kubernetes专辑-02kubernetes平台搭建

本文涉及的产品
全局流量管理 GTM,标准版 1个月
公共DNS(含HTTPDNS解析),每月1000万次HTTP解析
云解析 DNS,旗舰版 1个月
简介: Kubernetes犀系列

kubernetes专辑-02kubernetes炼气期之平台搭建

环境说明

功能名称 IP 配置
k8s-master 192.168.10.231 4c8g
k8s-node1 192.168.10.232 8c16g
K8s-node2 192.168.10.233 8c16g
k8s-node3 192.168.10.234 8c16g
k8s-node4 192.168.10.235 8c16g

环境初始化

  1. 更新环境
yum update -y
yum install -y wget vim net-tools epel-release
  1. 关闭filewalld
systemctl disable firewalld
systemctl stop firewalld
  1. 关闭selinux
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
if [ `getenforce` == "Enforcing" ];then
    setenforce 0
else
    echo "current selinux status..." `getenforce`
fi
  1. 关闭swap
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
  1. 增加主机名解析
cat << EOF  /etc/host
192.168.10.231  dev-k8s-01.example.com
192.168.10.232  dev-k8s-02.example.com
192.168.10.233  dev-k8s-03.example.com
192.168.10.234  dev-k8s-04.example.com
192.168.10.235  dev-k8s-05.example.com
EOF
6. 优化内核参数
​```bash
cat << EOF  >> /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sysctl --system
  1. 更新Yum源配置
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.`date +%F`.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache fast
cat << EOF  /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF
yum clean all
yum makecache fast
yum -y update
  1. 安装docker
yum -y install yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce-18.09.9-3.el7
mkdir  /etc/docker -pv
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://********.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
systemctl enable --now docker.service
  1. 安装初始化工具
yum install -y kubeadm kubelet
  1. 获取基础镜像
KUBE_VERSION=v1.16.0
KUBE_PAUSE_VERSION=3.1
ETCD_VERSION=3.3.15-0
CORE_DNS_VERSION=1.6.2
GCR_URL=k8s.gcr.io
ALIYUN_URL=registry.cn-hangzhou.aliyuncs.com/google_containers
images=(kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${CORE_DNS_VERSION})
for imageName in ${images[@]} ; do
    docker pull $ALIYUN_URL/$imageName
    docker tag  $ALIYUN_URL/$imageName $GCR_URL/$imageName
    docker rmi $ALIYUN_URL/$imageName
done

以上10部建议在所有的节点上安装,在node节点上可以不用安装kubeadm

部署集群

kubeadm初始化集群

[root@dev-k8s-01 ~]# sudo kubeadm init \
>   --apiserver-advertise-address 192.168.10.231 \
>   --kubernetes-version=v1.16.0 \
>   --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.16.0
[preflight] Running pre-flight checks
        [WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [dev-k8s-01.example.com kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.10.231]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [dev-k8s-01.example.com localhost] and IPs [192.168.10.231 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [dev-k8s-01.example.com localhost] and IPs [192.168.10.231 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 39.003840 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.16" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node dev-k8s-01.example.com as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node dev-k8s-01.example.com as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[kubelet-check] Initial timeout of 40s passed.
[bootstrap-token] Using token: 9nwjok.ykyphybsveka8gev
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.10.231:6443 --token 9nwjok.ykyphybsveka8gev \
    --discovery-token-ca-cert-hash sha256:b92d7553a1da683a315ad2f4f5fcc855e2d630da0c7553467cdf2db3bd25a3ff

初始化kubectl配置文件

[root@dev-k8s-01 ~]# mkdir -p $HOME/.kube
[root@dev-k8s-01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@dev-k8s-01 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

添加节点

  • 添加192.168.10.232
[root@dev-k8s-05 ~]# kubeadm join 192.168.10.231:6443 --token 9pr3rj.0u8m510fai0op75h \
   --discovery-token-ca-cert-hash sha256:b86bdaaa0bed56e846adb0abc625cf29902dec9e3130d0ff7dae42ffb2e13349
[preflight] Running pre-flight checks
        [WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.16" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@dev-k8s-05 ~]# systemctl enable kubelet.service
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[root@dev-k8s-05 ~]# 

