安装方式介绍
- minikube
只是一个 K8S 集群模拟器,只有一个节点的集群,仅限测试使用。 - 云平台容器服务,例如腾讯云TKE、阿里云ACK
可视化搭建,只需简单几步就可以创建好一个集群。
优点:安装简单,生态齐全,负载均衡器、存储等都给你配套好,简单操作就搞定 - 裸机安装,安装方式:kubeadm、rancher、kubesphere……
至少需要两台机器(主节点、工作节点个一台),需要自己安装 Kubernetes 组件,配置会稍微麻烦点。
如果是测试的话可以到各云厂商按时租用服务器,费用低,用完就销毁。
缺点:配置麻烦,缺少生态支持,例如负载均衡器、云存储。
minikube
安装非常简单,支持各种平台,安装方法
需要提前安装好 Docker
# 安装kubectl,版本跟minikube安装的k8s版本一致$ curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.3/bin/linux/amd64/kubectl$ chmod +x kubectl$ mv kubectl /usr/local/bin/kubectl# 安装minikube$ wget https://github.com/kubernetes/minikube/releases/download/v1.25.2/minikube-1.25.2-0.x86_64.rpm$ rpm -ivh minikube-1.25.2-0.x86_64.rpm# 使用docker驱动不能使用root用户,新建minikube用户用于启动,否则添加--force参数启动$ useradd minikube$ usermod -a -G docker minikube# 切换到minikube用户进行安装$ su minikube$ minikube start --image-mirror-country='cn' --image-repository='registry.cn-hangzhou.aliyuncs.com/google_containers' --cpus 2 --memory 8192 --driver=docker* minikube v1.25.2 on Centos 7.9.2009 (kvm/amd64)* Using the docker driver based on existing profile! Your cgroup does not allow setting memory.- More information: https://docs.docker.com/engine/install/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabilities! Your cgroup does not allow setting memory.- More information: https://docs.docker.com/engine/install/linux-postinstall/#your-kernel-does-not-support-cgroup-swap-limit-capabilities* Starting control plane node minikube in cluster minikube* Pulling base image ...* Updating the running docker "minikube" container ...* Preparing Kubernetes v1.23.3 on containerd 1.4.12 ...- kubelet.housekeeping-interval=5m- kubelet.cni-conf-dir=/etc/cni/net.mk> kubelet.sha256: 64 B / 64 B [--------------------------] 100.00% ? p/s 0s> kubeadm.sha256: 64 B / 64 B [--------------------------] 100.00% ? p/s 0s> kubectl.sha256: 64 B / 64 B [--------------------------] 100.00% ? p/s 0s> kubectl: 44.43 MiB / 44.43 MiB [---------------] 100.00% 2.93 MiB p/s 15s> kubelet: 118.75 MiB / 118.75 MiB [-----------] 100.00% 1.22 MiB p/s 1m38s> kubeadm: 43.12 MiB / 43.12 MiB [------------] 100.00% 23.66 KiB p/s 31m6s- Generating certificates and keys ...- Booting up control plane ...- Configuring RBAC rules ...* Configuring CNI (Container Networking Interface) ...* Verifying Kubernetes components...- Using image registry.cn-hangzhou.aliyuncs.com/google_containers/storage-provisioner:v5* Enabled addons: default-storageclass, storage-provisioner* Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default# 查看节点。kubectl 是一个用来跟 K8S 集群进行交互的命令行工具$ kubectl get node### 查看信息$ minikube status$ kubectl cluster-info### 进入到minikube$ minikube ssh$ docker ps# 安装集群可视化 Web UI 控制台$ minikube dashboard --url# 让其它 IP 可以访问控制台$ nohup kubectl proxy --port=8888 --address='0.0.0.0' --accept-hosts='^.*' &# dashboard链接# http://{node_ip}:8888/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/#/overview?namespace=default# 停止集群$ minikube stop# 清空集群$ minikube delete --all
错误处理
错误:failed to find free subnet for docker network minikube after 20 attempts
处理方式:在执行minikube start前先手动创建network
