[系统运维]Kubernetes快速部署

安装要求

在开始之前，部署Kubernetes集群机器需要满?以下?个条件：

• ?少3台机器，操作系统 CentOS7+
• 硬件配置：2GB或更多RAM，2个CPU或更多CPU，硬盘20GB或更多
• 集群中所有机器之间?络互通
• 可以访问外?，需要拉取镜像
• 禁?swap分区

环境

安装

关闭防?墙(node也一样)
[root@node1 ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

永久关闭selinux(node也一样)
[root@node1 ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config

关闭swap(node也一样)
[root@node1 ~]# vim /etc/fstab
注释掉swap分区(node也一样)
#/dev/mapper/cs-swap     none                    swap    defaults        0 0

在master添加hosts
[root@master ~]# cat >> /etc/hosts << EOF
> 192.168.149.137 master master.example.com
> 192.168.149.143 node1 node1.example.com
> 192.168.149.134 node2 node2.example.com
> EOF
做完以后可以直接用名字ping通:
#[root@master ~]# ping node2
#PING node2 (192.168.149.134) 56(84) bytes of data.
#64 bytes from node2 (192.168.149.134): icmp_seq=1 ttl=64 time=0.607 ms

将桥接的IPv4流量传递到iptables的链
[root@master ~]# cat > /etc/sysctl.d/k8s.conf << EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF

[root@master ~]# sysctl --system
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
net.core.optmem_max = 81920
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
kernel.pid_max = 4194304
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...    #有这个就说明成功了
* Applying /etc/sysctl.conf ...

时间同步(node也一样)
[root@master ~]#  yum -y install chrony
[root@master ~]# systemctl enable --now chronyd

免密认证
[root@master ~]# ssh-keygen -t rsa
[root@master ~]# ssh-copy-id master
[root@master ~]# ssh-copy-id node1
[root@master ~]# ssh-copy-id node2

测试
[root@master ~]# for host in master node1 node2;do ssh $host 'date';done
2021年 08月 24日 星期二 10:57:51 EDT
2021年 08月 24日 星期二 10:57:52 EDT
2021年 08月 24日 星期二 10:57:52 EDT

所有节点安装Docker/kubeadm/kubelet

配置yum
[root@master ~]# cd /etc/yum.repos.d/
[root@master yum.repos.d]# vim docker-ce.repo 
[Docker-ce]
name=Docker-ce
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/8/x86_64/stable/   这里用的是网易的
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

安装和启动
yum -y install docker-ce
systemctl start docker

配置加速器
[root@master ~]# cat > /etc/docker/daemon.json << EOF
{
 "registry-mirrors": ["https://q2e6ymdt.mirror.aliyuncs.com"],
 "exec-opts": ["native.cgroupdriver=systemd"],
 "log-driver": "json-file",
 "log-opts": {
 "max-size": "100m"
 },
 "storage-driver": "overlay2"
}
EOF
[root@master docker]# systemctl daemon-reload
[root@master docker]# systemctl restart docker
[root@master docker]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
...... 这里有省略
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://q2e6ymdt.mirror.aliyuncs.com/    #这里是自己的加速器地址就成功了
 Live Restore Enabled: false

添加kubernetes阿?云YUM软件源

[root@master ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF   这里用的centos7的
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装kubeadm，kubelet和kubectl (node也一样)

[root@master ~]# yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0
[root@master ~]# systemctl enable kubelet
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service.

部署Kubernetes Master

在192.168.149.137(master)上执行
kubeadm init \
 --apiserver-advertise-address=192.168.149.137 \
 --image-repository registry.aliyuncs.com/google_containers \
 --kubernetes-version v1.20.0 \
 --service-cidr=10.96.0.0/12 \
 --pod-network-cidr=10.244.0.0/16
由于默认拉取镜像地址k8s.gcr.io国内?法访问，这?指定阿?云镜像仓库地址。

[root@master ~]# yum -y install iproute-tc

使?kubectl?具

[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# kubectl get nodes
NAME     STATUS     ROLES                  AGE    VERSION
master   NotReady   control-plane,master   2m9s   v1.20.0

安装Pod?络插件（CNI）

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
我进不去呀

加?Kubernetes Node
在192.168.149.143、192.168.149.134上（Node）执?。
向集群添加新节点，执?在kubeadm init输出的kubeadm join命令：

kubeadm join 192.168.122.131:6443 --token sfzkjk.fhzjof83zl
8z94ur \
 --discovery-token-ca-cert-hash sha256:72486667d6da8f874996e20b