Kubernetes探索学习001--Centos7.6使用kubeadm快速部署Kubernetes集群

时间  2020-05-08
标签 kubernetes 探索 学习 centos7.6 centos 使用 kubeadm 快速 部署 集群 栏目 CentOS 繁體版
原文   原文链接

###Centos7.6使用kubeadm快速部署kubernetes集群 为何要使用kubeadm来部署kubernetes?由于kubeadm是kubernetes原生的部署工具,简单快捷方便,便于新手快速搭建学习,经过kubeadm配合kubernetes相关组件的docker镜像部署出来的集群环境和二进制文件搭建起来的集群环境基本上没什么区别。可是须要注意这种方式不建议用于生产环境!主要用于研究学习kubernetes! 关于kubeadm: Easily bootstrap a secure Kubernetes cluster ####1.1.服务器规划 | 主机名 | 内网ip地址 | 角色 | 系统版本 | | :----------: | :--------: | :----: | :----------: | | kubernetes01 | 10.5.0.206 | Master | CentOS Linux release 7.6.1810 (Core) | | kubernetes02 | 10.5.0.207 | Worker | CentOS Linux release 7.6.1810 (Core) | | kubernetes03 | 10.5.0.208 | Worker | CentOS Linux release 7.6.1810 (Core) | | kubernetes04 | 10.5.0.209 | Worker | CentOS Linux release 7.6.1810 (Core) | | kubernetes05 | 10.5.0.210 | Worker | CentOS Linux release 7.6.1810 (Core) | | kubernetes06 | 10.5.0.213 | Worker | CentOS Linux release 7.6.1810 (Core) | | kubernetes07 | 10.5.0.214 | Worker | CentOS Linux release 7.6.1810 (Core) | | kubernetes08 | 10.5.0.218 | Worker | CentOS Linux release 7.6.1810 (Core) | | kubernetes09 | 10.5.0.219 | Worker | CentOS Linux release 7.6.1810 (Core) | ####1.2.Master节点 Master 节点主要包含了三个Kubernetes项目中最最最重要的组件:apiserver,scheduler,controller-manager! apiserver:提供了管理集群的API接口 scheduler:负责分配调度Pod到集群内的node节点 controller-manager:由一系列的控制器组成,经过apiserver监控整个集群的状态html

#####1.2.1.确认系统版本,修改主机名node

1.查看系统版本
[root@iZ2ze7ftggknd1fplnxygqZ ~]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core)
2.修改主机名
hostnamectl set-hostname kubernetes01
3.别忘了修改/etc/hosts文件
[root@kubernetes01 ~]# cat /etc/hosts
127.0.0.1       localhost       localhost.localdomain   localhost4      localhost4.localdomain4
::1     localhost       localhost.localdomain   localhost6      localhost6.localdomain6
# kubernetes-cluster
10.5.0.206 kubernetes01
...

#####1.2.2.关闭防火墙linux

systemctl stop firewalld && systemctl disable firewalld

#####1.2.3.检查selinux是否关闭git

[root@kubernetes01 ~]# setenforce 0
setenforce: SELinux is disabled

#####1.2.4.提早处理路由问题github

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1    
vm.swappiness=0
EOF
以后
sysctl --system

#####1.2.5.安装docker-ce, 注意docker-ce的版本和kubernetes版本的兼容性!docker

使用yum安装docekr-ce,版本v18.06.1
[root@kubernetes01 ~]# yum -y install yum-utils device-mapper-persistent-data lvm2
[root@kubernetes01 ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@kubernetes01 ~]# yum -y install docker-ce-18.06.1.ce
[root@kubernetes01 ~]# /bin/systemctl start docker.service 
[root@kubernetes01 ~]# docker --version 
Docker version 18.06.1-ce, build e68fc7a

#####1.2.6.安装kubelet kubeadm kubectlshell

1.配置某云的yum源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF
2.安装key文件
wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
rpm -import rpm-package-key.gpg
3.yum安装
yum install -y kubelet-1.12.1
yum install -y kubectl-1.12.1
yum install -y kubeadm-1.12.1

#####1.2.7.版本检查bootstrap

[root@kubernetes01 ~]# kubelet --version
Kubernetes v1.12.1
[root@kubernetes01 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.1", GitCommit:"4ed3216f3ec431b140b1d899130a69fc671678f4", GitTreeState:"clean", BuildDate:"2018-10-05T16:46:06Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@kubernetes01 ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.1", GitCommit:"4ed3216f3ec431b140b1d899130a69fc671678f4", GitTreeState:"clean", BuildDate:"2018-10-05T16:43:08Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}

v1.12.1kubeadm须要的kubernetes组件docker镜像版本:
k8s.gcr.io/kube-apiserver:v1.12.1
k8s.gcr.io/kube-controller-manager:v1.12.1
k8s.gcr.io/kube-scheduler:v1.12.1
k8s.gcr.io/kube-proxy:v1.12.1
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.2.24
k8s.gcr.io/coredns:1.2.2

