k8s 集群部署

1. 安装方式

1. kind

   kind 可以在本地计算机(单节点)上运行 k8s。前置要求 Docker
   

2. minikube

   与 kind 类似
   

3. kubeadm

   前两个是单节点的集群模式，一般用于学习环境
   kubeadm 是多节点，多主多从的集群，用于生产环境
   

2. kubeadm

1. 准备官方 k8s yum 仓库

   cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
   [kubernetes]
   name=Kubernetes
   baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
   enabled=1
   gpgcheck=1
   repo_gpgcheck=1
   gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
   exclude=kubelet kubeadm kubectl
   EOF
   

2. 国内镜像 k8s yum 仓库

   1. 华为云镜像
   https://mirrors.huaweicloud.com/home => select containers > click k8s
   
   2. 阿里云镜像
   https://developer.aliyun.com/mirror/kubernetes
   

3. 版本偏差策略

   # kubeadm 与 kubectl 补丁版本之差 <= 1 且 >= 0
   0 <= substract_3(kubeadm, kubectl) <= 1
   
   # kubectl 与 kube-apiserver 小版本之差 <= 1 且 >= -1
   -1 <= substract_2(kubectl, kube-apiserver) <= 1
   
   # kube-apiserver 与 kubelet 小版本之差 <= 2 且 >= 0
   0 <= substarct_2(kube-apiserver, kubelet) <= 2
   
   # kube-apiserver 与 [kube-controller-manager,                      kube-scheduler,                      cloud-controller-manager                    ] 小版本之差 <= 1
   0 <= substract_2(
          kube-apiserver,
          kube-controller-manager | 
          kube-scheduler | 
          cloud-controller-manager
        ) <= 1
   
   
   
   
   # 补充：kube-apiserver 多个节点的版本之差 <= 1 且 >= 0
   # 关于升级时的版本策略，此处不赘述了
   

4. 防火墙开启端口

   # 撰写控制平面文件 k8s-ctl.xml (端口开的有点多，使用文件维护)
   <?xml version="1.0" encoding="utf-8"?>
   <service>
     <short>k8s-ctl<short>
     <description>
       1. k8s api server inbound port [6443] used by all;
       2. etcd server client API inbound port [2379-2380] used by kube-apiserver,etcd;
       3. kubelet API inbound port [10250] used by self,control plane;
       4. kube-scheduler inbound port [10251] used by self;
       5. kube-controller-manager inbound port [10252] used by self;
     </description>
     <port protocol="tcp" port="6443" />  <port protocol="tcp" port="2379" />
     <port protocol="tcp" port="2380" />  <port protocol="tcp" port="10250" />  <port protocol="tcp" port="10251" />  <port protocol="tcp" port="10252" />
   </service>
   
   # 撰写工作节点文件 k8s-work.xml (端口开头有点多，使用文件维护)
   <?xml version="1.0" encoding="utf-8"?>
   <service>
      <short>k8s-work</short>
      <description>
        1. kubelete API inbound port [10250] used by self,control plane
        2. nodeport services inbound port [30000-32767] used by all
      </description>
      <port protocol="tcp" port="10250" />
      <port protocol="tcp" port="30000-32767" />
   </service>
   

5. 开启桥接流量