使用kubeadm创建集群
基础环境
- 一台兼容的 Linux 主机。Kubernetes 项目为基于 Debian 和 Red Hat 的 Linux 发行版以及一些不提供包管理器的发行版提供通用的指令
- 每台机器 2 GB 或更多的 RAM (如果少于这个数字将会影响你应用的运行内存)
- 2 CPU 核或更多
- 集群中的所有机器的网络彼此均能相互连接(公网和内网都可以)
- 节点之中不可以有重复的主机名、MAC 地址或 product_uuid。请参见这里了解更多详细信息。
- 开启机器上的某些端口。
- 参考详细信息:https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#check-required-ports
- 禁用交换分区。为了保证 kubelet 正常工作,你 必须 禁用交换分区。
安装
Centos下安装
-
首先安装Docker,参考网址:https://blog.csdn.net/qq_43556844/article/details/120604383
-
所有机器都需要执行的命令
hostname
hostnamectl set-hostname xxxx
hostnamectl status
echo "127.0.0.1 $(hostname)" >> /etc/hosts
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
-
安装kubelet、kubeadm、kubectl
- kubeadm:用来初始化集群的指令。
- kubelet:在集群中的每个节点上用来启动 Pod 和容器等。
- kubectl:用来与集群通信的命令行工具。
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
sudo yum install -y kubelet-1.21.11 kubeadm-1.21.11 kubectl-1.21.11 --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
kubelet 现在每隔几秒就会重启,因为它陷入了一个等待 kubeadm 指令的死循环
以上部分都是初始化操作,可以制作成一个基础镜像,别的节点直接克隆该进行就可以,不用再重复进行了。
- 添加主机点域名映射(可选),加入后方便之后用域名去访问主节点
echo "主机点ip 主节点域名" >> /etc/hosts
kubeadm init \
--image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
--control-plane-endpoint "主节点ip:6443" \
--upload-certs
当对kubernets有了一定了解的话,可以用以下命令
kubeadm init \
--apiserver-advertise-address=172.31.0.4 \
--control-plane-endpoint=主节点ip:6433 \
--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
--kubernetes-version v1.21.11 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.168.0.0/16
- 之后会有如下提示
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join cluster-endpoint:6443 --token 1rgwtb.nke24ryqmbw2y17o \
--discovery-token-ca-cert-hash sha256:394e577724a677e89551c282547881ac0f020db3a1773177f9d454a9f0db26f9 \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join cluster-endpoint:6443 --token 1rgwtb.nke24ryqmbw2y17o \
--discovery-token-ca-cert-hash sha256:394e577724a677e89551c282547881ac0f020db3a1773177f9d454a9f0db26f9
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
安装网络组件
calico官网
curl https://docs.projectcalico.org/manifests/calico.yaml -O
kubectl apply -f calico.yaml
-
节点加入
kubeadm join cluster-endpoint:6443 --token 1rgwtb.nke24ryqmbw2y17o \
--discovery-token-ca-cert-hash sha256:394e577724a677e89551c282547881ac0f020db3a1773177f9d454a9f0db26f9 \
--control-plane
kubeadm join cluster-endpoint:6443 --token 1rgwtb.nke24ryqmbw2y17o \
--discovery-token-ca-cert-hash sha256:394e577724a677e89551c282547881ac0f020db3a1773177f9d454a9f0db26f9
-
验证集群
Ubuntu下安装
-
首先安装Docker,参考网址:https://blog.csdn.net/qq_43556844/article/details/120604383
-
-所有机器都需要执行的命令
hostname
hostnamectl set-hostname xxxx
hostnamectl status
echo "127.0.0.1 $(hostname)" >> /etc/hosts
ufw disable
setenforce 0
iptables -P FORWARD ACCEPT
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
swapoff -a
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
sudo yum install -y kubelet-1.21.11 kubeadm-1.21.11 kubectl-1.21.11 --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
kubeadm init \
--image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
--control-plane-endpoint "主节点ip:6443" \
--upload-certs
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
- kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
部署dashboard
- 部署
- kubernetes官方提供的可视化界面,参考网址:https://github.com/kubernetes/dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
- 设置访问端口
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
- 保存生成的token,之后登录使用token令牌方式登录
Kubernets管理工具kuboard
参考:https://kuboard.cn/install/v3/install-in-k8s.html#%E5%AE%89%E8%A3%85
kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
- 等待 Kuboard v3 就绪
- 执行指令 watch kubectl get pods -n kuboard,等待 kuboard 名称空间中所有的 Pod 就绪
- 访问 Kuboard
- 在浏览器中打开链接 http://your-node-ip-address:30080
- 输入初始用户名和密码,并登录
一些基础命令:
kubectl get nodes
kubectl apply -f xxxx.yaml
docker ps === kubectl get pods -A
kubectl get pods -A
kubeadm token create --print-join-command
kubeadm reset
kubectl delete node demo-worker-x-x
kubectl label node <node-name> node-role.kubernetes.io/worker=worker
kubectl taint nodes --all node-role.kubernetes.io/master-
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d > kubecfg.crt
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d > kubecfg.key
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
使用sealos进行一键部署
可以参考官方:
Github地址
官方文档
基于WSL2和Kind或Minikube:搭建Windows版Kubernetes
参考网址:
https://blog.csdn.net/fly910905/article/details/106679756
https://zhuanlan.zhihu.com/p/426227999
参考网址:https://zhuanlan.zhihu.com/p/146515102
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)