Linux CentOS Kubernetes Docker

版本:1.20.9-0

Kubernetes 这个名字源于希腊语,意为“舵手”或“飞行员”。k8s 这个缩写是因为 k 和 s 之间有八个字符的关系。

官网:https://kubernetes.io/zh/docs/concepts/overview/what-is-kubernetes/

组件介绍

kubernetes 集群有很多节点组成,这些节点有两种类型:

1. 主(master)节点:kubernetes 控制 和 管理整个集群系统的控制面板。

2. 工作(worker)节点:部署实际应用。


master 节点组件:

1. kubernetes API Server,用来和控制面板组件通信交互的组件

2. scheculer 应用调度组件

3. Controller manager 执行集群级别功能(复制组件、跟踪worker节点、处理节点失败)的节点

4. etcd 一个可靠的分布式数据存储,保存集群配置

worker 节点组件:

1. kubelet 与 API 服务器通信,管理当前 worker 节点的容器

2. kube-proxy (kubernetes Service Proxy) 负责组件质检的负载均衡网络流量


Kubernetes 扩展组件

kube-dns 负责为整个集群提供DNS服务,对集群IP提供域名解析功能
ingress Controller 实现七层代理,为服务提供外网入口
heapster 提供资源监控
dashbaoard 提供 B/S 视图管理集群
federation 提供实现跨多个K8S集群中心的统一管理功能
fluentd-elasticsearch 提供集群日志采集、存储与查询

docker版本:安装参考《Docker安装》

yum install docker-ce-19.03.5 docker-ce-cli-19.03.5 containerd.io-1.2.10


kubernetes 安装

需要禁用交换分区,及其他遇到的问题:《kubernetes1.20.9安装过程中遇到的问题》


1. 【所有节点需执行】设置 kubernetes 国内镜像,编辑 /etc/yum.repos.d/kubernetes.repo 内容如下

[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl


2. 【所有节点需执行】安装 kubelet、kubectl、kubeadm

yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9


3. 【所有节点需执行】启动 kubelet,并设置开机启动

systemctl enable kubelet --now


4. 【所有节点需执行】下载需要的 docker 镜像

docker pull kube-apiserver:v1.20.9
docker pull kube-proxy:v1.20.9
docker pull kube-controller-manager:v1.20.9
docker pull kube-scheduler:v1.20.9
docker pull coredns:1.7.0
docker pull etcd:3.4.13-0
docker pull pause:3.2

其中 master 节点需要下载所有镜像,worker 节点需要下载 kube-proxy,pause 镜像。


5. 【master 节点需执行】初始化 master 节点

kubeadm init \
--apiserver-advertise-address=192.168.31.160 \
--control-plane-endpoint=cluster-endpoint \
--image-repository registry.cn-beijing.aliyuncs.com/miselehe \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/24 \
--pod-network-cidr=10.244.0.0/16

apiserver-advertise-address:master IP地址,一般是内网地址。

service-cidr:k8s服务暴露端口时的IP网段。

pod-network-cidr:k8s集群内 Pod 间通信用网段。

此三个网络不能再同一网段。

初始化完成提示:

Your Kubernetes control-plane has initialized successfully!
# 1. 需要执行以下指令
To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf
# 2. 需要安装 Pod 之间交互的网络插件
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/
# 3. 在其他节点执行以下指令,将其他节点作为 master 节点加入当前节点
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join cluster-endpoint:6443 --token 82xo0l.jklbj4dtvfbyqrxx \
    --discovery-token-ca-cert-hash sha256:ed1e58c58995f0ee7da7dd25522b6edfb895a944e59aa8ea5d1a9e720db18608 \
    --control-plane 
# 4. 在其他节点执行以下指令,将其他节点作为 worker 节点加入当前节点
Then you can join any number of worker nodes by running the following on each as root:

kubeadm join cluster-endpoint:6443 --token 82xo0l.jklbj4dtvfbyqrxx \
    --discovery-token-ca-cert-hash sha256:ed1e58c58995f0ee7da7dd25522b6edfb895a944e59aa8ea5d1a9e720db18608

加入 master 节点指令默认24小时有效,超出24小时可使用如下指令重新获取加入节点的指令

kubeadm token create --print-join-command


6. master 节点安装 Pod 需要的 calico 网络插件

下载 calico 网络插件 yaml 文件

curl https://docs.projectcalico.org/manifests/calico.yaml -O

修改 calico 配置文件内容

- name: CALICO_IPV4POOL_CIDR
  #   value: "192.168.0.0/16"

将网段修改为 master 初始化时 pod-network-cidr 参数的网段(10.244.0.0/16),注意 yaml 文件格式!

根据 master 节点初始化提示指令,安装 calico 插件

kubectl apply -f calico.yaml


7. 将 worker 节点加入 master 节点

增加 master 节点映射

echo '192.168.31.160 cluster-endpoint' >> /etc/hosts

执行初始化 master 节点提示指令,将 node1-k8s,node2-k8s 作为 worker 节点加入 master-k8s 节点

kubeadm join cluster-endpoint:6443 --token 82xo0l.jklbj4dtvfbyqrxx \
    --discovery-token-ca-cert-hash sha256:ed1e58c58995f0ee7da7dd25522b6edfb895a944e59aa8ea5d1a9e720db18608

加入成功提示

sudo chown $(id -u):$(id -g) $HOME/.kube/config[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.


8. 查看集群信息

# 查看集群信息
# kubectl cluster-info
Kubernetes control plane is running at https://cluster-endpoint:6443
KubeDNS is running at https://cluster-endpoint:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

# 查看集群节点信息
# kubectl get nodes -A
NAME                     STATUS   ROLES                  AGE     VERSION
master-k8s.localdomain   Ready    control-plane,master   4d20h   v1.20.9
node1-k8s.localdomain    Ready    <none>                 4d20h   v1.20.9
node2-k8s.localdomain    Ready    <none>                 4d20h   v1.20.9
# kubectl get nodes -o wide
NAME                     STATUS   ROLES                  AGE   VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION           CONTAINER-RUNTIME
master-k8s.localdomain   Ready    control-plane,master   9d    v1.20.9   192.168.31.160   <none>        CentOS Linux 7 (Core)   3.10.0-1062.el7.x86_64   docker://19.3.5
node1-k8s.localdomain    Ready    <none>                 9d    v1.20.9   192.168.31.161   <none>        CentOS Linux 7 (Core)   3.10.0-1062.el7.x86_64   docker://19.3.5
node2-k8s.localdomain    Ready    <none>                 9d    v1.20.9   192.168.31.162   <none>        CentOS Linux 7 (Core)   3.10.0-1062.el7.x86_64   docker://19.3.5


# 查看节点详情
# kubectl describe node node1-k8s.localdomain




转载请指明出处!http://www.miselehe.com/article/view/64