K8S安装与部署（kubeadm）

K8S安装与部署（kubeadm）

1. 初始化虚拟机

1.1 更新系统

yum -y upgrade

1.2 安装perl

yum -y install perl

1.3 安装vmtools

mount /dev/cdrom /mount mount /dev/cdrom /mnt cd /mnt cp VMwareTools-10.3.22-15902021.tar.gz /tmp cd /tmp tar xvf VMwareTools-10.3.22-15902021.tar.gz cd vmware-tools-distrib/ ./vmware-install.pl reboot

1.4 关闭和禁用防火墙

systemctl stop firewalld systemctl disable firewalld

1.5 关闭和禁用selinux

setenforce 0 sed -i "s/enforcing/disabled/g" /etc/selinux/config

1.6 关闭和禁用swap

swapoff -a

修改/etc/fstab，注释掉swap挂载

#/dev/mapper/centos-swap swap swap defaults 0 0

1.7 设置主机名

hostnamectl set-hostname master

1.8 修改hosts文件

cat >> /etc/hosts << EOF 192.168.88.158 master 192.168.88.181 node1 192.168.88.182 node2 EOF

1.9 将桥接的IPv4流量传递到iptables链

cat > /etc/sysctl.d/k8s.conf << EOF > net.bridge.bridge-nf-call-ip6tables = 1 > net.bridge.bridge-nf-call-iptables = 1 > EOF

1.10 检查系统时间同步

1.11 重启服务器

2. 安装docker

2.1 安装依赖软件包

yum install -y yum-utils device-mapper-persistent-data lvm2

2.2 添加软件源信息

yum-config-manager --add-repo 更新并安装docker

yum makecache fast yum -y install docker-ce

2.4 启动docker服务

systemctl start docker systemctl enable docker

2.5 添加阿里云容器镜像加速器并修改cgroup驱动

sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "exec-opts":["native.cgroupdriver=systemd"], "registry-mirrors":["https://lsf7d76k.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker

2.6 查看docker版本和信息

docker version docker info

3. 安装k8s组件

3.1 添加安装源

cat < /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF

3.2 安装k8s组件

yum install -y kubelet kubeadm kubectl

3.3 启动kubelet服务

systemctl enable kubelet && systemctl start kubelet

3.4 部署master节点

kubeadm init \ --apiserver-advertise-address=192.168.88.190 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.20.1 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16

如果需要重置

kubeadm reset

3.5 修改环境变量

mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf

3.6 安装pod网络插件

--- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default spec: privileged: false volumes: - configMap - secret - emptyDir - hostPath allowedHostPaths: - pathPrefix: "/etc/cni/net.d" - pathPrefix: "/etc/kube-flannel" - pathPrefix: "/run/flannel" readOnlyRootFilesystem: false # Users and groups runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny # Privilege Escalation allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false # Capabilities allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] defaultAddCapabilities: [] requiredDropCapabilities: [] # Host namespaces hostPID: false hostIPC: false hostNetwork: true hostPorts: - min: 0 max: 65535 # SELinux seLinux: # SELinux is unused in CaaSP rule: 'RunAsAny' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged'] - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds namespace: kube-system labels: tier: node app: flannel spec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.13.1-rc1 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.13.1-rc1 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg

kubectl apply -f kube-flannel.yml

3.7 工作节点加入集群

kubeadm join 192.168.88.158:6443 --token ukhnry.pnjh394nj5m9s3b2 \ --discovery-token-ca-cert-hash sha256:fdb4723e204c546f85d4415e3c6888224bde6b971d67d9c3378a5d83807fb47a

3.8 测试创建pod

kubectl create deployment nginx --image=nginx kubectl expose deployment nginx --port=80 --type=NodePort kubectl get pod,svc curl http://10.111.150.78

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。