k8s集群环境搭建

Posted 爱上口袋的天空

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s集群环境搭建相关的知识,希望对你有一定的参考价值。

1.环境准备

1.1)机器环境

                节点CPU核数必须是 :>= 2核 ,否则k8s无法启动 DNS网络: 最好设置为 本地网络连通的DNS,否则网络不通,无法下载一些镜像 linux内核: linux内核必须是 4 版本以上,

        因此必须把linux核心进行升级

                准备3台虚拟机环境,或者是3台阿里云服务器都可。

               centos002: 此机器用来安装k8s-master的操作环境

               centos003: 此机器用来安装k8s node节点的环境

               centos004: 此机器用来安装k8s node节点的环境

         

         使用命令查看Linux内核版本:

         
          由上面可以看出来我们的Linux内核后面需要升级为4版本以上,目前是3版本不满足要求。

1.2)设置3台机器的主机名,我们这里就叫做centos002,centos003,centos004

1.3)  配置IP host映射关系,3台机器都要配置

           

1.4)  安装依赖环境,注意:每一台机器都需要安装此依赖环境

yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc

 

1.5)关闭防火墙,每一台机器都需要

       命令:systemctl stop firewalld && systemctl disable firewalld

1.6)安装iptables,启动iptables,设置开机自启,清空iptables规则,保存当前规则到默认规则,3台机器都要配置

       命令:yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save

       

1.7)关闭swap分区【虚拟内存】并且永久关闭虚拟内存,3台机器都要配置

        命令:swapoff -a && sed -i '/ swap / s/^\\(.*\\)$/#\\1/g' /etc/fstab

1.8)关闭selinux,3台机器都要配置

        命令:setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

1.9)升级Linux内核为5.4版本,3台机器都要配置

         命令:rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm

        
        安装内核:yum --enablerepo=elrepo-kernel install -y kernel-lt
         
        设置开机从新内核启动:grub2-set-default 'CentOS Linux (5.4.117-1.el7.elrepo.x86_64) 7 (Core)'
        注意:设置完内核后,需要重启服务器才会生效
        

1.10)调整内核参数,对于k8s,3台机器都要配置

          在/opt目录下创建kubernetes.conf文件,内容如下:

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720

  将优化内核文件拷贝到/etc/sysctl.d/文件夹下,这样优化文件开机的时候能够被调用 
  命令:cp /opt/kubernetes.conf /etc/sysctl.d/kubernetes.conf

  手动刷新,让优化文件立即生效:
  命令:sysctl -p /etc/sysctl.d/kubernetes.conf
  

1.11)调整系统临时区 --- 如果已经设置时区,可略过,3台机器都要配置

       1)设置系统时区为中国/上海
             命令:timedatectl set-timezone Asia/Shanghai

       2)将当前的 UTC 时间写入硬件时钟
            命令:timedatectl set-local-rtc 0

       3)重启依赖于系统时间的服务
            命令:
                systemctl restart rsyslog
                systemctl restart crond

1.12)关闭系统不需要的服务,3台机器都要配置
           命令:systemctl stop postfix && systemctl disable postfix

1.13)设置日志保存方式,3台机器都要配置

          1)创建保存日志的目录
                命令:mkdir /var/log/journal

          2)创建配置文件存放目录
                命令:mkdir /etc/systemd/journald.conf.d

          3)在/etc/systemd/journald.conf.d目录下创建配置文件99-prophet.conf

[Journal]
Storage=persistent #表示存储日志是否需要持久化
Compress=yes #表示日志是否需要压缩
SyncIntervalSec=5m #同步的时间间隔为5分钟
RateLimitInterval=30s #频率的限制是30秒
RateLimitBurst=1000
SystemMaxUse=10G #系统使用的空间限制10G
SystemMaxFileSize=200M #系统最大文件大小
MaxRetentionSec=2week
ForwardToSyslog=no

          4) 重启systemd journald的配置,这个是专门用来收集日志的
                命令:systemctl restart systemd-journald

