Kubeadm背景

Kubeadm 是社区官方持续维护的集群搭建工具,在 Kubernertes v1.13 版本的时候就已经 GA 了(GA 即 General Availability,指官方开始推荐广泛使用),它跟着 Kubernetes 的版本一起发布,目前 Kubeadm 代码放在 Kubernetes 的主代码库中

Kubeadm优势

  • 社区官方持续维护。
  • 支持快速搭建出符合一致性测试认证(Conformance Test)的集群。
  • 用户体验非常优秀,使用起来非常方便,并且可以用于搭建生产环境,支持搭建高可用集群。
  • 代码设计采用了可组合的模块方式。
  • 支持向下兼容低一个小版本的 K8s。
  • 支持集群平滑升级到高版本。

Kubeadm定位

Kubeadm 在设计之初的定位就是只关心集群的 bootstrapping,并不负责物理资源的管理和申请。在集群 bootstrapping 搭建完成后,你可以根据自己的需要,在集群中部署自己的 add-on 组件,比如 CNI 插件、Dashboard 等。

k8s cluster

环境准备

采用一台master节点和一台node节点做部署

master [关闭selinux, 关闭防火墙和安装docker]

[root@master ~]# cat /etc/redhat-release 
CentOS Linux release 7.8.2003 (Core)
[root@master ~]# uname -r
3.10.0-1127.19.1.el7.x86_64
[root@master ~]# hostname
master
[root@master ~]# getenforce
Disabled
[root@master ~]# docker -v
Docker version 19.03.13, build 4484c46d9d
[root@master ~]# firewall-cmd  --state
not running

node [关闭selinux, 关闭防火墙和安装docker]

[root@node ~]# cat /etc/redhat-release 
CentOS Linux release 7.8.2003 (Core)
[root@node ~]# uname -r                
3.10.0-1127.19.1.el7.x86_64
[root@node ~]# hostname
node
[root@node ~]# getenforce 
Disabled
[root@node ~]# docker -v
Docker version 19.03.13, build 4484c46d9d
[root@node ~]# firewall-cmd  --state
not running

实践

设置sysctl iptable参数 -- master和node节点都执行如下操作

[root@master ~]# cat <<EOF >  /etc/sysctl.d/k8s.conf
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@master ~]# sysctl --system

安装k8s yum源(本次采用阿里云的源) -- master和node节点都执行如下操作

master

[root@master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=1
> repo_gpgcheck=1
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
[root@master ~]# yum makecache
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                                                                    | 3.6 kB  00:00:00     
docker-ce-stable                                                                                                        | 3.5 kB  00:00:00     
extras                                                                                                                  | 2.9 kB  00:00:00     
kubernetes/signature                                                                                                    |  454 B  00:00:00     
Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
Importing GPG key 0xA7317B0F:
 Userid     : "Google Cloud Packages Automatic Signing Key <gc-team@google.com>"
 Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f
 From       : https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
Is this ok [y/N]: y
kubernetes/signature                                                                                                    | 1.4 kB  00:00:06 !!! 
updates                                                                                                                 | 2.9 kB  00:00:00     
(1/11): extras/7/x86_64/filelists_db                                                                                    | 217 kB  00:00:00     
(2/11): extras/7/x86_64/other_db                                                                                        | 124 kB  00:00:00     
(3/11): base/7/x86_64/other_db                                                                                          | 2.6 MB  00:00:00     
(4/11): kubernetes/primary                                                                                              |  78 kB  00:00:00     
(5/11): base/7/x86_64/filelists_db                                                                                      | 7.1 MB  00:00:01     
(6/11): kubernetes/other                                                                                                |  51 kB  00:00:00     
(7/11): kubernetes/filelists                                                                                            |  26 kB  00:00:01     
(8/11): updates/7/x86_64/filelists_db                                                                                   | 2.4 MB  00:00:00     
(9/11): updates/7/x86_64/other_db                                                                                       | 318 kB  00:00:00     
(10/11): docker-ce-stable/x86_64/filelists_db                                                                           |  21 kB  00:00:02     
(11/11): docker-ce-stable/x86_64/other_db                                                                               | 114 kB  00:00:02     
kubernetes                                                                                                                             570/570
kubernetes                                                                                                                             570/570
kubernetes                                                                                                                             570/570
Metadata Cache Created

