04.安装kuburnet并初始化master节点和node节点
本文的内容说明以下6点:
- 1 什么是
kuburnetes
? - 2 安装
kuburnetes
需要什么条件? - 3 初始化
kuburnetes
并启动它 - 4 说明
master
节点的作用,并基于已经安装好的kuburnetes
初始化它 - 5
初始化
node节点 - 6 总结下
1 什么是kuburnetes
?
Kubernetes 是一个可移植的、可扩展的开源平台,用于管理容器化的工作负载和服务,可促进声明式配置和自动化。
用一个交响乐团来比喻,kuburentes
则是指挥家,而各个基本的容器服务则是乐手,指挥家负责指挥各组乐手的工作,
而各组乐手则配合好被指挥的工作,从而合奏出恢弘震撼心灵的乐章。
2 安装kuburnetes
需要什么条件?
需要满足以下3个条件
- 关闭系统的
swap
交换区 原因是:磁盘io
瓶颈会影响kuburnetes
的性能。 - 关闭
Selinux
原因是selinux
出于安全的原因可能会限制kuburnetes
对文件的操作,造成kuburnetes
的执行操作时失败 - 安装容器依赖,
kuburnetes
的调度的基本粒度是容器,而容器需要自己安装,本文则选用docker
作为kuburnetes
的底层容器驱动
2.1 禁用swap
交换区
临时禁用
swapoff -a
如果想下次重启机器还是生效的话,则 /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon Jan 22 14:43:31 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=4fb2f21e-8b37-4461-9163-eced787a0565 / xfs defaults 0 0
// highlight-start
# /www/swap swap swap defaults 0 0 # 找下有没有类似 /**/* swap 这种格式的并注释它
// highlight-end
...2.2 禁用
Selinux
临时禁用
setenforce 0
如果想以后默认禁用
Selinux
,则: /etc/sysconfig/selinux# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
// highlight-start
SELINUX=disabled # 这里修改为disable
// highlight-end
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted2.3 安装
docker
$ sudo yum -y install yum-utils # yum源配置管理工具 用于下面添加国内源用的
$ sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 添加国内镜像源
$ sudo yum -y install docker-ce # 安装docker
$ sudo systemctl startg docker # 启动docker
$ sudo systemctl enable docker # 开机启动
3 安装kuburnetes
并启动它
3.1 添加国内的安装源
/etc/yum.repos.d/kubernetes.repo
$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF3.2 安装
$ sudo yum install -y kubelet kubeadm kubectl # 安装需要的工具
$ sudo systemctl enable kubelet && systemctl start kubelet # 启动kuburnetes
kubelet
,kubeadm
和kubectl
说明
kubelete
就是kuburnet
服务进程,不管是master
节点还是node
节点,都有它,kuburnetes
的容器服务启动和关闭就是被这个进程控制的kubeadm
是用来初始化节点用的命令行工具,如初始化配置以及把节点加入集群中kubectl
是用来与kubelete
通信用的命令行工具,通过这个工具把指令发送给kubelete
就能达到对集群的调度目的 :::
现在机子已经安装好kuburnenetes
,但它还不能用,需要后面初始化为master
节点或node
节点,才能加入集群中发挥作用
:::
4 说明master节点的作用并基于已经安装好的kuburnetes
初始化它
master
是整个集群服务的控制中心,它扮寅着一个指挥家,其它作用是控制集群下的所有node
节点。
4.1 修改主机名
$ hostnamectl set-hostname master
4.2 配置默认网卡的ip
解析向master
显示默认网卡名
$ ip route
// highlight-start
default via 172.17.0.1 dev eth0 proto dhcp metric 100 #etho 则是默认网卡
// highlight-end
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.208.0/20 dev eth0 proto kernel scope link src 172.18.212.208 metric 100
找出eth0网卡的ip
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:f0:e3:0d:03 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.18.212.208 netmask 255.255.240.0 broadcast 172.18.223.255 inet6 fe80::216:3eff:fe0e:99eb prefixlen 64 scopeid 0x20 ether 00:16:3e:0e:99:eb txqueuelen 1000 (Ethernet) RX packets 185734 bytes 90445765 (86.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 212763 bytes 26463552 (25.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>找出默认网卡的ip后添加本地解析
``` bash
echo "172.18.212.208 master" >> /etc/hosts
4.3 配置Kubernetes
初始化配置
用kubeadm
工具执行kubeadm config print init-defaults > init-kubeadm.yaml
会在当前目录生成一个init-kubeadm.yaml
的配置。内容为:
init-kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: node
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}需要修改下其中的
ip
为本机的默认网卡ip
