k8s 单master群集部署

Posted 还行少年

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s 单master群集部署相关的知识,希望对你有一定的参考价值。

环境

master		 192.168.30.7	    docker、kubeadm、kubelet、kubectl、flannel
node01		 192.168.30.8	    docker、kubeadm、kubelet、kubectl、flannel
node02		 192.168.30.9		docker、kubeadm、kubelet、kubectl、flannel
Harbor		 192.168.30.6		docker、docker-compose、harbor-offline-v1.2.2

一、kubeadm 部署单master集群

1.关闭防火墙、核心防护(所有k8s节点)

[root@master ~]# systemctl stop firewalld   //关闭防火墙
[root@master ~]# systemctl disable firewalld   //开机不启动
[root@master ~]# setenforce 0                 //关闭核心防护
setenforce: SELinux is disabled
[root@master ~]# iptables -F                 //清空防火墙规则
[root@master ~]# swapoff -a                  //关闭交换分区
[root@master ~]# sed -ri 's/.*swap.*/#&/' /etc/fstab    //永久关闭交换分区
[root@master ~]# for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done  //为kube-proxy开启ipvs的前提需要加载以下的内核模块
ip_vs_dh
ip_vs_ftp
ip_vs
ip_vs_lblc
ip_vs_lblcr
ip_vs_lc
ip_vs_nq
ip_vs_pe_sip
ip_vs_rr
ip_vs_sed
ip_vs_sh
ip_vs_wlc
ip_vs_wrr
[root@master ~]# 

2.添加映射,加载ipvs模块

[root@master ~]# vim /etc/hosts    //添加映射

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.30.7 master
192.168.30.8 node1
192.168.30.9 node2
192.168.30.6 harbor

[root@master ~]# cat > /etc/sysctl.d/k8s.conf << EOF   //加载ipvs模块
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@master ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/60-libvirtd.conf ...
fs.aio-max-nr = 1048576
* Applying /etc/sysctl.d/99-sysctl.conf ...
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.d/k8s.conf ...
* Applying /etc/sysctl.conf ...
net.ipv4.ip_forward = 1
[root@master ~]# 
[root@master ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 
[root@master ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.ip_forward = 1
[root@master ~]# systemctl restart network
[root@master ~]# 

3.安装Docker、kubeadm、kubelet

3.1 安装Docker

[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2    //安装docker依赖环境 
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
软件包 yum-utils-1.1.31-54.el7_8.noarch 已安装并且是最新版本
软件包 device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64 已安装并且是最新版本
软件包 7:lvm2-2.02.187-6.el7_9.5.x86_64 已安装并且是最新版本
无须任何处理
[root@master ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo  //docker源
已加载插件:fastestmirror, langpacks
adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@master ~]# yum install -y docker-ce  //安装社区版docker
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
软件包 3:docker-ce-20.10.8-3.el7.x86_64 已安装并且是最新版本
无须任何处理
[root@master ~]# systemctl start docker
[root@master ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@master ~]# 
[root@master ~]# systemctl daemon-reload   //重载配置文件
[root@master ~]# systemctl restart docker   //重启docker
[root@master ~]# docker  --version    //查看docker版本
Docker version 20.10.8, build 3967b7d

3.2 安装kubeadm、kubelet

[root@master ~]# yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
软件包 kubelet-1.15.0-0.x86_64 已安装并且是最新版本
软件包 kubeadm-1.15.0-0.x86_64 已安装并且是最新版本
软件包 kubectl-1.15.0-0.x86_64 已安装并且是最新版本
无须任何处理
[root@master ~]# rpm -qa | grep kube   //过滤已安装
kubectl-1.15.0-0.x86_64
kubernetes-cni-0.8.7-0.x86_64
kubelet-1.15.0-0.x86_64
kubeadm-1.15.0-0.x86_64
[root@master ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

3.3 初始化kubernetes

[root@master k8s]# kubeadm init --apiserver-advertise-address=192.168.30.7 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.15.0 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
。。。
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.30.7:6443 --token 14awt0.4tsyimtfoszxla45 \\
    --discovery-token-ca-cert-hash sha256:83da59d256f6914646b604af179506983e099a59555142697db90c2c18ff5051 

