kubernetes使用kubeadm创建集群实操教程(全)
<div id="navCategory"><h5 class="catalogue">目录</h5><ul class="first_class_ul"><li><a href="#_label0">一、虚拟机准备</a></li><ul class="second_class_ul"><li><a href="#_lab2_0_0">(一)主机基本配置</a></li><li><a href="#_lab2_0_1">(二)安装docker</a></li><ul class="third_class_ul"><li><a href="#_label3_0_1_0">1. 安装docker</a></li><li><a href="#_label3_0_1_1">2. 设置阿里云源</a></li><li><a href="#_label3_0_1_2">3. 安装 Docker Engine-Community</a></li><li><a href="#_label3_0_1_3">4. 设置docker开机自动启动</a></li></ul><li><a href="#_lab2_0_2">(三)配置cri-docker环境</a></li><ul class="third_class_ul"><li><a href="#_label3_0_2_4">1. 提前下载cri-docker环境拖入虚拟机,解压缩并移动到指定位置</a></li><li><a href="#_label3_0_2_5">2. 配置cri-dockerd.service文件</a></li><li><a href="#_label3_0_2_6">3. 配置cri-dockerd.socket文件</a></li><li><a href="#_label3_0_2_7">4. 启动cri-docker服务</a></li></ul><li><a href="#_lab2_0_3">(四)安装kubeadm、kubelet、kubectl</a></li><ul class="third_class_ul"><li><a href="#_label3_0_3_8">1. 配置kubernetes的yum源</a></li><li><a href="#_label3_0_3_9">2. 安装Kubernetes三大组件</a></li><li><a href="#_label3_0_3_10">3. 设置kubectl开机自动启动</a></li></ul><li><a href="#_lab2_0_4">(五)克隆主机</a></li><ul class="third_class_ul"><li><a href="#_label3_0_4_11">1. 进入克隆虚拟机向导,选择创建完整克隆</a></li><li><a href="#_label3_0_4_12">2. 根据需要为克隆主机重命名,修改存储位置</a></li></ul></ul><li><a href="#_label1">二、环境配置工作</a></li><ul class="second_class_ul"><li><a href="#_lab2_1_5">(一)修改主机名</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_1_6">(二)编辑hosts文件</a></li><ul class="third_class_ul"><li><a href="#_label3_1_6_13">1. 查看主机ip地址</a></li><li><a href="#_label3_1_6_14">2. 编辑/etc/hosts文件</a></li></ul><li><a href="#_lab2_1_7">(三)关闭防火墙、selinux、swap</a></li><ul class="third_class_ul"><li><a href="#_label3_1_7_15">1. 关闭防火墙</a></li><li><a href="#_label3_1_7_16">2. 关闭selinux</a></li><li><a href="#_label3_1_7_17">3. 关闭swap分区,编辑/etc/fstab文件</a></li></ul><li><a href="#_lab2_1_8">(四)配置同步时间、系统模块</a></li><ul class="third_class_ul"><li><a href="#_label3_1_8_18">1. 设置本地时区,加载RTC设置</a></li><li><a href="#_label3_1_8_19">2. 加载和检查系统模块</a></li></ul><li><a href="#_lab2_1_9">(五)配置SSH免密登录</a></li><ul class="third_class_ul"><li><a href="#_label3_1_9_20">1. 生成新的密钥对</a></li><li><a href="#_label3_1_9_21">2. 将公钥复制到目标主机</a></li><li><a href="#_label3_1_9_22">3. 检验配置结果</a></li></ul></ul><li><a href="#_label2">三、准备容器所需的镜像</a></li><ul class="second_class_ul"><li><a href="#_lab2_2_10">(一)查看所需镜像文件</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_2_11">(二)配置daemon.json文件</a></li><ul class="third_class_ul"><li><a href="#_label3_2_11_23">1. 在阿里云中启用镜像加速器</a></li><li><a href="#_label3_2_11_24">2. 配置/etc/docker/daemon.json文件</a></li><li><a href="#_label3_2_11_25">3. 载入daemon.json文件并重启docker</a></li></ul><li><a href="#_lab2_2_12">(三)拉取镜像文件</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_2_13">(四)修改镜像标签</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_2_14">(五)查看镜像结果</a></li><ul class="third_class_ul"></ul></ul><li><a href="#_label3">四、具体节点配置</a></li><ul class="second_class_ul"><li><a href="#_lab2_3_15">(一)初始化Kubernetes集群</a></li><ul class="third_class_ul"><li><a href="#_label3_3_15_26">1. 在主节点执行初始化的命令</a></li><li><a href="#_label3_3_15_27">2. 初始化成功显示以下内容</a></li><li><a href="#_label3_3_15_28">3. 根据提示运行kubectl</a></li></ul><li><a href="#_lab2_3_16">(二)部署Pod网络</a></li><ul class="third_class_ul"><li><a href="#_label3_3_16_29">1. 