kubernetes笔记(一)

kubernetes安装:

主机清单

主机名 IP地址 最低配置
master 192.168.1.50 2CPU,4G内存
node-0001 192.168.1.51 2CPU,4G内存
node-0002 192.168.1.52 2CPU,4G内存
node-0003 192.168.1.53 2CPU,4G内存
node-0004 192.168.1.54 2CPU,4G内存
node-0005 192.168.1.55 2CPU,4G内存
harbor 192.168.1.30 2CPU,4G内存

安装控制节点:

1.配置软件仓库

知识点:createrepo, /etc/yum.repos.d/local.repo(仓库配置文件),  yum/dnf

2.系统环境配置

知识点:禁用firewalld和swap

3.安装软件包

[root@master ~]# vim /etc/hosts
192.168.1.30    harbor
192.168.1.50    master
192.168.1.51    node-0001
192.168.1.52    node-0002
192.168.1.53    node-0003
192.168.1.54    node-0004
192.168.1.55    node-0005
[root@master ~]# dnf install -y kubeadm kubelet kubectl containerd.io ipvsadm ipset iproute-tc
[root@master ~]# containerd config default >/etc/containerd/config.toml
[root@master ~]# vim /etc/containerd/config.toml
61:     sandbox_image = "harbor:443/k8s/pause:3.9"
125:    SystemdCgroup = true
154 行新插入:
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://harbor:443"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor:443"]
          endpoint = ["https://harbor:443"]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor:443".tls]
          insecure_skip_verify = true
[root@master ~]# systemctl enable --now kubelet containerd

4.配置内核参数

# 加载内核模块
cat >/etc/modules-load.d/containerd.conf<<EOF
overlay
br_netfilter
xt_conntrack
EOF
systemctl start systemd-modules-load.service 

# 设置内核参数
cat >/etc/sysctl.d/99-kubernetes-cri.conf<<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.netfilter.nf_conntrack_max = 1000000
EOF
sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf

5.导入k8s镜像

[root@master ~]# dnf install -y docker-ce
[root@master ~]# mkdir -p /etc/docker
[root@master ~]# vim /etc/docker/daemon.json 
{
    "registry-mirrors":["https://harbor:443"],
    "insecure-registries":["harbor:443"]
}
[root@master ~]# systemctl enable --now docker

# 登录 harbor 仓库,上传镜像
[root@master ~]# docker login harbor:443 
Username: admin
Password: ********
Login Succeeded
[root@master ~]# docker load -i init/v1.xx.tar.xz
[root@master ~]# docker images|while read i t _;do
    [[ "${t}" == "TAG" ]] && continue
    [[ "${i}" =~ ^"harbor:443/".+ ]] && continue
    docker tag ${i}:${t} harbor:443/k8s/${i##*/}:${t}
    docker push harbor:443/k8s/${i##*/}:${t}
    docker rmi ${i}:${t} harbor:443/k8s/${i##*/}:${t}
done

6.设置Tab键

source <(kubeadm completion bash|tee /etc/bash_completion.d/kubeadm)
source <(kubectl completion bash|tee /etc/bash_completion.d/kubectl)

7.master安装

# 测试系统环境
[root@master ~]# kubeadm init --config=init/init.yaml --dry-run 2>error.log
[root@master ~]# cat error.log
[root@master ~]# rm -rf error.log /etc/kubernetes/tmp
# 主控节点初始化
[root@master ~]# kubeadm init --config=init/init.yaml |tee init/init.log

# 管理授权
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 验证安装结果
[root@master ~]# kubectl get nodes

安装网络插件

上传镜像

[root@master ~]# cd plugins/calico
[root@master calico]# docker load -i calico.tar.xz
[root@master calico]# docker images|while read i t _;do
    [[ "${t}" == "TAG" ]] && continue
    [[ "${i}" =~ ^"harbor:443/".+ ]] && continue
    docker tag ${i}:${t} harbor:443/plugins/${i##*/}:${t}
    docker push harbor:443/plugins/${i##*/}:${t}
    docker rmi ${i}:${t} harbor:443/plugins/${i##*/}:${t}
done

安装calico

[root@master calico]# sed -ri 's,^(\s*image: )(.*/)?(.+),\1harbor:443/plugins/\3,' calico.yaml

