热门标签
热门文章
- 1诈骗电话识别_电诈数据集
- 2nlp 中文数据预处理_nlp去除数据乱码
- 3创建你的第一个 DeepFake 视频_deep fake
- 4Transformer(Pytorch)部分讲解_number of encoder and decoder layers
- 5贝叶斯神经网络对梯度攻击的鲁棒性
- 6AI工具推荐:开源TTS(文本生成语音)模型集合_ai语音开源csdn
- 7大规模语言模型高效参数微调--LoRA 微调系列_lora_alpha
- 8概率论与数理统计B 重点/笔记梳理 第二章_概率论与数理统计考点归纳两点分布
- 9windows10下本地部署langChain-ChatGLM2-6B_langchain glm-6b windows 安装
- 10玩转ChatGPT:论文辅助写作(附Claude测评)_如何利用gpt做论文撰写
当前位置: article > 正文
K8s环境搭建
作者:我家自动化 | 2024-03-28 03:30:56
赞
踩
K8s环境搭建
一、基础环境准备
VMware虚拟机,安装三台CentOS,网络环境选择NAT模式,推荐配置如下(具体安装步骤省略,网上很多虚拟机安装CentOS7的教程)
二、网络环境说明
使用NAT模式,我的IP分别是:
master: 192.168.19.58
node1: 192.168.19.59
node2: 192.168.19.60
三、修改hostname
master主机:
hostnamectl set-hostname master
同理修改node1、node2节点主机名
设置hostname解析,注意,此时IP与主机名必须一一对应,三台主机都要执行下面命令
- cat <<EOF >>/etc/hosts
- 192.168.19.58 master
- 192.168.19.59 node1
- 192.168.19.60 node2
- EOF
四、k8s安装基础环境准备
4.1 安装docker-ce (所有机器都要安装)
- # 安装docker所需的工具
- yum install -y yum-utils device-mapper-persistent-data lvm2
- # 配置阿里云的docker源
- yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- # 指定安装这个版本的docker-ce
- yum install -y docker-ce-18.09.9-3.el7
- # 启动docker
- systemctl enable docker && systemctl start docker
4.2 防火墙及内核设置(所有机器)
- # 关闭防火墙
- systemctl disable firewalld
- systemctl stop firewalld
- # 关闭selinux
- # 永久关闭 修改/etc/sysconfig/selinux文件设置
- sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
- sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
- # 禁用交换分区
- swapoff -a
- # 永久禁用,打开/etc/fstab注释掉swap那一行。
- sed -i 's/.*swap.*/#&/' /etc/fstab
- # 修改内核参数
- cat <<EOF > /etc/sysctl.d/k8s.conf
- net.bridge.bridge-nf-call-ip6tables = 1
- net.bridge.bridge-nf-call-iptables = 1
- EOF
- sysctl --system
五、K8s安装
5.1.1 master管理节点安装 kubeadm、kubelet、kubectl
- # 执行配置k8s阿里云源
- cat <<EOF > /etc/yum.repos.d/kubernetes.repo
- [kubernetes]
- name=Kubernetes
- baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
- enabled=1
- gpgcheck=1
- repo_gpgcheck=1
- gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
- EOF
- # 安装kubeadm、kubectl、kubelet
- yum install -y kubectl-1.16.0-0 kubeadm-1.16.0-0 kubelet-1.16.0-0
- # 启动kubelet服务
- systemctl enable kubelet && systemctl start kubelet
5.1.2 初始化K8s
执行以下命令初始化k8s,注意--apiserver-advertise-address 后面的IP为master的主机ip,这条命令执行慢,需要等待两三分钟
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.16.0 --apiserver-advertise-address 192.168.19.58 --pod-network-cidr=10.244.0.0/16 --token-ttl 0
上面安装完后,会提示你输入如下命令,复制粘贴过来,执行即可。
- mkdir -p $HOME/.kube
- sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
- sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
- #node节点加入集群命令
- kubeadm join 192.168.19.58:6443 --token zldsi8.6sicvcn5m7ztbowk \
- --discovery-token-ca-cert-hash sha256:00f4508573d5a303dc6aa075cb5d96e68d509522e5a5c93e9940b79ea9bb7b0d
以上,安装master节点完毕。可以使用kubectl get nodes查看一下,此时master处于NotReady状态,暂时不用管。
5.2 node节点配置
5.2.1 node节点安装 kubeadm、kubelet
安装步骤和上面master节点安装一样
- # 执行配置k8s阿里云源
- cat <<EOF > /etc/yum.repos.d/kubernetes.repo
- [kubernetes]
- name=Kubernetes
- baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
- enabled=1
- gpgcheck=1
- repo_gpgcheck=1
- gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
- EOF
-
- # 安装kubeadm、kubectl、kubelet
- yum install -y kubeadm-1.16.0-0 kubelet-1.16.0-0
-
- # 启动kubelet服务
- systemctl enable kubelet && systemctl start kubelet
5.2.2 node节点加入集群
这里加入集群的命令每个人都不一样,master节点安装配置好后,会返回加入集群的命令,如果忘记,可以登录master节点,使用kubeadm token create --print-join-command 来获取。获取后执行如下。
节点配置完成后,在master主机上,执行kubectl get nodes 可查勘节点
六、插件安装
6.1 安装calico (master机器)
- yum install wget
- wget https://kuboard.cn/install-script/calico/calico-3.9.2.yaml
- export POD_SUBNET=10.244.0.0/16
- sed -i "s#192\.168\.0\.0/16#${POD_SUBNET}#" calico-3.9.2.yaml
- kubectl apply -f calico-3.9.2.yaml
6.2 安装flannel(master机器)
- mkdir -p ~/k8s/
- cd ~/k8s
- curl -O https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yaml
- kubectl apply -f kube-flannel.yml
由于kube-flannel.yml 文件为国外地址,而且国内访问不了,所以将配置文件内容放在文末,可以直接创建文件,将内容复制粘贴进去。
执行完成后,在master主机上执行 kubectl get node 如果状态为Ready状态即表示安装成功。
kube-flannel.yml
- ---
- apiVersion: policy/v1beta1
- kind: PodSecurityPolicy
- metadata:
- name: psp.flannel.unprivileged
- annotations:
- seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
- seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
- apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
- apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
- spec:
- privileged: false
- volumes:
- - configMap
- - secret
- - emptyDir
- - hostPath
- allowedHostPaths:
- - pathPrefix: "/etc/cni/net.d"
- - pathPrefix: "/etc/kube-flannel"