进入提示的网站,选择flannel网络组件</a></li><li><a href="#_label3_3_16_30">2. 安装CNI网络插件</a></li><li><a href="#_label3_3_16_31">3. 使用kubectl部署flannel</a></li></ul><li><a href="#_lab2_3_17">(三)加入子节点</a></li><ul class="third_class_ul"><li><a href="#_label3_3_17_32">1. 在主节点中将kubeconfig环境变量分发到子节点</a></li><li><a href="#_label3_3_17_33">2. 在两个node节点中输入以下命令</a></li></ul><li><a href="#_lab2_3_18">(四)确保节点Ready状态</a></li><ul class="third_class_ul"><li><a href="#_label3_3_18_34">1. 查看节点状态</a></li><li><a href="#_label3_3_18_35">2. 显示NotReady,需要修改yml文件</a></li><li><a href="#_label3_3_18_36">3. 查看命名空间kube-system的pod的状态</a></li></ul></ul><li><a href="#_label4">五、Kubernetes集群测试</a></li><ul class="second_class_ul"><li><a href="#_lab2_4_19">(一)创建mynginx pod</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_4_20">(二)暴露端口</a></li><ul class="third_class_ul"></ul><li><a href="#_lab2_4_21">(三)访问nginx</a></li><ul class="third_class_ul"></ul></ul><li><a href="#_label5">六、总结</a></li><ul class="second_class_ul"></ul></ul></div><p>根据官方文档,总共有三种使用部署工具安装kubernetes的方式,分别是使用kubeadm 引导集群、使用kOps安装 Kubernetes、使用Kubespray安装 Kubernetes。</p><p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/202406291029381.png" /></p>
<p>在本次部署设计中,采用kubeadm引导集群的方式,主要运用了安装kubeadm、对kubeadm进行故障排查、使用kubeadm创建集群。目标是要安装单个控制平面的Kubernetes集群,在集群上安装Pod网络,以便Pod可以相互连通。</p>
<p class="maodian"><a name="_label0"></a></p><h2>一、虚拟机准备</h2>
<p>准备三台预先安装docker、cri-docker环境、kubernetes组件、cri-docker环境的虚拟机。</p>
<p class="maodian"><a name="_lab2_0_0"></a></p><h3>(一)主机基本配置</h3>
<p>创建虚拟机,根据官方文档,本次实验在CentOS 8环境下进行,主机内存设置4GB,处理器个数为4,采用NAT网络适配器。</p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/202406291029382.png" /></p>
<p class="maodian"><a name="_lab2_0_1"></a></p><h3>(二)安装docker</h3>
<p>详细安装过程:CentOS 8:在Linux环境下安装和卸载Docker</p>
<p class="maodian"><a name="_label3_0_1_0"></a></p><h4><strong>1. 安装docker</strong></h4>
<div class="jb51code"><pre class="brush:bash;">yum install -y
yum-utils device-mapper-persistent-data lvm2
</pre></div>
<p class="maodian"><a name="_label3_0_1_1"></a></p><h4><strong>2. 设置阿里云源</strong></h4>
<div class="jb51code"><pre class="brush:bash;">yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
</pre></div>
<p class="maodian"><a name="_label3_0_1_2"></a></p><h4><strong>3. 安装 Docker Engine-Community</strong></h4>
<div class="jb51code"><pre class="brush:bash;">yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
</pre></div>
<p class="maodian"><a name="_label3_0_1_3"></a></p><h4><strong>4. 设置docker开机自动启动</strong></h4>
<div class="jb51code"><pre class="brush:bash;">systemctl enable docker
</pre></div>
<p class="maodian"><a name="_lab2_0_2"></a></p><h3>(三)配置cri-docker环境</h3>
<p class="maodian"><a name="_label3_0_2_4"></a></p><h4><strong>1. 提前下载cri-docker环境拖入虚拟机,解压缩并移动到指定位置</strong></h4>
<div class="jb51code"><pre class="brush:bash;">tar -xf cri-dockerd-0.3.4.amd64.tgz -C /usr/local/
ls /usr/local
mv /usr/local/cri-dockerd/cri-dockerd /usr/local/bin/
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/202406291029383.png" /></p>
<p class="maodian"><a name="_label3_0_2_5"></a></p><h4><strong>2. 配置cri-dockerd.service文件</strong></h4>
<div class="jb51code"><pre class="brush:bash;">vim /etc/systemd/system/cri-dockerd.service
</pre></div>
<div class="jb51code"><pre class="brush:bash;"># cri-dockerd.service文件内容