#####1.2.8.下载kubernetes相关组件的docker镜像centos

因为国内网络环境的“特殊性”,这里另辟蹊径。
[root@kubernetes01 ~]# cat pull_k8s_images.sh 
#!/bin/bash
images=(kube-proxy:v1.12.1 kube-scheduler:v1.12.1 kube-controller-manager:v1.12.1
kube-apiserver:v1.12.1
etcd:3.2.24 coredns:1.2.2 pause:3.1 )
for imageName in ${images[@]} ; do
docker pull anjia0532/google-containers.${imageName}
docker tag anjia0532/google-containers.$imageName k8s.gcr.io/$imageName
docker rmi anjia0532/google-containers.$imageName
done

#####1.2.9.查看镜像信息api

各位还记得开头提起过的scheduler,controller-manager,apiserver这三个基本组件的做用吗?😂别忘记~~
[root@kubernetes01 ~]# docker images
REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE
k8s.gcr.io/kube-proxy                v1.12.1             61afff57f010        5 months ago        96.6MB
k8s.gcr.io/kube-apiserver            v1.12.1             dcb029b5e3ad        5 months ago        194MB
k8s.gcr.io/kube-scheduler            v1.12.1             d773ad20fd80        5 months ago        58.3MB
k8s.gcr.io/kube-controller-manager   v1.12.1             aa2dd57c7329        5 months ago        164MB
k8s.gcr.io/etcd                      3.2.24              3cab8e1b9802        6 months ago        220MB
k8s.gcr.io/coredns                   1.2.2               367cdc8433a4        7 months ago        39.2MB
k8s.gcr.io/pause                     3.1                 da86e6ba6ca1        15 months ago       742kB

#####1.2.10.使用kubeadm部署kubernetes集群master节点

[root@kubernetes01 ~]# kubeadm init --kubernetes-version=v1.12.1 
preflight检测没有问题后通过一段时间,看到这样的提示算是完成了对Kubernetes Master节点的部署。
Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 10.5.0.206:6443 --token bh3pih.cuir6xpjl7zn7pf2 --discovery-token-ca-cert-hash sha256:ae00fc1ad4a680c01be4deaae6f6e4cf554867664bc5c16e0b3f98d4f2adcf2c

在开始使用以前,须要以常规用户身份运行如下命令: 上面那段英文中有说明!
由于Kubernetes集群默认是须要加密访问的!
so执行👇
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

#####1.2.11.健康检查

1.查看主要组件的健康状态
[root@kubernetes01 ~]# kubectl get cs
NAME                 STATUS    MESSAGE              ERROR
scheduler            Healthy   ok                   
controller-manager   Healthy   ok                   
etcd-0               Healthy   {"health": "true"}   
2.查看master节点状态
[root@kubernetes01 ~]# kubectl get nodes
NAME           STATUS     ROLES    AGE     VERSION
kubernetes01   NotReady   master   4m15s   v1.12.1

#####1.2.12.部署网络插件weave

[root@kubernetes01 ~]# kubectl apply -f https://git.io/weave-kube-1.6
serviceaccount/weave-net created
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.extensions/weave-net created
等一下子,查看Master节点状态,STATUS已经变了,这是由于部署的网络组件生效了
[root@kubernetes01 ~]# kubectl get nodes
NAME                STATUS   ROLES    AGE   VERSION
kubernetes-master   Ready    master   21m   v1.12.1

#####1.2.13查看Master节点上网络weave相关Pod的状态

[root@kubernetes01 ~]# kubectl get pods -n kube-system -l name=weave-net -o wide
NAME              READY   STATUS    RESTARTS   AGE     IP           NODE                NOMINATED NODE
weave-net-vhs56   2/2     Running   0          6m59s   10.5.0.206   kubernetes-master   <none>

#####1.2.14部署可视化插件

1.获取可视化插件docker镜像,修改tag
docker pull anjia0532/google-containers.kubernetes-dashboard-amd64:v1.10.0
docker tag  anjia0532/google-containers.kubernetes-dashboard-amd64:v1.10.0   k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
docker rmi  anjia0532/google-containers.kubernetes-dashboard-amd64:v1.10.0 
2.获取并修改可视化插件YAML文件的最后部分,便于后期经过token登录可视化页面,这里须要特别注意的是暴露了30001端口,这若是在生产环境是极不安全的!
[root@kubernetes01 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
[root@kubernetes01 ~]# tail -n 20 kubernetes-dashboard.yaml
        effect: NoSchedule

