-
K8S部署
文章目录
K8S搭建
0.特别说明(搭建过程中遇到的问题记录汇总)
1.组件的版本选择
- 如果版本之间不匹配,会遇到各种各样的问题,所以将版本选择说明列在此处。所涉及的docker和一些组件的版本说明如下:
- docker-ce-18.06.1.ce-3.el7
- kubelet-1.18.0
- kubeadm-1.18.0
- kubectl-1.18.0
- 这些版本的安装,会在下方的安装时进行指出
2.所需文件获取
-
一个网络插件CNI-kube-flannel.yml可能没法通过
kubectl apply –f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml下载。解决办法如下:-
方法一:自己创建一个kube-flannel.yml文件,执行如下操作
cat << EOF > kube-flannel.yml --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default spec: privileged: false volumes: - configMap - secret - emptyDir - hostPath allowedHostPaths: - pathPrefix: "/etc/cni/net.d" - pathPrefix: "/etc/kube-flannel" - pathPrefix: "/run/flannel" readOnlyRootFilesystem: false # Users and groups runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny # Privilege Escalation allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false # Capabilities allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] defaultAddCapabilities: [] requiredDropCapabilities: [] # Host namespaces hostPID: false hostIPC: false hostNetwork: true hostPorts: - min: 0 max: 65535 # SELinux seLinux: # SELinux is unused in CaaSP rule: 'RunAsAny' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged'] - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni-plugin image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0 command: - cp args: - -f - /flannel - /opt/cni/bin/flannel volumeMounts: - name: cni-plugin mountPath: /opt/cni/bin - name: install-cni image: quay.io/coreos/flannel:v0.15.1 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.15.1 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni-plugin hostPath: path: /opt/cni/bin - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg EOF- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 创建完之后,执行
kubectl apply -f kube-flannel.yml命令即可。
-
方法二:自己下载
kube-flannel.yml文件,然后上传到master节点上,然后执行kubectl apply -f kube-flannel.yml命令即可。- 下载地址:https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml需要能够翻出去。
-
方法三:使用其他人下载后保存的文件(不保证一直有效)
- https://pan.baidu.com/s/1KUzyw0_kYKyJ-mYhNlvWEw,提取码:b1r0
-
3.网络连通说明
- 用于搭建环境的节点需要能够访问网络(至少能够访问阿里云)
1、实验机器说明
-
主机说明
-
台数-3台
- 注:1台作为master节点,2台作为node节点
-
CPU-2核,内存-4G,硬盘-30G
-
操作系统-Centos-7.3
-
-
网络说明:
-
主机网络信息
主机名 主机IP master 192.168.0.11 node1 192.168.0.12 node2 192.168.0.3 -
所有节点都需要能够网络
-
2、系统初始化
2.1设置主机名
-
在预设的master节点,192.168.0.11上执行
hostnamectl set-hostname master- 1
-
在预设的node1节点上,192.168.0.12执行
hostnamectl set-hostname node1- 1
-
在预设的node1节点上,192.168.0.3执行
hostnamectl set-hostname node2- 1
-
在所有节点上将主机名静态查询表中添加 3 台主机,执行
cat >> /etc/hosts << EOF 192.168.0.11 master 192.168.0.12 node1 192.168.0.3 node2 EOF- 1
- 2
- 3
- 4
- 5
2.2关闭防火墙
-
在3台节点上分别执行
# 关闭防火墙 systemctl stop firewalld # 禁用 firewalld 服务 systemctl disable firewalld- 1
- 2
- 3
- 4
2.3关闭selinux
# 关闭 selinux # 临时关闭【立即生效】告警,不启用,Permissive,查看使用 getenforce 命令 setenforce 0 # 永久关闭【重启生效】 sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux- 1
- 2
- 3
- 4
- 5
2.4关闭swap
# 关闭 swap # 临时关闭【立即生效】查看使用 free 命令 swapoff -a # 永久关闭【重启生效】 sed -ri 's/.*swap.*/#&/' /etc/fstab- 1
- 2
- 3
- 4
- 5
2.5设置时间同步
yum install ntpdate -y ntpdate time.windows.com- 1
- 2
- 3
3、安装docker和必要组件(kubeadm,kubelet,kubectl)
- 主要安装源和版本选择
- 3个节点都要执行
3.1安装docker
# 配置一下 Docker 的 yum 源【阿里云】 cat >/etc/yum.repos.d/docker.repo<<EOF [docker-ce-edge] name=Docker CE Edge - \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/edge enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg EOF # 然后 yum 方式安装 docker yum -y install docker-ce-18.06.1.ce-3.el7 # 查看 docker 版本 docker --version # 配置 docker 的镜像源【阿里云】 cat >> /etc/docker/daemon.json << EOF { "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"] } EOF # 启动 docker systemctl enable docker systemctl start docker systemctl status docker- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 注意:
yum -y install docker-ce-18.06.1.ce-3.el7版本不要写错,如果不写版本,则默认安装最新的,可能会出现莫名其妙的错误。
3.2安装kubeadm,kubelet 和 kubectl
cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # 安装 kubelet、kubeadm、kubectl,同时指定版本 yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0 # 设置开机自启 systemctl enable kubelet- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 注意:
