就业班 第四阶段（k8s） 2401--6.3 day1 kubernetes 部署k8s集群[单master]+[配有haproxy的master]

# 一键安装docker脚本
curl -L https://gitea.beyourself.org.cn/newrain001/shell-project/raw/branch/master/os/get-docker-latest.sh | sh

上传镜像包 kube-1.22.0.tar.xz 
解压后进入镜像包 sh get-docker-image.sh load

# 配置k8s源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# 依赖包
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc

# k8s组件
yum install -y kubelet-1.22.0-0.x86_64 kubeadm-1.22.0-0.x86_64 kubectl-1.22.0-0.x86_64

# cat < /etc/modules-load.d/ipvs.conf 
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack_ipv4
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF

# cat <  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF

# 配置完成后重启服务器

DOCKER_CGROUPS=`docker info |grep 'Cgroup' | awk ' NR==1 {print $3}'`

cat >/etc/sysconfig/kubelet<<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=$DOCKER_CGROUPS --pod-infra-container-image=k8s.gcr.io/pause:3.5"
EOF

systemctl daemon-reload && systemctl enable kubelet && systemctl restart kubelet

kubeadm init --kubernetes-version=v1.22.0 --control-plane-endpoint "192.168.91.150:6443" --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.91.150



如果采用的是非高可用不使用keepalived暴露vip的话，就可以不需要加入   --control-plane-endpoint "192.168.91.150:6443" 
这指定了 Kubernetes API 服务器的控制平面端点。在高可用性 (HA) 集群设置中，即使主节点的 IP 地址可能更改或有多个主节点，客户端也会使用此端点来与集群通信。
在这里，192.168.91.150 是主节点的 IP 地址，而 6443 是 Kubernetes API 服务器默认的端口。


Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:
#master执行
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

# node节点执行
kubeadm join 192.168.91.150:8443 --token 9t5hnx.zfmemmdbkraqkzrr \
        --discovery-token-ca-cert-hash sha256:c1eab2b5dfb905cbbb65ee75a28a4a95b28ef2f9621c2079b7e1a15f68ade4af 
        


# master 执行配置
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubeadm join 10.36.176.200:8443 --token 9t5hnx.zfmemmdbkraqkzrr \
        --discovery-token-ca-cert-hash sha256:c1eab2b5dfb905cbbb65ee75a28a4a95b28ef2f9621c2079b7e1a15f68ade4af 
 每个哈希值不一样
# 可以在master 上查看集群node的信息
[root@kube-master1 kube-1.22.0]# kubectl get node
NAME           STATUS   ROLES                  AGE   VERSION
kube-master    NotReady    control-plane,master   50m   v1.22.0
kube-node1     NotReady    <none>                 46m   v1.22.0
kube-node2     NotReady    <none>                 46m   v1.22.0

[root@kub-k8s-master1 ~]# curl -L https://docs.projectcalico.org/v3.22/manifests/calico.yaml -O
# 修改 文件在4205行
4205             - name: IP_AUTODETECTION_METHOD
4206               value: "interface=ens33"

[root@kub-k8s-master1 ~]# kubectl apply -f  calico.yaml

[root@kub-k8s-master1 ~]# kubectl get pod -A -w  # 查看是否所有pod都是running状态

# 所有节点状态应为Ready
[root@kub-k8s-master1 ~]# kubectl get node

1、curl -L https://gitea.beyourself.org.cn/newrain001/shell-project/raw/branch/master/os/get-docker-latest.sh | sh   #脚本安装docker 也可以手动安装

2、sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo   #修改配置文件，这个脚本已经修改好了 所以不用执行这一条命令

3、yum -y install docker-ce   #安装docker

4、systemctl enable docker && systemctl start docker   #做开机自启并启动

1、 修改主机名
 hostnamectl set-hostname kube-master1
........以此类推

2、域名解析
cat >> /etc/hosts <

1.关闭防火墙：
# systemctl disable firewalld --now

2.禁用SELinux：
# setenforce 0

3.编辑文件/etc/selinux/config，将SELINUX修改为disabled，如下：
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
SELINUX=disabled

4.时间同步
# timedatectl set-timezone Asia/Shanghai
# yum install -y ntpsec
# ntpdate time.windows.com
# hwclock --systohc