如上所示依旧添加192.168.10.233节点

验证集群状态

[root@dev-k8s-01 ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.10.231:6443
KubeDNS is running at https://192.168.10.231:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
➜  ~ (☸ kubernetes-admin@kubernetes:default) kubectl get nodes -o wide
NAME                  STATUS   ROLES    AGE   VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION               CONTAINER-RUNTIME
dev-k8s-01.example.com   Ready    master   14h   v1.16.3   192.168.10.231   <none>        CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.9
dev-k8s-02.example.com   Ready    <none>   14h   v1.16.3   192.168.10.232   <none>        CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.9
dev-k8s-03.example.com   Ready    <none>   14h   v1.16.3   192.168.10.233   <none>        CentOS Linux 7 (Core)   3.10.0-957.21.3.el7.x86_64   docker://18.9.9
dev-k8s-04.example.com   Ready    <none>   14h   v1.16.3   192.168.10.234   <none>        CentOS Linux 7 (Core)   3.10.0-1062.4.1.el7.x86_64   docker://18.9.9
dev-k8s-05.example.com   Ready    <none>   13h   v1.16.3   192.168.10.235   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64        docker://18.9.9

➜  ~ (☸ kubernetes-admin@kubernetes:default) kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                                          READY   STATUS    RESTARTS   AGE   IP               NODE                  NOMINATED NODE   READINESS GATES
kube-system   coredns-5644d7b6d9-96xm6                      1/1     Running   0          14h   10.244.3.2       dev-k8s-04.example.com   <none>           <none>
kube-system   coredns-5644d7b6d9-nkb9f                      1/1     Running   0          14h   10.244.1.2       dev-k8s-02.example.com   <none>           <none>
kube-system   etcd-dev-k8s-01.example.com                      1/1     Running   0          14h   192.168.10.231   dev-k8s-01.example.com   <none>           <none>
kube-system   kube-apiserver-dev-k8s-01.example.com            1/1     Running   0          14h   192.168.10.231   dev-k8s-01.example.com   <none>           <none>
kube-system   kube-controller-manager-dev-k8s-01.example.com   1/1     Running   0          14h   192.168.10.231   dev-k8s-01.example.com   <none>           <none>
kube-system   kube-proxy-bhtjc                              1/1     Running   0          14h   192.168.10.232   dev-k8s-02.example.com   <none>           <none>
kube-system   kube-proxy-h2ltx                              1/1     Running   0          14h   192.168.10.231   dev-k8s-01.example.com   <none>           <none>
kube-system   kube-proxy-kh9k9                              1/1     Running   0          14h   192.168.10.234   dev-k8s-04.example.com   <none>           <none>
kube-system   kube-proxy-lfh46                              1/1     Running   0          14h   192.168.10.233   dev-k8s-03.example.com   <none>           <none>
kube-system   kube-proxy-pcm5d                              1/1     Running   0          13h   192.168.10.235   dev-k8s-05.example.com   <none>           <none>
kube-system   kube-scheduler-dev-k8s-01.example.com            1/1     Running   0          14h   192.168.10.231   dev-k8s-01.example.com   <none>           <none>

安装插件

安装flannel网络插件

wget -O /opt/k8sworkspces/kube-flannel.yml https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
FLANNEL_VERSION=v0.11.0
QUAY_URL=quay.io/coreos
QINIU_URL=quay-mirror.qiniu.com/coreos
images=(flannel:${FLANNEL_VERSION}-amd64
flannel:${FLANNEL_VERSION}-arm64
flannel:${FLANNEL_VERSION}-arm
flannel:${FLANNEL_VERSION}-ppc64le
flannel:${FLANNEL_VERSION}-s390x)
for imageName in ${images[@]} ; do
    docker pull $QINIU_URL/$imageName
    docker tag  $QINIU_URL/$imageName $QUAY_URL/$imageName
    docker rmi $QINIU_URL/$imageName
done # 也可以只拉去你机器适配的架构版本`rpm -q centos-release`
kubectl apply -f /opt/k8sworkspces/kube-flannel.yml #安装flannel

