实验环境

主机

系统版本

常用软件

K8S相关软件及版本

kubernetes 插件

kubernetes 网络规划

10.244.0.0/16

环境处理

关闭selinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

关闭防火墙

systemctl stop firewalld.service
systemctl disable firewalld.service

修改hosts

cat << EOF >>/etc/hosts
10.211.55.7  s1
10.211.55.8  s2
10.211.55.9  s3
EOF

关闭swap

#查看swap的挂载节点
swapon -s
#关闭swap
swapon -s | grep 'partition'| awk '{print$1}' | xargs swapoff
#修改 fstab
sed -i '/swap/s/^/#/g' /etc/fstab

设置内核参数

modprobe overlay
modprobe br_netfilter
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forword = 1
EOF
sysctl -p

安装docker

• 卸载已有的docker

 yum remove docker \
     docker-client \
     docker-client-latest \
     docker-common \
     docker-latest \
     docker-latest-logrotate \
     docker-logrotate \
     docker-selinux \
     docker-engine-selinux \
     docker-engine

• 安装docker
  查看Kubernetes 官方文档

# Install Docker CE
## Set up the repository
### Install required packages.
yum install yum-utils device-mapper-persistent-data lvm2

### Add Docker repository.
yum-config-manager --add-repo \
  https://download.docker.com/linux/centos/docker-ce.repo
## Install Docker CE.
yum update && yum install \
  containerd.io-1.2.10 \
  docker-ce-18.09.9 \
  docker-ce-cli-18.09.9

## Create /etc/docker directory.
mkdir /etc/docker

# Setup daemon.
cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF

mkdir -p /etc/systemd/system/docker.service.d

# Restart Docker
systemctl daemon-reload
systemctl restart docker
systemctl enable docker.service

重启

reboot

k8s安装

安装

# 编辑yum源，使用阿里云的k8s镜像源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
## 安装k8s组件
yum install -y kubelet-1.16.4-0  kubeadm-1.16.4-0  kubectl-1.16.4-0 --disableexcludes=kubernetes
systemctl enable kubelet.service

修改内核参数

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

配置master

## s1 10.211.55.7
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.16.4 --pod-network-cidr=10.244.0.0/16

##
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

注意： 记录一下命令以便node加入kubernetes集群
kubeadm join 10.211.55.7:6443 --token we72z9.zgxl79cuyp2n5uxp
--discovery-token-ca-cert-hash sha256:0b272a6c535d74b905b2a11588bd28edeb0646f4394c7d1409b4058fb8faa311

配置node

kubeadm join 10.211.55.7:6443 --token we72z9.zgxl79cuyp2n5uxp \
    --discovery-token-ca-cert-hash sha256:0b272a6c535d74b905b2a11588bd28edeb0646f4394c7d1409b4058fb8faa311

测试： 在master上执行

kubectl get nodes

状态如下： 状态为NotReady，需要配置网络

[root@s1 ~]# kubectl get nodes
NAME   STATUS     ROLES    AGE     VERSION
s1     NotReady   master   11m     v1.16.4
s2     NotReady   <none>   3m56s   v1.16.4
s3     NotReady   <none>   5m48s   v1.16.4

配置网络

注意： 注意修改ip段

## master
# https://docs.projectcalico.org/v3.8/manifests/calico.yaml
wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
# 修改yaml文件中ip段后，配置网络
sed -i 's#192.168.0.0/16#10.244.0.0/16#g' calico.yaml
kubectl apply -f calico.yaml

# 在master上查看集群状态
[root@s1 ~]# kubectl get nodes
NAME   STATUS   ROLES    AGE   VERSION
s1     Ready    master   32m   v1.16.4
s2     Ready    <none>   25m   v1.16.4
s3     Ready    <none>   27m   v1.16.4

# 如依然有node的状态为NotReady,则删除网络，重新配置
kubectl delete -f calico.yaml
kubectl apply -f calico.yaml

扩展配置

kubectl 命令补全

# 添加source <(kubectl completion bash)到/etc/profile第2行
sed -i 'N;2asource <(kubectl completion bash)' /etc/profile 

kubectx&kubens

• kubectx快速切换context(集群)
• kubens快速切换namespace

# 下载地址 https://github.com/ahmetb/kubectx
git clone https://github.com/ahmetb/kubectx
cp kubectx/kube* /usr/local/bin/

常用命令

• 查看kubernetes集群信息
  kubectl cluster-info

[root@s1 ~]# kubectl cluster-info
Kubernetes master is running at https://10.211.55.7:6443
KubeDNS is running at https://10.211.55.7:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

