微服务:一个模块分成多个模块
分布式:多台机器组成一台机器
Day01 K8S安装部署
一、主机相关配置
1 关闭selinux,关闭防火墙
1.1关于防火墙的原因(nftables后端兼容性问题,产生重复的防火墙规则)
1.2关于selinux的原因(关闭selinux以允许容器访问宿主机的文件系统)
# 永久关闭
sed -i 's#enforcing#disabled#g' /etc/sysconfig/selinux
# 零时关闭
setenforce 0
`vi /etc/selinux/config`
1.3 swap,这个当内存不足时,linux会自动使用swap,将部分内存数据存放到磁盘中,这个这样会使性能下降,为了性能考虑推荐关掉
swapoff -a
sed -i.bak 's/^.*centos-swap/#&/g' /etc/fstab
echo 'KUBELET_EXTRA_ARGS="--fail-swap-on=false"' > /etc/sysconfig/kubelet2 配置基础yum源
2.1 备份镜像
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup2.2 下载并安装
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo3 刷新缓存
yum makecache # 实质是把镜像源的文件名拉下来,加速本地安装包的安装4 更新内核
yum -y install wget # 安装 wget工具
yum update --exclud=kernel* -y # 更新内核5 升级内核版本
由于 Docker 运行需要较新的系统内核功能,例如 ipvs 等等,所以一般情况下,我们需要使用 4.0+以上版本 的系统内核。
内核要求是 4.18+,如果是
CentOS 8则不需要升级内核
wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-lt-devel-4.4.245-1.el7.elrepo.x86_64.rpm
wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-lt-4.4.245-1.el7.elrepo.x86_64.rpm
yum localinstall -y kernel-lt* # 本地安装
grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg #设置为默认启动第一个内核,重新生成新的内核配置文件
grubby --default-kernel
reboot # 重启二、安装依赖组件
2.1 IPVS安装
# 下载IPVS模块
yum install -y conntrack-tools ipvsadm ipset conntrack libseccomp
# 加载IPVS模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr
ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF#
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
2.2 内核参数调优
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp.keepaliv.probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp.max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp.max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.top_timestamps = 0
net.core.somaxconn = 16384
EOF
# 立即生效
sysctl --system三、安装基础软件
yum install wget expect vim net-tools ntp bash-completion ipvsadm ipset jq iptables -y >> install.log 2>&1四、安装dokcer
K8S组件依赖docker
yum install -y yum-utils device-mapper-persistent-data lvm2 >> install.log 2>&1
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo >> install.log 2>&1
yum install docker-ce -y >> install.log 2>&1 # 安装最新版 并写入安装日志(错误,正确)
sudo mkdir -p /etc/docker # 创建文件夹 读取规则
# 设置镜像加速源
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://8mh75mhz.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload ; systemctl restart docker;systemctl enable --now docker.service >> install.log 2>&1
# 分号相当于 && 重新加载镜像配置 重启docker 设置docker默认启动 写入日志
echo '设置docker开机启动' # 给个提醒
echo '设置docker开机启动'五、同步集群时间
yum install ntp -y # 安装 时间插件
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime # 软连接 使用上海时间
echo 'Asia/Shanghai' > /etc/timezone
ntpdate time2.aliyun.com # 同步时间六、配置 Kubernetes 源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOFsetenforce 0 # 检查是否关闭selinux6.2安装 kubelet kubeadm kubectl
yum install -y kubelet kubeadm kubectl
6.3 启动并设置自动开启
systemctl enable kubelet && systemctl start kubelet
-----------------------------------------------------------------------------------------------------------
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
# 没有提示也可以到这里 节点机器 任务基本完成,如果出现 notready 是由于网络插件没有的原因可以跳到第十步,然后节点机通过 token加入 master即刻
七、节点初始化(master主机配置即可)
kubeadm init \
--image-repository=registry.cn-hangzhou.aliyuncs.com/k8s2me \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
