centos 7.9 安装单机版k8s
我这里提前安装好了 docker ,直接着手安装k8s
[root@zjk ~]# docker -v Docker version 26.1.4, build 5650f9b
1、关闭防火墙、selinux(减少不必要的麻烦)、交换区(防止k8s对pod内存监控幻觉)
systemctl stop firewalld systemctl disable firewalld #永久关闭 sed -i 's/enforcing/disabled/' /etc/selinux/config #临时关闭 setenforce 0 #临时关闭交换分区 swapoff -a #永久关闭,注释 vim /etc/fstab # /dev/mapper/centos-swap swap swap defaults 0 0 ##这里如果不设置禁用交换区,后续会出现kubelet起不来 10月 13 09:36:22 zjk kubelet[3760]: E1013 09:36:22.593680 3760 run.go:74] "command failed" err="failed to run Kubelet: running with swap on is not supported, please disable swap! or set --fail-swap-on flag to false. /proc/swaps contained: [Filename\t\t\t\tType\t\tSize\tUsed\tPriority /dev/dm-1
2、将桥接的IPv4流量传递到iptables的链
#确保系统启动时自动加载 br_netfilter模块 cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf br_netfilter EOF #保障同一个结点pod之间访问时,A->B B->A 数据回包时能准确找到对应pod cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF #一次性加载并应用系统中所有已知sysctl配置文件 sysctl --system
3、配置k8s的镜像源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 EOF
4、修改Centos的镜像源
# 备份原配置文件 cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak # 编辑配置文件 vim /etc/yum.repos.d/CentOS-Base.repo 替换为可用的源 [base] name=CentOS-7 - Base baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=1 [updates] name=CentOS-7 - Updates baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=1 [extras] name=CentOS-7 - Extras baseurl=https://mirrors.aliyun.com/centos-vault/7.9.2009/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=1 # 清理旧缓存 yum clean all rm -rf /var/cache/yum # 重新建立缓存 yum makecache
5、安装k8s组件(kubelet、kubeadm、kubectl),如果要使用docker作为k8s的运行时,则需要匹配对应的版本关系,我这里docker版本为26.1.4,所以我安装1.25.0
#此处的--disableexcludes=kubernetes是为了绕过yum安装更新过程中的一些排除规则,只对当前命令有效
yum install -y kubelet-1.25.0 kubeadm-1.25.0 kubectl-1.25.0 --disableexcludes=kubernetes
安装完成,则打印如下内容
------------------------
已安装:
kubeadm.x86_64 0:1.25.0-0 kubectl.x86_64 0:1.25.0-0 kubelet.x86_64 0:1.25.0-0
作为依赖被安装:
conntrack-tools.x86_64 0:1.4.4-7.el7 cri-tools.x86_64 0:1.26.0-0 kubernetes-cni.x86_64 0:1.2.0-0 libnetfilter_cthelper.x86_64 0:1.0.0-11.el7 libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7
libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 socat.x86_64 0:1.7.3.2-2.el7
完毕!
-------------------------
##查看是否安装成功
[root@zjk yum.repos.d]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.0", GitCommit:"a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2", GitTreeState:"clean", BuildDate:"2022-08-23T17:43:25Z", GoVersion:"go1.19", Compiler:"gc", Platform:"linux/amd64"}
[root@zjk yum.repos.d]# kubectl version --client
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.0", GitCommit:"a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2", GitTreeState:"clean", BuildDate:"2022-08-23T17:44:59Z", GoVersion:"go1.19", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v4.5.7
[root@zjk yum.repos.d]# kubelet --version
Kubernetes v1.25.0
6、查看安装k8s需要哪些镜像
[root@zjk yum.repos.d]# kubeadm config images list --kubernetes-version v1.25.0 registry.k8s.io/kube-apiserver:v1.25.0 registry.k8s.io/kube-controller-manager:v1.25.0 registry.k8s.io/kube-scheduler:v1.25.0 registry.k8s.io/kube-proxy:v1.25.0 registry.k8s.io/pause:3.8 registry.k8s.io/etcd:3.5.4-0 registry.k8s.io/coredns/coredns:v1.9.3 自己组装docker pull 下载镜像 docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.25.0 docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.25.0 docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.25.0 docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.25.0 docker pull registry.aliyuncs.com/google_containers/pause:3.8 docker pull registry.aliyuncs.com/google_containers/etcd:3.5.4-0 # 这个镜像阿里云下不到,从渡渡鸟下 docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/registry.k8s.io/coredns/coredns:v1.9.3 #下完后统一标签,方便后面处理 docker tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/registry.k8s.io/coredns/coredns:v1.9.3 registry.aliyuncs.com/google_containers/coredns/coredns:v1.9.3
