云原生学习

学习k8s的实验资料


kubeadm搭建k8s

环境说明

虚拟机配置

主机名 ip地址 节点类型 系统版本 资源配置
master 10.5.146.44 master、etcd centos7.5 CPU>=2,内存>=4G,磁盘40G
node1 10.5.146.45 worker centos7.5 CPU>=2,内存>=2G,磁盘40G
node2 10.5.146.46 worker centos7.5 CPU>=2,内存>=2G,磁盘40G

相关组件版本说明

组件 版本 说明
kubernetes 1.20.4 主程序
docker 19.03.15 容器
calico 3.18.1 网络插件
etcd 3.14.13 数据库
coredns 1.7.0 dns组件
kubernetes-dashboard v2.2.0 web界面

注意:

  • 节点之中不可以有重复的主机名、MAC地址或者product_uuid
  • 禁用交换分区

系统配置

清空防火墙规则和selinux:

iptables -F
setenforce 0 
sed -i 's/SELINUX=/SELINUX=disabled/g' /etc/selinux/config

设置yum源

wget -O /etc/yum.repos.d/CentOS-Base.repo https://repo.huaweicloud.com/repository/conf/CentOS-7-reg.repo
yum install -y epel-release
sed -i "s/#baseurl/baseurl/g" /etc/yum.repos.d/epel.repo
sed -i "s/metalink/#metalink/g" /etc/yum.repos.d/epel.repo
sed -i "s@https\?://download.fedoraproject.org/pub@https://repo.huaweicloud.com@g" /etc/yum.repos.d/epel.repo

修改内核参数: > ```shell cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 vm.swappiness = 0 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl -p /etc/sysctl.d/k8s.conf

如果出现sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No Such file or directory这样的错误,可以忽略

加载内核模块:配置IPVS
```shell
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- br_netfilter
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

chmod 755 /etc/sysconfig/modules/ipvs.modules && \
bash /etc/sysconfig/modules/ipvs.modules && \
lsmod | grep -E "ip_vs|nf_conntrack_ipv4"

安装docker

yum install -y yum-utils device-mapper-persistent-data lvm2
wget -O /etc/yum.repos.d/docker-ce.repo https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+repo.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
##安装docker-ce
yum install -y docker-ce-19.03.15
mkdir /etc/docker
##配置加速器
cat > /etc/docker/daemon.json << EOF
{
    "exec-opts": ["native.cgroupdriver=systemd"],
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "100m",
        "max-file": "10"
    },
    "live-restore": true,
    "registry-mirrors": ["https://pqbap4ya.mirror.aliyuncs.com"]
}
EOF
##重启docker服务并配置随机自启动
systemctl restart docker
systemctl enable docker

集群安装

安装kubeadm、kubelet、kubectl

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9
systemctl enable kubelet && systemctl start kubelet

安装master节点

创建默认的kubeadm-config.yaml文件

kubeadm config print init-defaults > kubeadm-config.yaml 修改kubeadm-config.yaml文件如下:

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 10.5.146.44
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: cka01
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.20.9
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16
scheduler: {}

安装master节点:

kubeadm init --config kubeadm-config.yaml

配置访问集群

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -u) $HOME/.kube/config

配置worker节点

在master节点上,当master部署成功时,会返回类似如下指令,直接将该条指令复制至worker节点执行,即可完成节点的添加 > 以上指令的token有效期只有24小时,当token失效以后,可使用如下命令生成新的添加节点指令 kubeadm token create --print-join-command

安装calico网络插件(master)

可用如下命令获取calico.yaml配置文件 curl https://docs.projectcalico.org/manifests/calico.yaml -O 安装calico kubectl apply -f calico.yaml > 若因为网络原因使用无法获取calico.yaml配置文件,则可直接访问如下网址,将calico.yaml内容复制到master节点https://docs.projectcalico.org/v3.18/manifests/calico.yaml

检查集群状态

扩展插件安装

安装helm

安装ingress

安装metrics-server

安装dashboard

重置集群

升级集群

注意事项

升级

升级master节点

升级worker节点

页面列表

ITEM_HTML