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0版本不要写错,如果不写版本,则默认安装最新的,可能会出现莫名其妙的错误。
4、部署-master节点
4.1master节点初始化
- 在
192.168.0.11(master)节点上执行如下命令
kubeadm init --apiserver-advertise-address=192.168.0.11 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.18.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16- 1
- 注:
--service-cidr和--pod-network-cidr保持默认;--apiserver-advertise-address的改成自己的即可。
由于默认拉取镜像地址 k8s.gcr.io 国内无法访问,这里指定阿里云镜像仓库地址,【执行上述命令会比较慢,因为后台其实已经在拉取镜像了】
4.2使用 kubectl 工具
-
部署成功后,【系统提示】运行以下命令使用 kubectl,执行如下命令
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config- 1
- 2
- 3
-
查看节点
kubectl get nodes- 1
注:此时状态应该为
NotReady
4.3保存node节点加入集群的命令
-
初始化成功后,会提示保存node节点加入集群的命令
kubeadm join 192.168.0.11:6443 --token 4plo24.0tkkx3vgh4dh41xu --discovery-token-ca-cert-hash sha256:f8589f9f68c4647ee2e1cd8dac0e9bb3f0a1611c7205544326194b97e4d93a96- 1
-
默认 token 有效期为 24 小时,若要重新创建 token,执行
kubeadm token create --print-join-command- 1
5、部署-node节点
-
分别在node节点,即
192.168.0.12和192.168.0.3上执行kubeadm join 192.168.0.11:6443 --token 4plo24.0tkkx3vgh4dh41xu --discovery-token-ca-cert-hash sha256:f8589f9f68c4647ee2e1cd8dac0e9bb3f0a1611c7205544326194b97e4d93a96- 1
- 在 k8smaster1 初始化完成后给出的,每个人的都不一样!!!需要复制自己生成的
-
加入之后,执行kubectl进行查看
kubectl get nodes- 1
-
注:此时状态应该为
NotReady
6、部署网络插件
-
在
master节点进行部署网络插件即可。 -
此处需要的文件,已在
第一小节给出。为保证改文章的完整性,此处再重复一遍。# 下载网络插件配置 wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml- 1
- 2
- 注意:https://raw.githubusercontent.com/需要可以访问外网,如果主机不能访问外网,则会提示连接失败refused。
-
一个网络插件CNI-kube-flannel.yml可能没法通过
kubectl apply –f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml下载。解决办法如下:-
方法一:自己创建一个kube-flannel.yml文件,执行如下操作
cat << EOF > kube-flannel.yml --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default spec: privileged: false volumes: - configMap - secret - emptyDir - hostPath allowedHostPaths: - pathPrefix: "/etc/cni/net.d" - pathPrefix: "/etc/kube-flannel" - pathPrefix: "/run/flannel" readOnlyRootFilesystem: false # Users and groups runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny # Privilege Escalation allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false # Capabilities allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] defaultAddCapabilities: [] requiredDropCapabilities: [] # Host namespaces hostPID: false hostIPC: false hostNetwork: true hostPorts: - min: 0 max: 65535 # SELinux seLinux: # SELinux is unused in CaaSP rule: 'RunAsAny' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged'] - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni-plugin image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0 command: - cp args: - -f - /flannel - /opt/cni/bin/flannel volumeMounts: - name: cni-plugin mountPath: /opt/cni/bin - name: install-cni image: quay.io/coreos/flannel:v0.15.1 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.15.1 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni-plugin hostPath: path: /opt/cni/bin - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg EOF- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 创建完之后,执行
kubectl apply -f kube-flannel.yml命令即可。
-
方法二:自己下载
kube-flannel.yml文件,然后上传到master节点上,然后执行kubectl apply -f kube-flannel.yml命令即可。- 下载地址:https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml需要能够翻出去。
-
方法三:使用其他人下载后保存的文件(不保证一直有效)
- https://pan.baidu.com/s/1KUzyw0_kYKyJ-mYhNlvWEw,提取码:b1r0
-
-
文件获取后,执行
kubectl apply -f kube-flannel.yml # 等一会! # ...... # 查看状态 kubectl get nodes kubectl get pods -n kube-system- 1
- 2
- 3
- 4
- 5
- 6
- 7
7、测试集群
7.1创建pod
# 下载 nginx 【会联网拉取 nginx 镜像】 kubectl create deployment nginx --image=nginx # 查看状态 kubectl get pod- 1
- 2
- 3
- 4
7.2暴露端口
# 暴露端口 kubectl expose deployment nginx --port=80 --type=NodePort # 查看一下对外的端口 kubectl get pod,svc- 1
- 2
- 3
- 4
7.3访问测试
-
在ndoe节点上测试,执行如下命令
curl 192.168.0.11:31563- 1
- 如果版本之间不匹配,会遇到各种各样的问题,所以将版本选择说明列在此处。所涉及的docker和一些组件的版本说明如下:
-
相关阅读:
麻雀搜索算法(SSA)与支持向量机(SVM)结合的预测模型(SSA-SVM)及其Python和MATLAB实现
二维码智慧门牌管理系统:提升社会治理水平,创新市民服务方式
设计模式之观察者模式
学生HTML网页作业:基于HTML+CSS+JavaScript画家企业8页
【深入理解设计模式】模板方法模式
还在肉眼找bug??赶紧进来!!!程序员一定要学的调试技巧.
GitHub使用教程
易联众智能自动办理平台,AI赋能让数字政务服务“触手可及”
精准定位——MySQL日志学习的一天【错误、二进制、查询、慢查询】
shell 变量 入门
- 原文地址:https://blog.csdn.net/weixin_42006387/article/details/126529608