3.4 安装pod网络插件

[root@master k8s]#  mkdir -p $HOME/.kube
[root@master k8s]#   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master k8s]#   sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master k8s]# kubectl apply -f kube-flannel.yml 
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.extensions/kube-flannel-ds-amd64 created
daemonset.extensions/kube-flannel-ds-arm64 created
daemonset.extensions/kube-flannel-ds-arm created
daemonset.extensions/kube-flannel-ds-ppc64le created
daemonset.extensions/kube-flannel-ds-s390x created

3.5 查看状态

在这里插入代码片

3.6 node组件拉取flannel镜像

[root@node2 k8s]# docker pull lizhenliang/flannel:v0.11.0-amd64
v0.11.0-amd64: Pulling from lizhenliang/flannel
cd784148e348: Pull complete 
04ac94e9255c: Pull complete 
e10b013543eb: Pull complete 
005e31e443b1: Pull complete 
74f794f05817: Pull complete 
Digest: sha256:bd76b84c74ad70368a2341c2402841b75950df881388e43fc2aca000c546653a
Status: Downloaded newer image for lizhenliang/flannel:v0.11.0-amd64
docker.io/lizhenliang/flannel:v0.11.0-amd64
[root@node2 k8s]# 

3.7 node节点加入集群

[root@node1 k8s]# kubeadm join 192.168.30.7:6443 --token 14awt0.4tsyimtfoszxla45     --discovery-token-ca-cert-hash sha256:83da59d256f6914646b604af179506983e099a59555142697db90c2c18ff5051 [preflight] Running pre-flight checks
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.8. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@master k8s]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"}   
[root@master k8s]# kubectl get nodes    //查看组件状态
NAME     STATUS   ROLES    AGE   VERSION
master   Ready    master   79m   v1.15.0
node1    Ready    <none>   18m   v1.15.0
node2    Ready    <none>   18m   v1.15.0


3.8 给node节点打上标签

[root@master k8s]# kubectl label node node1 node-role.kubernetes.io/node=node
node/node1 labeled
[root@master k8s]# kubectl label node node2 node-role.kubernetes.io/node=node
node/node2 labeled
[root@master k8s]# kubectl get nodes
NAME     STATUS   ROLES    AGE   VERSION
master   Ready    master   81m   v1.15.0
node1    Ready    node     21m   v1.15.0
node2    Ready    node     21m   v1.15.0
[root@master k8s]# 

3.9 查看pod状态

[root@master k8s]# kubectl get pods -n kube-system
NAME                             READY   STATUS    RESTARTS   AGE
coredns-bccdc95cf-c56p5          1/1     Running   0          82m
coredns-bccdc95cf-pqd8n          1/1     Running   0          82m
etcd-master                      1/1     Running   0          82m
kube-apiserver-master            1/1     Running   0          81m
kube-controller-manager-master   1/1     Running   0          82m
kube-flannel-ds-amd64-6d7wp      1/1     Running   0          31m
kube-flannel-ds-amd64-h6zs6      1/1     Running   0          22m
kube-flannel-ds-amd64-m2szz      1/1     Running   0          22m
kube-proxy-92cb7                 1/1     Running   0          22m
kube-proxy-ltql5                 1/1     Running   0          82m
kube-proxy-p7xth                 1/1     Running   0          22m
kube-scheduler-master            1/1     Running   0          81m
[root@master k8s]# 

二、harbor仓库部署

1.修改主机名。添加映射

[root@localhost ~]# hostnamectl set-hostname harbor
[root@localhost ~]# su
[root@harbor ~]# cat <<EOF >>/etc/hosts
> 192.168.30.7 master
> 192.168.30.8 node1
> 192.168.30.9 node2
> 192.168.30.6 harbor
> EOF