• 查看kubernetes版本
  kubectl version

[root@s1 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.4", GitCommit:"224be7bdce5a9dd0c2fd0d46b83865648e2fe0ba", GitTreeState:"clean", BuildDate:"2019-12-11T12:47:40Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.4", GitCommit:"224be7bdce5a9dd0c2fd0d46b83865648e2fe0ba", GitTreeState:"clean", BuildDate:"2019-12-11T12:37:43Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}

• 查看kubernetes支持的api-version
  kubectl api-versions

[root@s1 ~]# kubectl api-versions
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
crd.projectcalico.org/v1
events.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1

• 查看节点
  kubectl get nodes
kubectl get nodes -o wide

[root@s1 ~]# kubectl get nodes
NAME   STATUS   ROLES    AGE   VERSION
s1     Ready    master   16h   v1.16.4
s2     Ready    <none>   16h   v1.16.4
s3     Ready    <none>   16h   v1.16.4
[root@s1 ~]# kubectl get nodes -o wide
NAME   STATUS   ROLES    AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION               CONTAINER-RUNTIME
s1     Ready    master   16h   v1.16.4   10.211.55.7   <none>        CentOS Linux 7 (Core)   3.10.0-1062.9.1.el7.x86_64   docker://18.9.9
s2     Ready    <none>   16h   v1.16.4   10.211.55.8   <none>        CentOS Linux 7 (Core)   3.10.0-1062.9.1.el7.x86_64   docker://18.9.9
s3     Ready    <none>   16h   v1.16.4   10.211.55.9   <none>        CentOS Linux 7 (Core)   3.10.0-1062.9.1.el7.x86_64   docker://18.9.9

• 查看pod
  kubectl get pods
kubectl get pods -o wide
kubectl get pods -n kube-system
kubectl get pods -o wide -n kube-system

[root@s1 ~]# kubectl get pods -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-778676476b-knb48   1/1     Running   0          16h
calico-node-hlxq9                          1/1     Running   0          16h
calico-node-l25rk                          1/1     Running   0          16h
calico-node-njnvx                          1/1     Running   0          16h
coredns-58cc8c89f4-lq6hb                   1/1     Running   0          16h
coredns-58cc8c89f4-nnn7q                   1/1     Running   0          16h
etcd-s1                                    1/1     Running   0          16h
kube-apiserver-s1                          1/1     Running   0          16h
kube-controller-manager-s1                 1/1     Running   0          16h
kube-proxy-j544d                           1/1     Running   0          16h
kube-proxy-qdnxc                           1/1     Running   0          16h
kube-proxy-xngmm                           1/1     Running   0          16h
kube-scheduler-s1                          1/1     Running   0          16h
[root@s1 ~]# kubectl get pods -o wide -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE   IP              NODE   NOMINATED NODE   READINESS GATES
calico-kube-controllers-778676476b-knb48   1/1     Running   0          16h   10.244.130.65   s3     <none>           <none>
calico-node-hlxq9                          1/1     Running   0          16h   10.211.55.8     s2     <none>           <none>
calico-node-l25rk                          1/1     Running   0          16h   10.211.55.9     s3     <none>           <none>
calico-node-njnvx                          1/1     Running   0          16h   10.211.55.7     s1     <none>           <none>
coredns-58cc8c89f4-lq6hb                   1/1     Running   0          16h   10.244.78.129   s2     <none>           <none>
coredns-58cc8c89f4-nnn7q                   1/1     Running   0          16h   10.244.78.130   s2     <none>           <none>
etcd-s1                                    1/1     Running   0          16h   10.211.55.7     s1     <none>           <none>
kube-apiserver-s1                          1/1     Running   0          16h   10.211.55.7     s1     <none>           <none>
kube-controller-manager-s1                 1/1     Running   0          16h   10.211.55.7     s1     <none>           <none>
kube-proxy-j544d                           1/1     Running   0          16h   10.211.55.8     s2     <none>           <none>
kube-proxy-qdnxc                           1/1     Running   0          16h   10.211.55.7     s1     <none>           <none>
kube-proxy-xngmm                           1/1     Running   0          16h   10.211.55.9     s3     <none>           <none>
kube-scheduler-s1                          1/1     Running   0          16h   10.211.55.7     s1     <none>           <none>

• 查看命名空间
  kubectl get ns

[root@s1 ~]# kubectl get ns
NAME              STATUS   AGE
default           Active   17h
kube-node-lease   Active   17h
kube-public       Active   17h
kube-system       Active   17h

下一篇 -- Pod