1、集群类型
Kubernetes集群大体上分为两类:
- 一主多从:一台Master节点和多台Node节点,搭建简单,单机故障风险高,适合测试环境;
- 多主多从:多台Master节点和多台Node节点,搭建麻烦,安全性高,适合生产环境;
2、安装方式
Kubernetes有多种部署方式,目前主流的方式有:
- minikube:一个用户快速搭建单节点Kubernetes的工具;
- kubeadm:一个用于快速搭建Kubernetes集群的工具;
- 二进制包:从官网下载每个组件的二进制包,依次安装,此方式对于理解Kubernetes组件更具有效;
3、环境搭建
表格如下:IP地址、操作系统、配置参数根据需求而定,不限于表格内容
作用 | IP地址 | 操作系统 | 配置参数 |
---|
Master | 192.168.88.130 | centos 7.3 1611 | 2c 2G 50G | Node1 | 192.168.88.131 | centos 7.3 1611 | 2c 2G 50G | Node2 | 192.168.88.132 | centos 7.3 1611 | 2c 2G 50G |
3.1 主机安装
本次环境需要搭建三台centos服务器(部署方式为一主二从),每台服务器中分布安装docker、kubeadm、kublet、kubectl程序; 系统安装配置如下:
- 操作系统硬件参数:CPU 2c、Mem 2G、磁盘 50G;
- 系统语言:English
- 软件选择:基础设施服务器
- 分区选择:自动分区(此处可以删除swap分区,后面可以通过命令删除,自选方式)
- 网络配置:三台服务器互相通信、可下载对应RPM即可
3.2 环境初始化
检查操作系统版本信息
[root@master ~]
CentOS Linux release 7.6.1810 (Core)
配置主机名称解析
为了方便后面集群节点间的直接调用,配置主机名称解析,生产环境中推荐使用DNS解析服务器;
[root@master ~]
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.88.130 master.kubernetes
192.168.88.131 node1.kubernetes
192.168.88.132 node2.kubernetes
[root@master ~]
root@192.168.88.131's password:
[root@master ~]# scp /etc/hosts root@192.168.88.132:/etc/hosts
root@192.168.88.132's password:
时间同步
Kubernetes要求集群中的节点时间必须一致,使用chronyd服务从网络同步时间;
[root@master ~]
[root@master ~]
[root@master ~]
Fri Dec 10 17:14:32 CST 2021
禁用iptables和firewalld服务
Kubernetes在运行中会产生大量的防火墙规则,为了不让系统规则混淆,此处需要关闭,生产环境可以不关闭,防火墙策略必须配置准确;
[root@localhost ~]
[root@localhost ~]
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]
[root@localhost ~]
禁用SELinux
[root@master ~]
禁用swap分区
swap分区指的是虚拟内存分区,它的作用是在物理内存使用完成之后,将磁盘空间虚拟成内存来使用,启用swap的设备会对系统的性能产生非常负面的影响,因此在Kubernetes中要求每个节点都要禁用swap分区,但是如果因为某些原因不能关闭,需要在集群安装过程中通过明确的参数配置进行说明;
[root@master ~]
[root@master ~]
total used free shared buff/cache available
Mem: 1819 602 443 26 773 996
Swap: 0 0 0
修改Linux的内核参数
[root@master ~]
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
[root@master ~]
[root@master ~]
[root@master ~]
br_netfilter 22256 0
bridge 151336 1 br_netfilter
配置ipvs功能
[root@master ~]
[root@master ~]
[root@localhost ~]
[root@master ~]
ipset-7.1-1.el8.x86_64
ipvsadm-1.31-1.el8.x86_64
[root@localhost ~]
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
[root@localhost ~]
[root@localhost ~]
-rwxr-xr-x. 1 root root 124 Dec 10 17:32 /etc/sysconfig/modules/ipvs.modules
[root@master ~]
[root@localhost ~]
ip_vs_sh 16384 0
ip_vs_wrr 16384 0
ip_vs_rr 16384 0
ip_vs 172032 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_defrag_ipv6 20480 1 ip_vs
nf_conntrack_ipv4 16384 12
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_conntrack 155648 8 xt_conntrack,nf_conntrack_ipv4,nf_nat,ipt_MASQUERADE,nf_nat_ipv4,xt_nat,nf_conntrack_netlink,ip_vs
libcrc32c 16384 4 nf_conntrack,nf_nat,xfs,ip_vs
系统重启
[root@localhost ~]
3.3 安装Docker服务
切换镜像源
[root@master ~]
--2021-12-11 08:57:11-- https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 222.35.67.242, 222.35.67.244, 222.35.67.248, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|222.35.67.242|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2081 (2.0K) [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/docker-ce.repo’
100%[=============================================================>] 2,081 --.-K/s in 0s
2021-12-11 08:57:11 (462 MB/s) - ‘/etc/yum.repos.d/docker-ce.repo’ saved [2081/2081]
安装Docker服务(离线安装)
点击跳转查看 Docker服务的在线与离线安装
[root@master ~]
[root@master ~]
[root@master ~]
docker-ce-20.10.11-3.el7.x86_64
添加docker配置文件
Docker默认情况下使用的Cgroup Driver为cgroupfs,而Kubernetes推荐使用systemd代替cgroupfs
[root@master ~]
[root@master ~]
[root@master ~]
