k8s搭建部署--三个节点服务器(超详细)
目录
k8s搭建部署--三个节点服务器
docker环境准备
安装kubeadm,kubelet和kubectl
Centos添加kubernetes YUM软件源
ubuntu修改源
master主机执行
node节点执行
部署flannel
查看集群状态
测试
k8s搭建部署--三个节点服务器
#建议:先全部在一台master上执行完成集群的安装,最后node节点再加入集群
#硬件环境的要求:
cpu:2c
memory:4G/2G
#软件环境的要求:
# docker环境准备
准备4台虚拟机(centos,一台master,三台node)并运行以下脚本:
#!/bin/bash
#解决依赖关系
yum install -y yum-utils zlib zlib-devel openssl openssl-devel pcre pcre-devel gcc gcc-c++ autoconf automake make psmisc lsof net-tools vim python3 #关闭防火墙
systemctl stop firewalldsystemctl disable firewalld#关闭selinux
setenforce 0 #临时关闭
#永久关闭
sed -i '/^SELINUX/ s/enforcing/disabled/' /etc/selinux/config
# 安装docker
## 卸载旧版本
yum remove docker \docker-client \docker-client-latest \docker-common \docker-latest \docker-latest-logrotate \docker-logrotate \docker-enginedocker版本
```
[root@k8s-master ~]# docker version
Client: Docker Engine - Community
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:53:39 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
```
## 安装yum-utils软件包(提供yum-config-manager 实用程序),配置加速源
yum install -y yum-utilsyum-config-manager \--add-repo \http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo## 安装docker,设置开机自启
yum install -y docker-ce docker-ce-cli containerd.iosystemctl start dockersystemctl enable docker## 配置 Docker使用systemd作为默认Cgroup驱动
每台服务器上都要操作,master和node上都要操作
cat <<EOF > /etc/docker/daemon.json{"exec-opts": ["native.cgroupdriver=systemd"]}EOF#重启docker
systemctl restart docker
## 关闭swap分区,每台服务器都需要操作
swapoff -a # 临时
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab #永久
## 重新命名主机,在所有主机上上添加如下命令,修改hosts文件
hostnamectl set-hostname master
hostnamectl set-hostname node1
hostnamectl set-hostname node2
## 修改主机名后使用su - root重新登陆
每台机器上的/etc/hosts文件都需要修改
su - rootcat >> /etc/hosts << EOF 192.168.0.17 master192.168.0.89 node1192.168.0.11 node2192.168.0.19 node3EOF# 安装kubeadm,kubelet和kubectl
kubeadm --》k8s的管理程序--》在master上运行的--》建立整个k8s集群,背后是执行了大量的脚本,帮助我们去启动k8s
kubelet --》在node节点上用来管理容器的--》管理docker,告诉docker程序去启动容器
master和node通信用的--》管理docker,告诉docker程序去启动容器
一个在集群中每个节点(node)上运行的代理。 它保证容器(containers)都 运行在 Pod 中。
kubectl --》在master上用来给node节点发号施令的程序,用来控制node节点的,告诉它们做什么事情的,是命令行操作的工具
集群里的每台服务器都需要安装
# Centos添加kubernetes YUM软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
ubuntu修改源
#====
ubuntu里修改源,使用阿里云的源,参考文档
https://blog.csdn.net/wangyijieonline/article/details/105360138
#===ubuntu系统里
安装kubelet,kubeadm,kubectl
添加apt key以及源(所有主机)
#下载相关软件
sudo apt update && sudo apt install -y apt-transport-https curl
#下载apt-key.gpg
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
#添加k8s的阿里云的源
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" >>/etc/apt/sources.list.d/kubernetes.list
# ===ubuntu安装kubelet kubeadm kubectl
sudo apt update
apt install -y kubelet kubeadm kubectl
systemctl enable --now kubelet
# ===centos里安装kubelet kubeadm kubectl
#安装kubeadm,kubelet和kubectl
yum install -y kubelet kubeadm kubectl
#设置开机自启
systemctl enable kubelet
# master主机执行
## 部署Kubernetes Master
# 部署Kubernetes Master
#提前准备coredns:1.8.4的镜像,后面需要使用,需要在每台机器上下载镜像
[root@master ~]# docker pull coredns/coredns:1.8.4
[root@master ~]# docker tag coredns/coredns:1.8.4 registry.aliyuncs.com/google_containers/coredns:v1.8.4
#初始化操作在master服务器上执行
[root@master ~]#kubeadm init \
--apiserver-advertise-address=192.168.74.159 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
#192.168.0.17 是master的ip
# --service-cidr string Use alternative range of IP address for service VIPs. (default "10.96.0.0/12")
# --pod-network-cidr string Specify range of IP addresses for the pod network. If set, the control plane will automatically allocate CIDRs for every node.
