做个营销型网站多少钱/桂平网络推广
k8s集群搭建
- 一、准备3个虚拟机
- 二、虚拟机环境配置
- 1、Nat网络设置
- 2、关闭防火墙和安全策略
- 3、添加主机和ip之间的关系
- 4、将桥接的 IPv4 流量传递到 iptables 的链
- 三、所有节点安装 Docker、kubeadm、kubelet、kubectl
- 1.1、安装docker
- 1.1.1、卸载系统之前的 docker
- 1.1.2、安装 Docker-CE
- 1.2、添加阿里云yum源
- 1.3、安装 kubeadm,kubelet 和 kubect
- 四、部署 k8s-maste
- 1.1、先关闭全部会话模式
- 1.2、master节点初始化
- 1.2.1、拉去master需要的镜像
- 1.2.2、初始化
- 1.2.3、安装Pod网络插件
- 1.2.4、如果yml里面的镜像下载不来的方法
- 1.2.5、查看pod
- 1.2.6、node2,node3加入集群
- 1.2.6.1、 token过期重新生成
- 1.2.6.2 、node2,3执行加入
- 五、归纳
一、准备3个虚拟机
法1: 如果没虚拟机看==>vagrant批量创建虚拟机
法2: 在VMware 里面克隆虚拟机也是可以的
- 也是需要网络互通
- 克隆的虚拟机的网络ip应该是不一样的,如果一样要改
- 修改hostname
- 配置网络,网卡
二、虚拟机环境配置
1、Nat网络设置
采用全部会话的模式
查看流程
ip route show
发现虚拟机的网卡默认都是eth0
ip addr
3台虚拟机网卡地址都是10.0.2.15
原因是默认使用网络转发的模式,这样的话在k8s集群里面吗,每个节点ip会被当成一样的,会又很大的问题,所以不采取这种方式,自己设定为nat网络
关闭虚拟机,在全局中设定nat网络
将3个虚拟机全部指定nat网络,刷新mac地址
启动虚拟机,查看网卡地址是否不同
ip addr
3台都ping 得通网卡地址和外网
这样nat网络配置完成了
2、关闭防火墙和安全策略
测试搭建,关闭比较不会麻烦,省得开通端口,放行
1、关闭防火墙
systemctl stop firewalldsystemctl disable firewalld
2、关闭linux安全策略
# 查看,里面有3中策略模式
# cat /etc/selinux/config# 使用disabled策略,就是关闭
sed -i 's/enforcing/disabled/' /etc/selinux/config#是全局模式,当前会话也禁用掉
setenforce 0
3、关闭内存交换,【避免影响k8s集群性能和影响节点工作】
关闭 swap
# 拓展-临时关闭
# swapoff -a # 查看配置
cat /etc/fstab # 永久关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab
如图:
3、添加主机和ip之间的关系
查看主机名称
hostname
查看网络
ip addr
修改hostswenjian
vi /etc/hosts
内容
# 网卡地址 主机名称,用上面的命令查看
10.0.2.15 k8s-node1
10.0.2.4 k8s-node2
10.0.2.5 k8s-node3
如图:
4、将桥接的 IPv4 流量传递到 iptables 的链
能更准确的统计流量指标
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
应用配置
sysctl --system
如图:
三、所有节点安装 Docker、kubeadm、kubelet、kubectl
1.1、安装docker
1.1.1、卸载系统之前的 docker
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
1.1.2、安装 Docker-CE
1、安装必须的依赖
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
2、设置 docker repo 的 yum 位置
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
3、安装 docker,以及 docker
sudo yum install -y docker-ce docker-ce-cli containerd.io
4、docker开机自启
systemctl enable docker
5、配置阿里云镜像加速
如图:
1.2、添加阿里云yum源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
如图:
1.3、安装 kubeadm,kubelet 和 kubect
1、检查下yum源里面是否有和kube相关的安装源
yum list|grep kube
2、安装kubeadm、kubelet 、kubect
# 说明指定版本为1.17.3 不指定版本默认最新版本
#目前官网最新版本V1.23
yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3
3、开启自启kubelet【代理注册的功能,节点注册到集群】
systemctl enable kubelet
4、启动kubelet
# 得全部配置完成,才能启动起来
systemctl start kubelet#查看服务状态
systemctl status kubelet.service
如图:
四、部署 k8s-maste
初始化一个master节点,再把其他节点加入整个集群
1.1、先关闭全部会话模式
1.2、master节点初始化
1.2.1、拉去master需要的镜像
选择要做master的虚拟机,这边选node1的虚拟机
- 创建出一个文件夹k8s
- 在创建出一个文件
#创建出文件夹
mkdir k8s#进入目录
cd k8s#创建文件-内容看下面
vi master_images.sh# 看权限信息
ll#给写的权限
chmod 700 master_images.sh#查看拉去的镜像
docker images
master_images.sh 内容
#!/bin/bash#指定master需要的镜像,版本要安装的kubenetes保证一致
images=(kube-apiserver:v1.17.3kube-proxy:v1.17.3kube-controller-manager:v1.17.3kube-scheduler:v1.17.3coredns:1.6.5etcd:3.4.3-0pause:3.1
)
#循环拉取
for imageName in ${images[@]} ; dodocker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
done
如图:
1.2.2、初始化
先查网络
ip addr
- 指定apiserver的地址(ip addr 查的)
- 指定阿里云镜像仓库地址(由于默认拉取镜像地址 k8s.gcr.io 国内无法访问,这里指定阿里云镜像仓库地址)
