kubeadm 安装k8s 1.15
主机分配
192.168.235.129 :k8s-master
192.168.235.130 :k8s-node-1
192.168.235.131 : k8s-node-2
各节点主机设置
以下操作在各节点操作
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
关闭sawp
swapoff -a #临时
vim /etc/fstab #将开机挂载列表中的swap分区删除永久禁用
将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 执行生效
所有节点安装Docker
systemctl enable docker && systemctl start docker
docker --version
Docker version 19.03.4
所有节点安装kubeadm/kubelet/kubectl/kubectl
添加阿里云的k8s YUM源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
安装kubeadm,kubelet,kubectl
由于版本更新频繁,这里指定版本号部署:
yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
systemctl enable kubelet
部署kubernetes Master
在master(192.168.235.129)节点执行
kubeadm init \
--apiserver-advertise-address=192.168.235.129 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.15.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
执行初始化后要等待一段时间,拉取镜像要花点时间
--apiserver-advertise-address : 向集群通报api-server地址
--image-repository :集群所需的镜像,默认会从google镜像仓库拉取,被墙,这里要配置成阿里的镜像地址
--kubernetes-version :指定kubernetes版本
--service-cidr=10.1.0.0/16 :指定 service地址范围
--pod-network-cidr :指定容器的 IP范围
初始化完成后执行提示命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
并且可以看到生成的加入集群的验证指令:其他节点执行该指令就可以加入集群
kubeadm join 192.168.235.129:6443 --token ua1abl.k7qs6jsj96grfbto \
--discovery-token-ca-cert-hash sha256:6f8cfd90f464df748d5db56e948860a61b0e727aea1893c72125fea171f84d59
此时master节点并未启动成功,它还需要kubernetes网络的加入
部署flannel网络组件
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
确保能够访问到quay.io这个registery,通常有墙,如果无法下载可以先下载到本地
网络插件部署完成后查看master节点的核心组件状态:
[root@master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-bccdc95cf-p9frm 1/1 Running 0 114m
coredns-bccdc95cf-xlhkd 1/1 Running 0 114m
etcd-master 1/1 Running 1 113m
kube-apiserver-master 1/1 Running 1 113m
kube-controller-manager-master 1/1 Running 1 113m
kube-flannel-ds-amd64-crrcq 1/1 Running 0 75s
kube-proxy-2cngx 1/1 Running 1 114m
kube-scheduler-master 1/1 Running 1 113m
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 114m v1.15.0
node节点加入集群
flannel网络插件是运行在集群各节点上的,因此每个节点都要下载该插件,在执行kubectl join时也会去下载该插件,如果无法现在,要提前下载到各个node节点 docker pull quay.io/coreos/flannel:v0.11.0-arm
将各node节点加入集群,使用上面master节点初始化后生成的指令
各node节点执行:
kubeadm join 192.168.235.129:6443 --token ua1abl.k7qs6jsj96grfbto \
--discovery-token-ca-cert-hash sha256:6f8cfd90f464df748d5db56e948860a61b0e727aea1893c72125fea171f84d59
Run 'kubectl get nodes' on the control-plane to see this node join the cluster. 添加完成最后提示这信息说明已经加入了集群
node节点加入集群后,master节点任然需要下载依赖的网络组件,所以仍然需要等待一点时间,取决于网速快慢
master节点查看集群状态
[root@master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-bccdc95cf-p9frm 1/1 Running 0 147m
coredns-bccdc95cf-xlhkd 1/1 Running 0 147m
etcd-master 1/1 Running 1 146m
kube-apiserver-master 1/1 Running 1 146m
kube-controller-manager-master 1/1 Running 1 146m
kube-flannel-ds-amd64-bj8gn 1/1 Running 0 10m
kube-flannel-ds-amd64-crrcq 1/1 Running 0 34m
kube-flannel-ds-amd64-qq2fv 1/1 Running 0 9m59s
kube-proxy-2cngx 1/1 Running 1 147m
kube-proxy-dncr6 1/1 Running 0 9m59s
kube-proxy-l2vrt 1/1 Running 0 10m
kube-scheduler-master 1/1 Running 1 146m
查看集群节点
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-node-1 Ready <none> 14m v1.15.0
k8s-node-2 Ready <none> 13m v1.15.0
master Ready master 151m v1.15.0
至此,k8s集群部署完成
测试集群
在集群中添加一个pod,看是否正常
[root@master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
查看pod
[root@master ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-554b9c67f9-wvnpr 1/1 Running 0 97s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 159m
service/nginx NodePort 10.1.9.142 <none> 80:32632/TCP 48s
可以看到service暴露出来的随机端口是32632,那么访问http://192.168.235.129:32632/即可
使用Deployment创建pod资源
使用Deployment方式创建pod资源,并指定独立的Namespace,和service进行服务暴露,yaml文件内容如下:
apiVersion: v1
kind: Namespace
metadata:
name: nginx
namespace: nginx
labels:
app: nginx
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-server
namespace: nginx
labels:
deploy: nginx
spec:
replicas: 2
selector:
matchLabels:
service: nginx
template:
metadata:
name: nginx-service
labels:
service: nginx
spec:
containers:
- name: nginx-service
image: nginx:1.15
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
namespace: nginx
labels:
svc: nginx
spec:
selector:
service: nginx
ports:
- port: 80
targetPort: 80
nodePort: 30001
type: NodePort
