1. 准备条件
- 硬件:4core、2560MB、40GB
- 软件版本:Docker version 20.10.24、kubernetes v1.22.0
- 系统:Centos 7 64Bit
2. 主机设置
- master 节点主机
hostnamectl set-hostname k8s-master
- node1 节点主机
hostnamectl set-hostname k8s-node1
- node2 节点主机
hostnamectl set-hostname k8s-node2
- 添加主机hosts
cat >> /etc/hosts << EOF
192.168.31.200 k8s-master
192.168.31.201 k8s-node1
192.168.31.202 k8s-node2
EOF
3. 基础设置
如下设置所有集群主机均需要进行配置。
- 更新主机系统软件yuan
- 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
- 关闭selinux
<!--setenforce 0 #临时-->
sed -i 's/enforcing/disabled/' /etc/selinux/config // 永久
- 关闭swap内存交换
<!--swapoff -a #临时-->
sed -ri 's/.*swap.*/#&/' /etc/fstab // 永久
- 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system // 生效
sysctl -w net.ipv4.ip_forward=1
- 设置时间同步
yum install ntpdate -y
ntpdate time1.aliyun.com
4. 安装Docker、kubeadm、kubelet
所有集群主机均需要安装
4.1. 安装Docker
k8s v1.24版本以前默认CRI(容器运行时)为Docker。
重新设置daemon.json
$ cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors":[
"https://<填写阿里云code>.mirror.aliyuncs.com",
"https://docker.mirrors.ustc.edu.cn"
],
"graph": "/mnt/docker-data",
"storage-driver": "overlay",
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
- 开放2375端口:docker配置远程连接daemon
4.2. 安装kubeadm,kubelet和kubectl
- 添加阿里云YUM软件源
$ cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
- 安装指定版本
$ yum install -y kubelet-1.22.0 kubeadm-1.22.0 kubectl-1.22.0
- 设置自启动
$ systemctl enable kubelet
5. 部署Kubernetes Master
在Master节点执行
init 和 join 过程中如果出现问题,可用kubeadm reset命令重新执行。
- 初始化节点
由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。
$ kubeadm init \
--apiserver-advertise-address=192.168.31.200 \ // 当前节点IP
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.22.0 \
--service-cidr=10.96.0.0/12 \ // 连接访问IP, 自定义不冲突就可以
--pod-network-cidr=10.244.0.0/16 // 连接访问IP, 自定义不冲突就可以
- 执行初始化日志中命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
- 查看集群节点
$ kubectl get nodes
6. 部署CNI网络插件
- 下载部署文件kube-flannel.yml
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
- 部署插件
kubectl apply -f kube-flannel.yml
- 查看插件部署进度
kubectl get pods -n kube-system
7. 加入Kubernetes Node节点
在Node节点执行
- 执行在kubeadm init输出的kubeadm join命令:
$ kubeadm join 192.168.1.11:6443 --token esce21.q6hetwm8si29qxwn \
--discovery-token-ca-cert-hash sha256:00603a05805807501d7181c3d60b478788408cfe6cedefedb1f97569708be9c5
token有效期为24小时,过期重建token使用如下命令:
kubeadm token create --print-join-command
8. 测试集群
- 使用查看node 节点状态
kubectl get nodes
- 查看pod是否已经正常running
kubectl get pod -n kube-system
- 查看各组件健康状态:
<!--如果遇到unhealth 参考:https://www.cnblogs.com/wuliping/p/13780147.html-->
kubectl get cs
- 在Kubernetes集群中创建一个pod,验证是否正常运行:
$ kubectl create deployment nginx --image=nginx
$ kubectl expose deployment nginx --port=80 --type=NodePort
$ kubectl get pod,svc
- Pod访问地址:http://NodeIP:Port
9. 安装kuboard
安装文档:https://www.kuboard.cn/install/v3/install-in-k8s.html
访问地址:http://any-of-your-node-ip:32567
获取登录token:
echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
或
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}')
10. 结束!
附文档:
1. kube-flannel.yaml 文件
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp.flannel.unprivileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unsed in CaaSP
rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"cniVersion": "0.2.0",
"name": "cbr0",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-amd64
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: lizhenliang/flannel:v0.11.0-amd64
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: lizhenliang/flannel:v0.11.0-amd64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
2.参考:https://www.modb.pro/db/623683
安装报错及解决方案
- [ERROR FileContent–proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
解决方式:执行如下命令
sysctl -w net.ipv4.ip_forward=1
2.listen tcp 192.168.31.200:2380: bind: cannot assign requested address
解决方式:https://blog.csdn.net/weixin_41298721/article/details/122700778
