一. Kubernetes简介
Kubernetes(简称K8S)是开源的容器集群管理系统,可以实现容器集群的自动化部署、自动扩缩容、维护等功能。它既是一款容器编排工具,也是全新的基于容器技术的分布式架构领先方案。在Docker技术的基础上,为容器化的应用提供部署运行、资源调度、服务发现和动态伸缩等功能,提高了大规模容器集群管理的便捷性。
K8S集群中有管理节点与工作节点两种类型。管理节点主要负责K8S集群管理,集群中各节点间的信息交互、任务调度,还负责容器、Pod、NameSpaces、PV等生命周期的管理。工作节点主要为容器和Pod提供计算资源,Pod及容器全部运行在工作节点上,工作节点通过kubelet服务与管理节点通信以管理容器的生命周期,并与集群其他节点进行通信。
二. K8s集群部署环境准备
1. 环境架构
这里只是为了展示,master节点的搭建流程
该教程主要是展示docker被封禁后如何部署
2. 配置主机名
注:以下操作所有节点需要执行
# Master
[root@localhost ~]# hostnamectl set-hostname k8s-master --static
[root@k8s-master ~]# cat >>/etc/hosts <<EOF
172.17.89.193 k8s-master
EOF3. 关闭防火墙和selinux
[root@k8s-master ~]# systemctl stop firewalld.service
[root@k8s-master ~]# systemctl disable firewalld.service
[root@k8s-master ~]# setenforce 0
[root@k8s-master ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config4. 关闭swap分区
[root@k8s-master ~]# swapoff -a
[root@k8s-master ~]# sed -i '/swap/s/^/#/g' /etc/fstab5. 配置内核参数和优化
[root@k8s-master ~]# cat >/etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@k8s-master ~]# sysctl --system6. 安装ipset、ipvsadm
[root@k8s-master ~]# dnf -y install conntrack ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git
[root@k8s-master ~]# cat >/etc/modules-load.d/ipvs.conf <<EOF
# Load IPVS at boot
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
nf_conntrack_ipv4
EOF
[root@k8s-master ~]# systemctl enable --now systemd-modules-load.service
# 确认内核模块加载成功
[root@k8s-master ~]# lsmod |egrep "ip_vs|nf_conntrack_ipv4"7. 安装Containerd
安装依赖软件包
[root@k8s-master ~]# dnf -y install yum-utils device-mapper-persistent-data lvm2添加阿里Docker源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo添加overlay和netfilter模块
[root@k8s-master ~]# cat >>/etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
[root@k8s-master ~]# modprobe overlay
[root@k8s-master ~]# modprobe br_netfilter安装Containerd,这里安装最新版本
[root@k8s-master ~]# dnf -y install containerd.io创建Containerd的配置文件
[root@k8s-master ~]# mkdir -p /etc/containerd
[root@k8s-master ~]# containerd config default > /etc/containerd/config.toml
[root@k8s-master ~]# sed -i '/SystemdCgroup/s/false/true/g' /etc/containerd/config.toml
[root@k8s-master ~]# sed -i '/sandbox_image/s/registry.k8s.io/registry.aliyuncs.com\/google_containers/g' /etc/containerd/config.toml修改containerd
config.toml文件
# 大概在文件170行位置
# 添加最后两行代理,docker.io的镜像
vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://cr.jinnll.xyz"]启动containerd
systemctl enable containerd --now三. 安装kubectl、kubelet、kubeadm
1. 添加阿里kubernetes源
[root@k8s-master ~]# cat >/etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF2. 安装kubectl、kubelet、kubeadm
查看所有的可用版本
[root@localhost ~]# yum --showduplicates list kubelet |grep 1.28
kubelet.x86_64 1.28.0-0 kubernetes
kubelet.x86_64 1.28.1-0 kubernetes
kubelet.x86_64 1.28.2-0 kubernetes这里安装当前最新版本1.28.2
[root@k8s-master ~]# dnf -y install kubectl-1.28.2 kubelet-1.28.2 kubeadm-1.28.2启动kubelet
systemctl enable kubelet --now四. 部署Kubernetes集群
1. 初始化Kubernetes集群
查看k8s v1.28.2初始化所需要的镜像
[root@k8s-master ~]# kubeadm config images list --kubernetes-version=v1.28.2
registry.k8s.io/kube-apiserver:v1.28.2
registry.k8s.io/kube-controller-manager:v1.28.2
registry.k8s.io/kube-scheduler:v1.28.2
registry.k8s.io/kube-proxy:v1.28.2
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.9-0
