K8s的安装
环境准备
IP规划
K8S的安装方式
## K8S的方式有一堆
二进制安装 生产推荐
kubeadm 生产推荐
Ansible 二进制安装 https://github.com/easzlab/kubeasz
Rancher 官网:www.rancher.cn
云上k8s
阿里云ACK
亚马逊云EKS
基于kubeadm 安装实践 v1.19.3
基础环境准备
# 1.配置kubelet配置文件,使用系统自带的Cgroup驱动和禁用swap
cat >/etc/sysconfig/kubelet <<EOF
KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
EOF
## 让kubelet使用系统自带的Cgroup驱动
KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"
## 让kubelet禁止使用swap(虚拟内存)
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
# 2.内核参数调优
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
fs.file-max=52706963
fs.nr_open=52706963
EOF
## 开启iptables功能 ipv6
net.bridge.bridge-nf-call-ip6tables=1
## 开启iptables功能 ipv4
net.bridge.bridge-nf-call-iptables=1
## 开启内核转发
net.ipv4.ip_forward=1
## 内核参数禁用swap
vm.swappiness=0
## 文件描述符文件最大值
fs,file-max=52706963
## 文件描述符开启数量
fs.nr_open=52706963
# 3.更换docker源
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.huaweicloud.com/docker-ce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.huaweicloud.com/docker-ce/linux/centos/gpg
# 4.安装时间同步服务
yum install -y chrony
systemctl start chronyd
systemctl enable chronyd
# 5. 关闭swap
[root@master01 ~]# swapoff -a
[root@master ~]# free -m
total used free shared buff/cache available
Mem: 1980 818 444 40 717 960
Swap: 0 0 0
[root@master01 ~]# sed -i '/swap/d' /etc/fstab
# 6.加载ipvs模块
LVS:ipvsadm
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#! /bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod +x /etc/sysconfig/modules/ipvs.modules
source /etc/sysconfig/modules/ipvs.modules
lsmod|grep -e 'ip_vs' -e 'nf_conntrack_ipv'
# 7.安装指定版本的docker
# 安装docker
[root@master01 ~]# yum install -y docker-ce-19.03.15 docker-ce-cli-19.03.15 containerd.io
# 启动加入开机自启
[root@master01 ~]# systemctl start docker
[root@master01 ~]# systemctl enable docker
# 修改数据目录
# docker图形化界面
# 镜像加速使用系统Cgroup驱动
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://docker.1panel.live",
"https://dockercf.jsdelivr.fyi",
"https://docker-cf.registry.cyou",
"https://docker.chenby.cn",
"https://docker.jsdelivr.fyi",
"https://docker.m.daocloud.io",
"https://docker.m.daocloud.io",
"https://docker.mirrors.sjtug.sjtu.edu.cn",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn",
"https://dockerproxy.com",
"https://docker.rainbond.cc",
"https://docker.registry.cyou",
"https://dockertest.jsdelivr.fyi",
"https://hub-mirror.c.163.com",
"https://hub.rat.dev/",
"https://mirror.aliyuncs.com",
"https://mirror.baidubce.com",
"https://mirror.iscas.ac.cn",
"https://registry.docker-cn.com"
]
}
EOF
systemctl daemon-reload
systemctl restart docker
安装kubeadm
# 1.更换华为Kubernetes源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.huaweicloud.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.huaweicloud.com/kubernetes/yum/doc/yum-key.gpg
EOF
# 2.安装kubectl node节点容器运行时的控制器
# kubeadm做k8s集群
# kubectl k8s的命令客户端加载ipvs模块
yum install kubelet-1.19.3 kubeadm-1.19.3 kubectl-1.19.3 ipvsadm -y
# 3.启动kubelet
systemctl enable kubelet
systemctl start kubelet
# 4.初始化集群(master)
kubeadm init \
--apiserver-advertise-address=10.0.0.200 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.19.3 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.2.0.0/16 \
--service-dns-domain=cluster.local \
--ignore-preflight-errors=Swap \
--ignore-preflight-errors=NumCPU
### 结果保存
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.0.200:6443 --token q5uhqh.dcv21idbtej2jopc \
--discovery-token-ca-cert-hash sha256:68f830114530ab7a43d1b732eb646e0cc38df2b88f18e978d12cec01efe59db1
# 5.创建配置文件目录 拷贝目录 授权(master)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 6.查看k8s集群节点 (master)
[root@master01 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 NotReady master 9m40s v1.19.3
# 7.其他node节点加入集群(node)
kubeadm join 10.0.0.200:6443 --token q5uhqh.dcv21idbtej2jopc \
--discovery-token-ca-cert-hash sha256:68f830114530ab7a43d1b732eb646e0cc38df2b88f18e978d12cec01efe59db1
# 8.查看所有节点
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 5d1h v1.19.3
node01 Ready <none> 5d1h v1.19.3
node02 Ready <none> 5d1h v1.19.3
node03 Ready <none> 5d1h v1.19.3
## 设置Kube-proxy使用ipvs模式
k8s默认使用的是iptables防火墙,可以修改成性能更高的ipvs模式,该模式LVS也在使用
[root@master01 ~]# kubectl edit cm kube-proxy -n kube-system
mode: "" 改为 mode: "ipvs"
## 查看pod信息
[root@master01 ~]# kubectl get pod
## 重启kube-proxy
[root@master01 ~]# kubectl get pod -n kube-system|grep 'kube-proxy'|awk '{print"kubectl delete pod -n kube-system "$1}'|bash
kubernetes 集群配置flannel (网络通信)
https://github.com/flannel-io/flannel/blob/master/Documentation/kube-flannel.yml
### 修改flannel
[root@master01 ~]# vim kube-flannel.yml
"Network": "10.2.0.0/16"
containers:
- args:
- --ip-masq
- --kube-subnet-mgr
- --iface=eth0
## 应用flannel资源清单
[root@master01 ~]# kubectl apply -f kube-flannel.yml
## 检查flannel的pod是否成功启动
[root@master ~]# kubectl get pod -n kube-flannel
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-82k2s 1/1 Running 0 5d1h
kube-flannel-ds-bbqch 1/1 Running 0 5d1h
kube-flannel-ds-bl6zb 1/1 Running 0 5d1h
kube-flannel-ds-tf9js 1/1 Running 0 5d1h
## 查看集群状态
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 5d1h v1.19.3
node01 Ready <none> 5d1h v1.19.3
node02 Ready <none> 5d1h v1.19.3
node03 Ready <none> 5d1h v1.19.3
## 检测coreDNS是否允许正常
[root@master ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-6d56c8448f-7p4bp 1/1 Running 0 5d1h
coredns-6d56c8448f-drqjm 1/1 Running 0 5d1h
etcd-master 1/1 Running 0 5d1h
kube-apiserver-master 1/1 Running 1 5d1h
kube-controller-manager-master 1/1 Running 1 5d1h
kube-proxy-b6kcd 1/1 Running 0 5d1h
kube-proxy-ghzs9 1/1 Running 0 5d1h
kube-proxy-l79lg 1/1 Running 0 5d1h
kube-proxy-txnj6 1/1 Running 0 5d1h
kube-scheduler-master 1/1 Running 1 5d1h
K8s命令补全黑科技
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
kubectl completion bash > /etc/bash_completion.d/kubectl