# 1. kubeadm部署k8s集群
生產部署k8s一般有兩種, kubeadm(官方推薦)和二進制方式,二進制的方式就是以系統守護進程的方式部署集群組件,非常麻煩。kubeadm已容器的方式部署,方便快捷,需要docker、kubelet
## 1.1 環境準備
| 角色 | IP |
| --- | --- |
| master | 192.168.56.10 |
| node1 | 192.168.56.11 |
| node2 | 192.168.56.12 |
### 1.1.1
> 初始化域名(三臺都需要執行)
```
cat >> /etc/hosts << EOF
192.168.56.10 master
192.168.56.11 node01
192.168.56.12 node02
EOF
```
### 1.1.2 關閉swap
```
swapoff -a # 臨時關閉
sed -ri 's/.*swap.*/#&/' /etc/fstab #永久關閉
```
### 1.1.3 關閉防火墻
```
systemctl stop firewalld
systemctl disable firewalld
```
### 1.1.4 關閉selinux
```
sed -ir 's/SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0
```
&:引用前面的匹配
### 1.1.5 修改主機名
按照前面的節點規劃,修改主機名
```
hostnamectl set-hostname master
hostnamectl set-hostname node01
hostnamectl set-hostname node02
```
### 1.1.6. `net.bridge.bridge-nf-call-iptables`設置成1
將橋接的IPv4流量傳遞到iptables的鏈
```
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
```
### 1.1.7 時間同步
```
yum install ntpdate -y
ntpdate -u asia.pool.ntp.org
```
### 1.1.8 確認`br_netfilter`被加載
```
[root@10 ~]# modprobe br_netfilter
[root@10 ~]# lsmod | grep br_netfilter
br_netfilter 22256 0
bridge 151336 2 br_netfilter,ebtable_broute
```
## 1.2 安裝docker、kubeadm、kubectl
**首先要安裝docker**所有機器都執行,參照docker安裝
**1. 這是阿里yum源**
* `kubeadm`: the command to bootstrap the cluster.
* `kubelet`: the component that runs on all of the machines in your cluster and does things like starting pods and containers.
* `kubectl`: the command line util to talk to your cluster.
~~~
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
~~~
**2. 安裝**
```
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
```
**3. 設置開機自啟**
```
systemctl enable kubelet
```
## 1.3 初始化master
> maseter =192.168.56.10
> 查看k8s安裝版本
```
[root@master ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: dial tcp: lookup localhost on 192.168.1.1:53: no such host
```
**1. 初始化,指定從阿里云下載鏡像,初始化指定**
```
kubeadm init \
--apiserver-advertise-address=192.168.56.10 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.18.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
```
或者配置策略
```
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers
```
初始化會拉取k8s的master節點所需要鏡像
安裝成功出現,work節點加入命令
```
kubeadm join 192.168.56.10:6443 --token u8n2h8.0g939ea9ocjb4kpr \
--discovery-token-ca-cert-hash sha256:f302e0db3e31526748349f67da28f8d099c7d05765059379d885df3f8df13d04
```
**2. 執行kubectl**
```
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
```
查看集群信息
```
[root@master ~]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.56.10:6443
CoreDNS is running at https://192.168.56.10:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
```
**3. 加入node節點**
初始化完成后,會出現work節點加入命令,執行即可
```
kubeadm join 192.168.56.10:6443 --token mhm5x0.uoa7y5v2soxjvn9n \
--discovery-token-ca-cert-hash sha256:5772f81b3f4b88748564d0dddac0f3da813d9a2bde0b1e2ffe36e51c28c8e0f4
```
**4. 安裝CNI插件**
由于限制不能訪問,下載原文件再apply
```
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
```
**注意:** ,如果是雙網卡,需要制定可以轉發數據包的網卡
```
vim kube-flannel.yml
# containers 配置下,添加網卡綁定
- --iface=enp0s8
```
如果已經部署了flannel,則需要`kubectl delete -f kube-flannel.yaml`刪除之前的部署,然后執行`kubectl apply -f kube-flannel.yaml`重新部署
安裝后,狀態變化,但是仍有錯誤
`kubectl describe pod coredns-59d64cd4d4-2zqkn -n kube-system`
查看master各組件情況,發現controller-manager 、scheduler運行異常
解決辦法:
cd /etc/kubernetes/manifests
vim kube-controller-manager.yaml、kube-scheduler.yaml,將port=0注釋掉
起一個pod實驗
```
[root@master manifests]# kubectl run nginx --image=nginx --port=80
pod/nginx created
[root@master manifests]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 0/1 ContainerCreating 0 8s
```
#### 由于虛擬機雙網卡造成pod間無法通信
flannel默認綁定第一塊網卡,作為轉發。由于第一塊網卡是外網nat虛擬網卡,無法轉發數據包,所以修改默認配置
# 2. 高可用部署
# 3. 集群卸載
~~~
# 卸載服務
kubeadm reset
# 刪除rpm包
rpm -qa|grep kube | xargs rpm --nodeps -e
# 刪除容器及鏡像
docker images -qa|xargs docker rmi -f
~~~
- docker
- docker安裝
- 數據持久化
- 鏡像管理
- Dockerfile
- 鏡像的分層
- add copy
- 構建實例
- 鏡像的導入導出
- 清理構建空間
- 配置阿里云加速器
- docker網絡模型
- 本地倉庫
- registry
- harbor
- IDEA部署docker
- 軟件安裝
- 安裝es
- 安裝MongoDB
- 安裝rabbitmq
- 安裝redis
- 安裝nacos
- 安裝mysql
- Minio
- 鏡像中心
- kubernetes
- 1. 安裝k8s
- 2.主要組件
- 3.污點
- 4.pod
- 5.控制器
- 6.網絡
- 7.探針
- 8.安裝Dashbord
- 9.secret
- 9.serviceAccount
- 10.service
- 資源清單
- kube-proxy
- flannel源文件
- 服務升級
- 筆記
- 鏡像