searchusermenu
  • 发布文章
  • 消息中心
点赞
收藏
评论
分享
原创

k8s入门(1)

2023-12-22 01:56:10
44
0

k8s安装

centos7.9最小安装版本

从零开始的k8s安装

硬件配置要求
  1. cpu >= 2核
  2. 硬盘 >= 20G
  3. 内存 >= 2G
  4. 节点数量建议为奇数(3, 5, 7, 9等)
以下命令出除特殊要求外,其余都建议在master主机执行。
本教程配置如下
机器名 IP 角色 CPU 内存
centos01 192.168.109.121 master 4核 2G
centos02 192.168.109.122 node 4核 2G
基础准备(所有机器都要执行)
设置主机名,所有节点都执行
  1. 执行以下命令安装必备插件
 
vim /etc/hosts #增加 
192.168.109.121 centos01 
192.168.109.122 centos02
 
  1. 关闭防火墙,所有节点都执行
 
systemctl stop firewalld 
systemctl disable firewalld 
setenforce 0 
vim /etc/selinux/config #修改SELINUX的值 SELINUX=disabled
  1. 关闭swap内存,所有节点都执行
free -h 
sudo swapoff -a 
sudo sed -i 's/.*swap.*/#&/' /etc/fstab
  1. 关闭selinux
getenforce
cat /etc/selinux/config
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config
  1. 配置网桥,所有节点都执行
修改参数
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables         = 1
net.ipv4.ip_forward                                 = 1
然后,加载如下两个模块,所有节点都执行
 
modprobe ip_vs_rr
modprobe br_netfilter
生效配置
 
[root@centos01 opt]# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
  1. 安装组件
# yum 更新
sudo yum update -y
# tab 命令补全
sudo yum install -y bash-completion
# wget
sudo yum install -y wget
# vim 编辑器
sudo yum install -y vim-enhanced
# 网络工具
sudo yum install -y net-tools
# gcc 编译器
sudo yum install -y gcc
  1. 安装docker
安装 docker , Containerd

# 删除 docker(如果有的话)
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安装必备工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 加入 docker 源
sudo yum-config-manager --add-repo download.docker.com/linux/centos/docker-ce.repo 

# 安装 docker
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 安装 containerd
sudo yum install -y containerd

vim /etc/containerd/config.toml
#SystemdCgroup的值改为true
SystemdCgroup = true
#由于国内下载不到registry.k8s.io的镜像,修改sandbox_image的值为:
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"

# 若下载不到containerd,执行「」中内容
 
「
wget github.com/containerd/containerd/releases/download/v1.7.2/containerd-1.7.2-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.7.2-linux-amd64.tar.gz
」
# 停止 containerd
sudo systemctl stop containerd.service

# 生成并修改配置文件
sudo cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
sudo containerd config default > $HOME/config.toml
sudo cp $HOME/config.toml /etc/containerd/config.toml

sudo sed -i "s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml

sudo sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml

# 将 containerd 加入开机自启
sudo systemctl enable --now containerd.service

# 启动 docker
sudo systemctl start docker.service
# 将 docker 加入开机自启
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep docker

# 设置 docker 镜像加速
sudo mkdir -p /etc/docker
# 镜像address换成你自己的镜像address
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["xxxxx.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

sudo systemctl daemon-reload
sudo systemctl restart docker
sudo docker info

sudo systemctl status docker.service
sudo systemctl status containerd.service
  1. 添加国内镜像仓库
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
# 是否开启本仓库
enabled=1
# 是否检查 gpg 签名文件
gpgcheck=0
# 是否检查 gpg 签名文件
repo_gpgcheck=0
gpgkey=mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF
  1. 安装k8s
# 安装 1.27.1 版本
sudo yum install -y kubelet-1.27.1 kubeadm-1.27.1 kubectl-1.27.1 --disableexcludes=kubernetes --nogpgcheck

# 安装最新版本(生产环境不建议)
# sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes --nogpgcheck

systemctl daemon-reload
sudo systemctl restart kubelet
sudo systemctl enable kubelet
  1. 启动(master执行)
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.42.150 --kubernetes-version=v1.27.1

# --image-repository                                         镜像加速address,一般不动
# --apiserver-advertise-address  master 节点IP address,自己改
# --kubernetes-version                                         kubernetes 版本,自己选择的什么版本就改成什么版本


# 初始化失败可以使用 kubeadm reset 重置
# 失败原因多半是因为网络问题,可以换个网络试试
  1. 初始化成功后执行(master执行)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
  1. 将node加入集群
# 执行成功后,会出现类似下列内容:
kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
--discovery-token-ca-cert-hash sha256:6dkl32klh34j5gkj2kl42kjlk452h42lh4l2h42l
# 将控制台打印的这句复制到 node 节点主机上执行就行

