1、pod kubernetes 系统架构:
2、核心逻辑:
3、网络模型基础
4、k8s的用户:
5、k8s 运行模式:
6、kubeadm
7、kubeadm 工作流程
demo 环境部署:
[root@node01 ~]# cat /etc/hosts
192.168.100.40 node04.magedu.com node04 node04
192.168.100.30 node03.magedu.com node03 node03
192.168.100.20 node02.magedu.com node02 node02
192.168.100.10 node01.magedu.com node01 node01
环境检查:
[root@node01 ~]#
1、systemctl stop firewalld systemctl disable firewalld
2、UUID=fa47bfb8-28b6-485a-add4-3c8464933f39 swap #关闭swap 分区
3、ntpdate time1.aliyun.com
docker 安装:
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce -y
配置:daemon.json # cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://9916w1ow.mirror.aliyuncs.com"],
"exec-opts":["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts":{
"max-size":"100m"
},
"storage-driver":"overlay2"
}
systemctl daemon-reload
systemctl restart docker
systemctl start docker
systemctl enable docker
docker info #查看驱动
Logging Driver: json-file
Cgroup Driver: systemd
Kubernetes 镜像
https://developer.aliyun.com/mirror/kubernetes?spm=a2c6h.13651102.0.0.3e221b115fDyMd
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0 #selinux
关闭swap分区:
swapoff -a
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Installed:
kubeadm.x86_64 0:1.20.2-0 kubectl.x86_64 0:1.20.2-0 kubelet.x86_64 0:1.20.2-0
Dependency Installed:
conntrack-tools.x86_64 0:1.4.4-7.el7 cri-tools.x86_64 0:1.13.0-0
kubernetes-cni.x86_64 0:0.8.7-0 libnetfilter_cthelper.x86_64 0:1.0.0-11.el7
libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7 libnetfilter_queue.x86_64 0:1.0.2-2.el7_2
socat.x86_64 0:1.7.3.2-2.el7
<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<
modprobe br_netfilter ; echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
kubeadm init #初始化平面:
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.20.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
<<<<<<<<<<
集群高可用:
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.20.2 --control-plane-endpoint node01 --apiserver-advertise-address 192.168.100.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap --token-ttl 0
<<<<<<<<<<
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.10.110:6443 --token peuw3m.5fiyzsdokf0cfzup \
--discovery-token-ca-cert-hash sha256:82873b6ecea8107b4ab2d9b49fc5f791869a4aee9d6bf2dcaa9b8ad788e50210
<<<<<<<<<<<<<<<<<<<<<
############
创建普通用户:
useradd ilinux
echo 'centos' |passwd --stdin ilinux
#echo 'ilinux ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/inlinux
cat /etc/sudoers.d/inlinux
kubectl get nodes
flannel 网络插件:
https://github.com/coreos/flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
安装插件出现的问题:
[ilinux@jenkins-server~]$kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port?
解决GitHub的raw.githubusercontent.com无法连接问题
在 https://site.ip138.com/raw.Githubusercontent.com/
输入raw.githubusercontent.com查询IP地址
vim /etc/hosts 文件:
151.101.88.133 raw.githubusercontent.com
验证flannel pod插件;
kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7f89b7bc75-5fzrg 1/1 Running 0 50m
coredns-7f89b7bc75-6d4sj 1/1 Running 0 50m
kube-controller-manager-node03.magedu.com 1/1 Running 0 50m
kube-flannel-ds-48qrx 1/1 Running 0 4m50s
kube-proxy-vnftj 1/1 Running 0 50m
加入node 节点:
kubeadm join 192.168.10.110:6443 --token peuw3m.5fiyzsdokf0cfzup \
--discovery-token-ca-cert-hash sha256:82873b6ecea8107b4ab2d9b49fc5f791869a4aee9d6bf2dcaa9b8ad788e50210
k8s 集群验证
kubectl get nodes
服务开机是否自启动:
[root@node03 ~]# systemctl is-enabled docker ;systemctl is-enabled kubelet ; systemctl is-enabled docker
pod 练习 :
来源:oschina
链接:https://my.oschina.net/u/4369820/blog/4912278