1.初始操作
默认3台服务器都执行
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 临时# 关闭swap
swapoff -a # 临时
sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久# 关闭完swap后,一定要重启一下虚拟机!!!
# 根据规划设置主机名
hostnamectl set-hostname <hostname># 在master添加hosts
cat >> /etc/hosts << EOF
192.168.124.4 k8s-master
192.168.124.5 k8s-node1
192.168.124.6 k8s-node2
EOF# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOFsysctl --system # 生效# 时间同步
yum install ntpdate -y
ntpdate time.windows.com2.安装基础软件
基础软件需要在三台服务器都执行
2.1安装docker
在这里,我们将向您介绍Docker的安装方法。但首先,我们需要先安装依赖包。您需要通过使用以下命令安装一些基本软件:
yum install -y yum-utils device-mapper-persistent-data lvm2
然后,您可以使用以下命令来安装Docker:
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
当安装成功时,您可以执行以下命令来更新缓存并安装Docker Community版:
sudo yum update
sudo yum install docker-ce-20.10.5 docker-ce-cli-20.10.5 containerd.io
docker -v
输出 Docker version 20.10.5, build 55c4c88
2.2添加阿里云 yum 源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2.3安装 kubeadm、kubelet、kubectl
yum install -y kubelet-1.23.6 kubeadm-1.23.6 kubectl-1.23.6systemctl enable kubelet# 配置关闭 Docker 的 cgroups,修改 /etc/docker/daemon.json,加入以下内容
"exec-opts": ["native.cgroupdriver=systemd"]# 重启 docker
systemctl daemon-reload
systemctl restart docker3. 部署 Kubernetes Master
# 在 Master 节点下执行kubeadm init \--apiserver-advertise-address=192.168.124.4 \--image-repository registry.aliyuncs.com/google_containers \--kubernetes-version v1.23.6 \--service-cidr=10.96.0.0/12 \--pod-network-cidr=10.244.0.0/16# 安装成功后,复制如下配置并执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get nodes4.加入 Kubernetes Node
分别在 k8s-node1 和 k8s-node2 执行# 下方命令可以在 k8s master 控制台初始化成功后复制 join 命令
#下面的命令是第3步生成的命令kubeadm join 192.168.124.4:6443 --token w34ha2.66if2c8nwmeat9o7 --discovery-token-ca-cert-hash sha256:20e2227554f8883811c01edd850f0cf2f396589d32b57b9984de3353a7389477# 如果初始化的 token 不小心清空了,可以通过如下命令获取或者重新申请
# 如果 token 已经过期,就重新申请
kubeadm token create# token 没有过期可以通过如下命令获取
kubeadm token list# 获取 --discovery-token-ca-cert-hash 值,得到值后需要在前面拼接上 sha256:
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //'查看node情况,发现都是Notready。是因为网络原因。执行第5步即可。
[root@k8s-master k8s]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane,master 22h v1.23.6
k8s-node01 NotReady <none> 22h v1.23.6
k8s-node02 Ready <none> 22h v1.23.65. 部署 CNI 网络插件
# 在 master 节点上执行
# 下载 calico 配置文件,可能会网络超时
curl https://docs.projectcalico.org/manifests/calico.yaml -O# 修改 calico.yaml 文件中的 CALICO_IPV4POOL_CIDR 配置,修改为与初始化的 cidr 相同# 修改 IP_AUTODETECTION_METHOD 下的网卡名称# 删除镜像 docker.io/ 前缀,避免下载过慢导致失败
sed -i 's#docker.io/##g' calico.yaml
#执行
kubectl apply -f calico.yaml[root@k8s-master k8s]# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-74dbdc644f-l95jc 0/1 ContainerCreating 0 2m37s <none> k8s-node02 <none> <none>
calico-node-82kwk 0/1 Init:2/3 0 2m37s 192.168.124.5 k8s-node01 <none> <none>
calico-node-pcbtl 0/1 Init:ImagePullBackOff 0 2m37s 192.168.124.4 k8s-master <none> <none>