输出结果
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.0.17:6443 --token sxzm95.4blvhq1mnk3goyjo \
--discovery-token-ca-cert-hash sha256:419d644656e24a113f94d7f8e01a820bb4030e3c0a19a32542bc27730103189a
[root@master ~]#
按照提示操作
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
## node节点执行
建议:不要现在node节点上运行kubelet服务,不然会导致join失败,如果已经运行了,建议关闭,然后删除提示失败的文件和目录
/etc/kubernetes/kubelet.conf
/etc/kubernetes/pki/ca.crt
rm -rf etc/kubernetes/{pki,kubelet.conf}
###########
[root@node1 ~]# kubeadm join 192.168.0.17:6443 --token sxzm95.4blvhq1mnk3goyjo --discovery-token-ca-cert-hash sha256:419d644656e24a113f94d7f8e01a820bb4030e3c0a19a32542bc27730103189a
注意: 这里的执行的join是初始化master的时候输出结果里的kubeadm join
[root@node1 ~]#
第2台也加入集群
[root@node3 ~]# kubeadm join 192.168.0.17:6443 --token sxzm95.4blvhq1mnk3goyjo --discovery-token-ca-cert-hash sha256:419d644656e24a113f94d7f8e01a820bb4030e3c0a19a32542bc27730103189a
输出结果
[preflight] Running pre-flight checks
[WARNING FileExisting-tc]: tc not found in system path
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.5. Latest validated version: 19.03
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
到这里则表示添加节点成功
## 安装网络插件(在master节点执行)
在家目录下vim一个kube-flannel.yml文件
在master服务器上执行
[root@master ~]# vim kube-flannel.yml
---apiVersion: policy/v1beta1kind: PodSecurityPolicymetadata:name: psp.flannel.unprivilegedannotations:seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/defaultseccomp.security.alpha.kubernetes.io/defaultProfileName: docker/defaultapparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/defaultapparmor.security.beta.kubernetes.io/defaultProfileName: runtime/defaultspec:privileged: falsevolumes:- configMap- secret- emptyDir- hostPathallowedHostPaths:- pathPrefix: "/etc/cni/net.d"- pathPrefix: "/etc/kube-flannel"- pathPrefix: "/run/flannel"readOnlyRootFilesystem: false# Users and groupsrunAsUser:rule: RunAsAnysupplementalGroups:rule: RunAsAnyfsGroup:rule: RunAsAny# Privilege EscalationallowPrivilegeEscalation: falsedefaultAllowPrivilegeEscalation: false# CapabilitiesallowedCapabilities: ['NET_ADMIN', 'NET_RAW']defaultAddCapabilities: []requiredDropCapabilities: []# Host namespaceshostPID: falsehostIPC: falsehostNetwork: truehostPorts:- min: 0max: 65535# SELinuxseLinux:# SELinux is unused in CaaSPrule: 'RunAsAny'---kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1metadata:name: flannelrules:- apiGroups: ['extensions']resources: ['podsecuritypolicies']verbs: ['use']resourceNames: ['psp.flannel.unprivileged']- apiGroups:- ""resources:- podsverbs:- get- apiGroups:- ""resources:- nodesverbs:- list- watch- apiGroups:- ""resources:- nodes/statusverbs:- patch---kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1metadata:name: flannelroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: flannelsubjects:- kind: ServiceAccountname: flannelnamespace: kube-system---apiVersion: v1kind: ServiceAccountmetadata:name: flannelnamespace: kube-system---kind: ConfigMapapiVersion: v1metadata:name: kube-flannel-cfgnamespace: kube-systemlabels:tier: nodeapp: flanneldata:cni-conf.json: |{"name": "cbr0","cniVersion": "0.3.1","plugins": [{"type": "flannel","delegate": {"hairpinMode": true,"isDefaultGateway": true}},{"type": "portmap","capabilities": {"portMappings": true}}]}net-conf.json: |{"Network": "10.244.0.0/16","Backend": {"Type": "vxlan"}}---apiVersion: apps/v1kind: DaemonSetmetadata:name: kube-flannel-dsnamespace: kube-systemlabels:tier: nodeapp: flannelspec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linuxhostNetwork: truepriorityClassName: system-node-criticaltolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: quay.io/coreos/flannel:v0.13.1-rc2command:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: quay.io/coreos/flannel:v0.13.1-rc2command:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: "100m"memory: "50Mi"limits:cpu: "100m"memory: "50Mi"securityContext:privileged: falsecapabilities:add: ["NET_ADMIN", "NET_RAW"]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg部署flannel
[root@master ~]# kubectl apply -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
[root@master ~]# ps aux|grep flannel
root 320372 1.8 1.4 1265920 26824 ? Ssl 11:12 0:00 /opt/bin/flanneld --ip-masq --kube-subnet-mgr
root 321071 0.0 0.0 12324 1088 pts/0 S+ 11:13 0:00 grep --color=auto flannel
查看集群状态
#等待节点准备完毕
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 161m v1.20.4
node1 Ready <none> 135m v1.20.4
node2 NotReady <none> 39s v1.20.4
过一段时间,再次查看node节点会是ready状态,大概2-3分钟时间
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 163m v1.20.4
node1 Ready <none> 136m v1.20.4
node2 Ready <none> 2m5s v1.20.4
查看个个节点的详细信息
[root@master ~]# kubectl get nodes -n kube-system -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master Ready control-plane,master 136m v1.22.1 192.168.0.17 <none> CentOS Linux 8 4.18.0-305.3.1.el8.x86_64 docker://20.10.8
node1 Ready <none> 131m v1.22.1 192.168.0.89 <none> CentOS Linux 7 (Core) 3.10.0-1062.el7.x86_64 docker://20.10.8
node2 Ready <none> 111s v1.22.1 192.168.0.11 <none> Ubuntu 20.04.3 LTS 5.4.0-80-generic docker://20.10.8
node3 Ready <none> 130m v1.22.1 192.168.0.19 <none> CentOS Linux 8 4.18.0-305.3.1.el8.x86_64 docker://20.10.8
[root@master ~]#
[root@master ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f89b7bc75-fjq7n 1/1 Running 0 48m
coredns-7f89b7bc75-t5hnq 1/1 Running 0 48m
etcd-master 1/1 Running 0 48m
kube-apiserver-master 1/1 Running 0 48m
kube-controller-manager-master 1/1 Running 0 48m
kube-flannel-ds-kz8t9 1/1 Running 0 17m
kube-flannel-ds-r2q5s 1/1 Running 0 17m
kube-proxy-4jlr6 1/1 Running 0 48m
kube-proxy-ppsr6 1/1 Running 0 22m
kube-scheduler-master 1/1 Running 0 48m
#测试
创建nginx的pod
```
启动一个pod,背后是运行nginx镜像
[root@new-k8s-master ~]# kubectl run sc-nginx --image=nginx --port=8080
pod/sc-nginx created
[root@new-k8s-master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
sc-nginx 0/1 ContainerCreating 0 5s
[root@new-k8s-master ~]#
等一下,会启动pod,因为需要去下载镜像文件
[root@new-k8s-master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
sc-nginx 1/1 Running 0 64s
[root@new-k8s-master ~]#
[root@new-k8s-master ~]# kubectl get pod -o wide 显示详细的内容
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
sc-nginx 1/1 Running 0 97s 10.244.1.2 node1 <none> <none>
[root@new-k8s-master ~]#
```
k8s搭建部署--三个节点服务器(超详细)相关推荐
- 将Hexo个人博客部署到个人云服务器--最详细踩坑教程
将Hexo个人博客部署到个人云服务器–最详细踩坑教程 文章目录 将Hexo个人博客部署到个人云服务器--最详细踩坑教程 一. 背景 *二. 获取体验产品--服务器(选读节) (一)说明 (二)购买体验 ...