2.关闭防护墙,核心防护,开启路由转发

[root@harbor ~]# systemctl stop firewalld 
[root@harbor ~]# systemctl disable firewalld 
[root@harbor ~]# setenforce 0
setenforce: SELinux is disabled
[root@harbor ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
[root@harbor ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@harbor ~]# 

3.部署harbor

3.1 安装docker

[root@harbor ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Package yum-utils-1.1.31-54.el7_8.noarch already installed and latest version
Package device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64 already installed and latest version
Package 7:lvm2-2.02.187-6.el7_9.5.x86_64 already installed and latest version
Nothing to do
[root@harbor ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror, langpacks
adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@harbor bin]# systemctl start docker
[root@harbor bin]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.


3.2 解压、赋权

[root@harbor ~]# chmod +x /usr/local/bin/docker-compose
[root@harbor ~]# tar zxf harbor-offline-installer-v1.2.2.tgz -C /usr/local

3.3 修改harbor节点IP、执行安装脚本

[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]# ls
common                    docker-compose.notary.yml  harbor_1_1_0_template  harbor.v1.2.2.tar.gz  LICENSE  prepare
docker-compose.clair.yml  docker-compose.yml         harbor.cfg             install.sh            NOTICE   upgrade
[root@harbor harbor]# sed -i "5s/reg.mydomain.com/192.168.30.6/" /usr/local/harbor/harbor.cfg
[root@harbor harbor]# sh /usr/local/harbor/install.sh
。。。
✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://192.168.30.6. 
For more details, please visit https://github.com/vmware/harbor .


3.4 网页登录


三、拉取代码-生成镜像、推送到Harbor

1.拉取代码

[root@master ~]# git clone https://github.com/otale/tale.git  //拉取代码
正克隆到 'tale'...
remote: Enumerating objects: 6759, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 6759 (delta 0), reused 0 (delta 0), pack-reused 6756
接收对象中: 100% (6759/6759), 27.13 MiB | 6.40 MiB/s, done.
处理 delta 中: 100% (3532/3532), done.

2.生成dockerfile文件

[root@master ~]# mkdir dockerfile && cd dockerfile  //生成dockerfile文件
[root@master dockerfile]# cp -r /root/tale /root/dockerfile
[root@master dockerfile]# cat <<EOF >> /root/dockerfile/Dockerfile
> FROM docker.io/centos:7
> RUN yum install wget curl curl-devel -y
> RUN wget -c --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
> RUN yum localinstall -y jdk-8u131-linux-x64.rpm
> ADD tale tale
> RUN cd tale/ && sh install.sh
> RUN cd tale/tale/bin && chmod +x tool 
> EXPOSE 9000
> EOF

3.生成镜像

[root@master dockerfile]# docker build -t="centos:tale" .
Sending build context to Docker daemon  40.05MB
Step 1/8 : FROM docker.io/centos:7
 ---> 8652b9f0cb4c
Step 2/8 : RUN yum install wget curl curl-devel -y
 ---> Using cache
 ---> a4db1c710f2a
Step 3/8 : RUN wget -c --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm
 ---> Using cache
 ---> deb50b8b8d18
Step 4/8 : RUN yum localinstall -y jdk-8u131-linux-x64.rpm
 ---> Using cache
 ---> c599c071623d
Step 5/8 : ADD tale tale
 ---> Using cache
 ---> f75ee8207f44
Step 6/8 : RUN cd tale/ && sh install.sh
 ---> Using cache
 ---> 4be069f04e72
Step 7/8 : RUN cd tale/bin && chmod +x tool
 ---> Running in b3046cdad740
Removing intermediate container b3046cdad740
 ---> 06a20ecc1fab
Step 8/8 : EXPOSE 9000
 ---> Running in 6b13c19a6312
Removing intermediate container 6b13c19a6312
 ---> 7a5112f75701
Successfully built 7a5112f75701
Successfully tagged centos:tale
[root@master dockerfile]# docker run -dit -p 9000:9000 centos:tale /bin/bash    //指定端口号映射
5d65a8dad7b176029b51ba31a1d2a4fa7fe4c1b1573e9007076d23a6a9305ea4