7、在初始化k8s之前,需要启用cri,看有没有这个文件,是装docker时containerd自带的
cp /etc/containerd/config.toml /etc/containerd/config.toml.bak vim /etc/containerd/config.toml 注释 #disabled_plugins = ["cri"] 如果没有,则初始化生成这个文件 mkdir -p /etc/containerd containerd config default | tee /etc/containerd/config.toml 保证里面disabled_plugins = [] 同时要修改里面的sandbox_image镜像地址,之前pull的镜像 sed -i 's|registry.k8s.io/pause:3.6|registry.aliyuncs.com/google_containers/pause:3.9|g' /etc/containerd/config.toml sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6" #修改完后重启containerd systemctl restart containerd
8、指定镜像仓库和版本初始化
#指定镜像仓库和版本初始化 kubeadm init --apiserver-advertise-address=192.168.23.134 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.25.0 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 #如果出现端口占用或者其他异常 如果想重新初始化,可以执行 kubeadm reset ,然后重新执行上面的初始化 #设置配置文件环境变量,在master结点执行 /etc/profile export KUBECONFIG=/etc/kubernetes/admin.conf source /etc/profile #重启kubelet systemctl restart kubelet
9、安装网络插件
##安装网络插件,这一步应用联网配置文件可能要FQ,可以想办法下载下来,放到本地 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml ##安装成功后打印如下 [root@zjk manifests]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml namespace/kube-flannel created clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.apps/kube-flannel-ds created
10、过一会,可以查看nodes是否正常
[root@zjk k8s]# kubectl get nodes NAME STATUS ROLES AGE VERSION zjk Ready control-plane 50m v1.25.0 #消除主结点污点 kubectl taint nodes --all node-role.kubernetes.io/control-plane- 到这里,k8s就安装完了
11、用k8s部署一个mysql5.7 ,pod配置文件如下,配置文件中有几样要手动创建、设置
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mysql5-7
spec:
serviceName: "mysql-service" # 必须有一个对应的 Headless Service
replicas: 1
selector:
matchLabels:
app: mysql5-7
template:
metadata:
labels:
app: mysql5-7
spec:
containers:
- name: mysql
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/ranchercharts/mysql:5.7.14
env:
- name: MYSQL_ROOT_PASSWORD
value: "Spgtest_1"
ports:
- containerPort: 3306
volumeMounts:
- name: mysql-data
mountPath: /var/lib/mysql # MySQL pod内数据目录
volumeClaimTemplates: # 核心:存储声明模板
- metadata:
name: mysql-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi
storageClassName: mysql-storage
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-pv
spec:
capacity:
storage: 3Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: mysql-storage
local:
path: /data/k8s/mysql #宿主机数据存储目录,需手动创建
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: node-type
operator: In
values:
- master ##本地存储必须设置亲和性 需提前设置标签 kubectl label nodes zjk node-type=master
---
# 配套的 Headless Service,用于提供 DNS 发现
apiVersion: v1
kind: Service
metadata:
name: mysql-service
spec:
type: NodePort
selector:
app: mysql5-7
ports:
- port: 3306
targetPort: 3306
nodePort: 30006
12、kubectl apply -f mysql-deployment.yaml ,服务全部启动后通过client访问
[root@zjk k8s]# kubectl get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE mysql-pv 3Gi RWO Retain Bound default/mysql-data-mysql5-7-0 mysql-storage 7m5s [root@zjk k8s]# kubectl get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE mysql-data-mysql5-7-0 Bound mysql-pv 3Gi RWO mysql-storage 10m [root@zjk k8s]# kubectl get sts NAME READY AGE mysql5-7 1/1 10m [root@zjk k8s]# kubectl get pods NAME READY STATUS RESTARTS AGE mysql5-7-0 1/1 Running 0 10m [root@zjk k8s]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 30m mysql-service NodePort 10.1.236.3 <none> 3306:30006/TCP 10m
浙公网安备 33010602011771号