使用Kubernetes建设容器化数据中心操作命令-2.Kubernetes部署

棒棒堂智能运维
163 阅读5分钟

Kubernetes部署

2.1 服务器Labs-K8s-Master-1:安装基础软件

#添加阿里云Docker镜像源,并安装Docker
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's/$releasever/8/g' /etc/yum.repos.d/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io

#配置Docker镜像加速
cat >> /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": [
    "https://registry.cn-hangzhou.aliyuncs.com",
    "https://hub.xdark.top",
    "https://hub.littlediary.cn",
    "https://dockerpull.org",
    "https://hub.crdz.gq",
    "https://docker.1panel.live",
    "https://docker.mirrors.ustc.edu.cn",
    "https://docker.m.daocloud.io",
    "https://noohub.ru",
    "https://huecker.io",
    "https://dockerhub.timeweb.cloud",
    "https://docker.1panel.dev",
    "https://docker.unsee.tech",
    "https://docker.1panel.live"
],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  }
}
EOF

#重新加载 systemd 配置,启动docke并设置开机自起
systemctl daemon-reload
systemctl start docker
systemctl enable docker

#配置kubernetes源
cat >> /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

#安装Kubernetes组件
yum install -y kubelet-1.28.0 kubeadm-1.28.0 kubectl-1.28.0

#配置 kubelet 使用 systemd 作为 cgroup 驱动
sed -i '$a KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"' /etc/sysconfig/kubelet

#配置 kube-proxy 使用 ipvs 模式进行负载均衡。
sed -i '$a KUBE_PROXY_MODE="ipvs"' /etc/sysconfig/kubelet
systemctl enable kubelet

# 创建目录
mkdir -p /var/kubernetes

#获取并安装cri-dockerd
wget -P /var/kubernetes https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.12/cri-dockerd-0.3.12-3.el7.x86_64.rpm
rpm -ivh /var/kubernetes/cri-dockerd-0.3.12-3.el7.x86_64.rpm

#使用指定的 pause 镜像作为 Pod 的基础容器镜像
sed -i '/ExecStart=/usr/bin/cri-dockerd/ s|$| --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9|' /usr/lib/systemd/system/cri-docker.service

# 加载配置并开启服务
systemctl daemon-reload
systemctl enable cri-docker && systemctl start cri-docker

#安装高可用和负载均衡工具
yum -y install keepalived haproxy

#备份haproxy配置文件
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak

#重定向haproxy的配置文件haproxy.cfg
tee /etc/haproxy/haproxy.cfg <<EOF
global 
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s
#定义默认参数,
defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s
#定义前端监控 haproxy 的状态
frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor
#定义前端,负载均衡 Kubernetes 主节点的流量
frontend k8s-master
  bind 0.0.0.0:16443 
  bind 127.0.0.1:16443 
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master
#定义后端,处理来自 k8s-master 前端的请求
backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server Book-Cloud-K8s-Master-1        10.10.2.151:6443  check
  server Book-Cloud-K8s-Master-2        10.10.2.152:6443  check
  server Book-Cloud-K8s-Master-3        10.10.2.153:6443  check
EOF

#keepalived配置文件内容
cat >> /etc/keepalived/keepalived.conf << EOF
global_defs {
    router_id LVS_DEVEL  
}
vrrp_script check_apiserver {  
  script "/etc/keepalived/check_apiserver.sh"
  interval 3  
  weight -2  
  fall 10  
  rise 2   
}
vrrp_instance VI_1 {
    state MASTER             #当前节点为 MASTER  
    interface ens33          #网络接口,根据环境选择接口   
    mcast_src_ip 10.10.2.151
    virtual_router_id 51        
    priority 100              #优先级  
    authentication {            
        auth_type PASS          
        auth_pass K8SAUTH       
    }
    virtual_ipaddress {
        10.10.2.155            #配置虚拟 IP 地址(VIP) 
    }
    track_script {
        check_apiserver
    }
}
EOF

