kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具。
这个工具能通过两条指令完成一个kubernetes集群的部署:
- 创建一个 Master 节点
$ kubeadm init - 将一个 Node 节点加入到当前集群中
$ kubeadm join <Master节点的IP和端口 >
1. 安装要求
在开始之前,部署Kubernetes集群机器需要满足以下几个条件:
三台以上,操作系统 CentOS7.x-86_x64
硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘30GB或更多
集群中所有机器之间网络互通
可以访问外网,需要拉取镜像
禁止swap分区
docker版本:18.06.2.ce-3.el7 kubuadm版本:1.16
2、环境准备,所有节点都需要操作
安装常用工具
yum install -y wget curl ipset ipvsadm deltarpm lrzsz tree bash-completion vim net-tools htop zip unzip screen
添加主机名与IP对应关系(记得设置主机名):
$ cat /etc/hosts 10.0.7.6 k8s-master 10.0.7.5 k8s-node1 10.0.7.8 k8s-node2
关闭防火墙:
$ systemctl stop firewalld && systemctl disable firewalld
关闭selinux:
$ sed -i 's/enforcing/disabled/' /etc/selinux/config $ setenforce 0
关闭swap:
$ swapoff -a $ 临时 $ vim /etc/fstab $ 永久
同步网络时间:
timedatectl set-timezone 'Asia/Shanghai' yum install chrony -y cat > /etc/chrony.conf <<EOF server 0.cn.pool.ntp.org iburst server 1.cn.pool.ntp.org iburst server 2.cn.pool.ntp.org iburst server 3.cn.pool.ntp.org iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync logdir /var/log/chrony EOF systemctl restart chronyd.service
将桥接的IPv4流量传递到iptables的链:
$ cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF $ sysctl --system
安装ipvs
cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 EOF chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
操作完以上后重启下系统
3、所有节点安装Docker/kubeadm/kubelet
3.1 安装Docker并启用systemd驱动模式:
yum install -y yum-utils device-mapper-persistent-data lvm2 \ && yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo \ && yum -y install docker-ce-18.06.2.ce \ && mkdir -p /etc/docker cat > /etc/docker/daemon.json <<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ] } EOF mkdir -p /etc/systemd/system/docker.service.d systemctl enable docker && systemctl start docker
#国内可用阿里云的源:https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.2 安装kubeadm,kubelet和kubectl
查询可安装的版本号 yum list kubeadm –showduplicates | sort -r 由于版本更新频繁,这里指定版本号部署:
添加Google官方源
cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg EOF
国内使用阿里的源: cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
执行安装
yum install -y kubelet-1.16.8 kubeadm-1.16.8 kubectl-1.16.8 systemctl enable --now kubelet
部署Kubernetes Master
在10.0.7.6 k8s-master(Master)执行。
$ kubeadm init \ --apiserver-advertise-address=192.168.31.61 \ #Master的api组件地址,用于与其他节点通信 --image-repository registry.aliyuncs.com/google_containers \ #默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。 --kubernetes-version v1.16.8 \ #指定k8s版本 --service-cidr=10.1.0.0/16 \ #指定service的网络地址段 --pod-network-cidr=10.244.0.0/16 #指定pod网络地址范围,分配到节点上 初始化完成后会提示使用以下命令加入集群: Then you can join any number of worker nodes by running the following on each as root: kubeadm join 10.0.7.6:6443 --token 9w3ij3.ot4atu4d1mq7jd98 \ --discovery-token-ca-cert-hash sha256:695d9088f433e3fd9d6b29b346c7c9845a71a79c96aae7809e62a139d014b85b
使用kubectl工具:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
安装Pod网络插件(CNI组件flannel)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
查看状态 [[email protected] ~]# kubectl -n kube-system get pod NAME READY STATUS RESTARTS AGE coredns-5644d7b6d9-6ln2w 1/1 Running 0 14m coredns-5644d7b6d9-k2gh5 1/1 Running 0 14m etcd-k8s-master 1/1 Running 0 13m kube-apiserver-k8s-master 1/1 Running 0 13m kube-controller-manager-k8s-master 1/1 Running 0 13m kube-flannel-ds-amd64-hswdx 1/1 Running 0 3m8s kube-proxy-f7v26 1/1 Running 0 14m kube-scheduler-k8s-master 1/1 Running 0 13m
将Node节点加入集群中:
kubeadm join 10.0.7.6:6443 --token 9w3ij3.ot4atu4d1mq7jd98 \ --discovery-token-ca-cert-hash sha256:695d9088f433e3fd9d6b29b346c7c9845a71a79c96aae7809e62a139d014b85b
稍等一会然后在Master上查看状态
[[email protected] ~]# kubectl get node NAME STATUS ROLES AGE VERSION k8s-master Ready master 22m v1.16.8 k8s-node1 Ready <none> 87s v1.16.8 k8s-node2 Ready <none> 80s v1.16.8
测试kubernetes集群
在Kubernetes集群中创建一个pod,验证是否正常运行:
$ kubectl create deployment nginx --image=nginx $ kubectl expose deployment nginx --port=80 --type=NodePort $ kubectl get pod,svc -o wide
访问地址:http://NodeIP:Port
[[email protected] ~]# kubectl get pod,svc NAME READY STATUS RESTARTS AGE pod/nginx-86c57db685-47fvw 1/1 Running 0 78s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 26m service/nginx NodePort 10.1.152.174 <none> 80:30197/TCP 49s
启用IPVS网络模式
修改配置文件
kubectl edit configmap kube-proxy -n kube-system #修改mode=“ipvs” 删除自动重建kube-proxy 的pod kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}' ipvsadm -ln
kubectl自动补全
yum install -y epel-release bash-completion source /usr/share/bash-completion/bash_completion source <(kubectl completion bash) echo "source <(kubectl completion bash)" >> ~/.bashrc