一, 基础环境配置
操作系统: CentOS 7.5, 三台节点, 1 台 master,2 台 nodes
关闭 selinux 和 firewalld
- # vim /etc/selinux/config
- SELINUX=disabled
- # setenforce 0
- # systemctl stop firewalld
- # systemctl disable firewalld
配置 chronyd 服务, 保证各 node 时间同步 (此处使用阿里巴巴提供的 ntp 时间服务器)
- # yum install chrony
- # vim /etc/chrony.conf
- server ntp.aliyun.com iburst
- stratumweight 0
- driftfile /var/lib/chrony/drift
- rtcsync
- makestep 10 3
- bindcmdaddress 127.0.0.1
- bindcmdaddress ::1
- keyfile /etc/chrony.keys
- commandkey 1
- generatecommandkey
- logchange 0.5
- logdir /var/log/chrony
- # systemctl enable chronyd
- # systemctl start chronyd
基于 ssh 秘钥认证, 并且基于域名解析
- [root@master ~]# vim /etc/hosts
- 192.168.0.12 master.dongfei.tech master
- 192.168.0.13 node01.dongfei.tech node01
- 192.168.0.14 node02.dongfei.tech node02
- [root@master ~]# ssh-keygen
- [root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub node01
- [root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub node02
- [root@master ~]# scp /etc/hosts node01:/etc/
- [root@master ~]# scp /etc/hosts node02:/etc/
网络环境规划
节点网络: 192.168.0.0/24(需要手动配置, 推荐配置静态地址)
Pod 网络: 10.244.0.0/16
Service 网络: 10.96.0.0/12
配置 yum 源
- [root@master ~]# cd /etc/yum.repos.d/
- [root@master yum.repos.d]# vim kubernetes.repo
- [kubernetes]
- name=Kubernetes Repo
- baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
- gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
- gpgcheck=0
- enabled=1
- [root@master yum.repos.d]# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- [root@master yum.repos.d]# sed -i 's/gpgcheck=1/gpgcheck=0/g' docker-ce.repo #注意, 将 gpgcheck 改为 0
- [root@master yum.repos.d]# scp kubernetes.repo docker-ce.repo node01:/etc/yum.repos.d/
- [root@master yum.repos.d]# scp kubernetes.repo docker-ce.repo node02:/etc/yum.repos.d/
二, 安装 docker 和 kubernetes
解决 docker-ce 依赖包
- [root@master ~]# wget https://mirrors.aliyun.com/centos-vault/7.3.1611/extras/x86_64/Packages/container-selinux-2.9-4.el7.noarch.rpm
- [root@master ~]# yum -y localinstall container-selinux-2.9-4.el7.noarch.rpm
安装 docker 并配置
- [root@master ~]# yum install docker-ce -y
- [root@node01 ~]# yum install docker-ce -y
- [root@node02 ~]# yum install docker-ce -y
- [root@master ~]# vim /usr/lib/systemd/system/docker.service
- [Service]
- Environment="HTTPS_PROXY=http://www.ik8s.io:10080"
- Environment="NO_PROXY=127.0.0.0/8"
- [root@master ~]# systemctl daemon-reload
- [root@master ~]# systemctl start docker
- [root@master ~]# systemctl enable docker
- [root@master ~]# docker info
- HTTPS Proxy: http://www.ik8s.io:10080
- No Proxy: 127.0.0.0/8
确认 bridge-nf-call-iptables 参数的值为 1
- [root@master ~]# cat /proc/sys/net/bridge/bridge-nf-call-iptables
- 1
在 master 节点上安装配置 kubernetes
- [root@master ~]# yum install kubelet kubeadm kubectl -y
- [root@master ~]# systemctl enable kubelet
- [root@master ~]# vim /etc/sysconfig/kubelet
- KUBELET_EXTRA_ARGS="--fail-swap-on=false"
初始化 master
- [root@master ~]# kubeadm init --kubernetes-version=v1.11.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
- [root@master ~]# mkdir -p $HOME/.kube
- [root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
- [root@master ~]# kubectl get cs #如果此处状态非健康, 请检查之前的操作
- NAME STATUS MESSAGE ERROR
- scheduler Healthy ok
- controller-manager Healthy ok
- etcd-0 Healthy {"health": "true"}
将以下信息记录下来
kubeadm join 192.168.0.12:6443 --token vlqtub.4827hc5ga73c9q8c --discovery-token-ca-cert-hash sha256:88f3a75bc1eef8077e4a97736faba1696e25fd3bc86e8347904b1db23f796556
部署 flannel
- [root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
- [root@master ~]# kubectl get nodes #等待数分钟, 状态为 Ready 即成功
将 master 的各配置文件同步到各 nodes
- [root@master ~]# scp container-selinux-2.9-4.el7.noarch.rpm node01:
- [root@master ~]# scp container-selinux-2.9-4.el7.noarch.rpm node02:
- [root@master ~]# scp /usr/lib/systemd/system/docker.service node01:/usr/lib/systemd/system/docker.service
- [root@master ~]# scp /usr/lib/systemd/system/docker.service node02:/usr/lib/systemd/system/docker.service
- [root@master ~]# scp /etc/sysconfig/kubelet node01:/etc/sysconfig/kubelet
- [root@master ~]# scp /etc/sysconfig/kubelet node02:/etc/sysconfig/kubelet
在 node01 节点中安装配置 kubernetes(node02 相同操作)
- [root@node01 ~]# yum localinstall container-selinux-2.9-4.el7.noarch.rpm -y
- [root@node01 ~]# yum install docker-ce kubelet kubeadm -y
- [root@node01 ~]# systemctl enable docker kubelet
- [root@node01 ~]# systemctl daemon-reload
- [root@node01 ~]# systemctl start docker
- [root@node01 ~]# systemctl enable docker
- [root@node01 ~]# docker info
- HTTPS Proxy: http://www.ik8s.io:10080
- No Proxy: 127.0.0.0/8
- [root@node01 ~]# kubeadm join 192.168.0.12:6443 --token vlqtub.4827hc5ga73c9q8c --discovery-token-ca-cert-hash sha256:88f3a75bc1eef8077e4a97736faba1696e25fd3bc86e8347904b1db23f796556 --ignore-preflight-errors=Swap
在 master 节点上查看集群状态
- [root@master ~]# kubectl get nodes
- NAME STATUS ROLES AGE VERSION
- master.dongfei.tech Ready master 28m v1.11.2
- node01.dongfei.tech Ready <none> 3m v1.11.2
- node02.dongfei.tech Ready <none> 3m v1.11.2
三, kubectl 的简单使用
创建 2 个 nginx 的 pod
- [root@master ~]# kubectl run nginx-deploy --image=nginx:1.14-alpine --port=80 --replicas=2
- deployment.apps/nginx-deploy created
查看命令
- [root@master ~]# kubectl get deployment
- [root@master ~]# kubectl get pods
- [root@master ~]# kubectl get pods -w
- [root@master ~]# kubectl get pods -o wide
- [root@master ~]# kubectl get pods --show-labels
创建 Service
[root@master ~]# kubectl expose deployment nginx-deploy --name=nginx --port=80 --target-port=80 --protocol=TCP
查看 svc 命令
- [root@master ~]# kubectl get svc
- [root@master ~]# kubectl get svc -n kube-system
- [root@master ~]# kubectl describe svc nginx
- [root@master ~]# kubectl run client --image=busybox --replicas=1 -it --restart=Never #创建测试 client
- / # wget -O - -q http://nginx:80/ #俩个 pod 实现负载均衡
- Welcome to nginx!
修改 svc, 使其可以在集群外部访问
- [root@master ~]# kubectl edit svc nginx
- type: NodePort
- [root@master ~]# kubectl get svc nginx
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- nginx NodePort 10.98.231.135 <none> 80:30562/TCP 6m
外部访问: http://192.168.0.12:30562
来源: https://www.cnblogs.com/L-dongf/p/9539464.html