- Pyqt搭建YOLOV3目标检测界面(超详细+源代码)
Pyqt搭建YOLOV3目标检测界面(超详细+源代码) 2022.5.25更新 2021.11.23 更新 2021.11.22 更新 实现效果如下所示,可以检测图片.视频以及摄像头实时检测. 0.准 ...
- k8s搭建部署(超详细)
简介 Kubernetes是Google 2014年创建管理的,是Google 10多年大规模容器管理技术Borg的开源版本.它是容器集群管理系统,是一个开源的平台,可以实现容器集群的自动化部署.自动 ...
- win11系统搭建FTP服务器超详细流程
前言 之前写过Qt开发FTP文件上传下载功能,那么,如果本地需要测试FTP功能的话就需要搭建一个本地FTP服务器,可以方便快速调试. 所以今天主要详细介绍如何在windows 11系统中快速搭建一个本 ...
- 二进制安装部署 4 kubernetes集群---超详细教程
二进制安装部署kubernetes集群---超详细教程 前言:本篇博客是博主踩过无数坑,反复查阅资料,一步步搭建完成后整理的个人心得,分享给大家~~~ 本文所需的安装包,都上传在我的网盘中,需要的可以 ...
- jenkins部署三种构建方式的详细步骤
部署背景: jenkins: CentOS 7.4C IP:172.16.3.74 gitlab-11.5.3: Cen ...
- 印能捷怎样安装在虚拟服务器,超详细Prinergy(印能捷)安装及设置教程
超详细Prinergy(印能捷)安装及设置教程 书法字体2014.09.01Prinergy 如果你安装的是Prinergy(印能捷)正版软件,那么你完全无需操心印能捷的安装与设置问题(印能捷工程师会 ...
- 使用APMServ搭建DVWA靶场、sqli-labs靶场——超详细
文章目录 前言 一.搭建环境(APMServ) 1.安装APMServ 2.配置MySQL数据库 ①管理msyql数据库 ②登录(默认密码为空) ③选择mysql数据库 ④执行sql语句 ⑤重启APM ...
- 在Windows服务器上搭建Nuget私人服务器(超~详细)
在Windows服务器上搭建Nuget私人服务器 一.使用VS2017/VS2019新建空白解决方案,操作如图: 步骤一:这里以VS2019为例,打开VS2019,选择[创建新项目]选项: 步骤二:选 ...
最新文章
- VS生成dll和lib库文件
- Codeforces 527C Glass Carving (最长连续0变形+线段树)
- 使用Servlet 3.0,Redis / Jedis和CDI的简单CRUD –第1部分
- python与javascript的区别_python与js区别有哪些
- 推荐几个好的域名交易站点
- Django学习-19-缓存
- AI,大数据,复杂系统最精25本大书单(建议收藏)
- 高通平台SPI驱动框架分析
- 将安卓手机摄像头打造成电脑高清摄像头
- 相册视频制作APP有什么推荐?看这里!轻松把照片做成视频
- 乔布斯斯坦福毕业演讲
- mysql insert on duplicate_一条Insert on duplicate引发的血案
- Vue3 源码阅读(3):响应式系统 —— 重置 effect 的依赖收集、嵌套的 effect、effect 调度执行
- Java学习之:如何将 java 程序打包成 .jar 文件
- arm920t中断系统详解
- 耳机声音一边大一边小
- Windows11右键菜单修改为Win10模式的方法
- outlook 服务器身份验证,Outlook 加载项中的身份验证选项
- autojs教程:完善找图函数,图片内随机点击
- 《黑客与画家》读后感--为什么书呆子不受欢迎