Tokens:              admin-token-znvmk
Events:              <none>
[root@K8S-1 ~]# kubectl describe secret admin-token-znvmk -n kube-system
Name:         admin-token-znvmk
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: be3aca02-82cf-11e9-a2f2-00505694834d

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi16bnZtayIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJlM2FjYTAyLTgyY2YtMTFlOS1hMmYyLTAwNTA1Njk0ODM0ZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.3EtoTPkf_Qf1DizB3FDCRwTi_pqNGUWwblZ3AIzFSylUJmt_yfIghEPqnebj1XgqKX_1YelVkX8nypobMoItukdsT5V9rc0Z3zFMV6tnLlCw3yBzT8T5G4fhoNbWkFtsUU3QJOOXdrPalVnPbpv0Mu71Afh9wtnGUPlcRlbPMi2PGYCQgxtS7853ZQub5XE_w5pH5RPWFrtYc4NNrQRYRMZXtTPWFsVXt8pABvmgC1wMFBcQhRAF8T9fXzpOFxfBHSqy39GsUd2W3w6Vy38YVQcLqkrORUP50jgtBNv4TVvBViu5FLM-A-h6g3Q1WOx4pTwFHKGFoZMhotYZB9gefg
ca.crt:     1025 bytes
namespace:  11 bytes
[root@K8S-1 ~]#

6.使用token登錄
K8S實踐Ⅰ(集羣安裝配置)

K8S實踐Ⅰ(集羣安裝配置)

五、部署一個簡單的實例mysql+webapp

1.創建MySQL的RC定義文件

# cat mysql-rc.yaml 
apiVersion: v1
kind: ReplicationController
metadata:
  name: mysql
spec:
  replicas: 1
  selector:
    app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: mysql:5.7
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123456"

2.創建與之關聯的SVC文件

# cat mysql-svc.yaml 
apiVersion: v1
kind: Service
metadata:
  name: mysql
spec:
  ports:
    - port: 3306
  selector:
    app: mysql

3.創建tomcat的RC文件

# cat web-rc.yaml 
apiVersion: v1
kind: ReplicationController
metadata:
  name: myweb
spec:
  replicas: 2
  selector:
    app: myweb
  template:
    metadata:
      labels:
        app: myweb
    spec:
      containers:
      - name: myweb
        image: kubeguide/tomcat-app:v1
        ports:
        - containerPort: 8080
        env:
        - name: MYSQL_SERVICE_HOST
          value: 'mysql'
        - name: MYSQL_SERVICE_PORT
          value: '3306'

4.創建對應的SVC文件

# cat web-svc.yaml 
apiVersion: v1
kind: Service
metadata:
  name: myweb
spec:
  type: NodePort
  ports:
    - port: 8080
      nodePort: 30002
  selector:
    app: myweb

5.分別將MySQL和tomcat的RC,SVC在K8S上發佈

# kubectl create -f mysql-rc.yaml          
# kubectl create -f mysql-svc.yaml
# kubectl create -f web-rc.yaml
# kubectl create -f web-svc.yaml

6.查看pod和svc

# kubectl get pod
NAME          READY   STATUS    RESTARTS   AGE
mysql-sgwc7   1/1     Running   0          2m2s
myweb-7zpbj   1/1     Running   0          10m
myweb-rqpjz   1/1     Running   0          10m
# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP          40h
mysql        ClusterIP   10.106.70.242   <none>        3306/TCP         26m
myweb        NodePort    10.104.74.76    <none>        8080:30002/TCP   37m

7.網頁登錄
K8S實踐Ⅰ(集羣安裝配置)

8.清除

# kubectl delete -f mysql-rc.yaml
# kubectl delete -f mysql-svc.yaml 
# kubectl get pod
No resources found.
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

電腦宕機後恢復K8s Pod啓動

1. 先開機看看集羣狀態是不是正常的 kubectl get cs 2. 看看pod狀態: kubectl -n xxx get pod 3. 進到nfs目錄內modeling mariab的文件夾 /dockerdata-nfs 4

liuskyter 2020-07-08 11:16:26

k8s(二)

佔位

6moji6 2020-07-08 10:26:30

利用 kubeadm 簡單搭建k8s(已更新爲V1.13.0版本)

