叢集部署
準備工作
- ip對映關係
| 角色 | ip | host |
|---|---|---|
| master | 192.168.242.41 | k8s-master |
| node-1 | 192.168.242.42 | K8s-node1 |
| node-2 | 192.168.242.43 | K8s-node2 |
- 修改host對映
vim /etc/hosts
192.168.242.41 k8s-master
192.168.242.42 k8s-node1
192.168.242.43 k8s-node2
- 關閉防火牆
systemctl stop firewalld
systemctl disable firewalld
- 矯正時間
date
yum install -y ntp
# 同步時間
ntpdate cn.pool.ntp.org
- 關閉selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
- 關閉swap => K8S中不支援swap分割槽
vim /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0
- 將橋接的IPv4流量傳遞到iptables的鏈
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
安裝 kubeadm、kubelet、kubectl
- 新增國內源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.tuna.tsinghua.edu.cn/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
- 安裝(版本1.20.0)
yum clean all
yum makecache
yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0 --nogpgcheck
systemctl enable kubelet
- 遇到問題
1. Public key forxxx.rpm is not installed
新增 --nogpgcheck 引數
設定msatrer、node節點
配置master節點
# 開啟docker服務
systemctl enable docker.service
kubeadm init \
--apiserver-advertise-address=192.168.242.41 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.20.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
配置kubectl命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
pod網路配置
- 下載kube-flannel 到本地
- 執行命令:
kubectl -f /path/kube-flannel.yml - 檢視所有pod及節點狀態,只有狀態都為running才行
[root@admin41 ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7f89b7bc75-qjnvk 1/1 Running 0 15m
kube-system coredns-7f89b7bc75-xsst9 1/1 Running 0 15m
kube-system etcd-admin41 1/1 Running 0 15m
kube-system kube-apiserver-admin41 1/1 Running 0 15m
kube-system kube-controller-manager-admin41 1/1 Running 0 15m
kube-system kube-flannel-ds-t59dt 1/1 Running 0 2m31s
kube-system kube-proxy-d5q96 1/1 Running 0 15m
kube-system kube-scheduler-admin41 1/1 Running 0 15m
加入node節點
- 檢視master token資訊
kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
i3liaa.2zlnok84t9u4s4pw 23h 2021-02-09T13:49:40+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
- 新增node節點(在node節點上操作)
kubeadm join 192.168.242.41:6443 --token i3liaa.2zlnok84t9u4s4pw --discovery-token-ca-cert-hash \sha256:59d102c031ab863bb58774f254267193e718bbe517a39761b255b1004627acc3
- 獲取CA證書sha256的hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
59d102c031ab863bb58774f254267193e718bbe517a39761b255b1004627acc3
測試k8s叢集
部署一個nginx
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc -o wide
隨便訪問三個節點中的任意一臺的32081埠就可
問題總結
- Public key forxxx.rpm is not installed
新增 --nogpgcheck 引數
- The connection to the server localhost:8080 was refused - did you specify the right host or port?
scp /etc/kubernetes/admin.conf k8s-node2:/etc/kubernetes/admin.conf
# 新增環境變數
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
- node節點roles為none
kubectl label node k8s-node1 node-role.kubernetes.io/worker=worker
kubectl label node k8s-node2 node-role.kubernetes.io/worker=worker