---
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard
3.部署可视化插件
[root@kubernetes01 ~]# kubectl apply -f kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard configured
4.查看可视化插件对应的Pod状态
[root@kubernetes01 ~]# kubectl get pods -n kube-system |  grep dash
kubernetes-dashboard-65c76f6c97-f29nm   1/1     Running   0          3m8s
5.获取token值
[root@kubernetes01 ~]# kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token
Name:         namespace-controller-token-mt4sh
Type:  kubernetes.io/service-account-token
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlci10b2tlbi1tdDRzaCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImY5YzE3YWQzLTUxYzItMTFlOS05NWZiLTAwMTYzZTBlNDRiYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuYW1lc3BhY2UtY29udHJvbGxlciJ9.W2flckBO8CrzGyJzw2aJH5obQSjy4PNSll7uHOiIXPk4dnOTEzI-BfM4C9QrNDjbNTu8gIdLHntLj1181Sf_sRMidB_vhUPg6CFA1zy3XmYH21eVqjSxEBNXMSfrJHBgXnBzaHieaXqF55_etABB0j4xLM7V-bRsQ9AB0G3cv1IYU_gYG3BozksvAObmDEY4GgCI7f0-nu2YRqOMPJPhXWzKOGUvBBPyj171Xo06QvF6p9zpTMSoLa3aV-gU4XA2nMf2_aDdgFrGVI4p95ziewyu0o-W-DiEnXW1hRtwgg-PRe3QPU9ps3TALlr3U8rwh3xVmlqnRuNGVDqzmclVdQ
访问https://10.5.0.206:30001经过token登录控制面板,注意是https协议!

#####1.2.15部署容器存储插件 这里须要知道Rook项目是基于Ceph的Kubernetes存储插件,一个可用于生产级别的作持久化存储的插件,值得好好把玩。

cd /usr/local/src
yum -y install git
git clone https://github.com/rook/rook.git
cd /usr/local/src/rook/cluster/examples/kubernetes/ceph
kubectl apply -f operator.yaml
kubectl apply -f cluster.yaml

####1.3.Worker节点

和安装Master节点类似,首先把准备工做作好,主机名修改,关闭防火墙,提早处理路由问题,配置yum源等等,因为节点数9个,因此这里简单的使用了下ansible playbook配合shell脚本进行安装,节省时间。
1.docker-ce的安装脚本
cat install_dockerce.sh 
#!/bin/bash
yum -y install yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce-18.06.1.ce
2.kubernetes相关组件的安装脚本
cat install_kubectl.sh
#!/bin/bash
# install kubelet and kubeadm and kubectls
yum install -y kubelet-1.12.1
yum install -y kubectl-1.12.1
yum install -y kubeadm-1.12.1
# install kube-proxy and pause
images=(kube-proxy:v1.12.1 pause:3.1 )
for imageName in ${images[@]} ; do
docker pull anjia0532/google-containers.$imageName
docker tag anjia0532/google-containers.$imageName k8s.gcr.io/$imageName
docker rmi anjia0532/google-containers.$imageName
done
# join cluster
kubeadm join 10.5.0.206:6443 --token bh3pih.cuir6xpjl7zn7pf2 --discovery-token-ca-cert-hash sha256:ae00fc1ad4a680c01be4deaae6f6e4cf554867664bc5c16e0b3f98d4f2adcf2c

####1.4其它

遇到的一些小问题:
kubeadmv1.12.1没法正确安装的问题,节点报错[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]:的问题,从k8s.gcr.io拉取镜像失败的问题,这些问题都很好解决,卡住了别怕!一点一点儿克服困难。

kubernetes集群.png ####1.5总结 文章中使用kubeadm部署了1台Kubernetes Master节点,部署了9台Kubernetes Worker节点,部署了可视化插件,部署了容器存储插件,部署了容器的网络插件。总的来讲kubeadm是玩起来是至关方便😄,可是缺点也显而易见,好比没有作到Master的高可用,安全性不足等等等😭...so并不具有生产环境使用的标准。这里我的推荐生产环境研究使用kubeaszkubespray部署!最后的最后,学习kubernetes须要的就是探索精神!☀️ PS:服务器使用的是国内某☁️的机器 欢迎你们留言讨论哦~~~

相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程