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9 --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory=/var/lib/dockershim --docker-endpoint=unix:///var/run/docker.sock --cri-dockerd-root-directory=/var/lib/docker
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
WantedBy=multi-user.target
</pre></div>
<p class="maodian"><a name="_label3_0_2_6"></a></p><h4><strong>3. 配置cri-dockerd.socket文件</strong></h4>
<div class="jb51code"><pre class="brush:bash;">vim /etc/systemd/system/cri-dockerd.socket
</pre></div>
<div class="jb51code"><pre class="brush:bash;"># cri-dockerd.socket文件内容
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
WantedBy=sockets.target
</pre></div>
<p class="maodian"><a name="_label3_0_2_7"></a></p><h4><strong>4. 启动cri-docker服务</strong></h4>
<div class="jb51code"><pre class="brush:bash;">systemctl daemon-reload
systemctl start cri-dockerd.service
systemctl enable cri-dockerd.service
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/202406291029384.png" /></p>
<p class="maodian"><a name="_lab2_0_3"></a></p><h3>(四)安装kubeadm、kubelet、kubectl</h3>
<p>kubeadm:用来初始化集群的指令。</p>
<p>kubelet:在集群中的每个节点上用来启动 Pod 和容器等。</p>
<p>kubectl:用来与集群通信的命令行工具。</p>
<p class="maodian"><a name="_label3_0_3_8"></a></p><h4><strong>1. 配置kubernetes的yum源</strong></h4>
<div class="jb51code"><pre class="brush:bash;">vim /etc/yum.repos.d/kubernetes.repo
</pre></div>
<div class="jb51code"><pre class="brush:bash;"># kubernetes.repo文件内容
name = Kubernetes
baseurl = https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled = 1
gpgcheck = 0
repo_gpgcheck = 0
gpgkey = https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
</pre></div>
<p class="maodian"><a name="_label3_0_3_9"></a></p><h4><strong>2. 安装Kubernetes三大组件</strong></h4>
<div class="jb51code"><pre class="brush:bash;">dnf install kubelet kubeadm kubectl
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/202406291029395.png" /></p>
<p class="maodian"><a name="_label3_0_3_10"></a></p><h4><strong>3. 设置kubectl开机自动启动</strong></h4>
<div class="jb51code"><pre class="brush:bash;">systemctl enable kubectl
</pre></div>
<p class="maodian"><a name="_lab2_0_4"></a></p><h3>(五)克隆主机</h3>
<p class="maodian"><a name="_label3_0_4_11"></a></p><h4><strong>1. 进入克隆虚拟机向导,选择创建完整克隆</strong></h4>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/202406291029396.png" /></p>
<p class="maodian"><a name="_label3_0_4_12"></a></p><h4><strong>2. 根据需要为克隆主机重命名,修改存储位置</strong></h4>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/202406291029397.png" /><br /><img alt="" src="https://img.jbzj.com/file_images/article/202406/202406291029398.png" /></p>
<p class="maodian"><a name="_label1"></a></p><h2>二、环境配置工作</h2>
<p>在三台主机中均要进行如下的环境配置工作</p>
<p class="maodian"><a name="_lab2_1_5"></a></p><h3>(一)修改主机名</h3>
<p>对三台主机分别修改主机名</p>
<div class="jb51code"><pre class="brush:bash;">hostnamectl set-hostname master
</pre></div>
<div class="jb51code"><pre class="brush:bash;">hostnamectl set-hostname slave1
</pre></div>
<div class="jb51code"><pre class="brush:bash;">hostnamectl set-hostname slave2
</pre></div>
<p class="maodian"><a name="_lab2_1_6"></a></p><h3>(二)编辑hosts文件</h3>
<p class="maodian"><a name="_label3_1_6_13"></a></p><h4><strong>1. 查看主机ip地址</strong></h4>
<div class="jb51code"><pre class="brush:bash;">ifconfig
</pre></div>
<p class="maodian"><a name="_label3_1_6_14"></a></p><h4><strong>2. 编辑/etc/hosts文件</strong></h4>
