手把手教你玩转K8s部署之Kubeadm篇

手把手教你玩转K8s部署之Kubeadm篇

Kubeadm背景

Kubeadm 是社区官方持续维护的集群搭建工具，在 Kubernertes v1.13 版本的时候就已经 GA 了（GA 即 General Availability，指官方开始推荐广泛使用），它跟着 Kubernetes 的版本一起发布，目前 Kubeadm 代码放在 Kubernetes 的主代码库中。

Kubeadm优势

社区官方持续维护。 支持快速搭建出符合一致性测试认证（Conformance Test）的集群。 用户体验非常优秀，使用起来非常方便，并且可以用于搭建生产环境，支持搭建高可用集群。 代码设计采用了可组合的模块方式。 支持向下兼容低一个小版本的 K8s。 支持集群平滑升级到高版本。

Kubeadm定位

Kubeadm 在设计之初的定位就是只关心集群的 bootstrapping，并不负责物理资源的管理和申请。在集群 bootstrapping 搭建完成后，你可以根据自己的需要，在集群中部署自己的 add-on 组件，比如 CNI 插件、Dashboard 等。

环境准备

采用一台master节点和一台node节点做部署

master [关闭selinux, 关闭防火墙和安装docker]

[root@master ~]# cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core) [root@master ~]# uname -r 3.10.0-1127.19.1.el7.x86_64 [root@master ~]# hostname master [root@master ~]# getenforce Disabled [root@master ~]# docker -v Docker version 19.03.13, build 4484c46d9d [root@master ~]# firewall-cmd --state not running

node [关闭selinux, 关闭防火墙和安装docker]

[root@node ~]# cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core) [root@node ~]# uname -r 3.10.0-1127.19.1.el7.x86_64 [root@node ~]# hostname node [root@node ~]# getenforce Disabled [root@node ~]# docker -v Docker version 19.03.13, build 4484c46d9d [root@node ~]# firewall-cmd --state not running

实践

设置sysctl iptable参数 -- master和node节点都执行如下操作

[root@master ~]# cat < /etc/sysctl.d/k8s.conf > net.bridge.bridge-nf-call-ip6tables = 1 > net.bridge.bridge-nf-call-iptables = 1 > EOF [root@master ~]# sysctl --system

安装k8s yum源(本次采用阿里云的源) -- master和node节点都执行如下操作

master

[root@master ~]# cat < /etc/yum.repos.d/kubernetes.repo > [kubernetes] > name=Kubernetes > baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 > enabled=1 > gpgcheck=1 > repo_gpgcheck=1 > gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg > EOF [root@master ~]# yum makecache Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base | 3.6 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 extras | 2.9 kB 00:00:00 kubernetes/signature | 454 B 00:00:00 Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg Importing GPG key 0xA7317B0F: Userid : "Google Cloud Packages Automatic Signing Key " Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f From : https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg Is this ok [y/N]: y kubernetes/signature | 1.4 kB 00:00:06 !!! updates | 2.9 kB 00:00:00 (1/11): extras/7/x86_64/filelists_db | 217 kB 00:00:00 (2/11): extras/7/x86_64/other_db | 124 kB 00:00:00 (3/11): base/7/x86_64/other_db | 2.6 MB 00:00:00 (4/11): kubernetes/primary | 78 kB 00:00:00 (5/11): base/7/x86_64/filelists_db | 7.1 MB 00:00:01 (6/11): kubernetes/other | 51 kB 00:00:00 (7/11): kubernetes/filelists | 26 kB 00:00:01 (8/11): updates/7/x86_64/filelists_db | 2.4 MB 00:00:00 (9/11): updates/7/x86_64/other_db | 318 kB 00:00:00 (10/11): docker-ce-stable/x86_64/filelists_db | 21 kB 00:00:02 (11/11): docker-ce-stable/x86_64/other_db | 114 kB 00:00:02 kubernetes 570/570 kubernetes 570/570 kubernetes 570/570 Metadata Cache Created

