架构图
CNI: Container Network Interface(容器网络接口)
- flannel:网络配置(使用简单)
- calico:网络配置,网络策略(使用复杂)
- canel:网络配置,网络策略(使用简单)
kubeadm部署方法
所有节点部署操作
cat /etc/hosts
192.168.56.161 master11
192.168.56.162 node11
192.168.56.163 node12
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
cd /etc/yum.repos.d/
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cat >kubernetes.repo<<EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enable=1
EOF
wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
rpm --import yum-key.gpg
wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
rpm --import rpm-package-key.gpg
echo -e "net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1" >>/etc/sysctl.conf
sysctl -p
# 注意,如果这里报错找不到,可以查看一下CONFIG_BRIDGE_NETFILTER是否等于y,是y说明这个功能是被编译到内核里了,不是以模块的形式存在,不用管
grep CONFIG_BRIDGE_NETFILTER /boot/config-`uname -r`
master节点操作
cd /etc/yum.repos.d/
scp kubernetes.repo docker-ce.repo yum-key.gpg rpm-package-key.gpg node1:/etc/yum.repos.d/
scp kubernetes.repo docker-ce.repo yum-key.gpg rpm-package-key.gpg node2:/etc/yum.repos.d/
yum install -y docker-ce-18.09.9-3.el7 kubelet kubeadm kubectl
systemctl daemon-reload
systemctl start docker
docker info
systemctl enable docker
systemctl enable kubelet
sed -i 's/KUBELET_EXTRA_ARGS=.*/KUBELET_EXTRA_ARGS="--fail-swap-on=false"/g' /etc/sysconfig/kubelet
# kubeadm初始化: 加上--token-ttl=0使得token永不过期,即此token可永久使用
kubeadm init --image-repository registry.aliyuncs.com/google_containers --token-ttl=0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap --ignore-preflight-errors=SystemVerification
# 如果初始化不成功要考虑升级系统内核
# 重装用kubeadm reset
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# 部署flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 查看名称空间为kube-system的pod运行状态
[root@master11 ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-78d4cf999f-2wkbz 1/1 Running 0 28m
coredns-78d4cf999f-c22p2 1/1 Running 0 28m
etcd-master11 1/1 Running 0 28m
kube-apiserver-master11 1/1 Running 0 28m
kube-controller-manager-master11 1/1 Running 0 28m
kube-flannel-ds-amd64-8dgn4 1/1 Running 0 5m36s
kube-proxy-4zggw 1/1 Running 0 28m
kube-scheduler-master11 1/1 Running 0 28m
如果要master加入节点参与工作负载
kubectl taint nodes --all node-role.kubernetes.io/master-
# 输出类似下面(报错可忽略)
node "roc" untainted
error: taint "node-role.kubernetes.io/master:" not found
node节点操作
yum install -y docker-ce-18.09.9-3.el7 kubelet kubeadm
systemctl daemon-reload
systemctl start docker
docker info
systemctl enable docker
systemctl enable kubelet
sed -i 's/KUBELET_EXTRA_ARGS=.*/KUBELET_EXTRA_ARGS="--fail-swap-on=false"/g' /etc/sysconfig/kubelet
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.13.4
kubeadm join 192.168.56.161:6443 --token 0bvr9p.v1wmq7ytv1vlz0sy --discovery-token-ca-cert-hash sha256:8a08fcce3d3c6c7bf8e82fa1941f29b2c33b4189e7a458017241cbbfad6b1276 --ignore-preflight-errors=SystemVerification --ignore-preflight-errors=Swap
# 如果不成功也要考虑升级系统内核
kube-proxy开启ipvs
# 在master节点操作
# 修改ConfigMap的kube-system/kube-proxy中的config.conf,mode: “ipvs”:
kubectl edit cm kube-proxy -n kube-system
# 之后重启各个节点上的kube-proxy pod:
kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'
kubectl get pod -n kube-system | grep kube-proxy
kube-proxy-pf55q 1/1 Running 0 9s
kube-proxy-qjnnc 1/1 Running 0 14s
kubectl logs kube-proxy-pf55q -n kube-system
I1208 06:12:23.516444 1 server_others.go:189] Using ipvs Proxier.
W1208 06:12:23.516738 1 proxier.go:365] IPVS scheduler not specified, use rr by default
I1208 06:12:23.516840 1 server_others.go:216] Tearing down inactive rules.
I1208 06:12:23.575222 1 server.go:464] Version: v1.13.0
I1208 06:12:23.585142 1 conntrack.go:52] Setting nf_conntrack_max to 131072
I1208 06:12:23.586203 1 config.go:202] Starting service config controller
I1208 06:12:23.586243 1 controller_utils.go:1027] Waiting for caches to sync for service config controller
I1208 06:12:23.586269 1 config.go:102] Starting endpoints config controller
I1208 06:12:23.586275 1 controller_utils.go:1027] Waiting for caches to sync for endpoints config controller
I1208 06:12:23.686959 1 controller_utils.go:1034] Caches are synced for endpoints config controller
I1208 06:12:23.687056 1 controller_utils.go:1034] Caches are synced for service config controller
# 日志中打印出了Using ipvs Proxier,说明ipvs模式已经开启。
阿里云上服务器存储路径迁移
systemctl stop kubelet
systemctl stop docker
mv /var/lib/docker /var/lib/etcd /var/lib/kubelet /data/
ln -s /data/docker/ /var/lib/docker
ln -s /data/etcd/ /var/lib/etcd
ln -s /data/kubelet/ /var/lib/kubelet
mkdir /data/log
mv /var/log/pods /var/log/containers /data/log/
ln -s /data/log/containers/ /var/log/containers
ln -s /data/log/pods/ /var/log/pods
systemctl start docker
systemctl start kubelet
浙公网安备 33010602011771号