<div class="jb51code"><pre class="brush:bash;">vim /etc/hosts
</pre></div>
<div class="jb51code"><pre class="brush:bash;"># /etc/hosts文件内容
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.211.137 master
192.168.211.136 slave1
192.168.211.138 slave2
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/202406291029409.png" /></p>
<p class="maodian"><a name="_lab2_1_7"></a></p><h3>(三)关闭防火墙、selinux、swap</h3>
<p class="maodian"><a name="_label3_1_7_15"></a></p><h4><strong>1. 关闭防火墙</strong></h4>
<p>避免后续需要配置开放端口</p>
<div class="jb51code"><pre class="brush:bash;">systemctl stop firewalld.service
systemctl disable firewalld.service
</pre></div>
<p class="maodian"><a name="_label3_1_7_16"></a></p><h4><strong>2. 关闭selinux</strong></h4>
<p>selinux会限制容器对宿主机文件系统和系统资源的访问权限</p>
<div class="jb51code"><pre class="brush:bash;">setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
</pre></div>
<p class="maodian"><a name="_label3_1_7_17"></a></p><h4><strong>3. 关闭swap分区,编辑/etc/fstab文件</strong></h4>
<p>kubelet要求必须禁用交换分区,kubeadm初始化时会检测swap是否关闭</p>
<div class="jb51code"><pre class="brush:bash;">vim /etc/fstab
</pre></div>
<p>修改/etc/fstab文件内容,注释swap行</p>
<div class="jb51code"><pre class="brush:bash;"># /etc/fstab文件内容(局部)
# /dev/mapper/cl-swap none swap defaults 0 0
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294010.png" /></p>
<p class="maodian"><a name="_lab2_1_8"></a></p><h3>(四)配置同步时间、系统模块</h3>
<p class="maodian"><a name="_label3_1_8_18"></a></p><h4><strong>1. 设置本地时区,加载RTC设置</strong></h4>
<p>确保集群中的各个组件在进行各种操作时具有一致的时间戳</p>
<div class="jb51code"><pre class="brush:bash;">timedatectl set-local-rtc 0
timedatectl set-timezone Asia/Shanghai
hwclock –systohc
</pre></div>
<p class="maodian"><a name="_label3_1_8_19"></a></p><h4><strong>2. 加载和检查系统模块</strong></h4>
<p>确保Kubernetes网络和容器的正常运行</p>
<div class="jb51code"><pre class="brush:bash;">modprobe br_netfilter
lsmod | grep br_netfilter
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294011.png" /></p>
<p class="maodian"><a name="_lab2_1_9"></a></p><h3>(五)配置SSH免密登录</h3>
<p>配置Kubernetes集群需要在不同的节点之间进行通信和操作,配置SSH免密登录能够简化操作,避免每次执行操作都需要手动输入密码。</p>
<p class="maodian"><a name="_label3_1_9_20"></a></p><h4><strong>1. 生成新的密钥对</strong></h4>
<div class="jb51code"><pre class="brush:bash;">ssh-keygen
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294012.png" /></p>
<p class="maodian"><a name="_label3_1_9_21"></a></p><h4><strong>2. 将公钥复制到目标主机</strong></h4>
<div class="jb51code"><pre class="brush:bash;">ssh-copy-id root@master
ssh-copy-id root@slave1
ssh-copy-id root@slave2
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294013.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294114.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294115.png" /></p>
<p class="maodian"><a name="_label3_1_9_22"></a></p><h4><strong>3. 检验配置结果</strong></h4>
<div class="jb51code"><pre class="brush:bash;">ssh root@master
ssh root@slave1
ssh root@slave2
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294116.png" /></p>
<p class="maodian"><a name="_label2"></a></p><h2>三、准备容器所需的镜像</h2>
<p>由于无法访问外网,不能下载存放在registry.k8s.io上的默认容器镜像,这里选择在阿里云上进行拉取镜像,然后使用tag命令修改为它需求的镜像标签,以下操作在三台主机中都要进行。</p>
<p class="maodian"><a name="_lab2_2_10"></a></p><h3>(一)查看所需镜像文件</h3>
<p>查看Kubernetes集群需要的镜像</p>
<div class="jb51code"><pre class="brush:bash;">kubeadm config images list
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294217.png" /></p>
