k8s集群环境搭建

Posted 爱上口袋的天空

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s集群环境搭建相关的知识,希望对你有一定的参考价值。

1.环境准备

1.1)机器环境

                节点CPU核数必须是 :>= 2核 ,否则k8s无法启动 DNS网络: 最好设置为 本地网络连通的DNS,否则网络不通,无法下载一些镜像 linux内核: linux内核必须是 4 版本以上,

        因此必须把linux核心进行升级

                准备3台虚拟机环境,或者是3台阿里云服务器都可。

               centos002: 此机器用来安装k8s-master的操作环境

               centos003: 此机器用来安装k8s node节点的环境

               centos004: 此机器用来安装k8s node节点的环境

         

         使用命令查看Linux内核版本:

         
          由上面可以看出来我们的Linux内核后面需要升级为4版本以上,目前是3版本不满足要求。

1.2)设置3台机器的主机名,我们这里就叫做centos002,centos003,centos004

1.3)  配置IP host映射关系,3台机器都要配置

           

1.4)  安装依赖环境,注意:每一台机器都需要安装此依赖环境

yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc

 

1.5)关闭防火墙,每一台机器都需要

       命令:systemctl stop firewalld && systemctl disable firewalld

1.6)安装iptables,启动iptables,设置开机自启,清空iptables规则,保存当前规则到默认规则,3台机器都要配置

       命令:yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save

       

1.7)关闭swap分区【虚拟内存】并且永久关闭虚拟内存,3台机器都要配置

        命令:swapoff -a && sed -i '/ swap / s/^\\(.*\\)$/#\\1/g' /etc/fstab

1.8)关闭selinux,3台机器都要配置

        命令:setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

1.9)升级Linux内核为5.4版本,3台机器都要配置

         命令:rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm

        
        安装内核:yum --enablerepo=elrepo-kernel install -y kernel-lt
         
        设置开机从新内核启动:grub2-set-default 'CentOS Linux (5.4.117-1.el7.elrepo.x86_64) 7 (Core)'
        注意:设置完内核后,需要重启服务器才会生效
        

1.10)调整内核参数,对于k8s,3台机器都要配置

          在/opt目录下创建kubernetes.conf文件,内容如下:

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720

  将优化内核文件拷贝到/etc/sysctl.d/文件夹下,这样优化文件开机的时候能够被调用 
  命令:cp /opt/kubernetes.conf /etc/sysctl.d/kubernetes.conf

  手动刷新,让优化文件立即生效:
  命令:sysctl -p /etc/sysctl.d/kubernetes.conf
  

1.11)调整系统临时区 --- 如果已经设置时区,可略过,3台机器都要配置

       1)设置系统时区为中国/上海
             命令:timedatectl set-timezone Asia/Shanghai

       2)将当前的 UTC 时间写入硬件时钟
            命令:timedatectl set-local-rtc 0

       3)重启依赖于系统时间的服务
            命令:
                systemctl restart rsyslog
                systemctl restart crond

1.12)关闭系统不需要的服务,3台机器都要配置
           命令:systemctl stop postfix && systemctl disable postfix

1.13)设置日志保存方式,3台机器都要配置

          1)创建保存日志的目录
                命令:mkdir /var/log/journal

          2)创建配置文件存放目录
                命令:mkdir /etc/systemd/journald.conf.d

          3)在/etc/systemd/journald.conf.d目录下创建配置文件99-prophet.conf

[Journal]
Storage=persistent #表示存储日志是否需要持久化
Compress=yes #表示日志是否需要压缩
SyncIntervalSec=5m #同步的时间间隔为5分钟
RateLimitInterval=30s #频率的限制是30秒
RateLimitBurst=1000
SystemMaxUse=10G #系统使用的空间限制10G
SystemMaxFileSize=200M #系统最大文件大小
MaxRetentionSec=2week
ForwardToSyslog=no

          4) 重启systemd journald的配置,这个是专门用来收集日志的
                命令:systemctl restart systemd-journald

          5)打开文件数调整 (可忽略,不执行)
                命令:
                   echo "* soft nofile 65536" >> /etc/security/limits.conf
                   echo "* hard nofile 65536" >> /etc/security/limits.conf

1.14)kube-proxy 开启 ipvs 前置条件,3台机器都要配置
           命令:modprobe br_netfilter
           在/etc/sysconfig/modules/目录下创建ipvs.modules文件

#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack

    使用lsmod命令查看这些文件是否被引导 
          命令:chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
        