➜  ~ (☸ kubernetes-admin@kubernetes:default) kubectl get pods --all-namespaces -o wide | grep flannel
kube-system   kube-flannel-ds-amd64-9tnc7                   1/1     Running   0          14h   192.168.10.234   dev-k8s-04.example.com   <none>           <none>
kube-system   kube-flannel-ds-amd64-cjh4s                   1/1     Running   0          14h   192.168.10.231   dev-k8s-01.example.com   <none>           <none>
kube-system   kube-flannel-ds-amd64-fhlk4                   1/1     Running   0          13h   192.168.10.235   dev-k8s-05.example.com   <none>           <none>
kube-system   kube-flannel-ds-amd64-fnfpj                   1/1     Running   0          14h   192.168.10.233   dev-k8s-03.example.com   <none>           <none>
kube-system   kube-flannel-ds-amd64-v5qtj                   1/1     Running   0          14h   192.168.10.232   dev-k8s-02.example.com   <none>           <none>

krew

krew 能够很方便的管理kubectl的插件包,包括安装卸载,查询升级

安装

(
  set -x; cd /opt/k8sworkspces/krew &&
  curl -fsSLO  "https://github.com/kubernetes-sigs/krew/releases/download/v0.3.2/krew.{tar.gz,yaml}" &&
  tar zxvf krew.tar.gz &&
  ./krew-"$(uname | tr '[:upper:]' '[:lower:]')_amd64" install \
    --manifest=krew.yaml --archive=krew.tar.gz
)

export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"

[root@dev-k8s-01 krew]# kubectl krew install ca-cert # 安装一个ca-caert的插件
[root@dev-k8s-01 krew]# kubectl ca-cert
-----BEGIN CERTIFICATE-----
MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTE5MTExNTA0MjEzOVoXDTI5MTExMjA0MjEzOVowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANEi
tPdWINQZfZqM4c/uaOzsBBByn0CLLLmMdiKF4Gpk9proDoR9eOMhQiiVLZ4tFFsb
POTwq+MvHe4kEsunl/hBwNbXvGfbvnr+vX9ZsDfU5FT5O55Zryq5jgANDKFChKx9
R91QsbCeQKIWlc9AFdot8ig9LhYTfHJRfMeUBYl5Xzoof8YRMsJ0jOKLWca+oCfd
doLKda9VpahU2AEmEFHuD6ctwBGFObadSktoOvr0Gfzo4cXRkjGXp4G1U8O1LLsU
HiypNN4m7Romy4tIjPAxDAoDDyjA8OrbPlvJt8Oo0CHcAxFZDJCsKAG1s0nS7PJj
vR2ULtIrHAm5QZa8BmMCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKAi1Fg/2MlFxPbq9yaNkBhAV2ou
/VbbuEJF1c92Tk24cuJV3vuYoTmWIGp1LYTLTW/xcfwFoanLRPBlBONoJRzXLIZD
/mmuYMrTaKMwbCz2t4awqQyDb8A3RcgTrSfCWMs0uyvjPVgiJDfMlg0WDJ4kPb3Y
SQv7UaaNa57gkEHB1PJy10n1E3gAcb6NVxvly7cHVaJlenZY6mkT40K8zVOXuM/G
ausCNXEfEUXED2C8Ippj/sr1TgRlD8Gfi+Xp7XzHTeu5A+ac4YPmnoW8jurzo5z5
Q5TDBFRaOTyRgUxYt+PKv01S9tTiHgkxHoBzPQF7Z2TuRNKXoVQeXiUzW/s=
-----END CERTIFICATE-----

