安装集群
前置说明
Kubernetes的集群安装分为:kubeadm安装和二进制安装。在这里,只会介绍kubeadm的安装。
安装说明:
集群节点:2个
IP信息:
master:192.168.205.128
node:192.168.205.128
Kubernetes版本:v1.24.2
运行时:containerd
系统:centos 7.9
系统内核:3.10.0-1160
环境准备
这是安装的不是生产级别的集群,只是为了演示使用。
(1)在每个节点添加host信息
$ cat >> /etc/hosts << EOF 192.168.205.128 kk-master 192.168.205.130 kk-node01 EOF
(2)关闭防火墙和SELinux
$ systemctl stop firewalld $ systemctl disable firewalld $ setenforce 0 $ cat /etc/selinux/config SELINUX=disabled
(3)优化内核参数
$ cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness=0 EOF
执行以下命令使其生效:
$ modprobe br_netfilter $ sysctl -p /etc/sysctl.d/k8s.conf
(4)关闭swap空间
$ swapoff -a
注释/etc/fstab文件中swap挂载。
$ cat /etc/fstab # # /etc/fstab # Created by anaconda on Tue Apr 12 17:10:16 2022 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=bc73c871-006c-4e24-a7af-6beb9aac06a7 /boot xfs defaults 0 0 # /dev/mapper/centos-swap swap swap defaults 0 0
(5)安装ipvs软件包
$ cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 EOF $ chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4 $ yum install ipset ipvsadm -y
(6)同步服务器时间
$ yum install chrony -y $ systemctl enable chronyd $ systemctl start chronyd $ chronyc sources
(7)安装containerd
$ yum install -y yum-utils \ device-mapper-persistent-data \ lvm2 $ yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo $ yum list | grep containerd $ yum install containerd -y
创建containerd配置文件。
$ mkdir -p /etc/containerd # containerd config default > /etc/containerd/config.toml # 替换配置文件 $ sed -i "s#k8s.gcr.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g" /etc/containerd/config.toml $ sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml $ sed -i "s#https://registry-1.docker.io#https://registry.cn-hangzhou.aliyuncs.com#g" /etc/containerd/config.toml
启动containerd。
$ systemctl daemon-reload $ systemctl enable containerd $ systemctl restart containerd
(8)安装Kubernetes组件
$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
安装指定版本的组件。
$ yum install -y kubelet-1.24.2 kubeadm-1.24.2 kubectl-1.24.2
设置运行时。
$ crictl config runtime-endpoint /run/containerd/containerd.sock
设置kubelet为自启动。
$ systemctl daemon-reload $ systemctl enable kubelet && systemctl start kubelet
初始化集群
上面把基础环境准备好了,现在开始真正的进行集群初始化。
初始化master节点
然后接下来在 master 节点配置 kubeadm 初始化文件,可以通过如下命令导出默认的初始化配置:
$ kubeadm config print init-defaults > kubeadm.yaml
然后根据我们自己的需求修改配置,比如修改 imageRepository 的值,kube-proxy 的模式为 ipvs,需要注意的是由于我们使用的containerd作为运行时,所以在初始化节点的时候需要指定cgroupDriver为systemd【1】
apiVersion: kubeadm.k8s.io/v1beta3 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 192.168.205.128 bindPort: 6443 nodeRegistration: criSocket: unix:///var/run/containerd/containerd.sock imagePullPolicy: IfNotPresent name: master taints: null --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta3 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: {} etcd: local: dataDir: /var/lib/etcd imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: 1.24.2 networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 scheduler: {} --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd
然后使用上面的配置文件进行初始化:
$ kubeadm init --config=kubeadm.yaml ...... Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.205.128:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:51b5e566d3f95aaf3170916d67958bc16cb1b44934885a857b07ee58f041334a
如上输出表示master节点初始化成功。
初始化node节点
在初始化node节点的时候,必须把kubernetes需要的组件安装上。确保安装完成后,使用初始化master节点成功后输出的命令加入节点即可。
$ kubeadm join 192.168.205.128:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:51b5e566d3f95aaf3170916d67958bc16cb1b44934885a857b07ee58f041334a
然后可以在master节点使用kubectl get node查看节点是否加入。
$ kubectl get no NAME STATUS ROLES AGE VERSION kk-node01 NotReady <none> 15s v1.24.2 master NotReady control-plane 3m29s v1.24.2
初始化网络
通过上面kubectl get node查看节点信息的时候发现节点的STATUS是NotReady,这是因为现在整个集群还没有相应的网络插件,导致整个集群并不能正常的运行,下面我们就来安装对应的网络插件。
网络插件的选择有很多种,比如flannel,calico等。
(1)下载calico的yaml清单
$ wget https://raw.githubusercontent.com/projectcalico/calico/master/manifests/calico.yaml
(2)安装calico
$ kubectl apply -f calico.yaml
(3)在集群中查看安装结果
$ kubectl get po -n kube-system | grep calico calico-kube-controllers-5d49fc6c56-szm6v 1/1 Running 0 3m21s calico-node-66q62 1/1 Running 0 3m21s calico-node-lwrcm 1/1 Running 0 3m21s
现在可以看到kubernetes所有节点的状态变成Ready了。
$ kubectl get no NAME STATUS ROLES AGE VERSION kk-node01 Ready <none> 26m v1.24.2 master Ready control-plane 29m v1.24.2
安装Dashboard
上面集群安装完成后,基本都需要使用命令行进行操作,如果为了提升集群的可视化,可以安装一些Dashboard。
目前市面上的Dashboard有很多,比如kubesphere、kuboard、kubernetes dashboard等。这里安装的是kubernetes dashboard,其他可视化产品可以自己去了解并使用。
(1)使用如下命令进行安装
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
(2)查看安装情况
$ kubectl get po -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-7bfdf779ff-f9zwn 1/1 Running 0 41s kubernetes-dashboard-6cdd697d84-lvzvz 1/1 Running 0 41s
(3)访问 首先将kubernetes-dashboard的service改成NodePort,然后通过节点IP+NodePort端口进行访问。
修改完成过后信息如下。
$ kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.109.224.102 <none> 8000/TCP 113s kubernetes-dashboard NodePort 10.101.69.180 <none> 443:30497/TCP 113s
在浏览器输入https://192.168.205.128:30497进行访问,如下:
这里访问要使用token或者kubeconfig,这里使用token进行访问。
(1)生成token,这里直接生成admin级别的token。
apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-admin namespace: kube-system [root@kk-master ~]# cat admin-token.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dashboard-admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: dashboard-admin namespace: kube-system --- apiVersion: v1 kind: Secret type: kubernetes.io/service-account-token metadata: name: dashboard-admin namespace: kube-system annotations: kubernetes.io/service-account.name: "dashboard-admin"
说明:从kubernetes 1.24版本开始,移除了创建serviceaccount自动创建secret token的功能,所以需要自己创建secret token和serviceaccount进行关联。
(2)获取token
# 获取token的值 $ kubectl -n kube-system get secret dashboard-admin -o jsonpath={.data.token}|base64 -d
然后就可以登录查看集群信息了。