2.docker部署,3台机器都要配置

  1. 安装docker
    命令:yum install -y yum-utils device-mapper-persistent-data lvm2
  2. 紧接着配置一个稳定(stable)的仓库、仓库配置会保存到/etc/yum.repos.d/docker-ce.repo文件 中
    命令:yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  3. 更新Yum安装的相关Docke软件包&安装Docker CE
    命令:yum update -y && yum install -y docker-ce
  4. 创建/etc/docker目录
    命令:mkdir /etc/docker
  5. 更新daemon.json文件,在/etc/docker/目录下创建daemon.json文件,内容如下
    {"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"}}

     

  6. 创建,存储docker配置文件
    命令:mkdir -p /etc/systemd/system/docker.service.d
  7. 重启docker服务
    命令:systemctl daemon-reload && systemctl restart docker && systemctl enable docker
  8. 查看docker信息

3.kubeadm[一键安装k8s],3台机器都要配置

  1. 安装kubernetes的时候,需要安装kubelet, kubeadm等包,但k8s官网给的yum源是 packages.cloud.google.com,国内访问不了,此时我们可以使用阿里云的yum仓库镜像。
    创建/etc/yum.repos.d/kubernetes.repo文件,内容如下
    [kubernetes]
    name=Kubernetes
    baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
    enabled=1
    gpgcheck=0
    repo_gpgcheck=0
    gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
    http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

  2. 安装kubeadm、kubelet、kubectl
    命令:yum install -y kubeadm-1.15.1 kubelet-1.15.1 kubectl-1.15.1
  3. 启动 kubelet
    命令:systemctl enable kubelet && systemctl start kubelet

4.集群安装

  1. 将基础镜像上传到centos002服务器上

  2. 解压安装包
  3. 编写脚本问题,导入镜像包到本地docker镜像仓库:
    # kubeadm 初始化k8s集群的时候,会从gce Google云中下载(pull)相应的镜像,且镜像相对比较大,
    下载比较慢,且需要解决科学上网的一个问题,国内上goole,懂得...........
    1)在/opt目录下创建image-load.sh,内容如下
         
    #!/bin/bash
    #注意 镜像解压的目录位置
    ls /opt/kubeadm-basic.images > /tmp/images-list.txt
    cd /opt/kubeadm-basic.images
    for i in $(cat /tmp/images-list.txt)
    do
    docker load -i $i
    done
    rm -rf /tmp/images-list.txt

    2)修改权限,可执行权限
         命令:chmod 755 image-load.sh
    3)开始执行,镜像导入
         
    4)传输文件及镜像到其他node节点
         #拷贝到node01节点
         scp -r image-load.sh kubeadm-basic.images root@centos003:/opt/
        #拷贝到node02节点
        scp -r image-load.sh kubeadm-basic.images root@centos004:/opt/
        #其他节点依次执行sh脚本,导入镜像
    5)导入成功后镜像仓库如下图所示:
        
  4. k8s部署
    1)初始化主节点 --- 只需要在主节点centos002执行
         1.1)拉去yaml资源配置文件
                  命令:kubeadm config print init-defaults > kubeadm-config.yaml
                   
         1.2)修改yaml资源文件,最终内容如下
                   
    apiVersion: kubeadm.k8s.io/v1beta2
    bootstrapTokens:
    - groups:
      - system:bootstrappers:kubeadm:default-node-token
      token: abcdef.0123456789abcdef
      ttl: 24h0m0s
      usages:
      - signing
      - authentication
    kind: InitConfiguration
    localAPIEndpoint:
      #注意:修改配置文件的IP地址
      advertiseAddress: 192.168.56.11 
      bindPort: 6443
    nodeRegistration:
      criSocket: /var/run/dockershim.sock
      name: centos002
      taints:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
    ---
    apiServer:
      timeoutForControlPlane: 4m0s
    apiVersion: kubeadm.k8s.io/v1beta2
    certificatesDir: /etc/kubernetes/pki
    clusterName: kubernetes
    controllerManager: {}
    dns:
      type: CoreDNS
    etcd:
      local:
        dataDir: /var/lib/etcd
    imageRepository: k8s.gcr.io
    kind: ClusterConfiguration
    #注意:修改版本号,必须和kubectl版本保持一致
    kubernetesVersion: v1.15.1  
    networking:
      #指定flannel模型通信 pod网段地址,此网段和flannel网段一致
      podSubnet: 10.244.0.0/16
      dnsDomain: cluster.local
      serviceSubnet: 10.96.0.0/12
    scheduler: {}
    #指定使用ipvs网络进行通信
    ---
    apiVersion: kubeproxy.config.k8s.io/v1alpha1
    kind: kubeProxyConfiguration
    featureGates:
    SupportIPVSProxyMode: true
    mode: ipvs
    