4.进入容器,启动服务

[root@master tale]# docker ps
CONTAINER ID   IMAGE                                               COMMAND                  CREATED         STATUS         PORTS                                       NAMES
f2b0d0b604ee   centos:tale                                         "/bin/bash"              8 seconds ago   Up 7 seconds   0.0.0.0:9000->9000/tcp, :::9000->9000/tcp   tender_herschel
[root@master tale]# docker exec -it f2b0d0b604ee /bin/bash
[root@f2b0d0b604ee tale]# ls
lib  resources  tale-latest.jar  tale.tar.gz  tool
[root@f2b0d0b604ee tale]# chmod +x tool 
[root@f2b0d0b604ee tale]# ls
lib  resources  tale-latest.jar  tale.tar.gz  tool
[root@f2b0d0b604ee tale]# ./tool start
Starting tale ...
(pid=85) [OK]

5.k8s节点指定harbor仓库位置

[root@master tale]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.30.9 -H fd:// --containerd=/run/containerd/containerd.sock
[root@master tale]# systemctl daemon-reload
[root@master tale]# systemctl restart docker 

6.生成镜像,推送到harbor

[root@master tale]# docker login -u admin -p Harbor12345 http://192.168.30.6  //登陆镜像仓库(master操作)
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@master tale]# docker tag centos:tale 192.168.30.6/public/centos:tale  //对tale项目打标签
[root@master tale]# ls
Dockerfile  jdk1.8.0_91  jdk-8u91-linux-x64.tar.gz  tale

[root@master tale]# docker  login -u admin -p Harbor12345 http://192.168.30.6 
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@master tale]# docker push 192.168.30.6/public/centos:tale  //上传镜像,在harbor页面确认镜像
The push refers to repository [192.168.30.6/public/centos]
60ad6954394b: Pushed 
03ce414d4120: Pushed 
9574e0c5027d: Pushed 
5c27272ecf72: Pushed 
6b3ac3b6047c: Pushed 
8eed47bd0b50: Pushed 
174f56854903: Pushed 
tale: digest: sha256:39eaa0ef2fb95740e19419877f34cec97ddc5a71c430f70c291ef7db588df085 size: 1798

7.执行k8s服务发布命令、发布java程序到K8S

[root@master ~]# cat tale.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: tale-deployment
  labels:
    app: tale
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tale
  template:
    metadata:
       labels:
        app: tale
    spec:
      containers:
      - name: tale
        image: 192.168.30.6/public/centos:tale
        command: [ "bin/bash","-ce","tail -f /dev/null"]
        ports:
        - containerPort: 9000
[root@master ~]# cat tale-service.yaml 
apiVersion: v1  
kind: Service  
metadata:
  name: tale-service
  labels:
    app: tale
spec:
  type: NodePort
  ports:
  - port: 80
    targetPort: 9000
  selector:
    app: tale
[root@master ~]# kubectl apply -f tale.yaml
deployment.apps/tale-deployment created
[root@master ~]# kubectl apply -f tale-service.yaml
service/tale-service created
[root@master ~]# 

8.查询

[root@master ~]#  kubectl get po,svc -o wide
NAME                                   READY   STATUS    RESTARTS   AGE   IP           NODE    NOMINATED NODE   READINESS GATES
pod/tale-deployment-59675cd9f7-wzlr8   1/1     Running   0          29m   10.244.1.5   node1   <none>           <none>

NAME                   TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE    SELECTOR
service/kubernetes     ClusterIP   10.1.0.1     <none>        443/TCP        

以上是关于k8s 单master群集部署的主要内容,如果未能解决你的问题,请参考以下文章

K8s单master群集部署--kubeamd方式+harbor仓库

K8s单master群集部署--kubeamd方式+harbor仓库

K8s单master群集部署--kubeamd方式+harbor仓库

K8s单master群集部署--kubeamd方式+harbor仓库

K8S 二进制集群部署--------单master集群

K8S——单master节点和基于单master节点的双master节点二进制部署