实验环境
主机
| 主机名 | 角色 | IP | 配置 |
|---|---|---|---|
| s1 | master | 10.211.55.7 | 2核2G |
| s2 | node | 10.211.55.8 | 2核2G |
| s3 | node | 10.211.55.9 | 2核2G |
| s4 | 存储 | 10.211.55.10 | 2核2G |
系统版本
| 系统 | 版本号 | 备注 |
|---|---|---|
| centos | 7.7.1908 | centos7最新稳定版 |
常用软件
| 软件名称 | 安装方式 |
|---|---|
| vim | yum |
| wget | yum |
| git | yum |
K8S相关软件及版本
| 软件名称 | 版本号 |
|---|---|
| docker | 18.09.9 |
| kubelet | 1.16.4 |
| kubeadm | 1.16.4 |
| kubectl | 1.16.4 |
kubernetes 插件
| 插件类型 | 插件名称 | 版本号 |
|---|---|---|
| 网络插件 | calico | v3.8 |
kubernetes 网络规划
10.244.0.0/16
环境处理
关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
关闭防火墙
systemctl stop firewalld.service
systemctl disable firewalld.service
修改hosts
cat << EOF >>/etc/hosts
10.211.55.7 s1
10.211.55.8 s2
10.211.55.9 s3
EOF
关闭swap
#查看swap的挂载节点
swapon -s
#关闭swap
swapon -s | grep 'partition'| awk '{print$1}' | xargs swapoff
#修改 fstab
sed -i '/swap/s/^/#/g' /etc/fstab
设置内核参数
modprobe overlay
modprobe br_netfilter
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forword = 1
EOF
sysctl -p
安装docker
- 卸载已有的docker
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
- 安装docker
查看Kubernetes 官方文档
# Install Docker CE
## Set up the repository
### Install required packages.
yum install yum-utils device-mapper-persistent-data lvm2
### Add Docker repository.
yum-config-manager --add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
## Install Docker CE.
yum update && yum install \
containerd.io-1.2.10 \
docker-ce-18.09.9 \
docker-ce-cli-18.09.9
## Create /etc/docker directory.
mkdir /etc/docker
# Setup daemon.
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
# Restart Docker
systemctl daemon-reload
systemctl restart docker
systemctl enable docker.service
重启
reboot
k8s安装
安装
# 编辑yum源,使用阿里云的k8s镜像源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
## 安装k8s组件
yum install -y kubelet-1.16.4-0 kubeadm-1.16.4-0 kubectl-1.16.4-0 --disableexcludes=kubernetes
systemctl enable kubelet.service
修改内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
配置master
## s1 10.211.55.7
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.16.4 --pod-network-cidr=10.244.0.0/16
##
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
注意: 记录一下命令以便node加入kubernetes集群
kubeadm join 10.211.55.7:6443 --token we72z9.zgxl79cuyp2n5uxp
--discovery-token-ca-cert-hash sha256:0b272a6c535d74b905b2a11588bd28edeb0646f4394c7d1409b4058fb8faa311
配置node
kubeadm join 10.211.55.7:6443 --token we72z9.zgxl79cuyp2n5uxp \
--discovery-token-ca-cert-hash sha256:0b272a6c535d74b905b2a11588bd28edeb0646f4394c7d1409b4058fb8faa311
测试: 在master上执行
kubectl get nodes
状态如下: 状态为NotReady,需要配置网络
[root@s1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
s1 NotReady master 11m v1.16.4
s2 NotReady <none> 3m56s v1.16.4
s3 NotReady <none> 5m48s v1.16.4
配置网络
注意: 注意修改ip段
## master
# https://docs.projectcalico.org/v3.8/manifests/calico.yaml
wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
# 修改yaml文件中ip段后,配置网络
sed -i 's#192.168.0.0/16#10.244.0.0/16#g' calico.yaml
kubectl apply -f calico.yaml
# 在master上查看集群状态
[root@s1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
s1 Ready master 32m v1.16.4
s2 Ready <none> 25m v1.16.4
s3 Ready <none> 27m v1.16.4
# 如依然有node的状态为NotReady,则删除网络,重新配置
kubectl delete -f calico.yaml
kubectl apply -f calico.yaml
扩展配置
kubectl 命令补全
# 添加source <(kubectl completion bash)到/etc/profile第2行
sed -i 'N;2asource <(kubectl completion bash)' /etc/profile
kubectx&kubens