{
"exec-opts" : ["native.cgroupdriver=systemd"],
"registry-mirrors" : ["https://kn0t2bca.mirror.aliyuncs.com"]
}
[root@master ~]
[root@master ~]
[root@master ~]
查看Docker服务版本
[root@master ~]
Client: Docker Engine - Community
Version: 20.10.11
3.4 安装Kubernetes组件
配置国内Kubernetes镜像源,国外源下载较慢,推荐使用国内源
[root@master ~]
[root@master ~]
[kubernetes]
name=kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enable=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
安装kubeadm、kubelet、kubectl服务
[root@master ~]
[root@master ~]
kubeadm-1.23.0-0.x86_64
kubelet-1.23.0-0.x86_64
kubectl-1.23.0-0.x86_64
配置kubelet的cgroup
[root@master ~]
[root@master ~]
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
KUBE_PROXY_MODE="ipvs"
设置kubelet服务开机自启
[root@master ~]
3.5 准备集群镜像
在安装Kubernetes集群之前,需要准备好集群需要的镜像,可以通过下面命令查看所需镜像;
[root@master ~]
k8s.gcr.io/kube-apiserver:v1.23.0
k8s.gcr.io/kube-controller-manager:v1.23.0
k8s.gcr.io/kube-scheduler:v1.23.0
k8s.gcr.io/kube-proxy:v1.23.0
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6
下载镜像,此镜像在Kubernetes的仓库中,此处由于网络原因,切换使用阿里云镜像,配置脚本文件进行下载
[root@master ~]
[root@master ~]
images=(
kube-apiserver:v1.23.0
kube-controller-manager:v1.23.0
kube-scheduler:v1.23.0
kube-proxy:v1.23.0
pause:3.6
etcd:3.5.1-0
coredns:v1.8.6
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
done
[root@master ~]
[root@master ~]
[root@master ~]
root@192.168.88.131's password:
[root@master ~]# scp ./imagePull.sh root@192.168.88.132:/root/imagePull.sh
root@192.168.88.132's password:
[root@node1 ~]
[root@node2 ~]
[root@master ~]
[root@master ~]
Untagged: k8s.gcr.io/coredns:1.8.6
[root@master ~]
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/coredns 1.8.6 a4ca41631cc7 2 months ago 46.8MB
[root@master ~]
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/coredns/coredns v1.8.6 a4ca41631cc7 2 months ago 46.8MB
为防止内网镜像下载故障问题,已将所需镜像上传至百度网盘,请自行下载,放入对应目录进行镜像导入即可使用;
[root@master ~]
[root@master k8s_images]
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-apiserver v1.23.0 e6bf5ddd4098 5 days ago 135MB
k8s.gcr.io/kube-controller-manager v1.23.0 37c6aeb3663b 5 days ago 125MB
k8s.gcr.io/kube-proxy v1.23.0 e03484a90585 5 days ago 112MB
k8s.gcr.io/kube-scheduler v1.23.0 56c5af1d00b5 5 days ago 53.5MB
k8s.gcr.io/etcd 3.5.1-0 25f8c7f3da61 5 weeks ago 293MB
k8s.gcr.io/coredns/coredns v1.8.6 a4ca41631cc7 2 months ago 46.8MB
k8s.gcr.io/pause 3.6 6270bb605e12 3 months ago 683kB
calico/pod2daemon-flexvol v3.17.1 819d15844f0c 12 months ago 21.7MB
calico/cni v3.17.1 64e5dfd8d597 12 months ago 128MB
calico/node v3.17.1 183b53858d7d 12 months ago 165MB
quay.io/coreos/flannel v0.12.0-amd64 4e9f801d2217 21 months ago 52.8MB
查看已经下载的镜像
[root@master ~]
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-apiserver v1.23.0 e6bf5ddd4098 4 days ago 135MB
k8s.gcr.io/kube-proxy v1.23.0 e03484a90585 4 days ago 112MB
k8s.gcr.io/kube-controller-manager v1.23.0 37c6aeb3663b 4 days ago 125MB
k8s.gcr.io/kube-scheduler v1.23.0 56c5af1d00b5 4 days ago 53.5MB
k8s.gcr.io/etcd 3.5.1-0 25f8c7f3da61 5 weeks ago 293MB
k8s.gcr.io/coredns/coredns v1.8.6 a4ca41631cc7 2 months ago 46.8MB
k8s.gcr.io/pause 3.6 6270bb605e12 3 months ago 683kB
3.6 集群初始化
创建集群,只需要在master节点上执行
[root@master k8s_images]
kubeadm-1.23.0-0.x86_64
[root@master ~]
[root@master ~]
--kubernetes-version=v1.23.0 \ /kubeadm版本;
--pod-network-cidr=10.244.0.0/16 \ /Pod网络;
--service-cidr=10.96.0.0/12 \ /Service网络;
--apiserver-advertise-address=192.168.88.130 /注意修改Master主节点IP地址;
执行结果提示安装成功即可
Your Kubernetes control-plane has initialized successfully!