node

[root@node ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=1
> repo_gpgcheck=1
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
[root@node ~]# yum makecache
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                                                                    | 3.6 kB  00:00:00     
docker-ce-stable                                                                                                        | 3.5 kB  00:00:00     
extras                                                                                                                  | 2.9 kB  00:00:00     
kubernetes/signature                                                                                                    |  454 B  00:00:00     
Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
Importing GPG key 0xA7317B0F:
 Userid     : "Google Cloud Packages Automatic Signing Key <gc-team@google.com>"
 Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f
 From       : https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
Is this ok [y/N]: y
kubernetes/signature                                                                                                    | 1.4 kB  00:00:10 !!! 
updates                                                                                                                 | 2.9 kB  00:00:00     
(1/11): base/7/x86_64/other_db                                                                                          | 2.6 MB  00:00:00     
(2/11): extras/7/x86_64/filelists_db                                                                                    | 217 kB  00:00:00     
(3/11): extras/7/x86_64/other_db                                                                                        | 124 kB  00:00:00     
(4/11): docker-ce-stable/x86_64/filelists_db                                                                            |  21 kB  00:00:00     
(5/11): kubernetes/filelists                                                                                            |  26 kB  00:00:00     
(6/11): kubernetes/other                                                                                                |  51 kB  00:00:00     
(7/11): docker-ce-stable/x86_64/other_db                                                                                | 114 kB  00:00:00     
(8/11): updates/7/x86_64/other_db                                                                                       | 318 kB  00:00:00     
(9/11): kubernetes/primary                                                                                              |  78 kB  00:00:00     
(10/11): base/7/x86_64/filelists_db                                                                                     | 7.1 MB  00:00:01     
(11/11): updates/7/x86_64/filelists_db                                                                                  | 2.4 MB  00:00:00     
kubernetes                                                                                                                             570/570
kubernetes                                                                                                                             570/570
kubernetes                                                                                                                             570/570
Metadata Cache Created

安装kubeadm组件 -- master和node节点都执行如下操作

kubeadm:用来初始化集群的指令。

kubelet:在集群中的每个节点上用来启动 pod 和容器等。

kubectl:用来与集群通信的命令行工具。

[root@master ~]# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
[root@master ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

在master节点创建控制面

kubeadm init --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap

  • --image-repository #由于kubeadm默认是从官网k8s.grc.io下载所需镜像,国内无法访问,所以这里通过--image-repository指定为阿里云镜像仓库地址
  • --pod-network-cidr #指定pod网络段
  • --service-cidr #指定service网络段
  • --ignore-preflight-errors=Swap #忽略swap报错信息

执行成功后, 会出现下面这些信息告诉你安装成功, 以及一些常规指定

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.147.129:6443 --token fr99wu.9b51dl4k0yg5u3by \
    --discovery-token-ca-cert-hash sha256:c4293c31d3e30d6171290407e6af503dd75633fe0cb0e1668d8f9c0c6a611bbb 

复制配置文件(/etc/kubernetes/admin.conf)至各节点(master和node)的$HOME/.kube/config下

[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config

复制master执行成功后提示的kubeadm join命令, 在node节点中运行将其加入集群

[root@node .kube]# kubeadm join 192.168.147.129:6443 --token fr99wu.9b51dl4k0yg5u3by \
>     --discovery-token-ca-cert-hash sha256:c4293c31d3e30d6171290407e6af503dd75633fe0cb0e1668d8f9c0c6a611bbb

在master中执行部署网络通信组件 flannel

[root@master ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@master ~]# kubectl apply -f kube-flannel.yml

查看各节点和pod状态 -- 所有节点为ready和pod处在Running状态下即为部署成功

[root@master ~]# kubectl get nodes
NAME     STATUS   ROLES    AGE    VERSION
master   Ready    master   10m    v1.19.2
node     Ready    <none>   2m6s   v1.19.2
[root@master ~]# kubectl get pod --all-namespaces
NAMESPACE     NAME                             READY   STATUS    RESTARTS   AGE
kube-system   coredns-6d56c8448f-9crzw         1/1     Running   0          9m55s
kube-system   coredns-6d56c8448f-qrmkr         1/1     Running   0          9m55s
kube-system   etcd-master                      1/1     Running   0          10m
kube-system   kube-apiserver-master            1/1     Running   0          10m
kube-system   kube-controller-manager-master   1/1     Running   0          10m
kube-system   kube-flannel-ds-6f4tl            1/1     Running   0          57s
kube-system   kube-flannel-ds-s8nw5            1/1     Running   0          57s
kube-system   kube-proxy-dj9q4                 1/1     Running   0          2m15s
kube-system   kube-proxy-mrf9v                 1/1     Running   0          9m55s
kube-system   kube-scheduler-master            1/1     Running   0          10m