Centos7.9使用kubeadm部署K8S集群

使用kubeadm部署一个k8s集群，单master+2worker节点。

1. 环境信息

• 操作系统：CentOS 7.9.2009
• 内存: 2GB
• CPU: 2
• 网络: 能够互访，能够访问互联网

hostname	ip	备注
k8s-master	192.168.0.51	master
k8s-node1	192.168.0.52	worker
k8s-node2	192.168.0.53	worker

2. 准备工作

在所有节点（包括 Master 和 Worker 节点）上执行以下步骤。

2.1 linux基础配置

# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld# 关闭 swap
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab# 关闭 selinux
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config# 设置时区
timedatectl set-timezone Asia/Shanghai# 时间同步
yum -y install ntpdate
ntpdate time.windows.com
hwclock --systohc# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system  # 生效

2.2 安装 Docker

# 添加镜像源
curl https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
# 查看docker-ce的版本列表
yum list docker-ce --showduplicates | sort -r
# 安装20.10
yum -y install docker-ce-20.10.6-3.el7
systemctl start docker
systemctl enable docker# 换成阿里Docker仓库
cat > /etc/docker/daemon.json << EOF
{"registry-mirrors": ["https://wnsrsn9i.mirror.aliyuncs.com"]
}
EOF# 重启配置生效
systemctl restart docker
docker info
...Registry Mirrors:https://wnsrsn9i.mirror.aliyuncs.com/
...

2.3 安装 kubeadm、kubelet 和 kubectl

# 添加镜像源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF# 查看支持的版本
yum list kubelet --showduplicates | sort -r# 安装
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0# 配置kubelet服务自启动
systemctl enable kubelet

3. 部署k8s集群

设置hosts：

# 设置主机名
hostnamectl set-hostname k8s-master  # k8s-node1 / k8s-node2
hostname# 配置 hosts（只在master执行）
cat >> /etc/hosts << EOF
192.168.0.51 k8s-master
192.168.0.52 k8s-node1
192.168.0.53 k8s-node2
EOF

初始化master：

# 运行初始化命令，apiserver地址为master地址
kubeadm init \
--apiserver-advertise-address=192.168.0.51 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.18.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16...
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxyYour Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.0.51:6443 --token fxaizi.pb73yzhubpffc9zf \--discovery-token-ca-cert-hash sha256:95b842305c484ffcdcf3d5ccdeb5ada6ee89f418e77709138b491654e88c88ed
...# 初始化成功后，按照提示执行如下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config# 查看节点列表，此时节点状态为NotReady
kubectl get nodes

初始化worker：

kubeadm join 192.168.0.51:6443 --token fxaizi.pb73yzhubpffc9zf \--discovery-token-ca-cert-hash sha256:95b842305c484ffcdcf3d5ccdeb5ada6ee89f418e77709138b491654e88c88ed

master部署网络插件：

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl get pods -n kube-system  # 查看运行状态

如果无法下载，手动创建kube-flannel.yml，内容如下：

---
kind: Namespace
apiVersion: v1
metadata:name: kube-flannellabels:k8s-app: flannelpod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: flannelname: flannel
rules:
- apiGroups:- ""resources:- podsverbs:- get
- apiGroups:- ""resources:- nodesverbs:- get- list- watch
- apiGroups:- ""resources:- nodes/statusverbs:- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: flannelname: flannel
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: flannel
subjects:
- kind: ServiceAccountname: flannelnamespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: flannelname: flannelnamespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:name: kube-flannel-cfgnamespace: kube-flannellabels:tier: nodek8s-app: flannelapp: flannel
data:cni-conf.json: |{"name": "cbr0","cniVersion": "0.3.1","plugins": [{"type": "flannel","delegate": {"hairpinMode": true,"isDefaultGateway": true}},{"type": "portmap","capabilities": {"portMappings": true}}]}net-conf.json: |{"Network": "10.244.0.0/16","EnableNFTables": false,"Backend": {"Type": "vxlan"}}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-dsnamespace: kube-flannellabels:tier: nodeapp: flannelk8s-app: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linuxhostNetwork: truepriorityClassName: system-node-criticaltolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cni-pluginimage: docker.io/flannel/flannel-cni-plugin:v1.4.1-flannel1command:- cpargs:- -f- /flannel- /opt/cni/bin/flannelvolumeMounts:- name: cni-pluginmountPath: /opt/cni/bin- name: install-cniimage: docker.io/flannel/flannel:v0.25.4command:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: docker.io/flannel/flannel:v0.25.4command:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: "100m"memory: "50Mi"securityContext:privileged: falsecapabilities:add: ["NET_ADMIN", "NET_RAW"]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: EVENT_QUEUE_DEPTHvalue: "5000"volumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/- name: xtables-lockmountPath: /run/xtables.lockvolumes:- name: runhostPath:path: /run/flannel- name: cni-pluginhostPath:path: /opt/cni/bin- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg- name: xtables-lockhostPath:path: /run/xtables.locktype: FileOrCreate

部署flannel会拉取两个镜像，国内网络环境有时候无法顺利拉取，可以从其他地方获取后离线导入当前环境：

[root@k8s-master ~]# docker images
REPOSITORY                                                        TAG               IMAGE ID       CREATED        SIZE
flannel/flannel                                                   v0.25.4           e6c43605b714   18 hours ago   81MB
flannel/flannel-cni-plugin                                        v1.4.1-flannel1   1e3c860c213d   7 weeks ago    10.3MB

4. 创建测试应用

# 创建一个nginx应用，并暴露到节点外部
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort# 查看部署的应用
kubectl get pod,svc
NAME                        READY   STATUS    RESTARTS   AGE
pod/nginx-f89759699-j9lnv   1/1     Running   0          30sNAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        34m
service/nginx        NodePort    10.102.197.201   <none>        80:30510/TCP   19s

通过k8s节点ip+30510端口即可访问nginx。