kubernetes 主备集群部署

最新推荐文章于 2024-07-13 17:17:07 发布
最新推荐文章于 2024-07-13 17:17:07 发布
阅读量604 收藏
点赞数 1
文章标签: kubernetes docker
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_45054797/article/details/112159085
版权
kubernetes 安装
1 安装环境
# 操作系统版本
# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
# 内核版本
# uname -a
Linux master.k8s.com 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

主机名						ip地址
master.ks.com			10.0.0.7
nodes.ks.com			10.0.0.17
node2.ks.com			10.0.0.27
2 修改 master 和 node 节点hosts 文件
# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.7 master.ks.com
10.0.0.17 node1.ks.com
10.0.0.27 node2.ks.com
3 安装 chrony 实现所有主机的时间同步
# yum -y install chrony
# systemctl start chronyd
# sed -i -e '/^server/s/^/#/' -e '1a server ntp.aliyun.com iburst' /etc/chrony.conf
# systemctl restart chronyd
# timedatectl set-timezone Asia/Shanghai
[root@master ~]# timedatectl
      Local time: Thu 2020-12-10 21:07:34 CST
  Universal time: Thu 2020-12-10 13:07:34 UTC
        RTC time: Thu 2020-12-10 13:07:34
       Time zone: Asia/Shanghai (CST, +0800)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a
4 关闭 master 和 node 节点 selinux 和 firewalld
# systemctl stop firewalld && systemctl disable firewalld
# sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# getenforce

关闭 swap
# swapoff -a
永久关闭 swap,注释掉 swap 那行
# vi /etc/fstab 
#UUID=7ca8f821-027c-44d6-8eac-a4a83b409087 swap                    swap    defaults        0 0
5 配置系统内核参数和调优
配置 sysctl 内核参数
# cat > /etc/sysctl.conf <<EOF
vm.max_map_count=262144
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
生效文件
# sysctl -p
调整 ulimit 大小
# cat /etc/security/limits.conf
* soft nofile 655360
* hard nofile 655360
* soft nproc 655360
* hard nproc 655360
* soft  memlock  unlimited
* hard memlock  unlimited
6 master 和 node 安装docker
# 安装依赖包
# yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加docker软件包的yum源
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 关闭测试版本list(只显示稳定版)
# yum-config-manager --enable docker-ce-edge
# yum-config-manager --enable docker-ce-test
# 更新yum包索引
# yum makecache fast

# 安装docker
# 直接安装Docker CE
# yum install docker-ce

# 安装指定版本的Docker CE
# yum list docker-ce --showduplicates|sort -r  #找到需要安装的    
# yum -y install docker-ce-19.03.9   
# 启动docker
# systemctl start docker & systemctl enable docker

# 配置 docker 使用阿里云加速
# vi /etc/docker/daemon.json 
{  
 "registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"]
}
# systemctl daemon-reload && systemctl restart docker
7 master 和 node 节点安装 ks 工具
# 更换为阿里云官方源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# 安装 ks 工具
# 如果不指定版本,默认安装最新版本
yum install -y kubelet kubeadm kubectl
# 指定版本安装
yum install -y kubelet-1.19.4 kubeadm-1.19.4 kubectl-1.19.4  --disableexcludes=kubernetes
# 启动服务
systemctl enable kubelet && systemctl start kubelet
# 查看版本
kubeadm version
8 master 节点初始化操作
[root@master ~]#kubeadm init --image-repository registry.aliyuncs.com/google_containers\
> --control-plane-endpoint master.k8s.com --kubernetes-version=v1.19.4 \
> --pod-network-cidr=10.224.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0

--image-repository registry.aliyuncs.com/google_containers
--control-plane-endpoint master.k8s.com
--kubernetes-version=v1.19.4
--pod-network-cidr=10.224.0.0/16
--service-cidr=10.96.0.0/12
--token-ttl=0

范例:

[root@master ~]# kubeadm init --image-repository registry.aliyuncs.com/google_containers \
> --control-plane-endpoint master.k8s.com --kubernetes-version=v1.19.4 \
> --pod-network-cidr=10.224.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0
W1211 15:56:37.395986    1486 configset.go:348] WARNING: kubeadm cannot validate component co                                        nfigs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.19.4
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connecti                                        on
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default      .svc.cluster.local master.k8s.com] and IPs [10.96.0.1 10.0.0.7]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master.k8s.com] and IPs [10.0.0.7 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master.k8s.com] and IPs [10.0.0.7 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manife      sts". This can take up to 4m0s
[apiclient] All control plane components are healthy after 6.502050 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.19" in namespace kube-system with the configuration for the kubelets                in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master.k8s.com as control-plane by adding the label "node-role.kubernetes.io/mas               ter=''"
[mark-control-plane] Marking the node master.k8s.com as control-plane by adding the taints [node-role.kubernetes.io/ma               ster:NoSchedule]
[bootstrap-token] Using token: hviz69.351bibhx5hp91hdt
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long ter               m certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Boo               tstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join master.k8s.com:6443 --token hviz69.351bibhx5hp91hdt \
    --discovery-token-ca-cert-hash sha256:15c61ad635e97151d8cbccae5bdd26775c7bd5d919e859de4dd097823745a5bf \
    --control-plane