registry.k8s.io/coredns/coredns:v1.10.1初始化K8s集群
root@k8s-master ~]# cat >/tmp/kubeadm-init.yaml <<EOF
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.28.2
controlPlaneEndpoint: 172.17.89.193:6443
imageRepository: k8s.jinnll.xyz
networking:
podSubnet: 17.16.0.0/16
serviceSubnet: 17.15.0.0/16
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
EOF初始化集群
[root@k8s-master ~]# kubeadm init --config=/tmp/kubeadm-init.yaml --ignore-preflight-errors=all2. 根据提示创建kubectl
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@k8s-master ~]# export KUBECONFIG=/etc/kubernetes/admin.conf3. 查看node节点和Pod
[root@k8s-master ~]# kubectl get node
[root@k8s-master ~]# kubectl get pod -A注:Node节点为NotReady,因为corednspod没有启动,缺少网络pod
4. 安装Pod网络插件calico(CNI)
kubectl apply -f https://docs.tigera.io/archive/v3.24/manifests/calico.yaml5. 再次查看pod和node
[root@k8s-master ~]# kubectl get pod -A
[root@k8s-master ~]# kubectl get node6. 添加工作节点加入Kubernetes集群
注意:
因为我这里主要展示,互联网通过我搭建的代理服务器,拉取镜像的操作。若在后续中
[root@k8s-node1 ~]# kubeadm join 192.168.2.199:6443 --token f1tta5.2f8qvu3ml9ljqwcq \
--discovery-token-ca-cert-hash sha256:944e8e654ae2df3b8792f69c9e582fa8048d384fcc6ce9679dee19197eca3dda
[root@k8s-node2 ~]# kubeadm join 192.168.2.199:6443 --token f1tta5.2f8qvu3ml9ljqwcq \
--discovery-token-ca-cert-hash sha256:944e8e654ae2df3b8792f69c9e582fa8048d384fcc6ce9679dee19197eca3dda7. kubectl命令补全功能
[root@k8s-master ~]# yum -y install bash-completion
[root@k8s-master ~]# echo "source <(kubectl completion bash)" >> /etc/profile
[root@k8s-master ~]# source /etc/profile8. 安装Nerdctl管理工具
[root@k8s-master ~]# yum -y install wget
[root@k8s-master ~]# wget -q -c https://github.com/containerd/nerdctl/releases/download/v1.7.0/nerdctl-1.7.0-linux-amd64.tar.gz
[root@k8s-master ~]# tar xf nerdctl-1.7.0-linux-amd64.tar.gz -C /usr/local/bin
[root@k8s-master ~]# nerdctl -n k8s.io ps9. 安装kubernetes-dashboard
注:官方部署dashboard的服务没使用nodeport,将yaml文件下载到本地,在service里添加nodeport。
下载配置文件
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml若无法下载,使用该文件📎recommended.yaml
修改配置文件
[root@k8s-master ~]# vim recommended.yaml
# 需要修改的内容如下所示
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort # 增加内容
ports:
- port: 443
targetPort: 8443
nodePort: 30000 # 增加内容
selector:
k8s-app: kubernetes-dashboard[root@k8s-master ~]# kubectl apply -f recommended.yaml查看pod和service
[root@k8s-master ~]# kubectl get pod,svc -n kubernetes-dashboard访问Dashboard页面
# 浏览器输入https://172.17.89.193:30000/,如下图所示创建用户
[root@k8s-master ~]# vim dashboard-admin.yamlkind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort # 增加内容
ports:
- port: 443
targetPort: 8443
nodePort: 30000 # 增加内容
selector:
k8s-app: kubernetes-dashboard执行
kubectl apply -f recommended.yaml创建admin vim dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
# 上面均为正常的建立ServiceAccount并与集群默认角色cluster-admin进行绑定
# 下面为手动建立secret文件进行永久token建立
apiVersion: v1
kind: Secret
metadata:
name: secret-admin
namespace: kube-system
annotations:
kubernetes.io/service-account.name: "dashboard-admin"
type: kubernetes.io/service-account-token
创建
kubectl apply -f dashboard-admin.yaml 查看token
kubectl describe -nkube-system secret/secret-admin10. 安装metrics-server数据采集组件
我这里下载最新版本
修改yaml
执行
kubectl apply -f components.yaml
评论区