[root@master calico]# kubectl apply -f calico.yaml
[root@master calico]# kubectl get nodes

安装计算节点

1.获取凭证

# 查看 token
kubeadm token list
TOKEN                     TTL         EXPIRES                
abcdef.0123456789abcdef   23h         2022-04-12T14:04:34Z

# 删除 token
kubeadm token delete abcdef.0123456789abcdef
bootstrap token "abcdef" deleted

# 创建 token
kubeadm token create --ttl=0 --print-join-command
kubeadm join 192.168.1.50:6443 --token xxx --discovery-token-ca-cert-hash sha256:xxx

# 获取token_hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt |openssl rsa -pubin -outform der |openssl dgst -sha256 -hex

2.node安装

[root@node ~]# 参考控制节点安装步骤2
[root@node ~]# 参考控制节点安装步骤3
[root@node ~]# 参考控制节点安装步骤4

[root@node ~]# kubeadm join 192.168.1.50:6443 --token xxx --discovery-token-ca-cert-hash sha256:xxx

[root@master ~]# kubectl get nodes

3.批量部署

嫌“2.node安装”那个步骤太麻烦,使用ansible执行剧本

ansible.cfg

[defaults]
inventory         = hostlist
host_key_checking = False

hostlist

[nodes]
192.168.1.[51:55]

run.yaml

- name: node join k8s cluster
  hosts: nodes,gitlab
  vars:
    master: "192.168.1.50:6443"
    token: "xxx"
    token_hash: "sha256:xxx"
  tasks:
    - name: disable swap from fstab file
      lineinfile:
        path: /etc/fstab
        state: absent
        regexp: 'swap'
    - name: remove firewalld packages
      dnf:
        name: "firewalld-*"
        state: absent
    - name: install k8s node packages
      dnf:
        name: kubeadm,kubelet,kubectl,containerd.io,ipvsadm,ipset,iproute-tc
        state: latest
        update_cache: yes
    - name: update modify config.toml
      template:
        src: config.j2
        dest: /etc/containerd/config.toml
        owner: root
        group: root
        mode: '0644'
    - name: create containerd.conf
      copy:
        dest: /etc/modules-load.d/containerd.conf
        owner: root
        group: root
        mode: '0644'
        content: |
          overlay
          br_netfilter
          xt_conntrack
    - name: modprobe br_netfilter
      shell: modprobe br_netfilter
    - name: create 99-kubernetes-cri.conf
      copy:
        dest: /etc/sysctl.d/99-kubernetes-cri.conf
        owner: root
        group: root
        mode: '0644'
        content: |
          net.ipv4.ip_forward = 1
          net.bridge.bridge-nf-call-iptables = 1
          net.bridge.bridge-nf-call-ip6tables = 1
          net.netfilter.nf_conntrack_max = 1000000
    - name: set /etc/hosts
      copy:
        dest: /etc/hosts
        owner: root
        group: root
        mode: '0644'
        content: |
          ::1           localhost localhost.localdomain localhost6 localhost6.localdomain6
          127.0.0.1     localhost localhost.localdomain localhost4 localhost4.localdomain4
          192.168.1.30        harbor
          192.168.1.50  master
          {% for i in groups.nodes %}
          {{ hostvars[i].ansible_eth0.ipv4.address }}   {{ hostvars[i].ansible_hostname }}
          {% endfor %}
    - name: enable k8s kubelet,runtime service
      service:
        name: "{{ item }}"
        state: started
        enabled: yes
      loop:
        - systemd-modules-load
        - containerd
        - kubelet
    - name: check node state
      stat:
        path: /etc/kubernetes/kubelet.conf
      register: result
    - name: node join cluster
      shell: |
        swapoff -a
        sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf
        kubeadm join {{ master }} --token {{ token }} --discovery-token-ca-cert-hash {{ token_hash }}
      args:
        executable: /bin/bash
      when: result.stat.exists == False

"nodeinit.yaml" 86L, 2639C                                

执行剧本

ansible-playbook run.yaml

查看集群状态

# 验证节点工作状态
[root@master ~]# kubectl get nodes


# 验证容器工作状态
[root@master ~]# kubectl -n kube-system get pods

上一篇:在二维平面中,利用时差定位(TDOA)技术,结合N个锚点,通过三边法进行精确定位,采用MATLAB实现