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join master.k8s.com:6443 --token hviz69.351bibhx5hp91hdt \
    --discovery-token-ca-cert-hash sha256:15c61ad635e97151d8cbccae5bdd26775c7bd5d919e859de4dd097823745a5bf

# 执行输出
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 集群主节点安装成功,这里要记得保存这条命令,以便之后各个节点加入集群:
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join master.k8s.com:6443 --token hviz69.351bibhx5hp91hdt \
    --discovery-token-ca-cert-hash sha256:15c61ad635e97151d8cbccae5bdd26775c7bd5d919e859de4dd097823745a5bf

#查看一下集群pod,确认个组件都处于Running 状态
#注意由于master节点上存在污点,所以coredns 暂时还无法正常启动。
[root@master ~]# kubectl  get pod -n kube-system
NAME                                     READY   STATUS    RESTARTS   AGE
coredns-f9fd979d6-24cl7                  0/1     Pending   0          3m34s
coredns-f9fd979d6-fp8gh                  0/1     Pending   0          3m34s
etcd-master.k8s.com                      1/1     Running   0          3m44s
kube-apiserver-master.k8s.com            1/1     Running   0          3m44s
kube-controller-manager-master.k8s.com   1/1     Running   0          3m44s
kube-proxy-gxqxq                         1/1     Running   0          3m34s
kube-scheduler-master.k8s.com            1/1     Running   0          3m44s
9 集群部署 flannel 网络
[root@master ~]# mkdir /root/k8s
[root@master ~]# cd /root/k8s/
[root@master k8s]# kubectl apply -f flannel.yml
[root@master ~]# cat /root/k8s/flannel.yml