# 如果忘记或者过期可以使用以下命令重新生成
kubeadm token create --print-join-command
  1. 查看集群状态(master 节点执行)
kubectl get nodes
  1. 安装网络插件,可以选择calico或flannel,这里选择安装flannel,仅在(master节点执行)
wget github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml 
# vim kube-flannel.yml
#修改Network项的值,改为和--pod-network-cidr一样的值
"Network": "10.244.0.0/16"
#由于有时国内网络的问题,需要修改image的value,把所有的docker.io改为dockerproxy.com#共需要修改3处,两个值
image: dockerproxy.com/flannel/flannel:v0.22.0
image: dockerproxy.com/flannel/flannel-cni-plugin:v1.1.2   

# 安装
# kubectl apply -f kube-flannel.yml

问题:

问题 1:安装flannel失败报如下
 
Back-off restarting failed container kube-flannel in pod kube-flannel
 
方法
部署flannel网络插件时发现flannel一直处于CrashLoopBackOff状态,查看日志提示没有分配cidr
解决
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
增加参数:
--allocate-node-cidrs=true
--cluster-cidr=10.244.0.0/16

然后保存退出执行
systemctl restart kubelet
如下
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-controller-manager
    tier: control-plane
  name: kube-controller-manager
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-controller-manager
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --bind-address=127.0.0.1
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --cluster-name=kubernetes
    - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
    - --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
    - --controllers=*,bootstrapsigner,tokencleaner
    - --kubeconfig=/etc/kubernetes/controller-manager.conf
    - --leader-elect=true
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --root-ca-file=/etc/kubernetes/pki/ca.crt
    - --service-account-private-key-file=/etc/kubernetes/pki/sa.key
    - --use-service-account-credentials=true
    - --allocate-node-cidrs=true
    - --cluster-cidr=10.244.0.0/16
 
问题2: 只部署单节点允许master节点部署pod
方法:
# 查看当前
kubectl describe nodes master |grep -E '(Roles|Taints)'

#允许,k8s分成control-plane和node两种角色对应过去的master与work
kubectl taint node master node-role.kubernetes.io/control-plane-

#禁止master部署pod
kubectl taint nodes k8s node-role.kubernetes.io/master=true:NoSchedule
 

参考资料:

  1. blog.csdn.net/weixin_44084452/article/details/130797232
  2. developer.volcengine.com/articles/7262266226414452755#heading21
  3. zhuanlan.zhihu.com/p/532393808
  4. blog.frognew.com/2021/08/relearning-k8s-02.html
0条评论
0 / 1000
t****n
9文章数
0粉丝数
t****n
9 文章 | 0 粉丝
t****n
9文章数
0粉丝数
t****n
9 文章 | 0 粉丝
原创

k8s入门(1)

2023-12-22 01:56:10
44
0

k8s安装

centos7.9最小安装版本

从零开始的k8s安装

硬件配置要求
  1. cpu >= 2核
  2. 硬盘 >= 20G
  3. 内存 >= 2G
  4. 节点数量建议为奇数(3, 5, 7, 9等)
以下命令出除特殊要求外,其余都建议在master主机执行。
本教程配置如下
机器名 IP 角色 CPU 内存
centos01 192.168.109.121 master 4核 2G
centos02 192.168.109.122 node 4核 2G
基础准备(所有机器都要执行)
设置主机名,所有节点都执行
  1. 执行以下命令安装必备插件
 
vim /etc/hosts #增加 
192.168.109.121 centos01 
192.168.109.122 centos02
 
  1. 关闭防火墙,所有节点都执行
 
systemctl stop firewalld 
systemctl disable firewalld 
setenforce 0 
vim /etc/selinux/config #修改SELINUX的值 SELINUX=disabled
  1. 关闭swap内存,所有节点都执行
free -h 
sudo swapoff -a 
sudo sed -i 's/.*swap.*/#&/' /etc/fstab
  1. 关闭selinux
getenforce
cat /etc/selinux/config
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config
  1. 配置网桥,所有节点都执行
修改参数
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables         = 1
net.ipv4.ip_forward                                 = 1
然后,加载如下两个模块,所有节点都执行
 
modprobe ip_vs_rr
modprobe br_netfilter
生效配置
 
[root@centos01 opt]# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
  1. 安装组件
# yum 更新
sudo yum update -y
# tab 命令补全
sudo yum install -y bash-completion
# wget
sudo yum install -y wget
# vim 编辑器
sudo yum install -y vim-enhanced
# 网络工具
sudo yum install -y net-tools
# gcc 编译器
sudo yum install -y gcc
  1. 安装docker
安装 docker , Containerd

# 删除 docker(如果有的话)
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安装必备工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 加入 docker 源
sudo yum-config-manager --add-repo download.docker.com/linux/centos/docker-ce.repo 

# 安装 docker
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 安装 containerd
sudo yum install -y containerd

vim /etc/containerd/config.toml
#SystemdCgroup的值改为true
SystemdCgroup = true
#由于国内下载不到registry.k8s.io的镜像,修改sandbox_image的值为:
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"

