开源版本:
管网:
华为云市场:
https://marketplace.huaweicloud.com/contents/a1210d06-82af-4552-915d-d3d9d10a13ea
aws云市场:
https://awsmarketplace.amazonaws.cn/marketplace/search/results?x=0&y=0&searchTerms=erda
阿里云产品:
https://www.aliyun.com/solution/terminusPaaS/?spm=5176.21213303.J_8058803260.115.6d4253c9NV96xG
前置要求
所有节点保持时钟一致
关闭swap分区
关闭iptables防火墙
关闭selinux
环境说明
## 角色定义
# vim /etc/hosts
master 10.15.26.250
node1 10.15.26.251
node2 10.15.26.252
node3 10.15.26.253
## 刚改主机名
# hostnamectl set-hostname [xxxx]
## 关闭防火墙
# systemctl stop firewalld && systemctl disable firewalld
部署 k8s 集群
安装 docker
## 安装必要的依赖工具
# yum install -y yum-utils device-mapper-persistent-data lvm2
## 导入 docker yum 源
# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
## 安装 docker-ce
# yum -y install docker-ce docker-ce-selinux
## 启动 docker 服务
# systemctl enable docker && systemctl start docker
## 更改 docker 中Cgroup Driver 为 systemd
# cat << EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
## 重启 docker 服务
# systemctl restart docker
安装 kubeadm
## 加载模块
# modprobe br_netfilter
## 允许 iptables 检查桥接流量
# cat <
br_netfilter
EOF
# cat <
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# sudo sysctl --system
## 导入 kubernetes yum源
# cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
## 安装 kubeadm、kubelet、kubectl
# yum install -y kubeadm-1.21.9 kubectl-1.21.9 kubelet-1.21.9
## 启动 kubelet 服务
# systemctl enable kubelet && systemctl start kubelet
master 节点生成配置文件
## 生成配置文件
# kubeadm config print init-defaults > /etc/kubernetes/kubeadmin-config.yaml
## 修改配置文件
# cat /etc/kubernetes/kubeadmin-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.15.26.250 ##master节点地址
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: node
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers ##更改镜像仓库地址
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
dnsDomain: cluster.local
podSubnet: "192.168.0.0/16"
serviceSubnet: 10.96.0.0/16
scheduler: {}
master 节点初始化
# kubeadm init --config=/etc/kubernetes/kubeadmin-config.yaml
......
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.15.26.250:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:bcc2606c473fdf9855190012552070d12245ab3b353bd7adc35157204c60fdb4
## 使 kubectl 正常工作,参考上步输出的结果
## root 用户
# export KUBECONFIG=/etc/kubernetes/admin.conf
# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
node 节点加入 k8s集群
# kubeadm join 10.15.26.250:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:bcc2606c473fdf9855190012552070d12245ab3b353bd7adc35157204c60fdb4
[preflight] Running pre-flight checks
[WARNING Hostname]: hostname "node2" could not be reached
[WARNING Hostname]: hostname "node2": lookup node2 on 100.100.2.138:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
集群信息
安装 flannel 网络插件
## 下载
# wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
## 修改 "Network": "192.168.0.0/16" 为安装时指定的 Pod CIDR(--pod-network-cidr)
## 部署 flannel
# kubectl apply -f kube-flannel.yml
部署 ingress
## 安装 helm
# wget https://get.helm.sh/helm-v3.8.1-linux-amd64.tar.gz
tar -zxvf helm-v3.8.1-linux-amd64.tar.gz
# mv linux-amd64/helm /usr/local/bin && chmod +x /usr/local/bin/helm
## 添加 repo
# helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
# helm repo update
## 编写 values.yaml
# cat < ingress-nginx-values.yaml
controller:
image:
registry: registry.cn-shanghai.aliyuncs.com/viper
image: ingress-nginx-controller
digest: sha256:bc30cb296e7548162afd9601f6b96261dcca8263e05b962694d1686b4d5a9584
watchIngressWithoutClass: true
hostNetwork: true
hostPort:
enabled: true
ports:
http: 80
https: 443
kind: DaemonSet
nodeSelector:
ingress: "true"
admissionWebhooks:
patch:
image:
registry: registry.cn-shanghai.aliyuncs.com/viper
image: kube-webhook-certgen
digest: sha256:78351fc9d9b5f835e0809921c029208faeb7fbb6dc2d3b0d1db0a6584195cfed
EOF
## 对 master 节点添加标签 ingress=true 并取消 master 节点污点(由于资源紧张,复用资源)
# kubectl label no master ingress=true
# kubectl taint no --all node-role.kubernetes.io/master-
## 部署 ingress-controller
# helm install ingress-nginx ingress-nginx/ingress-nginx --version=4.0.8 -f ingress-nginx-values.yaml -n ingress-nginx --create-namespace
集群信息
****更多功能及特性欢迎交流VX****
rr598199825
参考
kubeadm 安装参考:
https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
calico 安装参考:
https://projectcalico.docs.tigera.io/archive/v3.20/getting-started/kubernetes/quickstart
erda 安装参考:
https://docs.erda.cloud/2.0/manual/install/helm-install/helm-install-demo.html