node

[root@node ~]# cat < /etc/yum.repos.d/kubernetes.repo > [kubernetes] > name=Kubernetes > baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 > enabled=1 > gpgcheck=1 > repo_gpgcheck=1 > gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg > EOF [root@node ~]# yum makecache Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base | 3.6 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 extras | 2.9 kB 00:00:00 kubernetes/signature | 454 B 00:00:00 Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg Importing GPG key 0xA7317B0F: Userid : "Google Cloud Packages Automatic Signing Key " Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f From : https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg Is this ok [y/N]: y kubernetes/signature | 1.4 kB 00:00:10 !!! updates | 2.9 kB 00:00:00 (1/11): base/7/x86_64/other_db | 2.6 MB 00:00:00 (2/11): extras/7/x86_64/filelists_db | 217 kB 00:00:00 (3/11): extras/7/x86_64/other_db | 124 kB 00:00:00 (4/11): docker-ce-stable/x86_64/filelists_db | 21 kB 00:00:00 (5/11): kubernetes/filelists | 26 kB 00:00:00 (6/11): kubernetes/other | 51 kB 00:00:00 (7/11): docker-ce-stable/x86_64/other_db | 114 kB 00:00:00 (8/11): updates/7/x86_64/other_db | 318 kB 00:00:00 (9/11): kubernetes/primary | 78 kB 00:00:00 (10/11): base/7/x86_64/filelists_db | 7.1 MB 00:00:01 (11/11): updates/7/x86_64/filelists_db | 2.4 MB 00:00:00 kubernetes 570/570 kubernetes 570/570 kubernetes 570/570 Metadata Cache Created

安装kubeadm组件 -- master和node节点都执行如下操作

kubeadm：用来初始化集群的指令。 kubelet：在集群中的每个节点上用来启动 pod 和容器等。 kubectl：用来与集群通信的命令行工具。

[root@master ~]# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes [root@master ~]# systemctl enable kubelet Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

在master节点创建控制面

kubeadm init --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap --image-repository #由于kubeadm默认是从官网k8s.grc.io下载所需镜像，国内无法访问，所以这里通过--image-repository指定为阿里云镜像仓库地址 --pod-network-cidr #指定pod网络段 --service-cidr #指定service网络段 --ignore-preflight-errors=Swap #忽略swap报错信息

执行成功后, 会出现下面这些信息告诉你安装成功, 以及一些常规指定

Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.147.129:6443 --token fr99wu.9b51dl4k0yg5u3by \ --discovery-token-ca-cert-hash sha256:c4293c31d3e30d6171290407e6af503dd75633fe0cb0e1668d8f9c0c6a611bbb

复制配置文件(/etc/kubernetes/admin.conf)至各节点(master和node)的$HOME/.kube/config下

[root@master ~]# mkdir -p $HOME/.kube [root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config

复制master执行成功后提示的kubeadm join命令, 在node节点中运行将其加入集群

[root@node .kube]# kubeadm join 192.168.147.129:6443 --token fr99wu.9b51dl4k0yg5u3by \ > --discovery-token-ca-cert-hash sha256:c4293c31d3e30d6171290407e6af503dd75633fe0cb0e1668d8f9c0c6a611bbb

在master中执行部署网络通信组件 flannel

[root@master ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml [root@master ~]# kubectl apply -f kube-flannel.yml

查看各节点和pod状态 -- 所有节点为ready和pod处在Running状态下即为部署成功

[root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master Ready master 10m v1.19.2 node Ready 2m6s v1.19.2 [root@master ~]# kubectl get pod --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-6d56c8448f-9crzw 1/1 Running 0 9m55s kube-system coredns-6d56c8448f-qrmkr 1/1 Running 0 9m55s kube-system etcd-master 1/1 Running 0 10m kube-system kube-apiserver-master 1/1 Running 0 10m kube-system kube-controller-manager-master 1/1 Running 0 10m kube-system kube-flannel-ds-6f4tl 1/1 Running 0 57s kube-system kube-flannel-ds-s8nw5 1/1 Running 0 57s kube-system kube-proxy-dj9q4 1/1 Running 0 2m15s kube-system kube-proxy-mrf9v 1/1 Running 0 9m55s kube-system kube-scheduler-master 1/1 Running 0 10m

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。