本文已参与「新人创作礼」活动,一起开启掘金创作之路。
本文总结了以ADM方式安装K8S集群,看此一篇文章从无到有搭建。
K8S集群搭建前准备
同步时间,安装了Vim,net-tools和wget,更换yum源,修改网络配置,修改etc/hosts,修改hostname
1、配置静态网络地址
vim /etc/sysconfig/network-scripts/ifcfg-ens33
bootproto=static
onboot=yes
IPADDR=IP地址
NETMASK=子网掩码
GATEWAY=网关
DNS1=主域名解析
DNS2=副域名解析
重启网络服务 service network restart
2、配置时间同步
安装ntpdate工具:sudo yum -y install ntp ntpdate
设置系统时间与网络时间同步:sudo ntpdate cn.pool.ntp.org
将系统时间写入硬件时间:hwclock --systohc
3、安装VIM编辑器:yum install vim* -y
4、安装网络工具包:yum install net-tools -y
5、安装网络文件下载命令:yum install wget -y
6、更换yum源
备份原来的源
sudo yum install wget -y
sudo mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bk
下载阿里源
cd /etc/yum.repos.d
sudo wget -nc http://mirrors.aliyun.com/repo/Centos-7.repo
更改阿里yum源为默认源:sudo mv Centos-7.repo CentOS-Base.repo
更新本地yum缓存
sudo yum clean all
sudo yum list
sudo yum makecache
7、修改 /etc/hosts 文件(每台机器)
192.168.134.13 k8s-master
192.168.134.11 k8s-node1
192.168.134.12 k8s-node2
8、修改主机名,要和/etc/hosts的保持一致
hostnamectl set-hostname k8s-master
9、将k8s-common.sh 脚本在每台机器上执行,
脚本中的"insecure-registries": ["192.168.134.10:8081"]需要改成自己的私有镜像库地址
. k8s-common.sh
10、在master节点执行下面命令
执行安装初始化,--apiserver-advertise-address 改成masterIp
kubeadm init --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap --apiserver-advertise-address=192.168.134.10 --image-repository registry.aliyuncs.com/google_containers
成功后执行下面命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
11、在node的每个节点分别执行下面命令
docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
master节点初始化完成会有下面的内容生成,分别在每个node节点执行
如果看不到了在master上面执行 kubeadm token create --print-join-command 可以查看
示例:
kubeadm join 192.168.134.10:6443 --token zaw1z4.kputoao9iiohh4se --discovery-token-ca-cert-hash sha256:47c412ae29d624d166daff3c33ee5a3acf1c9102cc7bc4d6aee5a7f2b4c3454c
12、安装网络插件flannel
kubectl apply -f k8s-flannel.yaml
13、执行下面两条命令查看k8s是否安装成功
查看节点状态是否都是ready: kubectl get nodes
查看pod状态是否running: kubectl get pods -n kube-system
14、如果出现问题通过下面命令查看:sudo journalctl -u kubelet -n 100 --no-pager
有提示:failed to find plugin "flannel" in path [/opt/cni/bin] 需要将flannel文件上传到每个机器的/opt/cni/bin路径下
并对flannel文件执行操作权限: chmod 755 flannel
15、k8s集群安装完成后需要安装kuboard
kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
也可以使用华为云加速安装: kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3-swr.yaml
watch kubectl get pods -n kuboard,等待 kuboard 名称空间中所有的 Pod 就绪
可以查看安装说明:https://kuboard.cn/install/v3/install-in-k8s.html#%E5%AE%89%E8%A3%85
需要等待一段时间安装完成访问 ip:3008
账号:admin 密码:Kuboard123
k8s-common.sh脚本如下:
#!/bin/bash
#read -p "设置selinux模式,disabled/enforcing/permissive:" selinux
setenforce 0
sed -i '/^SELINUX=/cSELINUX='disabled'' /etc/selinux/config
systemctl disabled firewalld && systemctl stop firewalld
echo "vm.swappiness = 0">> /etc/sysctl.conf
sysctl -p
swapoff -a
#永久关闭交换空间
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
modprobe br_netfilter
cat > /etc/rc.sysinit << EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter
EOF
chmod 755 /etc/sysconfig/modules/br_netfilter.modules
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
cat >> /etc/sysctl.conf <<EOF
net.ipv4.ip_forward=1
EOF
sysctl -p
#安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install docker-ce-19.03.6 docker-ce-cli-19.03.6
systemctl start docker
cat > /etc/docker/daemon.json <<eof
{
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["192.168.134.10:8081"],
"registry-mirrors": ["https://x1r3fc12.mirror.aliyuncs.com"]
}
eof
systemctl daemon-reload
systemctl restart docker
cat > /etc/yum.repos.d/kubenetes.repo <<eof
[k8s]
name=k8s
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
#gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1
eof
yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0
systemctl enable kubelet
systemctl enable docker
export KUBECONFIG=/etc/kubernetes/admin.conf
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
ntpdate -u pool.ntp.org
systemctl stop firewalld
systemctl disable firewalld
k8s-flannel.yaml 内容如下
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp.flannel.unprivileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
allowedCapabilities: ['NET_ADMIN']
defaultAddCapabilities: []
requiredDropCapabilities: []
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
seLinux:
rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-amd64
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
tier: node
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: amd64
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: registry.cn-hangzhou.aliyuncs.com/kube-iamges/flannel:v0.11.0-s390x
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: registry.cn-hangzhou.aliyuncs.com/kube-iamges/flannel:v0.11.0-s390x
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "500m"
memory: "200Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
flannel文件可以去自行百度下载即可。 至此,k8s以adm方式安装完成。