<p class="maodian"><a name="_lab2_2_11"></a></p><h3>(二)配置daemon.json文件</h3>
<p class="maodian"><a name="_label3_2_11_23"></a></p><h4><strong>1. 在阿里云中启用镜像加速器</strong></h4>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294218.png" /></p>
<p class="maodian"><a name="_label3_2_11_24"></a></p><h4><strong>2. 配置/etc/docker/daemon.json文件</strong></h4>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294219.png" /></p>
<p>在阿里云操作文档的基础上添加驱动命令修改docker的驱动为systemd,使其与与k8s保持一致,避免冲突</p>
<div class="jb51code"><pre class="brush:bash;">tee
/etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors":["https://2nd8r72o.mirror.aliyuncs.com"],
"exec-opts":[ "native.cgroupdriver=systemd" ]
}
EOF
</pre></div>
<p class="maodian"><a name="_label3_2_11_25"></a></p><h4><strong>3. 载入daemon.json文件并重启docker</strong></h4>
<div class="jb51code"><pre class="brush:bash;">systemctl daemon-reload
systemctl restart docker
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294220.png" /></p>
<p class="maodian"><a name="_lab2_2_12"></a></p><h3>(三)拉取镜像文件</h3>
<p>拉取阿里云里所需要的镜像</p>
<div class="jb51code"><pre class="brush:bash;">docker pullregistry.aliyuncs.com/google_containers/kube-apiserver:v1.28.4
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.28.4
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.28.4
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.28.4
docker pull registry.aliyuncs.com/google_containers/pause:3.9
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.9-0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.10.1
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294221.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294322.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294323.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294324.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294325.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294326.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294427.png" /></p>
<p class="maodian"><a name="_lab2_2_13"></a></p><h3>(四)修改镜像标签</h3>
<p>使用tag修改为需求的镜像标签</p>
<div class="jb51code"><pre class="brush:bash;">docker tagregistry.aliyuncs.com/google_containers/kube-apiserver:v1.28.4 registry.k8s.io/kube-apiserver:v1.28.4
docker tagregistry.aliyuncs.com/google_containers/kube-controller-manager:v1.28.4 registry.k8s.io/kube-controller-manager:v1.28.4
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.28.4 registry.k8s.io/kube-scheduler:v1.28.4
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.28.4 registry.k8s.io/kube-proxy:v1.28.4
docker tag registry.aliyuncs.com/google_containers/pause:3.9registry.k8s.io/pause:3.9
docker tag registry.aliyuncs.com/google_containers/etcd:3.5.9-0 registry.k8s.io/etcd:3.5.9-0
docker tag registry.aliyuncs.com/google_containers/coredns:v1.10.1 registry.k8s.io/coredns/coredns:v1.10.1
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294428.png" /></p>
<p class="maodian"><a name="_lab2_2_14"></a></p><h3>(五)查看镜像结果</h3>
<p>查看本地镜像,确认是否有需要的镜像</p>
<div class="jb51code"><pre class="brush:bash;">docker images
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294429.png" /></p>
<p class="maodian"><a name="_label3"></a></p><h2>四、具体节点配置</h2>
<p class="maodian"><a name="_lab2_3_15"></a></p><h3>(一)初始化Kubernetes集群</h3>
<p class="maodian"><a name="_label3_3_15_26"></a></p><h4><strong>1. 在主节点执行初始化的命令</strong></h4>