- kubectx快速切换context(集群)
- kubens快速切换namespace
# 下载地址 https://github.com/ahmetb/kubectx
git clone https://github.com/ahmetb/kubectx
cp kubectx/kube* /usr/local/bin/
常用命令
- 查看kubernetes集群信息
kubectl cluster-info
[root@s1 ~]# kubectl cluster-info
Kubernetes master is running at https://10.211.55.7:6443
KubeDNS is running at https://10.211.55.7:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
- 查看kubernetes版本
kubectl version
[root@s1 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.4", GitCommit:"224be7bdce5a9dd0c2fd0d46b83865648e2fe0ba", GitTreeState:"clean", BuildDate:"2019-12-11T12:47:40Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.4", GitCommit:"224be7bdce5a9dd0c2fd0d46b83865648e2fe0ba", GitTreeState:"clean", BuildDate:"2019-12-11T12:37:43Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
- 查看kubernetes支持的api-version
kubectl api-versions
[root@s1 ~]# kubectl api-versions
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
crd.projectcalico.org/v1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1
- 查看节点
kubectl get nodes
kubectl get nodes -o wide
[root@s1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
s1 Ready master 16h v1.16.4
s2 Ready <none> 16h v1.16.4
s3 Ready <none> 16h v1.16.4
[root@s1 ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
s1 Ready master 16h v1.16.4 10.211.55.7 <none> CentOS Linux 7 (Core) 3.10.0-1062.9.1.el7.x86_64 docker://18.9.9
s2 Ready <none> 16h v1.16.4 10.211.55.8 <none> CentOS Linux 7 (Core) 3.10.0-1062.9.1.el7.x86_64 docker://18.9.9
s3 Ready <none> 16h v1.16.4 10.211.55.9 <none> CentOS Linux 7 (Core) 3.10.0-1062.9.1.el7.x86_64 docker://18.9.9
- 查看pod
kubectl get pods
kubectl get pods -o wide
kubectl get pods -n kube-system
kubectl get pods -o wide -n kube-system
[root@s1 ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-778676476b-knb48 1/1 Running 0 16h
calico-node-hlxq9 1/1 Running 0 16h
calico-node-l25rk 1/1 Running 0 16h
calico-node-njnvx 1/1 Running 0 16h
coredns-58cc8c89f4-lq6hb 1/1 Running 0 16h
coredns-58cc8c89f4-nnn7q 1/1 Running 0 16h
etcd-s1 1/1 Running 0 16h
kube-apiserver-s1 1/1 Running 0 16h
kube-controller-manager-s1 1/1 Running 0 16h
kube-proxy-j544d 1/1 Running 0 16h
kube-proxy-qdnxc 1/1 Running 0 16h
kube-proxy-xngmm 1/1 Running 0 16h
kube-scheduler-s1 1/1 Running 0 16h
[root@s1 ~]# kubectl get pods -o wide -n kube-system
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-778676476b-knb48 1/1 Running 0 16h 10.244.130.65 s3 <none> <none>
calico-node-hlxq9 1/1 Running 0 16h 10.211.55.8 s2 <none> <none>
calico-node-l25rk 1/1 Running 0 16h 10.211.55.9 s3 <none> <none>
calico-node-njnvx 1/1 Running 0 16h 10.211.55.7 s1 <none> <none>
coredns-58cc8c89f4-lq6hb 1/1 Running 0 16h 10.244.78.129 s2 <none> <none>
coredns-58cc8c89f4-nnn7q 1/1 Running 0 16h 10.244.78.130 s2 <none> <none>
etcd-s1 1/1 Running 0 16h 10.211.55.7 s1 <none> <none>
kube-apiserver-s1 1/1 Running 0 16h 10.211.55.7 s1 <none> <none>
kube-controller-manager-s1 1/1 Running 0 16h 10.211.55.7 s1 <none> <none>
kube-proxy-j544d 1/1 Running 0 16h 10.211.55.8 s2 <none> <none>
kube-proxy-qdnxc 1/1 Running 0 16h 10.211.55.7 s1 <none> <none>
kube-proxy-xngmm 1/1 Running 0 16h 10.211.55.9 s3 <none> <none>
kube-scheduler-s1 1/1 Running 0 16h 10.211.55.7 s1 <none> <none>
- 查看命名空间
kubectl get ns
[root@s1 ~]# kubectl get ns
NAME STATUS AGE
default Active 17h
kube-node-lease Active 17h
kube-public Active 17h
kube-system Active 17h
