K8S學(xué)習(xí)

安裝虛擬機(jī)

采用VirtrulBox + vagrant來(lái)安裝三臺(tái)centOS7

鏈接：https://pan.baidu.com/s/1vhQibS-nw_aMTz37-2Y66A 
提取碼：1dp2 
復(fù)制這段內(nèi)容后打開(kāi)百度網(wǎng)盤(pán)手機(jī)App，操作更方便哦

配置vagrant

創(chuàng)建一個(gè)Vagrantfile，內(nèi)容如下
根據(jù)該文件可以創(chuàng)建三臺(tái)centos虛擬機(jī)
以k8s-node{i}來(lái)命名

Vagrant.configure("2") do |config|
  # 設(shè)定中科院CentOS鏡像源
   config.vm.box_url = "https://mirrors.ustc.edu.cn/centos-cloud/centos/7/vagrant/x86_64/images/CentOS-7.box"
   (1..3).each do |i|
        config.vm.define "k8s-node#{i}" do |node|
            # 設(shè)置虛擬機(jī)的Box
            node.vm.box = "centos/7"

            # 設(shè)置虛擬機(jī)的主機(jī)名
            node.vm.hostname="k8s-node#{i}"

            # 設(shè)置虛擬機(jī)的IP
            node.vm.network "private_network", ip: "192.168.1.#{99+i}", netmask: "255.255.255.0"

            # 設(shè)置主機(jī)與虛擬機(jī)的共享目錄
            # node.vm.synced_folder "~/Documents/vagrant/share", "/home/vagrant/share"

            # VirtaulBox相關(guān)配置
            node.vm.provider "virtualbox" do |v|
                # 設(shè)置虛擬機(jī)的名稱(chēng)
                v.name = "k8s-node#{i}"
                # 設(shè)置虛擬機(jī)的內(nèi)存大小
                v.memory = 4096
                # 設(shè)置虛擬機(jī)的CPU個(gè)數(shù)
                v.cpus = 4
            end
        end
   end
end

在該文件目錄下執(zhí)行命令 vagrant up即可自動(dòng)下載安裝

開(kāi)啟虛擬機(jī)ssh訪(fǎng)問(wèn)

輸入命令

# 進(jìn)入命令行
vagrant ssh k8s-node1
# 切換root用戶(hù)
su root
# 密碼默認(rèn) vagrant
# 編輯文本
vi /etc/ssh/sshd_config
# 修改密碼登錄開(kāi)
PasswordAuthentication yes
# 重啟ssh服務(wù)
service sshd restart

修改網(wǎng)絡(luò)

進(jìn)入虛擬機(jī)輸入命令

[root@k8s-node1 ~]# ip addr

可以看到三個(gè)虛擬機(jī)的eth0網(wǎng)卡ip是一樣的，這是因?yàn)閂irtualBox默認(rèn)設(shè)置了網(wǎng)絡(luò)地址轉(zhuǎn)換，通過(guò)配置端口轉(zhuǎn)發(fā)進(jìn)行通信，放入k8s集群中是不好用的

修改VirtualBox配置

1. 開(kāi)始主機(jī)網(wǎng)絡(luò)
   點(diǎn)擊 管理-主機(jī)網(wǎng)絡(luò)管理器

   
   
   主機(jī)網(wǎng)絡(luò)管理器
   
   

   添加一個(gè)NAT網(wǎng)絡(luò)，默認(rèn)即可

2. 配置虛擬機(jī)網(wǎng)絡(luò)
   關(guān)閉所有虛擬機(jī)
   點(diǎn)擊設(shè)置- 網(wǎng)絡(luò)-網(wǎng)卡1
   連接方式選擇NAT 網(wǎng)絡(luò)
   點(diǎn)擊刷新mac地址

   
   
   image.png
   
   

   對(duì)所有的虛擬機(jī)做同樣操作

虛擬機(jī)系統(tǒng)配置

1. 關(guān)閉防火墻

systemctl stop firewalld
systemctl disable firewalld

2. 關(guān)閉selinux

[root@k8s-node1 ~]# sed -i 's/enforcing/disable/' /etc/selinux/config
[root@k8s-node1 ~]# setenforce 0

3. 關(guān)閉Linux 的Swap
   內(nèi)存swap開(kāi)啟時(shí)會(huì)嚴(yán)重影響k8s性能，某些節(jié)點(diǎn)可能無(wú)法使用

[root@k8s-node1 ~]# swapoff -a
[root@k8s-node1 ~]# sed -ri 's/.*swap.*/#&/' /etc/fstab