1. 基本系統環境 1.1 系統內核 查看當前系統內核(我這裏是5.0.5-1.el7.elrepo.x86_64): uname -a 版本必須大於等於3.10,否則需要升級內核: # ELRepo 倉庫(可以先看一下 /et

jacksonary 2020-07-08 10:04:33

3.2 控制器——副本控制器(ReplicationController)

3.2 副本控制器(ReplicationController)  ReplicationController(在kubectl命令中經常縮寫爲rc或rcs)是實際確保特定數量的Pod副本在任意時刻的運行。如果Pod副本超過指定數

jacksonary 2020-07-08 10:04:33

3.5 控制器——DaemonSet(守護線程集)

3.5 控制器——DaemonSet(守護線程集)  每個DaemonSet可以確保某些甚至全部節點運行一個Pod的副本,當node加入集羣時,Pod就會加入這些節點,同樣的,當節點從集羣中移除時,這些pods被垃圾回收。刪除一個

jacksonary 2020-07-08 10:04:33

3.3 控制器——Deployments(部署)

3.3 Deployments(部署)  Deployments控制器(Deployment controller,Deployment應該也是控制器的一種吧)提供了Pod和ReplicaSets的聲明式更新。在Deploymen

jacksonary 2020-07-08 10:04:33

3.1 控制器——ReplicaSet

3. 控制器(Controller) 3.1 副本集(ReplicaSet) 定義:副本集(ReplicaSet)的目的是爲了保證一組穩定的Pod副本在任意給定時刻都在運行。因此,它通常用於保證特定數量的相同Pod的可用性。  副

jacksonary 2020-07-08 10:04:33

centos7搭建kubernetes v1.17.1集羣

機器 hostname 10.211.55.64 k8sMaster 10.211.55.65 k8sNode1 10.211.55.66 k8sNode2 所有機器執行以下操作 (1-13) 配置y

夜幕.思年华 2020-07-08 06:16:44

雲原生Tekton之觸發器Trigger

背景 前面的文章講了tekton中pipeline的教程和使用案例,大家有沒有想過,每次都要運行taskrun或者pipelineRun才能真正運行流水線。那怎麼做到自動化執行taskrun和pipelineRun呢?我想了下有

云原生手记 2020-07-08 03:27:17

kubernetes -- 結點調度控制的幾種方式

簡介 調度器通過 kubernetes 的 watch 機制來發現集羣中新創建且尚未被調度到 Node上的 Pod。調度器會將發現的每一個未調度的 Pod 調度到一個合適的 Node 上來運行。 kube-scheduler 是

生命热力٩( 'ω' )و 2020-07-08 02:17:36

k8s創建資源的兩種方式、訪問pod

創建資源 1.用kubectl命令直接創建,   #kubectl run httpd-app --image=reg.yunwei.edu/learn/httpd:latest --replicas=2 在命令行中通過參數指定資源的

PpikachuP 2020-07-08 01:52:27

O-RAN notes(3)---Bronze SMO deployment (2)

(continued) Most of the problems are related to 'docker pull'. Before you execute the install script(./dep/smo/bin/inst

zhenggao2 2020-07-07 23:48:07

centos安裝k8s集羣

一、集羣方式 機器配置:centos 4.4內核以上,cpu大於1核 1.主機配置 配置 規格 內存配置 2G CPU配置 2核 系統版本 Centos7.7 kubelet版本 1.5.1 do

意林飞笑 2020-07-07 18:12:18

kubernetes存儲 -- Volumes管理(三)StatefulSet控制器、StatefulSet部署mysql主從集羣

StatefulSet控制器 StatefulSet可以通過Headless Service維持Pod的拓撲狀態. StatefulSet將應用狀態抽象成了兩種情況: 拓撲狀態:應用實例必須按照某種順序啓動。新創建的Pod必須

生命热力٩( 'ω' )و 2020-07-07 02:59:20

使用kubeadm安裝kubenetes1.17.3

我們使用centos7的系統,內核升級到5.5.4,爲什麼使用升級後的內核,這是因爲centos7.4的內核是3.10,在docker運行時,有內核bug,導致運行緩慢,出現一堆錯誤異常,可以查閱我另外一個博客文章。 一、安裝前的準備工作

Blue_Tear 2020-07-07 01:26:46