         1.3) 初始化主节点,开始部署,#注意:执行此命令,CPU核心数量必须大于1核,否则无法执行成功
                命令:kubeadm init --config=kubeadm-config.yaml --experimental-upload-certs | tee kubeadm-init.log
                
         1.4)按照k8s指示,执行下面的命令:
                  #创建目录,保存连接配置缓存,认证文件:mkdir -p $HOME/.kube
                  #拷贝集群管理配置文件 : cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
                 #授权给配置文件 :chown $(id -u):$(id -g) $HOME/.kube/confi
         1.5)执行命令前查询node:
                 命令:kubectl get node
                 
                我们发现已经可以成功查询node节点信息了,但是节点的状态却是NotReady,不是Runing的状态。原 因是此时我们使用ipvs+flannel的方式进行网络通信,
                但是flannel网络插件还没有部署,因此节点状态 此时为NotReady
    2)部署flannel网络插件 --- 只需要在主节点执行
           2.1)下载flannel网络插件
                  命令:wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
                  如果下载不下来直接只用下来的即可, kube-flannel.yml内容如下:
                 
    ---
    apiVersion: policy/v1beta1
    kind: PodSecurityPolicy
    metadata:
      name: psp.flannel.unprivileged
      annotations:
        seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
        seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
        apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
        apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
    spec:
      privileged: false
      volumes:
        - configMap
        - secret
        - emptyDir
        - hostPath
      allowedHostPaths:
        - pathPrefix: "/etc/cni/net.d"
        - pathPrefix: "/etc/kube-flannel"
        - pathPrefix: "/run/flannel"
      readOnlyRootFilesystem: false
      # Users and groups
      runAsUser:
        rule: RunAsAny
      supplementalGroups:
        rule: RunAsAny
      fsGroup:
        rule: RunAsAny
      # Privilege Escalation
      allowPrivilegeEscalation: false
      defaultAllowPrivilegeEscalation: false
      # Capabilities
      allowedCapabilities: ['NET_ADMIN']
      defaultAddCapabilities: []
      requiredDropCapabilities: []
      # Host namespaces
      hostPID: false
      hostIPC: false
      hostNetwork: true
      hostPorts:
      - min: 0
        max: 65535
      # SELinux
      seLinux:
        # SELinux is unused in CaaSP
        rule: 'RunAsAny'
    ---
    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: flannel
    rules:
      - apiGroups: ['extensions']
        resources: ['podsecuritypolicies']
        verbs: ['use']
        resourceNames: ['psp.flannel.unprivileged']
      - apiGroups:
          - ""
        resources:
          - pods
        verbs:
          - get
      - apiGroups:
          - ""
        resources:
          - nodes
        verbs:
          - list
          - watch
      - apiGroups:
          - ""
        resources:
          - nodes/status
        verbs:
          - patch
    ---
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: flannel
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: flannel
    subjects:
    - kind: ServiceAccount
      name: flannel
      namespace: kube-system
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: flannel
      namespace: kube-system
    ---
    kind: ConfigMap
    apiVersion: v1
    metadata:
      name: kube-flannel-cfg
      namespace: kube-system
      labels:
        tier: node
        app: flannel
    data:
      cni-conf.json: |
        {
          "name": "cbr0",
          "cniVersion": "0.3.1",
          "plugins": [
            {
              "type": "flannel",
              "delegate": {
                "hairpinMode": true,
                "isDefaultGateway": true
              }
            },
            {
              "type": "portmap",
              "capabilities": {
                "portMappings": true
              }
            }
          ]
        }
      net-conf.json: |
        {
          "Network": "10.244.0.0/16",
          "Backend": {
            "Type": "vxlan"
          }
        }
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
      name: kube-flannel-ds-amd64
      namespace: kube-system
      labels:
        tier: node
        app: flannel
    spec:
      selector:
        matchLabels:
          app: flannel
      template:
        metadata:
          labels:
            tier: node
            app: flannel
        spec:
          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                  - matchExpressions:
                      - key: beta.kubernetes.io/os
                        operator: In
                        values:
                          - linux
                      - key: beta.kubernetes.io/arch
                        operator: In
                        values:
                          - amd64
          hostNetwork: true
          tolerations:
          - operator: Exists
            effect: NoSchedule
          serviceAccountName: flannel
          initContainers:
          - name: install-cni
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64
            command:
            - cp
            args:
            - -f
            - /etc/kube-flannel/cni-conf.json
            - /etc/cni/net.d/10-flannel.conflist
            volumeMounts:
            - name: cni
              mountPath: /etc/cni/net.d
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          containers:
          - name: kube-flannel
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64
            command:
            - /opt/bin/flanneld
            args:
            - --ip-masq
            - --kube-subnet-mgr
            resources:
              requests:
                cpu: "100m"
                memory: "50Mi"
              limits:
                cpu: "100m"
                memory: "50Mi"
            securityContext:
              privileged: false
              capabilities:
                add: ["NET_ADMIN"]
            env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            volumeMounts:
            - name: run
              mountPath: /run/flannel
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          volumes:
            - name: run
              hostPath:
                path: /run/flannel
            - name: cni
              hostPath:
                path: /etc/cni/net.d
            - name: flannel-cfg
              configMap:
                name: kube-flannel-cfg
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
      name: kube-flannel-ds-arm64
      namespace: kube-system
      labels:
        tier: node
        app: flannel
    spec:
      selector:
        matchLabels:
          app: flannel
      template:
        metadata:
          labels:
            tier: node
            app: flannel
        spec:
          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                  - matchExpressions:
                      - key: beta.kubernetes.io/os
                        operator: In
                        values:
                          - linux
                      - key: beta.kubernetes.io/arch
                        operator: In
                        values:
                          - arm64
          hostNetwork: true
          tolerations:
          - operator: Exists
            effect: NoSchedule
          serviceAccountName: flannel
          initContainers:
          - name: install-cni
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-arm64
            command:
            - cp
            args:
            - -f
            - /etc/kube-flannel/cni-conf.json
            - /etc/cni/net.d/10-flannel.conflist
            volumeMounts:
            - name: cni
              mountPath: /etc/cni/net.d
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          containers:
          - name: kube-flannel
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-arm64
            command:
            - /opt/bin/flanneld
            args:
            - --ip-masq
            - --kube-subnet-mgr
            resources:
              requests:
                cpu: "100m"
                memory: "50Mi"
              limits:
                cpu: "100m"
                memory: "50Mi"
            securityContext:
              privileged: false
              capabilities:
                 add: ["NET_ADMIN"]
            env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            volumeMounts:
            - name: run
              mountPath: /run/flannel
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          volumes:
            - name: run
              hostPath:
                path: /run/flannel
            - name: cni
              hostPath:
                path: /etc/cni/net.d
            - name: flannel-cfg
              configMap:
                name: kube-flannel-cfg
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
      name: kube-flannel-ds-arm
      namespace: kube-system
      labels:
        tier: node
        app: flannel
    spec:
      selector:
        matchLabels:
          app: flannel
      template:
        metadata:
          labels:
            tier: node
            app: flannel
        spec:
          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                  - matchExpressions:
                      - key: beta.kubernetes.io/os
                        operator: In
                        values:
                          - linux
                      - key: beta.kubernetes.io/arch
                        operator: In
                        values:
                          - arm
          hostNetwork: true
          tolerations:
          - operator: Exists
            effect: NoSchedule
          serviceAccountName: flannel
          initContainers:
          - name: install-cni
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-arm
            command:
            - cp
            args:
            - -f
            - /etc/kube-flannel/cni-conf.json
            - /etc/cni/net.d/10-flannel.conflist
            volumeMounts:
            - name: cni
              mountPath: /etc/cni/net.d
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          containers:
          - name: kube-flannel
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-arm
            command:
            - /opt/bin/flanneld
            args:
            - --ip-masq
            - --kube-subnet-mgr
            resources:
              requests:
                cpu: "100m"
                memory: "50Mi"
              limits:
                cpu: "100m"
                memory: "50Mi"
            securityContext:
              privileged: false
              capabilities:
                 add: ["NET_ADMIN"]
            env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            volumeMounts:
            - name: run
              mountPath: /run/flannel
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          volumes:
            - name: run
              hostPath:
                path: /run/flannel
            - name: cni
              hostPath:
                path: /etc/cni/net.d
            - name: flannel-cfg
              configMap:
                name: kube-flannel-cfg
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
      name: kube-flannel-ds-ppc64le
      namespace: kube-system
      labels:
        tier: node