          5)打开文件数调整 (可忽略,不执行)
                命令:
                   echo "* soft nofile 65536" >> /etc/security/limits.conf
                   echo "* hard nofile 65536" >> /etc/security/limits.conf

1.14)kube-proxy 开启 ipvs 前置条件,3台机器都要配置
           命令:modprobe br_netfilter
           在/etc/sysconfig/modules/目录下创建ipvs.modules文件

#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack

    使用lsmod命令查看这些文件是否被引导 
          命令:chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
        

2.docker部署,3台机器都要配置

  1. 安装docker
    命令:yum install -y yum-utils device-mapper-persistent-data lvm2
  2. 紧接着配置一个稳定(stable)的仓库、仓库配置会保存到/etc/yum.repos.d/docker-ce.repo文件 中
    命令:yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  3. 更新Yum安装的相关Docke软件包&安装Docker CE
    命令:yum update -y && yum install -y docker-ce
  4. 创建/etc/docker目录
    命令:mkdir /etc/docker
  5. 更新daemon.json文件,在/etc/docker/目录下创建daemon.json文件,内容如下 
    {"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"}}

     

  6. 创建,存储docker配置文件
    命令:mkdir -p /etc/systemd/system/docker.service.d
  7. 重启docker服务
    命令:systemctl daemon-reload && systemctl restart docker && systemctl enable docker
  8. 查看docker信息

3.kubeadm[一键安装k8s],3台机器都要配置

  1. 安装kubernetes的时候,需要安装kubelet, kubeadm等包,但k8s官网给的yum源是 packages.cloud.google.com,国内访问不了,此时我们可以使用阿里云的yum仓库镜像。
    创建/etc/yum.repos.d/kubernetes.repo文件,内容如下 
    [kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

  2. 安装kubeadm、kubelet、kubectl
    命令:yum install -y kubeadm-1.15.1 kubelet-1.15.1 kubectl-1.15.1
  3. 启动 kubelet
    命令:systemctl enable kubelet && systemctl start kubelet

4.集群安装

  1. 将基础镜像上传到centos002服务器上

  2. 解压安装包
  3. 编写脚本问题,导入镜像包到本地docker镜像仓库:
    # kubeadm 初始化k8s集群的时候,会从gce Google云中下载(pull)相应的镜像,且镜像相对比较大,
    下载比较慢,且需要解决科学上网的一个问题,国内上goole,懂得...........
    1)在/opt目录下创建image-load.sh,内容如下
          
    #!/bin/bash
#注意 镜像解压的目录位置
ls /opt/kubeadm-basic.images > /tmp/images-list.txt
cd /opt/kubeadm-basic.images
for i in $(cat /tmp/images-list.txt)
do
docker load -i $i
done
rm -rf /tmp/images-list.txt

    2)修改权限,可执行权限
         命令:chmod 755 image-load.sh
    3)开始执行,镜像导入
         
    4)传输文件及镜像到其他node节点
         #拷贝到node01节点
         scp -r image-load.sh kubeadm-basic.images root@centos003:/opt/
        #拷贝到node02节点
        scp -r image-load.sh kubeadm-basic.images root@centos004:/opt/
        #其他节点依次执行sh脚本,导入镜像
    5)导入成功后镜像仓库如下图所示:
        
  4. k8s部署
    1)初始化主节点 --- 只需要在主节点centos002执行
         1.1)拉去yaml资源配置文件
                  命令:kubeadm config print init-defaults > kubeadm-config.yaml
                   
         1.2)修改yaml资源文件,最终内容如下
                    
    apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  #注意:修改配置文件的IP地址
  advertiseAddress: 192.168.56.11 
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: centos002
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
#注意:修改版本号,必须和kubectl版本保持一致
kubernetesVersion: v1.15.1  
networking:
  #指定flannel模型通信 pod网段地址,此网段和flannel网段一致
  podSubnet: 10.244.0.0/16
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}
#指定使用ipvs网络进行通信
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: kubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs

         1.3) 初始化主节点,开始部署,#注意:执行此命令,CPU核心数量必须大于1核,否则无法执行成功
                命令:kubeadm init --config=kubeadm-config.yaml --experimental-upload-certs | tee kubeadm-init.log
                
         1.4)按照k8s指示,执行下面的命令:
                  #创建目录,保存连接配置缓存,认证文件:mkdir -p $HOME/.kube
                  #拷贝集群管理配置文件 : cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
                 #授权给配置文件 :chown $(id -u):$(id -g) $HOME/.kube/confi
         1.5)执行命令前查询node:
                 命令:kubectl get node
                 
                我们发现已经可以成功查询node节点信息了,但是节点的状态却是NotReady,不是Runing的状态。原 因是此时我们使用ipvs+flannel的方式进行网络通信,
                但是flannel网络插件还没有部署,因此节点状态 此时为NotReady
    2)部署flannel网络插件 --- 只需要在主节点执行
           2.1)下载flannel网络插件
                  命令:wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
                  如果下载不下来直接只用下来的即可, kube-flannel.yml内容如下:
                  
    ---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: psp.flannel.unprivileged
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
  privileged: false
  volumes:
    - configMap
    - secret
    - emptyDir
    - hostPath
  allowedHostPaths:
    - pathPrefix: "/etc/cni/net.d"
    - pathPrefix: "/etc/kube-flannel"
    - pathPrefix: "/run/flannel"
  readOnlyRootFilesystem: false
  # Users and groups
  runAsUser:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  # Privilege Escalation
  allowPrivilegeEscalation: false
  defaultAllowPrivilegeEscalation: false
  # Capabilities
  allowedCapabilities: ['NET_ADMIN']
  defaultAddCapabilities: []
  requiredDropCapabilities: []
  # Host namespaces
  hostPID: false
  hostIPC: false
  hostNetwork: true
  hostPorts:
  - min: 0
    max: 65535
  # SELinux
  seLinux:
    # SELinux is unused in CaaSP
    rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: flannel
rules:
  - apiGroups: ['extensions']
    resources: ['podsecuritypolicies']
    verbs: ['use']
    resourceNames: ['psp.flannel.unprivileged']
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes/status
    verbs:
      - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: flannel
  namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-system
  labels:
    tier: node
    app: flannel
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "Backend": {
        "Type": "vxlan"
      }
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-amd64
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - amd64
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-amd64
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
            add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-arm64
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - arm64
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-arm64
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-arm64
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
             add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-arm
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - arm
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-arm
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-arm
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
             add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-ppc64le
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - ppc64le
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-ppc64le
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-ppc64le
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
             add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-s390x
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - s390x
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-s390x
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay-mirror.qiniu.com/coreos/flannel:v0.12.0-s390x
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
             add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg

           2.2)部署flannel
                 命令:kubectl create -f kube-flannel.yml
                 
           2.3)使用命令查看组件状态
               命令:kubectl get pod -n kube-system
               
               发现通过flannel部署的pod都出现pending,ImagePullBackOff这样的问题:
               查询指定pod的详细错误:kubectl describe pod kube-flannel-ds-amd64-x2jhv -n kube-system
               
               解决办法参考:https://blog.csdn.net/K_520_W/article/details/116566733
           2.4)最后结果
            
    3)节点Join
        构建kubernetes主节点成功,会产生一个日志文件(命令中指定日志输出文件 “tee kubeadm-init.log”),内容如下所示
        
        负责命令到其他几个node(centos003,centos004)节点进行执行即可:
       
       执行完毕,查看效果如下所示:
      
      出现上面的效果表示我们的k8s集群已经搭建成功

以上是关于k8s集群环境搭建的主要内容,如果未能解决你的问题,请参考以下文章

k3s快速搭建k8s集群环境

k8s 实践经验:搭建 k8s 集群

k8s集群环境搭建

k8s集群环境搭建

基于 KubeAdmin 搭建k8s集群

k8s简单集群搭建