Master创建集群成功图示如下,界面会提示创建必要文件与Node加入Master配置所需命令,直接复制即可
创建必要文件(必须执行)
[root@master ~]
[root@master ~]
[root@master ~]
配置节点node1、node2加入master
[root@node1 ~]
--discovery-token-ca-cert-hash sha256:f5f1f9209111d355ed6516b51deaec5a50542cd5eb533c0b97e110064637d48e
[root@node2 ~]
--discovery-token-ca-cert-hash sha256:f5f1f9209111d355ed6516b51deaec5a50542cd5eb533c0b97e110064637d48e
节点加入Master图示如下
查看节点是否添加成功,状态此时为NotReady的原因是网络插件尚未安装
[root@master ~]
NAME STATUS ROLES AGE VERSION
master.kubernetes NotReady control-plane,master 8m6s v1.23.0
node1.kubernetes NotReady <none> 44s v1.23.0
node2.kubernetes NotReady <none> 43s v1.23.0
Master创建失败解决办法
若是初始化环境不干净,Master集群会产生报错,重新执行命令无法正常运行,按照如下方法重新清理环境
重置kubeadm
[root@master ~]
图示如下,重置完成后,需要清理部分文件;
[root@master ~]
[root@master ~]
[root@master ~]
清理完成后重新执行kubeadm安装
[root@master ~]
图示如下:
3.7 安装网络插件
点击此处跳转复制calico.yaml源码
[root@master ~]
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@master ~]
-rw------- 1 root root 5640 Dec 12 21:47 /etc/kubernetes/admin.conf
[root@master ~]
[root@master ~]
[root@master ~]
图示如下:
验证网络插件calico.yaml是否启动成功
[root@master ~]
[root@master ~]
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master.kubernetes Ready control-plane,master 64m v1.23.0 192.168.88.130 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.11
node1.kubernetes Ready <none> 57m v1.23.0 192.168.88.131 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.11
node2.kubernetes Ready <none> 57m v1.23.0 192.168.88.132 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.11
3.8 集群部署服务验证
[root@master ~]
deployment.apps/nginx created
[root@master ~]
service/nginx exposed
[root@master ~]
NAME READY STATUS RESTARTS AGE
nginx-7cbb8cd5d8-xfkmk 1/1 Running 0 36s
[root@master ~]
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 61m
nginx NodePort 10.110.188.49 <none> 80:32681/TCP 14s
验证Nginx网页是否正常
4、命令介绍
kubectl为Kubernetes基础配置命令,以下为常见操作解析;
[root@master ~]
kubectl controls the Kubernetes cluster manager.
Find more information at:
https://kubernetes.io/docs/reference/kubectl/overview/
Basic Commands (Beginner): /基本命令 初级
create Create a resource from a file or from stdin /创建资源
expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service /暴露服务
run Run a particular image on the cluster /运行
set Set specific features on objects /设置
Basic Commands (Intermediate): /基本命令 中级
explain Get documentation for a resource
get Display one or many resources
edit Edit a resource on the server
delete Delete resources by file names, stdin, resources and names, or by resources and label selector
Deploy Commands: /部署命令
rollout Manage the rollout of a resource
scale Set a new size for a deployment, replica set, or replication controller
autoscale Auto-scale a deployment, replica set, stateful set, or replication controller
Cluster Management Commands: /集群管理命令
certificate Modify certificate resources.
cluster-info Display cluster information
top Display resource (CPU/memory) usage
cordon Mark node as unschedulable
uncordon Mark node as schedulable
drain Drain node in preparation for maintenance
taint Update the taints on one or more nodes
Troubleshooting and Debugging Commands: /故障处理和调试命令
describe Show details of a specific resource or group of resources
logs Print the logs for a container in a pod
attach Attach to a running container
exec Execute a command in a container
port-forward Forward one or more local ports to a pod
proxy Run a proxy to the Kubernetes API server
cp Copy files and directories to and from containers
auth Inspect authorization
debug Create debugging sessions for troubleshooting workloads and
nodes
Advanced Commands: /前沿命令
diff Diff the live version against a would-be applied version
apply Apply a configuration to a resource by file name or stdin
patch Update fields of a resource
replace Replace a resource by file name or stdin
wait Experimental: Wait for a specific condition on one or many resources
kustomize Build a kustomization target from a directory or URL.
Settings Commands: /设置命令
label Update the labels on a resource
annotate Update the annotations on a resource
completion Output shell completion code for the specified shell (bash, zsh or fish)
Other Commands: /其他命令
alpha Commands for features in alpha
api-resources Print the supported API resources on the server
api-versions Print the supported API versions on the server, in the form of "group/version"
config Modify kubeconfig files
plugin Provides utilities for interacting with plugins
version Print the client and server version information
Usage:
kubectl [flags] [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all
commands).
|