# 若下载不到containerd,执行「」中内容
 
「
wget github.com/containerd/containerd/releases/download/v1.7.2/containerd-1.7.2-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.7.2-linux-amd64.tar.gz
」
# 停止 containerd
sudo systemctl stop containerd.service

# 生成并修改配置文件
sudo cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
sudo containerd config default > $HOME/config.toml
sudo cp $HOME/config.toml /etc/containerd/config.toml

sudo sed -i "s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml

sudo sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml

# 将 containerd 加入开机自启
sudo systemctl enable --now containerd.service

# 启动 docker
sudo systemctl start docker.service
# 将 docker 加入开机自启
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep docker

# 设置 docker 镜像加速
sudo mkdir -p /etc/docker
# 镜像address换成你自己的镜像address
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["xxxxx.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

sudo systemctl daemon-reload
sudo systemctl restart docker
sudo docker info

sudo systemctl status docker.service
sudo systemctl status containerd.service
  1. 添加国内镜像仓库
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
# 是否开启本仓库
enabled=1
# 是否检查 gpg 签名文件
gpgcheck=0
# 是否检查 gpg 签名文件
repo_gpgcheck=0
gpgkey=mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF
  1. 安装k8s
# 安装 1.27.1 版本
sudo yum install -y kubelet-1.27.1 kubeadm-1.27.1 kubectl-1.27.1 --disableexcludes=kubernetes --nogpgcheck

# 安装最新版本(生产环境不建议)
# sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes --nogpgcheck

systemctl daemon-reload
sudo systemctl restart kubelet
sudo systemctl enable kubelet
  1. 启动(master执行)
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.42.150 --kubernetes-version=v1.27.1

# --image-repository                                         镜像加速address,一般不动
# --apiserver-advertise-address  master 节点IP address,自己改
# --kubernetes-version                                         kubernetes 版本,自己选择的什么版本就改成什么版本


# 初始化失败可以使用 kubeadm reset 重置
# 失败原因多半是因为网络问题,可以换个网络试试
  1. 初始化成功后执行(master执行)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
  1. 将node加入集群
# 执行成功后,会出现类似下列内容:
kubeadm join 192.168.80.60:6443 --token f9lvrz.59mykzssqw6vjh32 \
--discovery-token-ca-cert-hash sha256:6dkl32klh34j5gkj2kl42kjlk452h42lh4l2h42l
# 将控制台打印的这句复制到 node 节点主机上执行就行

# 如果忘记或者过期可以使用以下命令重新生成
kubeadm token create --print-join-command
  1. 查看集群状态(master 节点执行)
kubectl get nodes
  1. 安装网络插件,可以选择calico或flannel,这里选择安装flannel,仅在(master节点执行)
wget github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml 
# vim kube-flannel.yml
#修改Network项的值,改为和--pod-network-cidr一样的值
"Network": "10.244.0.0/16"
#由于有时国内网络的问题,需要修改image的value,把所有的docker.io改为dockerproxy.com#共需要修改3处,两个值
image: dockerproxy.com/flannel/flannel:v0.22.0
image: dockerproxy.com/flannel/flannel-cni-plugin:v1.1.2   

# 安装
# kubectl apply -f kube-flannel.yml

问题:

问题 1:安装flannel失败报如下
 
Back-off restarting failed container kube-flannel in pod kube-flannel
 
方法
部署flannel网络插件时发现flannel一直处于CrashLoopBackOff状态,查看日志提示没有分配cidr
解决
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
增加参数:
--allocate-node-cidrs=true
--cluster-cidr=10.244.0.0/16

然后保存退出执行
systemctl restart kubelet
如下
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-controller-manager
    tier: control-plane
  name: kube-controller-manager
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-controller-manager
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --bind-address=127.0.0.1
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --cluster-name=kubernetes
    - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
    - --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
    - --controllers=*,bootstrapsigner,tokencleaner
    - --kubeconfig=/etc/kubernetes/controller-manager.conf
    - --leader-elect=true
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --root-ca-file=/etc/kubernetes/pki/ca.crt
    - --service-account-private-key-file=/etc/kubernetes/pki/sa.key
    - --use-service-account-credentials=true
    - --allocate-node-cidrs=true
    - --cluster-cidr=10.244.0.0/16
 
问题2: 只部署单节点允许master节点部署pod
方法:
# 查看当前
kubectl describe nodes master |grep -E '(Roles|Taints)'

#允许,k8s分成control-plane和node两种角色对应过去的master与work
kubectl taint node master node-role.kubernetes.io/control-plane-

#禁止master部署pod
kubectl taint nodes k8s node-role.kubernetes.io/master=true:NoSchedule
 

参考资料:

  1. blog.csdn.net/weixin_44084452/article/details/130797232
  2. developer.volcengine.com/articles/7262266226414452755#heading21
  3. zhuanlan.zhihu.com/p/532393808
  4. blog.frognew.com/2021/08/relearning-k8s-02.html
文章来自个人专栏
机器人遇上AI
9 文章 | 1 订阅
0条评论
0 / 1000
请输入你的评论
0
0