1. 安装方式
-
kind
kind 可以在本地计算机(单节点)上运行 k8s。前置要求 Docker
-
minikube
与 kind 类似
-
kubeadm
前两个是单节点的集群模式,一般用于学习环境 kubeadm 是多节点,多主多从的集群,用于生产环境
2. kubeadm
-
准备官方 k8s yum 仓库
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOF
-
国内镜像 k8s yum 仓库
1. 华为云镜像 https://mirrors.huaweicloud.com/home => select containers > click k8s 2. 阿里云镜像 https://developer.aliyun.com/mirror/kubernetes
-
版本偏差策略
# kubeadm 与 kubectl 补丁版本之差 <= 1 且 >= 0 0 <= substract_3(kubeadm, kubectl) <= 1 # kubectl 与 kube-apiserver 小版本之差 <= 1 且 >= -1 -1 <= substract_2(kubectl, kube-apiserver) <= 1 # kube-apiserver 与 kubelet 小版本之差 <= 2 且 >= 0 0 <= substarct_2(kube-apiserver, kubelet) <= 2 # kube-apiserver 与 [kube-controller-manager, kube-scheduler, cloud-controller-manager ] 小版本之差 <= 1 0 <= substract_2( kube-apiserver, kube-controller-manager | kube-scheduler | cloud-controller-manager ) <= 1 # 补充:kube-apiserver 多个节点的版本之差 <= 1 且 >= 0 # 关于升级时的版本策略,此处不赘述了
-
防火墙开启端口
# 撰写控制平面文件 k8s-ctl.xml (端口开的有点多,使用文件维护) <?xml version="1.0" encoding="utf-8"?> <service> <short>k8s-ctl<short> <description> 1. k8s api server inbound port [6443] used by all; 2. etcd server client API inbound port [2379-2380] used by kube-apiserver,etcd; 3. kubelet API inbound port [10250] used by self,control plane; 4. kube-scheduler inbound port [10251] used by self; 5. kube-controller-manager inbound port [10252] used by self; </description> <port protocol="tcp" port="6443" /> <port protocol="tcp" port="2379" /> <port protocol="tcp" port="2380" /> <port protocol="tcp" port="10250" /> <port protocol="tcp" port="10251" /> <port protocol="tcp" port="10252" /> </service> # 撰写工作节点文件 k8s-work.xml (端口开头有点多,使用文件维护) <?xml version="1.0" encoding="utf-8"?> <service> <short>k8s-work</short> <description> 1. kubelete API inbound port [10250] used by self,control plane 2. nodeport services inbound port [30000-32767] used by all </description> <port protocol="tcp" port="10250" /> <port protocol="tcp" port="30000-32767" /> </service>
-
开启桥接流量