注意:由于各种原因会导致无法下载,这里建议手动复制

---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: psp.flannel.unprivileged
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
  privileged: false
  volumes:
    - configMap
    - secret
    - emptyDir
    - hostPath
  allowedHostPaths:
    - pathPrefix: "/etc/cni/net.d"
    - pathPrefix: "/etc/kube-flannel"
    - pathPrefix: "/run/flannel"
  readOnlyRootFilesystem: false
  # Users and groups
  runAsUser:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  # Privilege Escalation
  allowPrivilegeEscalation: false
  defaultAllowPrivilegeEscalation: false
  # Capabilities
  allowedCapabilities: ['NET_ADMIN']
  defaultAddCapabilities: []
  requiredDropCapabilities: []
  # Host namespaces
  hostPID: false<
最低0.47元/天 解锁文章
Kubernetes简介与部署
m0_67758799的博客
09-07 262
传统部署:互联网早期,会直接将应用程序部署在物理机上优点:简单,不需要其它技术的参与缺点:不能为应用程序定义资源使用边界,很难合理地分配计算资源,而且程序之间容易产生影响虚拟化部署:可以在一台物理机上运行多个虚拟机,每个虚拟机都是独立的一个环境优点:程序环境不会相互产生影响,提供了一定程度的安全性缺点:增加了操作系统,浪费了部分资源容器化部署:与虚拟化类似,但是共享了操作系统优点:以保证每个容器拥有自己的文件系统、CPU、内存、进程空间等。
Centos7.4部署k8s v1.20.4高可用集群(模式)
weixin_45203131的博客
03-09 597
一、环境部署 机列表: 共有7台服务器,3台control plane,3台work,1台client。 k8s 版本:(这里的版本我用的v1.20.4,下图仅供参考) 二、高可用架构 本文采用kubeadm方式搭建高可用k8s集群,k8s集群的高可用实际是k8s各核心组件的高可用,这里使用模式,架构如下: 模式高可用架构说明: apiserver通过keepalived实现高可用,当某个节点故障时触发keepalived vip 转移; controller-ma.
Kubernetes集群的节点份与恢复
weixin_33841722的博客
12-06 644
2019独角兽企业重金招聘Python工程师标准>>> ...
Centos7.6部署k8s v1.16.4高可用集群(模式)
liutao261311的博客
05-06 880
一、部署环境 机列表: k8s 版本: 二、高可用架构 本文采用kubeadm方式搭建高可用k8s集群,k8s集群的高可用实际是k8s各核心组件的高可用,这里使用模式,架构如下: 模式高可用架构说明: apiserver 通过keepalived实现高可用,当某个节点故障时触发keepalived vip 转移; controller-manager k8s内部通过选举方式产生领...
Kubernetes企业级集群部署课程-网盘链接提取码下载 .txt
02-07
Kubernetes课程的核心目的是将公司业务部署Kubernetes平台中,通过融合K8S生态圈及周边技术,将K8S整套部署与规划融入到课程的讲解中,充电提升必。 视频大小:6.4G
Kubernetes中跨集群部署与多集群管理方案
# 1. 简介 ## 1.1 Kubernetes背景介绍 Kubernetes是一个开源的容器...多集群的部署模式因其高可用性、容灾能力和业务隔离性而变得越来越普遍,因此如何实现多集群间的资源统一管理和跨集群部署成为重要问题。 ## 1.
Kubernetes部署_使用kubernetes部署Mysql从结构(Kubernetes工作实践类)
cnzzs的博客
07-13 971
文章目录一、前言二、实际操作步骤1:编写namespace脚本步骤2:编写configmap脚本步骤3:编写secret脚本(用来存放mysql密码)步骤4:编写initContainer脚本步骤5:编写StorageClass相关脚本1)权限设置:编写ServiceAccount、ClusterRole、ClusterR...
k8s集群部署mysql8values.yaml
07-11
helm3 安装mysql8 主备集群使用的values.yaml文件
Kubernetes集群环境搭建(简单易懂)
weixin_44411385的博客
04-30 1852
本次Kubernetes集群环境搭建使用的是一两从的环境,即一个master节点和两个node节点。准好三台虚拟机。硬件环境的要求:CPU:2核;Memory:2G;软件环境的要求:使用CentOS 7版本的操作系统。
K8S -- kubernetes集群权限之Cluster、 User和Context
阿段--IT行业资深酱油师
04-18 2814
K8S -- kubernetes集群权限之Cluster、 User和Context一、生成user用户证书(1)生成私钥(2)生成证书请求(3)生成证书,并用服务端CA签署(4)查看证书二、建立集群、用户和上下文(1)产生集群配置文件(2)生成集群用户(3)建立基于集群和新用户的上下文(4)使用新建设的集群上下文三、给jerry用户授予权限(1)建立角色(2)将角色绑定到用户jerry(3)使...
完整安装kubernetes集群环境(不需要科学上网)
yakax的博客
02-19 1930
1.准基础环境 我们将使用kubeadm部署3个节点的 Kubernetes Cluster 节点详细信息: 节点机名 节点IP 节点角色 操作系统 节点配置 k8s-master 192.168.217.131 master CentOS7.6 2C4G k8s-node1 192.168.217.132 node CentOS7.6 2C4G k8s-node2 1...
k8s集群搭建超详细步骤(全)
weixin_55651893的博客
01-10 8278
Kubernetes(常简称为K8s)是用于自动部署、扩展和管理容器化(containerized)应用程序的开源系统。它旨在提供“跨机集群的自动部署、扩展以及运行应用程序容器的平台”。它支持一系列容器工具,包括Docker等。Kubernetes在设计结构上定义了一系列的构建模块,其目的是为了提供一个可以共同提供部署、维护和扩展应用程序的机制。组成Kubernetes的组件设计概念为松耦合和可扩展的,这样可以使之满足多种不同的工作负载。
本地虚拟机通过kubeadm安装kubernetes
IT_Technologicallife的博客
04-24 177
本地虚拟机通过kubeadm安装kubernetes
kubernetes搭建(一)】centos7安装kubernetes
sumengnan的博客
10-24 6340
先安装docker参考:centos7安装docker_sumengnan的博客-优快云博客 一、添加kubernetes yum源 vim /etc/yum.repos.d/kubernetes.repo 添加如下内容并保存 [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpg
使用 kubeadm 部署 Kubernetes 集群
热门推荐
高飞的博客
08-28 31万+
Kubernetes
kubeadm方式部署k8s最新版本V1.26.2
W1124824402的博客
04-12 3040
使用kubeadm方式部署k8sV1.26.2简单便捷文档详细易操作。
kubernetes高可用集群部署
yang的博客
05-16 556
一、准环境 准如下表所示服务器 hostname 规格(最小) 镜像 kubernetes版本 master01 2U4G centos 7.6 v1.18.8 master02 2U4G centos 7.6 v1.18.8 master03 2U4G centos 7.6 v1.18.8 node01 2U4G centos 7.6 v1.18.8 ··· ··· ··· ··· 二、高可用架构 采用kubeadm方式搭建高可用k8s集群,k8s集群的高可用实际是
Kubernetes集群搭建
格子的博客
12-29 2180
Kubernetes 是一个可移植的、可扩展的开源平台,用于管理容器化的工作负载和服务,可促进声明式配置和自动化。 Kubernetes 拥有一个庞大且快速增长的生态系统。Kubernetes 的服务、支持和工具广泛可用。
Kubernetes 集群部署
最新发布
03-19
### Kubernetes 集群部署教程与最佳实践 #### 1. 网络配置 在设置 Kubernetes 集群时,网络是一个核心组件。无论是云环境、混合环境还是本地环境中运行的集群,都需要确保网络层的设计合理并遵循最佳实践[^1]。这...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值