- - pathPrefix: "/run/flannel"
- readOnlyRootFilesystem: false
- # Users and groups
- runAsUser:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- fsGroup:
- rule: RunAsAny
- # Privilege Escalation
- allowPrivilegeEscalation: false
- defaultAllowPrivilegeEscalation: false
- # Capabilities
- allowedCapabilities: ['NET_ADMIN']
- defaultAddCapabilities: []
- requiredDropCapabilities: []
- # Host namespaces
- hostPID: false
- hostIPC: false
- hostNetwork: true
- hostPorts:
- - min: 0
- max: 65535
- # SELinux
- seLinux:
- # SELinux is unused in CaaSP
- rule: 'RunAsAny'
- ---
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1beta1
- metadata:
- name: flannel
- rules:
- - apiGroups: ['extensions']
- resources: ['podsecuritypolicies']
- verbs: ['use']
- resourceNames: ['psp.flannel.unprivileged']
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - nodes/status
- verbs:
- - patch
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1beta1
- metadata:
- name: flannel
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: flannel
- subjects:
- - kind: ServiceAccount
- name: flannel
- namespace: kube-system
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: flannel
- namespace: kube-system
- ---
- kind: ConfigMap
- apiVersion: v1
- metadata:
- name: kube-flannel-cfg
- namespace: kube-system
- labels:
- tier: node
- app: flannel
- data:
- cni-conf.json: |
- {
- "name": "cbr0",
- "cniVersion": "0.3.1",
- "plugins": [
- {
- "type": "flannel",
- "delegate": {
- "hairpinMode": true,
- "isDefaultGateway": true
- }
- },
- {
- "type": "portmap",
- "capabilities": {
- "portMappings": true
- }
- }
- ]
- }
- net-conf.json: |
- {
- "Network": "10.244.0.0/16",
- "Backend": {
- "Type": "vxlan"
- }
- }
- ---
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: kube-flannel-ds-amd64
- namespace: kube-system
- labels:
- tier: node
- app: flannel
- spec:
- selector:
- matchLabels:
- app: flannel
- template:
- metadata:
- labels:
- tier: node
- app: flannel
- spec:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: beta.kubernetes.io/os
- operator: In
- values:
- - linux
- - key: beta.kubernetes.io/arch
- operator: In
- values:
- - amd64
- hostNetwork: true
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: flannel
- initContainers:
- - name: install-cni
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
- command:
- - cp
- args:
- - -f
- - /etc/kube-flannel/cni-conf.json
- - /etc/cni/net.d/10-flannel.conflist
- volumeMounts:
- - name: cni
- mountPath: /etc/cni/net.d
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- containers:
- - name: kube-flannel
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
- command:
- - /opt/bin/flanneld
- args:
- - --ip-masq
- - --kube-subnet-mgr
- resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
- securityContext:
- privileged: false
- capabilities:
- add: ["NET_ADMIN"]
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- volumeMounts:
- - name: run
- mountPath: /run/flannel
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- volumes:
- - name: run
- hostPath:
- path: /run/flannel
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: flannel-cfg
- configMap:
- name: kube-flannel-cfg
- ---
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: kube-flannel-ds-arm64
- namespace: kube-system
- labels:
- tier: node
- app: flannel
- spec:
- selector:
- matchLabels:
- app: flannel
- template:
- metadata:
- labels:
- tier: node
- app: flannel
- spec:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: beta.kubernetes.io/os
- operator: In
- values:
- - linux
- - key: beta.kubernetes.io/arch
- operator: In
- values:
- - arm64
- hostNetwork: true
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: flannel
- initContainers:
- - name: install-cni
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-arm64
- command:
- - cp
- args:
- - -f
- - /etc/kube-flannel/cni-conf.json
- - /etc/cni/net.d/10-flannel.conflist
- volumeMounts:
- - name: cni
- mountPath: /etc/cni/net.d
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- containers:
- - name: kube-flannel
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-arm64
- command:
- - /opt/bin/flanneld
- args:
- - --ip-masq
- - --kube-subnet-mgr
- resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
- securityContext:
- privileged: false
- capabilities:
- add: ["NET_ADMIN"]
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- volumeMounts:
- - name: run
- mountPath: /run/flannel
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- volumes:
- - name: run
- hostPath:
- path: /run/flannel
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: flannel-cfg