<p>apiserver-advertise-address用来指定API服务器的广播地址。</p>
<p>kubernetes-version指定要安装的Kubernetes版本。</p>
<p>service-cidr指定服务网络的CIDR范围。</p>
<p>pod-network-cidr指定Pod网络的CIDR范围。</p>
<p>ignore-preflight-errors=all忽略所有预检错误。</p>
<p>cri-socket指定容器运行时的UNIX套接字路径。</p>
<p>另外,由于前一步骤已经安装了集群所需的镜像,在命令进行时会提示镜像已存在而不再拉取,故也不再需要设置image-repository的值</p>
<div class="jb51code"><pre class="brush:bash;">kubeadm init \
--apiserver-advertise-address=192.168.211.137 \
--kubernetes-version v1.28.4 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all \
--cri-socket=unix:///var/run/cri-dockerd.sock
</pre></div>
<blockquote><p>如果报错则输入下面命令恢复原有状态</p>
<div class="jb51code"><pre class="brush:bash;">systemctl stop kubelet
rm -rf /etc/kubernetes/*
systemctl stop docker
rm -rf /var/lib/kubelet/
rm -rf /var/lib/etcd
</pre></div></blockquote>
<blockquote><p>在这一部分出现的主要问题是:在前期原本只安装了docker而没有安装cri-dockerd,经过查资料发现k8s在1.20.X版本以后就弃用了docker,于是临时改用containerd,重新在containerd拉取镜像和改标签,但在使用中仍有bug无法解决。于是选择安装cri-dockerd再次进行以上命令,执行成功。</p></blockquote>
<p class="maodian"><a name="_label3_3_15_27"></a></p><h4><strong>2. 初始化成功显示以下内容</strong></h4>
<div class="jb51code"><pre class="brush:bash;">Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f .yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.211.137:6443 --token ejgoxs.086hnhj7qipovd6v \
--discovery-token-ca-cert-hash sha256:6bbe9e754e2b0ab13301e76268c347b9f95b661b2399630ecfa8da9497ca5744
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294430.png" /></p>
<blockquote><p>初始化成功后虚拟机卡顿严重,通过关闭后提高处理器、内存等配置得以缓解</p></blockquote>
<p class="maodian"><a name="_label3_3_15_28"></a></p><h4><strong>3. 根据提示运行kubectl</strong></h4>
<p>我使用root用户,可以直接设置KUBECONFIG环境变量,可以让kubectl命令行工具自动找到并使用这个配置文件</p>
<div class="jb51code"><pre class="brush:bash;">export KUBECONFIG=/etc/kubernetes/admin.conf
</pre></div>
<p class="maodian"><a name="_lab2_3_16"></a></p><h3>(二)部署Pod网络</h3>
<p>部署Pod网络是为了提供容器间和跨节点的网络通信,实现网络策略和安全性,支持服务发现和负载均衡</p>
<p class="maodian"><a name="_label3_3_16_29"></a></p><h4><strong>1. 进入提示的网站,选择flannel网络组件</strong></h4>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294531.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294532.png" /></p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294533.png" /></p>
<p class="maodian"><a name="_label3_3_16_30"></a></p><h4><strong>2. 安装CNI网络插件</strong></h4>
<p>根据网站内提示,Flannel默认用作 CNI 网络插件,部署Flannel时需确保CNI网络插件有安装,由于国内访问Github不稳定,这里提前下载好插件,拖入虚拟机的主目录,再进行解压等命令</p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294534.png" /></p>
<div class="jb51code"><pre class="brush:bash;">mkdir -p /opt/cni/bin
tar -C /opt/cni/bin -xzf cni-plugins-linux-amd64-v1.2.0.tgz
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294535.png" /></p>
<p class="maodian"><a name="_label3_3_16_31"></a></p><h4><strong>3. 使用kubectl部署flannel</strong></h4>
<p>根据网站内提示,提前下载好yml文件,拖入虚拟机的主目录,再输入命令</p>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294636.png" /></p>
<div class="jb51code"><pre class="brush:bash;">kubectl apply -f kube-flannel.yml
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294637.png" /></p>
<p class="maodian"><a name="_lab2_3_17"></a></p><h3>(三)加入子节点</h3>
<p class="maodian"><a name="_label3_3_17_32"></a></p><h4><strong>1. 在主节点中将kubeconfig环境变量分发到子节点</strong></h4>
<p>kubeconfig环境变量指定了kubectl命令使用的kubeconfig文件的路径,该文件包含了连接到集群所需的认证和配置信息,让子节点上的kubectl命令能够连接到Kubernetes集群的控制平面</p>