#创建健康检查脚本
cat >> /etc/keepalived/check_apiserver.sh << EOF
#!/bin/bash
API_SERVER="127.0.0.1:6443"
API_HEALTH_CHECK_URL="https://${API_SERVER}/healthz"
API_HEALTH_CHECK_TIMEOUT=5
API_HEALTH_CHECK_INTERVAL=3

if curl --silent --max-time ${API_HEALTH_CHECK_TIMEOUT} --insecure ${API_HEALTH_CHECK_URL} | grep -q "ok"; then
    exit 0
else
    exit 1
fi
EOF

chmod +x /etc/keepalived/check_apiserver.sh

systemctl daemon-reload
systemctl enable --now haproxy
systemctl enable --now keepalived

2.2 服务器Labs-K8s-Master-2:安装基础软件

#添加阿里云Docker镜像源,并安装Docker
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's/$releasever/8/g' /etc/yum.repos.d/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io

#配置Docker镜像加速
cat >> /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": [
    "https://registry.cn-hangzhou.aliyuncs.com",
    "https://hub.xdark.top",
    "https://hub.littlediary.cn",
    "https://dockerpull.org",
    "https://hub.crdz.gq",
    "https://docker.1panel.live",
    "https://docker.mirrors.ustc.edu.cn",
    "https://docker.m.daocloud.io",
    "https://noohub.ru",
    "https://huecker.io",
    "https://dockerhub.timeweb.cloud",
    "https://docker.1panel.dev",
    "https://docker.unsee.tech",
    "https://docker.1panel.live"
],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  }
}
EOF

#重新加载 systemd 配置,启动docke并设置开机自起
systemctl daemon-reload
systemctl start docker
systemctl enable docker

#配置kubernetes源
cat >> /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

#安装Kubernetes组件
yum install -y kubelet-1.28.0 kubeadm-1.28.0 kubectl-1.28.0

#配置 kubelet 使用 systemd 作为 cgroup 驱动
sed -i '$a KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"' /etc/sysconfig/kubelet

#配置 kube-proxy 使用 ipvs 模式进行负载均衡。
sed -i '$a KUBE_PROXY_MODE="ipvs"' /etc/sysconfig/kubelet
systemctl enable kubelet

# 创建目录
mkdir -p /var/kubernetes

#获取并安装cri-dockerd
wget -P /var/kubernetes https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.12/cri-dockerd-0.3.12-3.el7.x86_64.rpm
rpm -ivh /var/kubernetes/cri-dockerd-0.3.12-3.el7.x86_64.rpm

#使用指定的 pause 镜像作为 Pod 的基础容器镜像
sed -i '/ExecStart=/usr/bin/cri-dockerd/ s|$| --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9|' /usr/lib/systemd/system/cri-docker.service

# 加载配置并开启服务
systemctl daemon-reload
systemctl enable cri-docker && systemctl start cri-docker

#安装高可用和负载均衡工具
yum -y install keepalived haproxy

#备份haproxy配置文件
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak

#重定向haproxy的配置文件haproxy.cfg
tee /etc/haproxy/haproxy.cfg <<EOF
global 
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s
#定义默认参数,
defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s
#定义前端监控 haproxy 的状态
frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor
#定义前端,负载均衡 Kubernetes 主节点的流量
frontend k8s-master
  bind 0.0.0.0:16443 
  bind 127.0.0.1:16443 
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master
#定义后端,处理来自 k8s-master 前端的请求
backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server Book-Cloud-K8s-Master-1        10.10.2.151:6443  check
  server Book-Cloud-K8s-Master-2        10.10.2.152:6443  check
  server Book-Cloud-K8s-Master-3        10.10.2.153:6443  check
EOF

