DEVops 入门
1 部署K8S
1.1 节点准备
| 节点名 | ip | 功能 |
|---|---|---|
| k8s-master | 10.0.0.150 | |
| k8s-node1 | 10.0.0.151 | |
| k8s-node2 | 10.0.0.152 |
1.2 初始操作
在所有节点执行
#1 关闭防火墙
systemctl disable firewalld
systemctl stop firewalld
#2 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config #永久
setenforce 0 #临时
# 关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab #永久
init 6
# 设置主机名
hostnamectl set-hostname k8s-xxxx
# 设置hosts
cat >> /etc/hosts << EOF
10.0.0.150 k8s-master
10.0.0.151 k8s-node1
10.0.0.152 k8s-node2
EOF
# 将桥接的IPv4流量传递到iptavles的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
# 时间同步
yum install ntpdate -y
ntpdate time.windows.com
1.3 安装基础软件
在所有节点操作
1.3.1安装 Docker
# 设置docker rpm仓库
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 安装docker engine
yum list docker-ce --showduplicates | sort -r
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# 启动docker
sudo systemctl start docker
sudo systemctl enable docker
# 测试docker
sudo docker run hello-world
#删除docker
sudo yum remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
# 配置cgroup
docker info|grep Driver
vi /etc/docker/daemon.json
添加 {"exec-opts": ["native.cgroupdriver=systemd"]}
# 重启docker
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
1.3.2 添加阿里云yum源
# 添加阿里云yum源
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
1.3.3 安装kubadm,kubelet,kubectl
# 安装kubadm,kubelet,kubectl
yum install -y kubelet-1.23.6 kubeadm-1.23.6 kubectl-1.23.6
systemctl enable kubelet
1.4 部署Kubernetes Master
在Master节点执行
# 初始化kubelet
kubeadm init \
--apiserver-advertise-address=10.0.0.150 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.6 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
# 重置kubelet
kubeadm reset
# 初始化结果
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.0.150:6443 --token oigm3v.ltwko6kbsxbt28fo \
--discovery-token-ca-cert-hash sha256:755f5368c744cd4f22cc3129b634b2c8e198497c9dcfd3623e7f410e44cfdd06
# 配置kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#测试kubectl
kubectl get po
kubectl get nodes
1.5 添加Kubernetes node
在所有计算节点执行
# 加入群集
kubeadm join 10.0.0.150:6443 --token oigm3v.ltwko6kbsxbt28fo \
--discovery-token-ca-cert-hash sha256:755f5368c744cd4f22cc3129b634b2c8e198497c9dcfd3623e7f410e44cfdd06
#重新申请token
kubeadm token create
kubeadm token list
#获得discovery的hash值 sha256: +
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt|openssl rsa -pubin -outform der 2>/dev/null|\
openssl dgst -sha256 -hex|sed 's/^.* //'
1.6 部署CNI网络插件
在master节点执行
# 查看组件状态
kubectl get componentstatus
kubectl get cs
kubectl get pods -n kube-system
#下载calico配置文件
mkdir -p /opt/k8s
cd /opt/k8s
curl https://docs.tigera.io/archive/v3.25/manifests/calico.yaml -O
#修改calico.yaml 文件中的CALICO_IPV4POOL_CIDR配置,修改为与初始化的cidr一样
#修改IP_AUTODETECTION_METHOD下的网卡名称
#删除镜像docker.io/ 前缀
grep image calico.yaml
sed -i 's#docker.io/##g' calico.yaml
# 部署calico
kubectl apply -f calico.yaml
kubectl get po -n kube-system
kubectl describe po calico-kube-controllers-cd8566cf-sftxd -n kube-system
#拉取镜像的时间比较长
#测试
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
1.7 在任意节点使用kubectl
# 拷贝master节点的/etc/kubernetes/admin.conf 到其他节点
scp /etc/kubernetes/admin.conf [email protected]:/etc/kubernetes/
scp /etc/kubernetes/admin.conf [email protected]:/etc/kubernetes/
# 在要运行kubectl的节点上配置环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile