Kubernetes部署

最新推荐文章于 2023-09-14 17:48:37 发布

linlusama

最新推荐文章于 2023-09-14 17:48:37 发布

阅读量1.7k

点赞数

CC 4.0 BY-SA版权

分类专栏： Kubernetes 文章标签： kubernetes docker linux

本文链接：https://blog.csdn.net/weixin_46634416/article/details/122015473

Kubernetes部署

kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具。

这个工具能通过两条指令完成一个kubernetes集群的部署：

# 创建一个 Master 节点
$ kubeadm init

# 将一个 Node 节点加入到当前集群中
$ kubeadm join <Master节点的IP和端口>

1.安装要求

在开始之前，部署Kubernetes集群机器需要满足以下几个条件：

-至少3台机器，操作系统 CentOS7+

硬件配置：2GB或更多RAM，2个CPU或更多CPU，硬盘20GB或更多
集群中所有机器之间网络互通
可以访问外网，需要拉取镜像
禁止swap分区

2. 学习目标

在所有节点上安装Docker和kubeadm
部署Kubernetes Master
部署容器网络插件
部署 Kubernetes Node，将节点加入Kubernetes集群中
部署Dashboard Web页面，可视化查看Kubernetes资源

3. 准备环境

角色	IP
master	192.168.200.150
node1	192.168.200.147
node2	192.168.200.145

master

//关闭防火墙
[root@master ~]# systemctl disable --now firewalld 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@master ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config 
[root@master ~]# setenforce 0

//关闭swap分区
[root@master ~]# vim /etc/fstab 
# 
# /etc/fstab
# Created by anaconda on Wed Oct 13 02:14:30 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/cs-root     /                       xfs     defaults        0 0
UUID=f4cd3f23-9f86-4a9f-beb2-4712c4f1c1b6 /boot                   xfs     defaults        0 0
#/dev/mapper/cs-swap     none                    swap    defaults        0 0

//映射
[root@master ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.200.150 master master.example.com 
192.168.200.147 node1 master.example.com 
192.168.200.145 node2 master.example.com 

//将桥接的IPv4流量传递到iptables的链
[root@master ~]# cat > /etc/sysctl.d/k8s.conf << EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
//生效
[root@master ~]# sysctl --system
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-coredump.conf ...
kernel.core_pattern = |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.promote_secondaries = 1
net.core.default_qdisc = fq_codel
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/50-libkcapi-optmem_max.conf ...
net.core.optmem_max = 81920
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
kernel.pid_max = 4194304
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
* Applying /etc/sysctl.conf ...

//时间同步
[root@master ~]# yum -y install chrony
[root@master ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool  time1.aliyun.com iburst
[root@master ~]# systemctl enable --now chronyd

//免密认证
[root@master ~]# ssh-keygen -t rsa 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:B7fDCPlV5Cd489siAVH1oCQ5FJFPqu0kogA1nOOEDtc root@master
The key's randomart image is:
+---[RSA 3072]----+
| o o     .*B=.o  |
|o O E  .  +B.. o |
|o= o  o . ==* . .|
|...    o *.+.=   |
| .      So= . .  |
|  .   . o.o. . o |
|   . . . +  . o .|
|    .     .  . . |
|                 |
+----[SHA256]-----+
[root@master ~]# ssh-copy-id master 
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'master (192.168.200.150)' can't be established.
ECDSA key fingerprint is SHA256:6pn/taoSrwdqKNTLndCgj4EL8rogROHK3YHp92C3J3Y.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes       
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@master's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'master'"
and check to make sure that only the key(s) you wanted were added.

[root@master ~]# ssh-copy-id node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node1 (192.168.200.147)' can't be established.
ECDSA key fingerprint is SHA256:sk/FlXKZaP/OCsa9FksW9uzv6RL3YHUAjks2UEfIw0c.
Are you sure you want to continue connecting (yes/no/[finger