八、配置 kubernetes 用户信息
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config九、编辑节点
vim /etc/hosts
172.16.0.50 kubernetes-master-01 # 端口名和节点名
172.16.0.53 kubernetes-node-01
172.16.0.54 kubernetes-node-02get nodes 只能在master节点执行,子节点不用执行
notreday是由于没有网络插件的原因
注意:如果安装好了,重启后无法使用,一般是docker没有启动,需要重新 自定义节点,然后将kub和docker都设置为自启
systemctl enable --now docker.service # docker自启十、 安装集群网络插件
docker pull registry.cn-hangzhou.aliyuncs.com/k8sos/flannel:v0.12.0-amd64 ;\
docker tag registry.cn-hangzhou.aliyuncs.com/k8sos/flannel:v0.12.0-amd64 \
quay.io/coreos/flannel:v0.12.0-amd64
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl get pods -n kube-system # 命令来查询每个 Pod 的更多信息
------------------------------------------------------------------------
NAME READY STATUS RESTARTS AGE
coredns-7dcc599b9f-gn7cs 1/1 Running 1 15h
coredns-7dcc599b9f-s94x7 1/1 Running 1 15h
etcd-k8s-master 1/1 Running 1 15h
kube-apiserver-k8s-master 1/1 Running 1 15h
kube-controller-manager-k8s-master 1/1 Running 1 15h
kube-flannel-ds-drgbk 1/1 Running 1 15h # init 代表正在初始化 等待即可
kube-flannel-ds-gcwbr 1/1 Running 0 13h
kube-flannel-ds-tchxk 1/1 Running 0 13h
kube-proxy-brx4c 1/1 Running 1 15h
kube-proxy-mwk4w 1/1 Running 0 13h
kube-proxy-qspfb 1/1 Running 0 13h
kube-scheduler-k8s-master 1/1 Running 1 15h
参数 -w whatch 监听
会一只停留 ctrl+c退出十一、 Node 节点加入集群
# master机器创建
# 创建 TOKEN
kubeadm token create --print-join-command
------------------------------------------------------------------------------------------------------------
W1207 20:57:38.878150 70266 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 10.0.0.80:6443 --token 7fsv9l.zydosm4486o8aatk --discovery-token-ca-cert-hash sha256:cea884131c7cb53b477f5bc42090072ba1e4a2ec81c34d29c27d743dd07497b0
# 节点机器 token的有效期是24小时
kubeadm join 10.0.0.80:6443 --token 7fsv9l.zydosm4486o8aatk --discovery-token-ca-cert-hash sha256:cea884131c7cb53b477f5bc42090072ba1e4a2ec81c34d29c27d743dd07497b0 # 加入配置此时不用操作操作任何节点
十二、End 集群卸载清理
出现端口被占用是可以起重新清理安装初始化的
kubeadm reset -f
modprobe -r ipip
lsmod
rm -rf ~/.kube/
rm -rf /etc/kubernetes/
rm -rf /etc/systemd/system/kubelet.service.d
rm -rf /etc/systemd/system/kubelet.service
rm -rf /usr/bin/kube*
rm -rf /etc/cni
rm -rf /opt/cni
rm -rf /var/lib/etcd
rm -rf /var/etcd
yum clean all
yum remove kube*注意:如果重新安装kubelet kubeadm kubectl的已存在,需要手动删除这三个插件
yum remove kubelet kubeadm kubectl
然后重新安装就好了
十三、测试集群DNS是否正常
kubectl run test -it --rm --image=busybox:1.28.3
nslookup kubernetes
如果出现下图说明集群正常
错误:
排错方式
1.检查环境变量情况
env | grep -i kub
2.检查docker服务
systemctl status docker.service
3.检查kubelet服务
systemctl status kubelet.service
一、重启后6443端口问题(sawpoff问题)
[root@k8s-master ~]# kubectl get node
The connection to the server 10.0.0.80:6443 was refused - did you specify the right host or port?
# 通过 systemctl status kubelet.service 查看状态
[root@k8s-master ~]systemctl status kubelet.service
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: activating (auto-restart) (Result: exit-code) since Tue 2020-12-08 22:19:05 CST; 6s ago
Docs: https://kubernetes.io/docs/
Process: 1949 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS (code=exited, status=255)
Main PID: 1949 (code=exited, status=255) # 这里出现错误
#关闭swapoff分区关闭 重启即可
swapoff -a
systemctl restart kubelet.service
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