- k8s指定版本
- 服务间的通讯地址(service子网)
- pod之间的网络地址(pod子网)
# 10.0.2.15是查出来的本机网卡ip
kubeadm init --apiserver-advertise-address=10.0.2.15 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --kubernetes-version v1.17.3 --service-cidr=10.96.0.0/16 --pod-network-cidr=10.244.0.0/16
如图:
1.2.3、安装Pod网络插件
文件地址(不好拿地址可能被墙,科学上网):
# 这个地址是国外的。这个命令一般读取不到kube-flannel.yml文件
# 这个不用执行。。采用自己创建文件来应用
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kube-flannel.yml 内容
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:name: psp.flannel.unprivilegedannotations:seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/defaultseccomp.security.alpha.kubernetes.io/defaultProfileName: docker/defaultapparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/defaultapparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:privileged: falsevolumes:- configMap- secret- emptyDir- hostPathallowedHostPaths:- pathPrefix: "/etc/cni/net.d"- pathPrefix: "/etc/kube-flannel"- pathPrefix: "/run/flannel"readOnlyRootFilesystem: false# Users and groupsrunAsUser:rule: RunAsAnysupplementalGroups:rule: RunAsAnyfsGroup:rule: RunAsAny# Privilege EscalationallowPrivilegeEscalation: falsedefaultAllowPrivilegeEscalation: false# CapabilitiesallowedCapabilities: ['NET_ADMIN']defaultAddCapabilities: []requiredDropCapabilities: []# Host namespaceshostPID: falsehostIPC: falsehostNetwork: truehostPorts:- min: 0max: 65535# SELinuxseLinux:# SELinux is unused in CaaSPrule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: flannel
rules:- apiGroups: ['extensions']resources: ['podsecuritypolicies']verbs: ['use']resourceNames: ['psp.flannel.unprivileged']- apiGroups:- ""resources:- podsverbs:- get- apiGroups:- ""resources:- nodesverbs:- list- watch- apiGroups:- ""resources:- nodes/statusverbs:- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: flannel
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: flannel
subjects:
- kind: ServiceAccountname: flannelnamespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:name: flannelnamespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:name: kube-flannel-cfgnamespace: kube-systemlabels:tier: nodeapp: flannel
data:cni-conf.json: |{"name": "cbr0","cniVersion": "0.3.1","plugins": [{"type": "flannel","delegate": {"hairpinMode": true,"isDefaultGateway": true}},{"type": "portmap","capabilities": {"portMappings": true}}]}net-conf.json: |{"Network": "10.244.0.0/16","Backend": {"Type": "vxlan"}}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-amd64namespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: beta.kubernetes.io/osoperator: Invalues:- linux- key: beta.kubernetes.io/archoperator: Invalues:- amd64hostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: quay.io/coreos/flannel:v0.11.0-amd64command:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: quay.io/coreos/flannel:v0.11.0-amd64command:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: "100m"memory: "50Mi"limits:cpu: "100m"memory: "50Mi"securityContext:privileged: falsecapabilities:add: ["NET_ADMIN"]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-arm64namespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: beta.kubernetes.io/osoperator: Invalues:- linux- key: beta.kubernetes.io/archoperator: Invalues:- arm64hostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: quay.io/coreos/flannel:v0.11.0-arm64command:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: quay.io/coreos/flannel:v0.11.0-arm64command:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: "100m"memory: "50Mi"limits:cpu: "100m"memory: "50Mi"securityContext:privileged: falsecapabilities:add: ["NET_ADMIN"]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-armnamespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: beta.kubernetes.io/osoperator: Invalues:- linux- key: beta.kubernetes.io/archoperator: Invalues:- armhostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: quay.io/coreos/flannel:v0.11.0-armcommand:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: quay.io/coreos/flannel:v0.11.0-armcommand:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: "100m"memory: "50Mi"limits:cpu: "100m"memory: "50Mi"securityContext:privileged: falsecapabilities:add: ["NET_ADMIN"]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-ppc64lenamespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: beta.kubernetes.io/osoperator: Invalues:- linux- key: beta.kubernetes.io/archoperator: Invalues:- ppc64lehostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: quay.io/coreos/flannel:v0.11.0-ppc64lecommand:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: quay.io/coreos/flannel:v0.11.0-ppc64lecommand:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: "100m"memory: "50Mi"limits:cpu: "100m"memory: "50Mi"securityContext:privileged: falsecapabilities:add: ["NET_ADMIN"]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-s390xnamespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: beta.kubernetes.io/osoperator: Invalues:- linux- key: beta.kubernetes.io/archoperator: Invalues:- s390xhostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: quay.io/coreos/flannel:v0.11.0-s390xcommand:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: quay.io/coreos/flannel:v0.11.0-s390xcommand:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: "100m"memory: "50Mi"limits:cpu: "100m"memory: "50Mi"securityContext:privileged: falsecapabilities:add: ["NET_ADMIN"]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg
创建出文件,应用就可以
# 应用文件
kubectl apply -f kube-flannel.yml #拓展- 删除
#kubectl delete-f kube-flannel.yml
如图:
1.2.4、如果yml里面的镜像下载不来的方法
1、文件里面的镜像地址
2、去docker hub 找下
3、所有的替换(镜像不能拉取的时候在替换)
1.2.5、查看pod
查看所有命名空间
kubectl get ns
查看pod的所有名称空间
kubectl get pods --all-namespaces# 查看指定名称空间的 pods
kubectl get pods -n kube-system
查看node节点
kubectl get nodes
如图:
1.2.6、node2,node3加入集群
1.2.6.1、 token过期重新生成
系统给出的命令2个小时有效,过期了执行以下命令,
选择时效-【临时或者永久】
命令
#在创建个临时的
kubeadm token create --print-join-command#创建一个永久的 (ttl 0)
#kubeadm token create --ttl 0 --print-join-command
1.2.6.2 、node2,3执行加入
如图:
查看是否加入
kubectl get nodes
监控状态
watch kubectl get pod -n kube-system -o wide
这样k8s集群就搭建完成了,node2,node3想要使用命令行还需要继续配置
五、归纳
- 这样1个master 2个node就创建完成了
- 也可以尝试配置成3个master,2个node的集群(我的内存不够了…)
- 也可以取官网或者阿里云查看下文档说明