#keepalived配置文件内容
cat >> /etc/keepalived/keepalived.conf << EOF
global_defs {
    router_id LVS_DEVEL  
}
vrrp_script check_apiserver {  
  script "/etc/keepalived/check_apiserver.sh"
  interval 3  
  weight -2  
  fall 10  
  rise 2   
}
vrrp_instance VI_1 {
    state BACKUP             #当前节点为 BACKUP  
    interface ens33          #网络接口,根据环境选择接口   
    mcast_src_ip 10.10.2.152
    virtual_router_id 51        
    priority 50              #优先级  
    authentication {            
        auth_type PASS          
        auth_pass K8SAUTH       
    }
    virtual_ipaddress {
        10.10.2.155            #配置虚拟 IP 地址(VIP) 
    }
    track_script {
        check_apiserver
    }
}
EOF

#创建健康检查脚本
cat >> /etc/keepalived/check_apiserver.sh << EOF
#!/bin/bash
API_SERVER="127.0.0.1:6443"
API_HEALTH_CHECK_URL="https://${API_SERVER}/healthz"
API_HEALTH_CHECK_TIMEOUT=5
API_HEALTH_CHECK_INTERVAL=3

if curl --silent --max-time ${API_HEALTH_CHECK_TIMEOUT} --insecure ${API_HEALTH_CHECK_URL} | grep -q "ok"; then
    exit 0
else
    exit 1
fi
EOF

chmod +x /etc/keepalived/check_apiserver.sh

systemctl daemon-reload
systemctl enable --now haproxy
systemctl enable --now keepalived

2.4 服务器Labs-K8s-Master-3:安装基础软件

#添加阿里云Docker镜像源,并安装Docker
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's/$releasever/8/g' /etc/yum.repos.d/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io

#配置Docker镜像加速
cat >> /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": [
    "https://registry.cn-hangzhou.aliyuncs.com",
    "https://hub.xdark.top",
    "https://hub.littlediary.cn",
    "https://dockerpull.org",
    "https://hub.crdz.gq",
    "https://docker.1panel.live",
    "https://docker.mirrors.ustc.edu.cn",
    "https://docker.m.daocloud.io",
    "https://noohub.ru",
    "https://huecker.io",
    "https://dockerhub.timeweb.cloud",
    "https://docker.1panel.dev",
    "https://docker.unsee.tech",
    "https://docker.1panel.live"
],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  }
}
EOF

#重新加载 systemd 配置,启动docke并设置开机自起
systemctl daemon-reload
systemctl start docker
systemctl enable docker

#配置kubernetes源
cat >> /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

#安装Kubernetes组件
yum install -y kubelet-1.28.0 kubeadm-1.28.0 kubectl-1.28.0

#配置 kubelet 使用 systemd 作为 cgroup 驱动
sed -i '$a KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"' /etc/sysconfig/kubelet

#配置 kube-proxy 使用 ipvs 模式进行负载均衡。
sed -i '$a KUBE_PROXY_MODE="ipvs"' /etc/sysconfig/kubelet
systemctl enable kubelet

# 创建目录
mkdir -p /var/kubernetes

#获取并安装cri-dockerd
wget -P /var/kubernetes https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.12/cri-dockerd-0.3.12-3.el7.x86_64.rpm
rpm -ivh /var/kubernetes/cri-dockerd-0.3.12-3.el7.x86_64.rpm

#使用指定的 pause 镜像作为 Pod 的基础容器镜像
sed -i '/ExecStart=/usr/bin/cri-dockerd/ s|$| --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9|' /usr/lib/systemd/system/cri-docker.service

# 加载配置并开启服务
systemctl daemon-reload
systemctl enable cri-docker && systemctl start cri-docker

#安装高可用和负载均衡工具
yum -y install keepalived haproxy

#备份haproxy配置文件
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak

#重定向haproxy的配置文件haproxy.cfg
tee /etc/haproxy/haproxy.cfg <<EOF
global 
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s
#定义默认参数,
defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s
#定义前端监控 haproxy 的状态
frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor
#定义前端,负载均衡 Kubernetes 主节点的流量
frontend k8s-master
  bind 0.0.0.0:16443 
  bind 127.0.0.1:16443 
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master
#定义后端,处理来自 k8s-master 前端的请求
backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server Book-Cloud-K8s-Master-1        10.10.2.151:6443  check
  server Book-Cloud-K8s-Master-2        10.10.2.152:6443  check
  server Book-Cloud-K8s-Master-3        10.10.2.153:6443  check
EOF