5.配置静态ip
vim /etc/sysconfig/network-scripts/ifcfg-ens33  
 #建议先配置静态ip在同步时间 这样就不能改变ip

1.关闭swap分区
# swapoff -a
修改/etc/fstab文件，注释掉SWAP的自动挂载，使用free -m确认swap已经关闭。
2.注释掉swap分区：
# sed -i 's/.*swap.*/#&/' /etc/fstab
# free -m
             total        used        free      shared  buff/cache   available
Mem:           3935         144        3415           8         375        3518
Swap:             0           0           0

1、 cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF   #配置阿里云k8s源

2、yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc    #下载依赖包

3、yum install -y kubelet-1.22.0-0.x86_64 kubeadm-1.22.0-0.x86_64 kubectl-1.22.0-0.x86_64    #安装k8s组件

4、cat < /etc/modules-load.d/ipvs.conf 
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack_ipv4
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF         #加载ipvs相关内核模块 需要重启才生效

5、配置转发相关参数，否则可能会出错
cat <  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF

6、重启服务器
reboot

我这里是直接下载了镜像 也可以去官网或者阿里云下载（阿里云下载需要改名字）

1、解压 
tar xf kube-1.22.0.tar.xz

2、加载k8s数据 两种方法 ：
方法一 ：输入 cd application/images && ls *.tar | xargs -i docker load -i {} && cd ../.. && cd kube-1.22.0/images && ls *.tar | xargs -i docker load -i {} && cd ../.. && docker images | wc -l

方法二 ：1、cd kube-1.22.0  #进入目录 
2、sh get-docker-image.sh  load  #执行里面的脚本

1、配置kubelet使用pause镜像
获取docker的cgroups
配置变量：
[root@k8s-master ~]# DOCKER_CGROUPS=`docker info |grep 'Cgroup' | awk ' NR==1 {print $3}'`
[root@k8s-master ~]# echo $DOCKER_CGROUPS
cgroupfs

2、配置kubelet的cgroups
# cat >/etc/sysconfig/kubelet<

八 、配置master节点[master1-3]

1、 yum install -y haproxy  #安装haproxy

2、修改配置文件
vim /etc/haproxy/haproxy.cfg 
将里面内容删除，而后将下面内容写入配置文件

global
    log         127.0.0.1 local2     # 设置日志记录，使用本地系统日志服务

    chroot      /var/lib/haproxy     # 设置 HAProxy 的运行环境为隔离模式
    pidfile     /var/run/haproxy.pid # 指定 HAProxy 进程的 PID 文件位置
    maxconn     4000                 # 设置最大并发连接数
    user        haproxy              # 指定 HAProxy 运行的用户
    group       haproxy              # 指定 HAProxy 运行的用户组
    daemon                           # 以守护进程模式运行

    # 开启状态统计的 UNIX 套接字
    stats socket /var/lib/haproxy/stats

# Default settings section
defaults
    mode                    tcp      # 默认使用 TCP 模式，适用于非 HTTP 流量
    log                     global   # 使用全局日志设置
    option                  tcplog   # 开启 TCP 日志记录
    timeout connect         10s      # 连接超时设置
    timeout client          1m       # 客户端超时
    timeout server          1m       # 服务器超时
    retries                 3        # 连接重试次数

frontend stats
    mode http
    bind *:9000                # 监听 9000 端口，用于访问统计页面
    stats enable               # 启用统计报告
    stats uri /haproxy_stats   # 设置统计报告的 URI，可以通过 http://:9000/haproxy_stats 访问
    stats realm HAProxy\ Statistics  # 设置认证弹窗的标题
    stats auth admin:password  # 设置访问统计页面的用户名和密码，这里为 admin 和 password，您应该设置一个更安全的密码
    stats admin if TRUE        # 如果设置为 TRUE，允许在页面上进行管理操作

# Kubernetes Master 节点的前端配置
frontend kubernetes-frontend
    bind *:6443                        # 监听 8443 端口，用于 Kubernetes API
    default_backend kubernetes-backend # 默认后端设置为 kubernetes-backend

# Kubernetes Master 节点的后端配置
backend kubernetes-backend
    balance roundrobin                 # 使用轮询算法进行负载均衡
    option tcp-check                   # 开启 TCP 检查以检测服务器健康状态
    server master1 kub-k8s-master1:6443 check # Kubernetes Master 节点1
    server master2 kub-k8s-master2:6443 check # Kubernetes Master 节点2
    server master3 kub-k8s-master3:6443 check # Kubernetes Master 节点3