calico-node-v96st 0/1 Init:2/3 0 2m37s 192.168.124.6 k8s-node02 <none> <none>
coredns-6d8c4cb4d-jqktl 0/1 ContainerCreating 0 22h <none> k8s-node02 <none> <none>
coredns-6d8c4cb4d-rhgsv 0/1 ContainerCreating 0 22h <none> k8s-node02 <none> <none>
etcd-k8s-master 1/1 Running 1 (22h ago) 22h 192.168.124.4 k8s-master <none> <none>
kube-apiserver-k8s-master 1/1 Running 1 (22h ago) 22h 192.168.124.4 k8s-master <none> <none>
kube-controller-manager-k8s-master 1/1 Running 1 (22h ago) 22h 192.168.124.4 k8s-master <none> <none>
kube-proxy-2k2n6 1/1 Running 1 (22h ago) 22h 192.168.124.6 k8s-node02 <none> <none>
kube-proxy-2kv9q 1/1 Running 1 (22h ago) 22h 192.168.124.5 k8s-node01 <none> <none>
kube-proxy-hpjw6 1/1 Running 1 (22h ago) 22h 192.168.124.4 k8s-master <none> <none>
kube-scheduler-k8s-master 1/1 Running 1 (22h ago) 22h 192.168.124.4 k8s-master <none> <none>#查看报错的pod
[root@k8s-master k8s]# kubectl describe po calico-node-pcbtl -n kube-system
Name: calico-node-pcbtl
Namespace: kube-system...................省略了信息Warning Failed 5m58s kubelet Error: ErrImagePullNormal BackOff 5m57s kubelet Back-off pulling image "calico/cni:v3.26.1"Warning Failed 5m57s kubelet Error: ImagePullBackOffNormal Pulling 5m43s (x2 over 6m53s) kubelet Pulling image "calico/cni:v3.26.1"第5步非常慢,请耐心等待。可以使用docker pull 下载下面的镜像。
执行完之后,再查看node信息
[root@k8s-master k8s]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-74dbdc644f-l95jc 1/1 Running 0 109m
calico-node-82kwk 1/1 Running 0 109m
calico-node-ps5f8 1/1 Running 0 60m
calico-node-v96st 1/1 Running 0 109m
coredns-6d8c4cb4d-jqktl 1/1 Running 0 24h
coredns-6d8c4cb4d-rhgsv 1/1 Running 0 24h
etcd-k8s-master 1/1 Running 1 (23h ago) 24h
kube-apiserver-k8s-master 1/1 Running 1 (23h ago) 24h
kube-controller-manager-k8s-master 1/1 Running 1 (23h ago) 24h
kube-proxy-2k2n6 1/1 Running 1 (23h ago) 24h
kube-proxy-2kv9q 1/1 Running 1 (23h ago) 24h
kube-proxy-hpjw6 1/1 Running 1 (23h ago) 24h
kube-scheduler-k8s-master 1/1 Running 1 (23h ago) 24h
[root@k8s-master k8s]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 24h v1.23.6
k8s-node01 Ready <none> 24h v1.23.6
k8s-node02 Ready <none> 24h v1.23.6
6. 测试 kubernete
[root@k8s-master k8s]# kubectl create deployment nginx-test --image=nginx
deployment.apps/nginx-test created
[root@k8s-master k8s]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-85b98978db-lgzwl 1/1 Running 0 116s
nginx-test-84b478f9c5-sl8rg 1/1 Running 0 15s
# 暴露端口
[root@k8s-master k8s]# kubectl expose deployment nginx-test --port=80 --type=NodePort
service/nginx-test exposed# 查看 pod 以及服务信息
[root@k8s-master k8s]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-85b98978db-lgzwl 1/1 Running 0 2m27s
pod/nginx-test-84b478f9c5-sl8rg 1/1 Running 0 46sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 24h
service/nginx NodePort 10.106.211.191 <none> 80:30662/TCP 86m
service/nginx-test NodePort 10.103.164.185 <none> 80:30393/TCP 15s
[root@k8s-master k8s]# 