4. 添加主機(jī)名與IP的對(duì)應(yīng)關(guān)系

vi /etc/hosts
# 以下是我的ip
10.0.2.5 k8s-node1
10.0.2.4 k8s-node2
10.0.2.15 k8s-node3

5. 將橋接IPv4流量傳遞到iptables 的鏈：

cat> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sysctl --system

安裝K8S環(huán)境

1. 卸載之前的docker

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

2. 安裝docker-ce
   安裝必要依賴(lài)

sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2

更新docker yum源

sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

安裝docker-ce

sudo yum install -y docker-ce docker-ce-cli containerd.io 

配置docker加速

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://*********.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

安裝k8s

1. 添加yum源

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum install kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3
systemctl enable kubelet
systemctl start kubelet

部署 k8s-master

1. 使用如下shell命令來(lái)下載鏡像

#!/bin/bash

images=(
    kube-apiserver:v1.17.3
    kube-proxy:v1.17.3
    kube-controller-manager:v1.17.3
    kube-scheduler:v1.17.3
    coredns:1.6.5
    etcd:3.4.3-0
    pause:3.1
)

for imageName in ${images[@]} ; do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
#   docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName  k8s.gcr.io/$imageName
done

2. master 節(jié)點(diǎn)初始化

kubeadm init \
--apiserver-advertise-address=10.0.2.5 \
--image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version v1.17.3 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=10.244.0.0/16

無(wú)類(lèi)別域間路由(CIDR)是用于給用戶(hù)分配IP地址以及在互聯(lián)網(wǎng)上有效地路由IP數(shù)據(jù)報(bào)的對(duì)IP地址進(jìn)行歸類(lèi)的方法

執(zhí)行完成的提示信息很有用，指導(dǎo)后續(xù)如何操作

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.0.2.5:6443 --token 57639i.hxy0yvqsorn55o16 \
    --discovery-token-ca-cert-hash sha256:9bdb57d74eb2d64b677ae3156e0b5519c514ad581b98e03b034bd7d789804fe1

3. 控制面板已經(jīng)初始化成功，如果想要在集群中使用，需要執(zhí)行如下命令

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

4. 需要部署一個(gè)pod網(wǎng)絡(luò)
   查看文檔
   • 安裝pod網(wǎng)絡(luò)插件

kubectl apply -f \
https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

可能被墻，臨時(shí)解決方案
進(jìn)入如下鏈接查詢(xún)ip
將查詢(xún)出來(lái)的結(jié)果加入host
cmd刷新hosts

ipconfig /flushdns

linux刷新host

/etc/init.d/network restart

輸入命令能看到如下圖,表示正常

kubectl get pods --all-namespaces

image.png

image.png

docker pull jmgao1983/flannel:v0.11.0-amd64
kubectl apply -f kube-flannel.yml

systemctl restart kubelet
systemctl restart docker

將其他節(jié)點(diǎn)join到主節(jié)點(diǎn)上，用上面提示的語(yǔ)句，如果token已經(jīng)超時(shí)(2h)，則自己刷新token

kubeadm join 10.0.2.5:6443 --token 57639i.hxy0yvqsorn55o16 \
    --discovery-token-ca-cert-hash sha256:9bdb57d74eb2d64b677ae3156e0b5519c514ad581b98e03b034bd7d789804fe1

刷新token

kubeadm token create --print-join-command
# 創(chuàng)建不過(guò)期的token
kubeadm token create --ttl 0 --print-join-command

如果發(fā)現(xiàn)報(bào)錯(cuò)/proc/sys/net/ipv4/ip_forward contents are not set to 1

W0117 11:34:07.478113   14693 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
    [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.2. Latest validated version: 19.03
error execution phase preflight: [preflight] Some fatal errors occurred:
    [ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

輸入命令修改

echo 1 > /proc/sys/net/ipv4/ip_forward

查看所有節(jié)點(diǎn)

kubectl get nodes

可以通過(guò)如下命令監(jiān)控

watch kubectl get pod -n kube-system -o wide

另：
刪除節(jié)點(diǎn)，在主節(jié)點(diǎn)上操作

kubectl drain k8s-node3 --delete-local-data --force --ignore-daemonsets
kubectl delete node k8s-node3

重新添加節(jié)點(diǎn)

# 重置kubeadm
kubeadm reset
# 重新join
kubeadm join 10.0.2.5:6443 --token 57639i.hxy0yvqsorn55o16 \
    --discovery-token-ca-cert-hash sha256:9bdb57d74eb2d64b677ae3156e0b5519c514ad581b98e03b034bd7d789804fe1