#keepalived配置文件内容
cat >> /etc/keepalived/keepalived.conf << EOF
global_defs {
    router_id LVS_DEVEL  
}
vrrp_script check_apiserver {  
  script "/etc/keepalived/check_apiserver.sh"
  interval 3  
  weight -2  
  fall 10  
  rise 2   
}
vrrp_instance VI_1 {
    state BACKUP             #当前节点为 MASTER  
    interface ens33          #网络接口,根据环境选择接口   
    mcast_src_ip 10.10.2.153
    virtual_router_id 51        
    priority 49              #优先级  
    authentication {            
        auth_type PASS          
        auth_pass K8SAUTH       
    }
    virtual_ipaddress {
        10.10.2.155            #配置虚拟 IP 地址(VIP) 
    }
    track_script {
        check_apiserver
    }
}
EOF

#创建健康检查脚本
cat >> /etc/keepalived/check_apiserver.sh << EOF
#!/bin/bash
API_SERVER="127.0.0.1:6443"
API_HEALTH_CHECK_URL="https://${API_SERVER}/healthz"
API_HEALTH_CHECK_TIMEOUT=5
API_HEALTH_CHECK_INTERVAL=3

if curl --silent --max-time ${API_HEALTH_CHECK_TIMEOUT} --insecure ${API_HEALTH_CHECK_URL} | grep -q "ok"; then
    exit 0
else
    exit 1
fi
EOF

chmod +x /etc/keepalived/check_apiserver.sh

systemctl daemon-reload
systemctl enable --now haproxy
systemctl enable --now keepalived

2.5 服务器Labs-K8s-Woker-1:安装基础软件

#添加阿里云Docker镜像源,并安装Docker
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's/$releasever/8/g' /etc/yum.repos.d/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io

#配置Docker镜像加速
cat >> /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": [
    "https://registry.cn-hangzhou.aliyuncs.com",
    "https://hub.xdark.top",
    "https://hub.littlediary.cn",
    "https://dockerpull.org",
    "https://hub.crdz.gq",
    "https://docker.1panel.live",
    "https://docker.mirrors.ustc.edu.cn",
    "https://docker.m.daocloud.io",
    "https://noohub.ru",
    "https://huecker.io",
    "https://dockerhub.timeweb.cloud",
    "https://docker.1panel.dev",
    "https://docker.unsee.tech",
    "https://docker.1panel.live"
],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  }
}
EOF

#重新加载 systemd 配置,启动docke并设置开机自起
systemctl daemon-reload
systemctl start docker
systemctl enable docker

#配置kubernetes源
cat >> /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

#安装Kubernetes组件
yum install -y kubelet-1.28.0 kubeadm-1.28.0 kubectl-1.28.0

#配置 kubelet 使用 systemd 作为 cgroup 驱动
sed -i '$a KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"' /etc/sysconfig/kubelet

#配置 kube-proxy 使用 ipvs 模式进行负载均衡。
sed -i '$a KUBE_PROXY_MODE="ipvs"' /etc/sysconfig/kubelet
systemctl enable kubelet

# 创建目录
mkdir -p /var/kubernetes

#获取并安装cri-dockerd
wget -P /var/kubernetes https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.12/cri-dockerd-0.3.12-3.el7.x86_64.rpm
rpm -ivh /var/kubernetes/cri-dockerd-0.3.12-3.el7.x86_64.rpm

#使用指定的 pause 镜像作为 Pod 的基础容器镜像,在 “ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://” 这一行增加 “–pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9”
sed -i '/ExecStart=/usr/bin/cri-dockerd/ s|$| --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9|' /usr/lib/systemd/system/cri-docker.service

# 加载配置并开启服务
systemctl daemon-reload
systemctl enable cri-docker && systemctl start cri-docker
avatar
文章
阅读
粉丝