<div class="jb51code"><pre class="brush:bash;">scp /etc/kubernetes/admin.conf slave1:/etc/kubernetes/
scp /etc/kubernetes/admin.conf slave2:/etc/kubernetes/
</pre></div>
<blockquote><p>设计结束后,在官方安装文档上注意到其实建议不要将admin.conf文件与任何人共享,应该使用kubeadm kubeconfig user命令为其他用户生成 kubeconfig文件</p></blockquote>
<p class="maodian"><a name="_label3_3_17_33"></a></p><h4><strong>2. 在两个node节点中输入以下命令</strong></h4>
<p>由于同时有containerd和docker,在提示的命令基础上加了cri-socket参数,指定为cri-dockerd</p>
<div class="jb51code"><pre class="brush:bash;">kubeadm join 192.168.211.137:6443 \
--token ejgoxs.086hnhj7qipovd6v \
--discovery-token-ca-cert-hash sha256:6bbe9e754e2b0ab13301e76268c347b9f95b661b2399630ecfa8da9497ca5744 \
--cri-socket=unix:///var/run/cri-dockerd.sock
</pre></div>
<blockquote><p>报错则输入下面命令恢复原有状态,再根据报错提示进行调整</p>
<div class="jb51code"><pre class="brush:bash;">rm -rf /etc/kubernetes/kubelet.conf
rm -rf /etc/kubernetes/pki/ca.crt
systemctl restart kubelet
</pre></div></blockquote>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294638.png" /></p>
<p class="maodian"><a name="_lab2_3_18"></a></p><h3>(四)确保节点Ready状态</h3>
<p class="maodian"><a name="_label3_3_18_34"></a></p><h4><strong>1. 查看节点状态</strong></h4>
<div class="jb51code"><pre class="brush:bash;">kubectl get nodes
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294639.png" /></p>
<p class="maodian"><a name="_label3_3_18_35"></a></p><h4><strong>2. 显示NotReady,需要修改yml文件</strong></h4>
<p>原因是pod之间无法ping通,需要让flanneld包发到指定网卡,数据包才能正常的经过flannel进行传送</p>
<div class="jb51code"><pre class="brush:bash;">ifconfig
vim kube-flannel.yml
</pre></div>
<p>在kube-flannel.yml文件第139行加上</p>
<div class="jb51code"><pre class="brush:bash;"> - --iface=ens160
</pre></div>
<p>再次查看显示正确</p>
<div class="jb51code"><pre class="brush:bash;">kubectl get nodes
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294640.png" /></p>
<p class="maodian"><a name="_label3_3_18_36"></a></p><h4><strong>3. 查看命名空间kube-system的pod的状态</strong></h4>
<div class="jb51code"><pre class="brush:bash;">kubectl get pods -n kube-system
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294741.png" /></p>
<p class="maodian"><a name="_label4"></a></p><h2>五、Kubernetes集群测试</h2>
<p class="maodian"><a name="_lab2_4_19"></a></p><h3>(一)创建mynginx pod</h3>
<p>创建一个nginx镜像,向Kubernetes集群提交一个Pod创建的请求,控制平面会根据集群的配置和调度策略,在可用的节点上选择一个节点来运行这个Pod。</p>
<div class="jb51code"><pre class="brush:bash;">kubectl create deployment mynginx --image=nginx
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294742.png" /></p>
<p class="maodian"><a name="_lab2_4_20"></a></p><h3>(二)暴露端口</h3>
<p>创建一个Service资源,并将其关联到mynginx Pod,将其与集群的外部网络连接起来,指定Service的端口为80,并使用NodePort类型,NodePort类型会在每个节点上选择一个端口,将外部流量转发到Service的端口上。</p>
<div class="jb51code"><pre class="brush:bash;">kubectl expose deployment mynginx --port=80 --type=NodePort
</pre></div>
<p style="text-align:center"><img alt="" src="https://img.jbzj.com/file_images/article/202406/2024062910294743.png" /></p>
<p class="maodian"><a name="_lab2_4_21"></a></p><h3>(三)访问nginx</h3>
<p>通过浏览器访问任一节点的IP地址和暴露的NodePort端口,可以访问到nginx服务,说明测试成功</p>
<blockquote><p>192.168.211.136:30619</p>
<p>192.168.211.138:30619</p></blockquote>
<p class="maodian"><a name="_label5"></a></p><h2>六、总结</h2>
<p>到此这篇关于kubernetes使用kubeadm创建集群实操教程(全) 的文章就介绍到这了,更多相关kubernetes使用kubeadm创建集群内容请搜索琼殿技术社区以前的文章或继续浏览下面的相关文章希望大家以后多多支持琼殿技术社区!</p>
頁:
[1]