- configMap:
- name: kube-flannel-cfg
- ---
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: kube-flannel-ds-arm
- namespace: kube-system
- labels:
- tier: node
- app: flannel
- spec:
- selector:
- matchLabels:
- app: flannel
- template:
- metadata:
- labels:
- tier: node
- app: flannel
- spec:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: beta.kubernetes.io/os
- operator: In
- values:
- - linux
- - key: beta.kubernetes.io/arch
- operator: In
- values:
- - arm
- hostNetwork: true
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: flannel
- initContainers:
- - name: install-cni
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-arm
- command:
- - cp
- args:
- - -f
- - /etc/kube-flannel/cni-conf.json
- - /etc/cni/net.d/10-flannel.conflist
- volumeMounts:
- - name: cni
- mountPath: /etc/cni/net.d
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- containers:
- - name: kube-flannel
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-arm
- command:
- - /opt/bin/flanneld
- args:
- - --ip-masq
- - --kube-subnet-mgr
- resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
- securityContext:
- privileged: false
- capabilities:
- add: ["NET_ADMIN"]
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- volumeMounts:
- - name: run
- mountPath: /run/flannel
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- volumes:
- - name: run
- hostPath:
- path: /run/flannel
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: flannel-cfg
- configMap:
- name: kube-flannel-cfg
- ---
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: kube-flannel-ds-ppc64le
- namespace: kube-system
- labels:
- tier: node
- app: flannel
- spec:
- selector:
- matchLabels:
- app: flannel
- template:
- metadata:
- labels:
- tier: node
- app: flannel
- spec:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: beta.kubernetes.io/os
- operator: In
- values:
- - linux
- - key: beta.kubernetes.io/arch
- operator: In
- values:
- - ppc64le
- hostNetwork: true
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: flannel
- initContainers:
- - name: install-cni
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-ppc64le
- command:
- - cp
- args:
- - -f
- - /etc/kube-flannel/cni-conf.json
- - /etc/cni/net.d/10-flannel.conflist
- volumeMounts:
- - name: cni
- mountPath: /etc/cni/net.d
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- containers:
- - name: kube-flannel
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-ppc64le
- command:
- - /opt/bin/flanneld
- args:
- - --ip-masq
- - --kube-subnet-mgr
- resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
- securityContext:
- privileged: false
- capabilities:
- add: ["NET_ADMIN"]
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- volumeMounts:
- - name: run
- mountPath: /run/flannel
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- volumes:
- - name: run
- hostPath:
- path: /run/flannel
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: flannel-cfg
- configMap:
- name: kube-flannel-cfg
- ---
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: kube-flannel-ds-s390x
- namespace: kube-system
- labels:
- tier: node
- app: flannel
- spec:
- selector:
- matchLabels:
- app: flannel
- template:
- metadata:
- labels:
- tier: node
- app: flannel
- spec:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: beta.kubernetes.io/os
- operator: In
- values:
- - linux
- - key: beta.kubernetes.io/arch
- operator: In
- values:
- - s390x
- hostNetwork: true
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: flannel
- initContainers:
- - name: install-cni
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-s390x
- command:
- - cp
- args:
- - -f
- - /etc/kube-flannel/cni-conf.json
- - /etc/cni/net.d/10-flannel.conflist
- volumeMounts:
- - name: cni
- mountPath: /etc/cni/net.d
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- containers:
- - name: kube-flannel
- image: quay-mirror.qiniu.com/coreos/flannel:v0.11.0-s390x
- command:
- - /opt/bin/flanneld
- args:
- - --ip-masq
- - --kube-subnet-mgr
- resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
- securityContext:
- privileged: false
- capabilities:
- add: ["NET_ADMIN"]
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- volumeMounts:
- - name: run
- mountPath: /run/flannel
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- volumes:
- - name: run
- hostPath:
- path: /run/flannel
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: flannel-cfg
- configMap:
- name: kube-flannel-cfg
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/我家自动化/article/detail/328394
推荐阅读
