k8s环境搭建入门

2022-12-01 21:53:44

1.linux服务器配置(4核2G磁盘30G)

1.1 yum配置( yum

1.yum配置阿里云镜像
1.1基础镜像

curl http://mirrors.aliyun.com/repo/Centos-7.repo>/etc/yum.repos.d/CentOS-Base.repo
1.2kubernetes.repo

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2.yum

yum update
yum clean all
yum makecache

1.2 安装docker并配置( docker

1.安装

yum install docker
2.配置阿里云

cat <<EOF  /etc/docker/daemon.json
{
  "registry-mirrors": [
    "https://dockerhub.azk8s.cn",
    "https://reg-mirror.qiniu.com"
  ]
}
EOF
3.使用docker用户启动docker


sudo useradd docker
sudo usermod  -aG docker docker
su docker
systemctl start docker
4.使用root加入docker用户组启动(不建议)

 sudo usermod -aG docker root

systemctl enable docker.service

1.3 禁用SELinux( 禁用SE Linux)

setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

1.4 host设置为master( 设置host 

1.host-set.sh

#!/bin/bash
NET_NAME=$1
HOST_NM=$2
IP=$(ip addr| grep $NET_NAME | awk '/^[0-9]+: / {}; /inet.*global/ {print gensub(/(.*)\/(.*)/, "\\1", "g", $2)}')
echo "$HOST_NM" >/etc/hostname
echo "$IP $HOST_NM" >>/etc/hosts
2.执行
把eth0 ip4地址设置对应master
sh host-set.sh eth0  master
#重启
reboot

1.5关闭swap( 关闭swap)

1.关闭swap交换区
swapoff -a
2.永久保存
sed -i "s/\/dev\/mapper\/centos-swap/#\/dev\/mapper\/centos-swap/g" /etc/fstab

1.6 允许iptables检查桥接流量(入门建议禁用iptables,firewalld)

# 确保 br_netfilter加载 加载命令(sudo modprobe br_netfilter)[root@master k8s]# lsmod | grep br_netfilterbr_netfilter           22256  0bridge                151336  1 br_netfilter

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sudo sysctl --system

#禁用firewalld
sudo systemctl stop firewalld.service
sudo systemctl disable firewalld.service

2.安装k8s组件

2.1安装并配置 kubectl,kubeletkubeadm

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable --now kubelet

2.2重新启动 kubelet

sudo systemctl daemon-reload
sudo systemctl restart kubelet

2.3加入环境配置( K8S-FAQ -1)

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile

2.4 首先使用阿里云把需要的镜像pull下来( kubeadm-pull-image.sh)

#!/bin/bash
#作者:院长
#QQ群:645072509
#使用阿里镜像仓库
#查看版本号并替换为阿里镜像仓库源下载
kubeadm config images list | sed -e 's/^/docker pull /g' -e 's#k8s.gcr.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g' | sh -x
#将镜像名字更改为原来的k8s.gcr.io
docker images | grep registry.cn-hangzhou.aliyuncs.com/google_containers | awk '{print "docker tag",$1":"$2,$1":"$2}' | sed -e 's/registry.cn-hangzhou.aliyuncs.com\/google_containers/k8s.gcr.io/2' | sh -x
#将从阿里镜像仓库下载的镜像删除
docker images | grep registry.cn-hangzhou.aliyuncs.com/google_containers | awk '{print "docker rmi """$1""":"""$2}' | sh -

2.5使用kubeadm和( kubeadm-init.yaml)文件初始化集群

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.56.130 #k8s本机ip
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock #容器运行时支持,此处为docker
  name: master
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: "registry.cn-hangzhou.aliyuncs.com/google_containers"
kind: ClusterConfiguration
kubernetesVersion: v1.20.2
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16   #集群中pod网段
  serviceSubnet: 10.254.0.0/16
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
kubeadm init --config kubeadm-init.yaml


2.6配置 CNI网络插件

可参考(https://kubernetes.io/zh/docs/concepts/cluster-administration/addons/

2.6.1 使用 kube-flannel.yaml运行kube-fannel

kubectl apply -f  kube-flannel.yaml

2.7安装配置daskboard(NodePort方式)


2.7.1使用 kubernetes-dashboard.yaml运行kubernetes-dashboard

kubectl apply -f kubernetes-dashboard.yaml


2.7.2配置dashboard用户和角色( admin-user-role-binding.yaml)

kubectl apply -f admin-user-role-binding.yaml

2.7.3 查询token

[root@master work]# kubectl  get secret -n kube-system | grep admin-user-token-*
admin-user-token-x9qtl                           kubernetes.io/service-account-token   3      6m21s
[root@master work]# kubectl describe  secret admin-user-token-x9qtl -n kube-system
Name:         admin-user-token-x9qtl
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 8f6c9809-abda-48bb-86f9-f81eb2272d05
Type:  kubernetes.io/service-account-token
Data
====
ca.crt:     1066 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkVmYWhqN0ZtRDdnNFRoeGQxV0Z5SU94Y0dWbTlYT25WNVBWSmR0SkpoM2sifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXg5cXRsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4ZjZjOTgwOS1hYmRhLTQ4YmItODZmOS1mODFlYjIyNzJkMDUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Wlot_v9tkWeCpmi7doUzf3LOgSqmM5ZLWp5MgbWJKewXcvR637Xu2wTP-Di9Wub_f734oxZCl97kLdel8YKHbAPT0RCF-gmvGZcTJvfC1q6YH8u5sRcIx2nYfvHpHztp4QzLD1YIauWC5DHmtGfPvtVBgkxp9DoB-KjWgxkPtoldP7GPTgXdhvQelHFgOmeoMFAk0VAry2Yx356Syh3KdM4LEEna0kcBJ87X-TbCC_j076euKm8Uzu2j6-FFVlNl6p0KscLKsrlrmoE0_9TnSdhWSu7ZVMaQoCNQK5BaY24qRL2lj-2T0dbpKbTbDSVGq_yAJ3xarhsbXxmMRC7dGA

2.8新增节点加入集群

# 生成master节点加入命令
echo "$(kubeadm token create --print-join-command) --control-plane --certificate-key $(kubeadm init phase upload-certs --upload-certs | awk 'END{print}')"


# 生成work节点加入命令
kubeadm token create --print-join-command

2.9部署ingress( ingress-controller.yaml)

kubecrl apply -f ingress-controller.yaml


上一篇:Java设计模式之【工厂模式】(简单工厂模式,工厂方法模式,抽象工厂模式)


下一篇:react.css