3、 启动haproxy
systemctl start haproxy

八、初始化集群第一部分 [master1做就行]

1、修改参数
kubeadm init --kubernetes-version=v1.22.0 --control-plane-endpoint "192.168.182.200:8443" --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.182.5 --apiserver-cert-extra-sans=192.168.182.200,192.168.182.5,192.168.182.90,192.168.182.6 --upload-certs

# 以上命令详解 
kubeadm init #初始化 
 --kubernetes-version=v1.22.0  #版本信息
 --control-plane-endpoint "192.168.182.200:8443"  #访问终端 ，这个200是vip
 --pod-network-cidr=10.244.0.0/16   #pod的网段
 --apiserver-advertise-address=192.168.182.5   #当前服务器的ip 也就是master1的ip
 --apiserver-cert-extra-sans=192.168.182.200,192.168.182.5,192.168.182.90,192.168.182.6 --upload-certs   #这里是所有的master节点信息加上vip的信息 ，也就是4个ip地址

八、初始化集群第二部分[master2和master3执行]

上面的命令执行完之后会有以下信息：

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join 192.168.182.200:8443 --token 56d0uq.24nysn6gg2046qlx \
        --discovery-token-ca-cert-hash sha256:1a79c204bc13f1ce6bc2277b12e8040099268b60b1450095a56055ca3d01d6b5 \
        --control-plane --certificate-key 48ffe1a838ac06fd12d153be605bbfeceaf288efafdf6e9d6d1ef2247ac5585a

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.182.200:8443 --token 56d0uq.24nysn6gg2046qlx \
        --discovery-token-ca-cert-hash sha256:1a79c204bc13f1ce6bc2277b12e8040099268b60b1450095a56055ca3d01d6b5 

上面记录了完成的初始化输出的内容，根据输出的内容基本上可以看出手动初始化安装一个Kubernetes集群所需要的关键步骤。
1、将这三条命令在master1上进行执行 
 mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config    
  
2、将这些参数在其他控制节点执行 ，也就是master2 还有master3
kubeadm join 192.168.182.200:8443 --token 56d0uq.24nysn6gg2046qlx \
        --discovery-token-ca-cert-hash sha256:1a79c204bc13f1ce6bc2277b12e8040099268b60b1450095a56055ca3d01d6b5 \
        --control-plane --certificate-key 48ffe1a838ac06fd12d153be605bbfeceaf288efafdf6e9d6d1ef2247ac5585a
        
3、而后在另外两台的master进行操作 步骤1
        mkdir -p $HOME/.kube
        sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
        sudo chown $(id -u):$(id -g) $HOME/.kube/config

4、这个时候三台master都可以参看信息 
kubectl get nodes

八、初始化集群第三部分[node节点执行]

1、 node节点都执行参数
kubeadm join 192.168.182.200:8443 --token 56d0uq.24nysn6gg2046qlx \
        --discovery-token-ca-cert-hash sha256:1a79c204bc13f1ce6bc2277b12e8040099268b60b1450095a56055ca3d01d6b5

九、配置keepalived[三台master]

1、下载keepalived
yum -y install keepalived

2、修改配置
vim /etc/keepalived/keepalived.conf
# 将下面参数复制进去
! Configuration File for keepalived

global_defs {
   router_id directory1   
}

vrrp_instance VI_1 {
    state MASTER        
    interface ens33     
    virtual_router_id 80  
    priority 100         
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.182.200/24   
    }
}

3、重启并开机自启keepalived
systemctl restart keepalived && systemctl enable keepalived

十、配置使用网络插件[随便一台master]

1、 部署calico网络插件
curl -L https://docs.projectcalico.org/v3.22/manifests/calico.yaml -O

2、进入这个文件修改配置   vim calico.yaml
4205             - name: IP_AUTODETECTION_METHOD
4206               value: "interface=ens33"

2、kubectl apply -f  calico.yaml 启动参数

3、kubectl get pod -A -w  #等到READY运行起来变成1

十一 、 集群数据库相关操作

kubernetes命令自动补全
1、yum install -y epel-release bash-completion

2、source /usr/share/bash-completion/bash_completion

3、echo "source <(kubectl completion bash)" >> ~/.bashrc
#即可补全命令