[root@dev-k8s-01 krew]# kubectl krew --help #查看krew的支持选项
相关实践学习
通过Ingress进行灰度发布
本场景您将运行一个简单的应用,部署一个新的应用用于新的发布,并通过Ingress能力实现灰度发布。
容器应用与集群管理
欢迎来到《容器应用与集群管理》课程,本课程是“云原生容器Clouder认证“系列中的第二阶段。课程将向您介绍与容器集群相关的概念和技术,这些概念和技术可以帮助您了解阿里云容器服务ACK/ACK Serverless的使用。同时,本课程也会向您介绍可以采取的工具、方法和可操作步骤,以帮助您了解如何基于容器服务ACK Serverless构建和管理企业级应用。 学习完本课程后,您将能够: 掌握容器集群、容器编排的基本概念 掌握Kubernetes的基础概念及核心思想 掌握阿里云容器服务ACK/ACK Serverless概念及使用方法 基于容器服务ACK Serverless搭建和管理企业级网站应用
相关文章
|
8月前
|
Kubernetes Cloud Native 容器
完全免费的K8S学习平台:在线集群环境助力你的云原生之路!
完全免费的K8S学习平台:在线集群环境助力你的云原生之路!
1268 1
|
人工智能 Kubernetes 安全
阿里云 ACK 新升级,打造智算时代的现代化应用平台
阿里云 ACK 新升级,打造智算时代的现代化应用平台
70649 10
|
Kubernetes Java Maven
DHorse(K8S的CICD平台)的实现原理
首先,本篇文章所介绍的内容,已经有完整的实现,[可以参考这里](https://gitee.com/i512team/dhorse)。 在微服务、DevOps和云平台流行的当下,使用一个高效的持续集成工具也是一个非常重要的事情。虽然市面上目前已经存在了比较成熟的自动化构建工具,比如jekines,还有一些商业公司推出的自动化构建工具,但他们都不能够很好的和云环境相结合。那么[究竟该如何实现一个简单、快速的基于云环境的自动化构建系统呢](https://gitee.com/i512team/dhorse)?我们首先以一个Springboot应用为例来介绍一下整体的发布流程,然后再来看看具体如何实
|
Prometheus 监控 Kubernetes
【云原生】k8s集群资源监控平台搭建—20230227
【云原生】k8s集群资源监控平台搭建—20230227
152 0
|
2月前
|
存储 运维 Kubernetes
云端迁移:备份中心助力企业跨云迁移K8s容器服务平台
本文将简要介绍阿里云容器服务ACK的备份中心,并以某科技公司在其实际的迁移过程中遇到具体挑战为例,阐述如何有效地利用备份中心来助力企业的容器服务平台迁移项目。
|
6月前
|
人工智能 运维 Cloud Native
|
5月前
|
监控 Kubernetes 开发者
不容忽视的实力!Rancher:容器编排平台的领军者,引领行业风潮无人不知无人不晓!
【8月更文挑战第6天】Rancher是容器编排领域的领航者,提供开源容器管理平台,简化Kubernetes操作,支持多集群管理及DevOps工具集成。其直观界面便于部署、监控容器化应用,并提供应用商店加速部署流程。Rancher具备高度灵活性与安全性,支持自动化备份、恢复及容器迁移,确保业务连续性。通过持续创新与社区合作,Rancher引领行业发展,赋能开发者实现高效软件交付。
128 0
|
8月前
|
存储 Kubernetes 监控
Kubernetes快速进阶与实战:构建可靠的容器化应用平台
Kubernetes快速进阶与实战:构建可靠的容器化应用平台
407 0
|
8月前
|
运维 Kubernetes Linux
10分钟搭建Kubernetes容器集群平台(kubeadm)
10分钟搭建Kubernetes容器集群平台(kubeadm)
|
8月前
|
Kubernetes Cloud Native 云计算
探索K8S的绝佳选择:Killercoda与Play-with-K8s在线练习平台
探索K8S的绝佳选择:Killercoda与Play-with-K8s在线练习平台
1429 1

热门文章

最新文章