        app: flannel
    spec:
      selector:
        matchLabels:
          app: flannel
      template:
        metadata:
          labels:
            tier: node
            app: flannel
        spec:
          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                  - matchExpressions:
                      - key: beta.kubernetes.io/os
                        operator: In
                        values:
                          - linux
                      - key: beta.kubernetes.io/arch
                        operator: In
                        values:
                          - ppc64le
          hostNetwork: true
          tolerations:
          - operator: Exists
            effect: NoSchedule
          serviceAccountName: flannel
          initContainers:
          - name: install-cni
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-ppc64le
            command:
            - cp
            args:
            - -f
            - /etc/kube-flannel/cni-conf.json
            - /etc/cni/net.d/10-flannel.conflist
            volumeMounts:
            - name: cni
              mountPath: /etc/cni/net.d
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          containers:
          - name: kube-flannel
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-ppc64le
            command:
            - /opt/bin/flanneld
            args:
            - --ip-masq
            - --kube-subnet-mgr
            resources:
              requests:
                cpu: "100m"
                memory: "50Mi"
              limits:
                cpu: "100m"
                memory: "50Mi"
            securityContext:
              privileged: false
              capabilities:
                 add: ["NET_ADMIN"]
            env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            volumeMounts:
            - name: run
              mountPath: /run/flannel
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          volumes:
            - name: run
              hostPath:
                path: /run/flannel
            - name: cni
              hostPath:
                path: /etc/cni/net.d
            - name: flannel-cfg
              configMap:
                name: kube-flannel-cfg
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
      name: kube-flannel-ds-s390x
      namespace: kube-system
      labels:
        tier: node
        app: flannel
    spec:
      selector:
        matchLabels:
          app: flannel
      template:
        metadata:
          labels:
            tier: node
            app: flannel
        spec:
          affinity:
            nodeAffinity:
              requiredDuringSchedulingIgnoredDuringExecution:
                nodeSelectorTerms:
                  - matchExpressions:
                      - key: beta.kubernetes.io/os
                        operator: In
                        values:
                          - linux
                      - key: beta.kubernetes.io/arch
                        operator: In
                        values:
                          - s390x
          hostNetwork: true
          tolerations:
          - operator: Exists
            effect: NoSchedule
          serviceAccountName: flannel
          initContainers:
          - name: install-cni
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-s390x
            command:
            - cp
            args:
            - -f
            - /etc/kube-flannel/cni-conf.json
            - /etc/cni/net.d/10-flannel.conflist
            volumeMounts:
            - name: cni
              mountPath: /etc/cni/net.d
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          containers:
          - name: kube-flannel
            image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-s390x
            command:
            - /opt/bin/flanneld
            args:
            - --ip-masq
            - --kube-subnet-mgr
            resources:
              requests:
                cpu: "100m"
                memory: "50Mi"
              limits:
                cpu: "100m"
                memory: "50Mi"
            securityContext:
              privileged: false
              capabilities:
                 add: ["NET_ADMIN"]
            env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            volumeMounts:
            - name: run
              mountPath: /run/flannel
            - name: flannel-cfg
              mountPath: /etc/kube-flannel/
          volumes:
            - name: run
              hostPath:
                path: /run/flannel
            - name: cni
              hostPath:
                path: /etc/cni/net.d
            - name: flannel-cfg
              configMap:
                name: kube-flannel-cfg
    

           2.2)部署flannel
                 命令:kubectl create -f kube-flannel.yml
                 
           2.3)使用命令查看组件状态
               命令:kubectl get pod -n kube-system
               
               发现通过flannel部署的pod都出现pending,ImagePullBackOff这样的问题:
               查询指定pod的详细错误:kubectl describe pod kube-flannel-ds-amd64-x2jhv -n kube-system
               
               解决办法参考:https://blog.csdn.net/K_520_W/article/details/116566733
           2.4)最后结果
            
    3)节点Join
        构建kubernetes主节点成功,会产生一个日志文件(命令中指定日志输出文件 “tee kubeadm-init.log”),内容如下所示
        
        负责命令到其他几个node(centos003,centos004)节点进行执行即可:
       
       执行完毕,查看效果如下所示:
      
      出现上面的效果表示我们的k8s集群已经搭建成功

以上是关于k8s集群环境搭建的主要内容,如果未能解决你的问题,请参考以下文章

k3s快速搭建k8s集群环境

k8s 实践经验:搭建 k8s 集群

k8s集群环境搭建

k8s集群环境搭建

基于 KubeAdmin 搭建k8s集群

k8s简单集群搭建