以及由于国内网络的原因,需要修改下其它的配置,修改后的结果为: init-kubeadm.yamlapiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 172.18.212.205
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
# coredns这个镜像国内不好下载,所以专门配置镜像源下载
imageRepository: swr.cn-east-2.myhuaweicloud.com/coredns
imageTag: 1.8.0
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/k8sxio
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
# 这里子网
podSubnet: 10.244.0.0/16
scheduler: {}4.4 拉取节点需要的镜像
$ kubeadm config images pull --config init-kubeadm.yaml
[config/images] Pulled registry.aliyuncs.com/k8sxio/kube-apiserver:v1.21.0
[config/images] Pulled registry.aliyuncs.com/k8sxio/kube-controller-manager:v1.21.0
[config/images] Pulled registry.aliyuncs.com/k8sxio/kube-scheduler:v1.21.0
[config/images] Pulled registry.aliyuncs.com/k8sxio/kube-proxy:v1.21.0
[config/images] Pulled registry.aliyuncs.com/k8sxio/pause:3.4.1
[config/images] Pulled registry.aliyuncs.com/k8sxio/etcd:3.4.13-0
[config/images] Pulled swr.cn-east-2.myhuaweicloud.com/coredns/coredns:1.8.04.5 初始化
master
节点$ kubeadm init --config init-kubeadm.yaml
[init] Using Kubernetes version: v1.21.0
...
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
// highlight-start mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config // highlight-end
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
// highlight-start kubeadm join 172.18.212.205:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:b68e69e6d7de096c221b19a2d4e612ad177d2698942c2ad334283694efa443a7 // highlight-end $ mkdir -p $HOME/.kube # 根据上面安装成功的提示执行这些命令能初始master节点 $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config $ sudo chown $(id -u):$(id -g) $HOME/.kube/config
根据初始化master节点成功后打印出来的提示,在`mster`节点还需要运行这几条命令
``` bash
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
另一部分的提示為:
这个用于子节点加入时用的命令
$ kubeadm join 172.18.212.205:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:b68e69e6d7de096c221b19a2d4e612ad177d2698942c2ad334283694efa443a7
提示
如果加入master
节点的token
丢失,则在想要加入的master
节点中运行kubeadm token create --print-join-command
则又会生成新的的,
加入命令了, 在还未加入master
的node
节点中运行会自动加入进来,命令生成如下:
生成新的token
$ kubeadm token create --print-join-command
kubeadm join 192.168.0.200:6443 --token 2avj3a.d7cxe3a6qldhiqoi --discovery-token-ca-cert-hash sha256:eedb176c6faabf50ae75c8a15fdd129004caa4a1f08cf18420bc08a263fbc072
4.6 安装flannel
kuburnetes
的pod
网络是必要的。而plannel
就是这个作用,plannel
的安装启动本质就是一个kuburnetes
集群,只要把配置文件下载
下来然后下载对应的镜像下来,用kubectl
启动它就可以了。
4.6.1 下载flannel
配置
$ wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
4.6.2 拉取启动flannel
需要的镜像
打开下载好的kube-flannel.yml
当中有一个image
字段是启动flannel
必要的镜像,如:
...
serviceAccountName: flannel
initContainers:
- name: install-cni
// highlight-start
image: quay.io/coreos/flannel:v0.14.0
// highlight-end
command:
...
把启动flannel镜像拉取下来
$ docker pull quay.io/coreos/flannel:v0.14.0
4.6.3 启动
flannel
$ kubectl apply -f kube-flannel.yml
5 master
初始化成功小结
到了这一步,master
就成功初始化完成了,输入:
获取节点状态
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 25m v1.21.3 # <-- 看master 节点已经准备好了
提示
如果您启动flannel
后,获取的master
状态还不是Ready
状态而是NotReady
的话,那么请等一等,启动flannel
也是需要时间的。
6 初始化
node`节点
找一台新的机子, 机子能直接访问master
节点,要在同一个局域网中, 按上面的步骤2-3把docker
和kuburnetes
安装好。
6.1 设置主机名
hostnamectl set-hostname node_1
6.2 把配置从master
中传过来