集群部署
准备工作
- ip映射关系
- 修改host映射
vim /etc/hosts
192.168.242.41 k8s-master
192.168.242.42 k8s-node1
192.168.242.43 k8s-node2
- 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
- 矫正时间
date
yum install -y ntp
# 同步时间
ntpdate cn.pool.ntp.org
- 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
- 关闭swap => K8S中不支持swap分区
vim /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0
- 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
安装 kubeadm
、kubelet
、kubectl
- 添加国内源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.tuna.tsinghua.edu.cn/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
- 安装(版本1.20.0)
yum clean all
yum makecache
yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0 --nogpgcheck
systemctl enable kubelet
- 遇到问题
1. Public key forxxx.rpm is not installed
添加 --nogpgcheck 参数
设置msatrer、node节点
配置master节点
# 开启docker服务
systemctl enable docker.service
kubeadm init \
--apiserver-advertise-address=192.168.242.41 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.20.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
配置kubectl
命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
pod网络配置
- 下载kube-flannel 到本地
- 执行命令:
kubectl -f /path/kube-flannel.yml
- 查看所有pod及节点状态,只有状态都为running才行
[root@admin41 ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7f89b7bc75-qjnvk 1/1 Running 0 15m
kube-system coredns-7f89b7bc75-xsst9 1/1 Running 0 15m
kube-system etcd-admin41 1/1 Running 0 15m
kube-system kube-apiserver-admin41 1/1 Running 0 15m
kube-system kube-controller-manager-admin41 1/1 Running 0 15m
kube-system kube-flannel-ds-t59dt 1/1 Running 0 2m31s
kube-system kube-proxy-d5q96 1/1 Running 0 15m
kube-system kube-scheduler-admin41 1/1 Running 0 15m
加入node节点
- 查看master token信息
kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
i3liaa.2zlnok84t9u4s4pw 23h 2021-02-09T13:49:40+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
- 添加node节点(在node节点上操作)
kubeadm join 192.168.242.41:6443 --token i3liaa.2zlnok84t9u4s4pw --discovery-token-ca-cert-hash \sha256:59d102c031ab863bb58774f254267193e718bbe517a39761b255b1004627acc3
- 获取CA证书sha256的hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
59d102c031ab863bb58774f254267193e718bbe517a39761b255b1004627acc3
测试k8s集群
部署一个nginx
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc -o wide
随便访问三个节点中的任意一台的32081端口就可
问题总结
- Public key forxxx.rpm is not installed
添加 --nogpgcheck 参数
- The connection to the server localhost:8080 was refused - did you specify the right host or port?
scp /etc/kubernetes/admin.conf k8s-node2:/etc/kubernetes/admin.conf
# 添加环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
- node节点roles为none
kubectl label node k8s-node1 node-role.kubernetes.io/worker=worker
kubectl label node k8s-node2 node-role.kubernetes.io/worker=worker