k8s集群版部署
机器准备
机器配置建议:
测试环境 2C4G50G
生产环境 8C16G100G
| 节点 | 主机名 | IP地址 |
|---|---|---|
| master | rocky9-1 | 192.168.56.121 (简称121) |
| node1 | rocky9-2 | 192.168.56.122(简称122) |
| node2 | rocky9-3 | 192.168.56.123(简称123) |
| 准备工作(三台机器都操作) | ||
| 1、关闭firewalld | ||
| 2、关闭selinux | ||
| 3、修改网卡 | ||
| 4、修改主机名 | ||
| 5、添加/etc/hosts(3台) | ||
| 6、关闭swap | ||
| 7、chrony时钟同步 | ||
| 8、将桥接的ipv4流量传递到iptables链 | ||
| 9、打开端口转发 |
安装containerd(三个节点上操作)
先安装yum-utils工具
yum install -y yum-utils
配置Docker官方的yum仓库,如果做过,可以跳过
yum-config-manager \
--add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装containerd
yum install containerd.io -y
启动服务
systemctl enable containerd
systemctl start containerd
生成默认配置
containerd config default > /etc/containerd/config.toml
修改配置
vi /etc/containerd/config.toml
sandbox_image = "[registry.cn-hangzhou.aliyuncs.com/google_containers/pause](http://registry.cn-hangzhou.aliyuncs.com/google_containers/pause):3.9" # 修改为阿里云镜像地址
SystemdCgroup = true #搜索关键字SystemdCgroup, 默认值是false,改为true,这里不改,后面初始化会报错。
重启containerd服务
systemctl restart containerd
配置containerd镜像加速,参考https://articles.zsxq.com/id_eva0rcb1xc5p.html
vi /etc/containerd/config.toml ## 定位到 plugins."io.containerd.grpc.v1.cri".registry ,它下面有一行 config_path,给它设置一个路径
config_path = "/etc/containerd/certs.d"
重启containerd服务
systemctl daemon-reload ; systemctl restart containerd
创建/etc/containerd/certs.d目录,并在其他设置要代理的镜像地址相关配置信息
# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "[https://docker.io](https://docker.io/)"
[host."[https://docker.m.daocloud.io](https://docker.m.daocloud.io/)"]
capabilities = ["pull", "resolve"]
EOF
# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "[https://registry.k8s.io](https://registry.k8s.io/)"
[host."[https://k8s.m.daocloud.io](https://k8s.m.daocloud.io/)"]
capabilities = ["pull", "resolve", "push"]
EOF
# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "[https://gcr.io](https://gcr.io/)"
[host."[https://gcr.m.daocloud.io](https://gcr.m.daocloud.io/)"]
capabilities = ["pull", "resolve", "push"]
EOF
# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "[https://quay.io](https://quay.io/)"
[host."[https://quay.m.daocloud.io](https://quay.m.daocloud.io/)"]
capabilities = ["pull", "resolve", "push"]
EOF
配置kubernetes仓库,安装1.30版本
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=[https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm](https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm)/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=[https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key](https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key)
EOF
说明:这个k8s的仓库为1.30,如果想要安装其它版本,需要修改配置文件中的版本号,将1.30改为其它,比如1.28
安装kubeadm和kubelet(三个节点都操作)
查看所有版本
yum --showduplicates list kubeadm
安装1.30.4版本
yum install -y kubelet-1.30.4 kubeadm-1.30.4 kubectl-1.30.4
启动kubelet服务
systemctl start kubelet.service
systemctl enable kubelet.service
设置crictl连接 containerd(三个节点都操作)
crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock
初始化(master上)
kubeadm init --image-repository=[registry.cn-hangzhou.aliyuncs.com/google_containers](http://registry.cn-hangzhou.aliyuncs.com/google_containers) --apiserver-advertise-address=192.168.56.121 --kubernetes-version=v1.30.4 --service-cidr=10.15.0.0/16 --pod-network-cidr=10.18.0.0/16
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
[https://kubernetes.io/docs/concepts/cluster-administration/addons/](https://kubernetes.io/docs/concepts/cluster-administration/addons/)
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.56.121:6443 --token 2a6go4.u2fxys0a208s8brv \
--discovery-token-ca-cert-hash sha256:4f5c4fef972b51fa34735675ee87fa52c5c1855f03e60f33009e8919e5e9ef40
说明: 上面这条命令就是如果需要将node节点加入到集群需要执行的命令,这个token有效期为24小时,如果过期,可以使用下面命令获取
kubeadm token create --print-join-command
创建目录(master)
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
获取节点信息:
kubectl get node
kubectl get pod --all-namespaces
node节点上加入master(两个都执行)
kubeadm join 192.168.56.121:6443 --token 2a6go4.u2fxys0a208s8brv \
--discovery-token-ca-cert-hash sha256:4f5c4fef972b51fa34735675ee87fa52c5c1855f03e60f33009e8919e5e9ef40
安装calico网络(master节点上)
curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml -O
下载完后还需要修改⾥⾯定义 Pod ⽹络(CALICO_IPV4POOL_CIDR),与前⾯ kubeadm init 的 --podnetwork-cidr 指定的⼀样
vim calico.yaml
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
# 修改为:
- name: CALICO_IPV4POOL_CIDR
value: "10.18.0.0/16"
部署
kubectl apply -f calico.yaml
查看
kubectl get pods -n kube-system
安装dashboard(master上)
步骤略
在K8s里快速部署一个应用
1)创建deployment
kubectl create deployment testdp --image=nginx:1.26.0 ##deploymnet名字为testdp 镜像为nginx:1.26.0
2)查看deployment
kubectl get deployment
3)查看pod
kubectl get pods
4)查看pod详情
kubectl describe pod testdp-786fdb4647-pbm7b
5)创建service,暴漏pod端口到node节点上
kubectl expose deployment testdp --port=80 --type=NodePort --target-port=80 --name=testsvc
6)查看service
kubectl get svc
testsvc NodePort 10.15.232.70 <none> 80:31693/TCP
可以看到暴漏端口为一个大于30000的随机端口,浏览器里访问 192.168.56.121:31693