集群部署

准备工作

  1. ip映射关系
  1. 修改host映射
vim /etc/hosts
192.168.242.41  k8s-master
192.168.242.42  k8s-node1
192.168.242.43  k8s-node2
  1. 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
  1. 矫正时间
date
yum install -y ntp
# 同步时间
ntpdate cn.pool.ntp.org
  1. 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
  1. 关闭swap => K8S中不支持swap分区
vim /etc/fstab
#/dev/mapper/centos-swap swap                    swap    defaults        0 0
  1. 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
 sysctl --system

安装 kubeadmkubeletkubectl

  1. 添加国内源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.tuna.tsinghua.edu.cn/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
  1. 安装(版本1.20.0)
 yum clean all
  yum makecache
yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0 --nogpgcheck
systemctl enable kubelet
  1. 遇到问题
1. Public key forxxx.rpm is not installed

添加 --nogpgcheck 参数

设置msatrer、node节点

配置master节点

# 开启docker服务
systemctl enable docker.service

kubeadm init \
--apiserver-advertise-address=192.168.242.41 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.20.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16

配置kubectl命令

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

pod网络配置

  • 下载kube-flannel 到本地
  • 执行命令:kubectl -f /path/kube-flannel.yml
  • 查看所有pod及节点状态,只有状态都为running才行

[root@admin41 ~]# kubectl get pod --all-namespaces
NAMESPACE     NAME                              READY   STATUS    RESTARTS   AGE
kube-system   coredns-7f89b7bc75-qjnvk          1/1     Running   0          15m
kube-system   coredns-7f89b7bc75-xsst9          1/1     Running   0          15m
kube-system   etcd-admin41                      1/1     Running   0          15m
kube-system   kube-apiserver-admin41            1/1     Running   0          15m
kube-system   kube-controller-manager-admin41   1/1     Running   0          15m
kube-system   kube-flannel-ds-t59dt             1/1     Running   0          2m31s
kube-system   kube-proxy-d5q96                  1/1     Running   0          15m
kube-system   kube-scheduler-admin41            1/1     Running   0          15m

加入node节点

  • 查看master token信息
kubeadm token list
TOKEN                     TTL         EXPIRES                     USAGES                   DESCRIPTION                                                EXTRA GROUPS
i3liaa.2zlnok84t9u4s4pw   23h         2021-02-09T13:49:40+08:00   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

  • 添加node节点(在node节点上操作)
kubeadm join 192.168.242.41:6443 --token i3liaa.2zlnok84t9u4s4pw --discovery-token-ca-cert-hash \sha256:59d102c031ab863bb58774f254267193e718bbe517a39761b255b1004627acc3
  • 获取CA证书sha256的hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
59d102c031ab863bb58774f254267193e718bbe517a39761b255b1004627acc3

测试k8s集群

部署一个nginx

kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc -o wide

k8s集群部署-LMLPHP

随便访问三个节点中的任意一台的32081端口就可

问题总结

  • Public key forxxx.rpm is not installed

添加 --nogpgcheck 参数

  • The connection to the server localhost:8080 was refused - did you specify the right host or port?
scp /etc/kubernetes/admin.conf k8s-node2:/etc/kubernetes/admin.conf
# 添加环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile

source ~/.bash_profile
  • node节点roles为none
kubectl label node k8s-node1 node-role.kubernetes.io/worker=worker
kubectl label node k8s-node2 node-role.kubernetes.io/worker=worker
02-08 20:41