$ docker network create --subnet 192.168.9.0/24 --drive bridge minikube
云平台容器服务
裸机搭建
本文介绍kubernetes官方安装方式kubeadm
主节点需要组件
- docker(也可以是其他容器运行时)
- kubectl 集群命令行交互工具
- kubeadm 集群初始化工具
工作节点需要组件
- docker(也可以是其他容器运行时)
- kubelet 管理 Pod 和容器,确保他们健康稳定运行。
- kube-proxy 网络代理,负责网络相关的工作
开始安装
# 每个节点分别设置对应主机名$ hostnamectl set-hostname master$ hostnamectl set-hostname node1$ hostnamectl set-hostname node2# 所有节点都修改 hosts$ vim /etc/hosts172.16.32.10 master172.16.32.11 node1172.16.32.12 node2# 所有节点关闭防火墙$ systemctl stop firewalld$ systemctl disable firewalld# 所有节点关闭 SELinux$ setenforce 0$ sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux# 所有节点关闭 swap 分区$ swapoff -a$ sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab# 所有节点配置时区和时间同步$ ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime$ yum install chrony -y$ vim /etc/chrony.confserver ntp1.aliyun.com iburstserver ntp2.aliyun.com iburstserver time1.cloud.tencent.com iburstserver time2.cloud.tencent.com iburst$ systemctl enable chronyd && systemctl start chronyd# 所有节点优化内核$ cat > /etc/sysctl.d/k8s.conf << EOFnet.ipv4.ip_forward = 1net.bridge.bridge-nf-call-iptables = 1net.bridge.bridge-nf-call-ip6tables = 1fs.may_detach_mounts = 1vm.overcommit_memory=1vm.panic_on_oom=0fs.inotify.max_user_watches=89100fs.file-max=52706963fs.nr_open=52706963net.ipv4.tcp_keepalive_time = 600net.ipv4.tcp.keepaliv.probes = 3net.ipv4.tcp_keepalive_intvl = 15net.ipv4.tcp.max_tw_buckets = 36000net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp.max_orphans = 327680net.ipv4.tcp_orphan_retries = 3net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.ip_conntrack_max = 65536net.ipv4.tcp_max_syn_backlog = 16384net.ipv4.top_timestamps = 0net.core.somaxconn = 16384EOF
配置免密登录(master节点)
# 生成密钥对$ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:sIXgoKGkS09cs/OREa+DBSQXrX5fa2bBATPOT2YSbjc root@k8s-master01The key's randomart image is:+---[RSA 2048]----+|....oBoo. ||+o.o+.+o+= ||+. o.o++=.= ||..o .=+o* E ||. ....+S O o || . .. = || . . . o || . = || + |+----[SHA256]-----+# 分发公钥到其他节点$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node2
添加安装源(所有节点)
# 添加 k8s 安装源$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF# 添加 Docker 安装源$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装所需组件(所有节点)$ yum install -y kubelet-1.24.2 kubectl-1.24.2 kubeadm-1.24.2
每个版本的安装方式可能会存在差异,所以这里指定安装版本。
启动 kubelet、docker,并设置开机启动(所有节点)
$ systemctl enable docker$ systemctl enable kubelet$ systemctl start docker$ systemctl start kubelet
修改 docker 配置(所有节点)
# kubernetes 官方推荐 docker 等使用 systemd 作为 cgroupdriver,否则 kubelet 启动不了$ cat <<EOF > /etc/docker/daemon.json{"exec-opts": ["native.cgroupdriver=systemd"],"insecure-registries": ["registry.cn-shenzhen.aliyuncs.com"],"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"]}EOF# 重启生效$ systemctl daemon-reload$ systemctl restart docker
用 kubeadm 初始化集群(仅在主节点跑),
# 初始化集群控制台 Control plane# 失败了可以用 kubeadm reset 重置$ kubeadm init --image-repository=registry.aliyuncs.com/google_containers# 记得把 kubeadm join xxx 保存起来# 忘记了重新获取:kubeadm token create --print-join-command# 复制授权文件,以便 kubectl 可以有权限访问集群# 如果你其他节点需要访问集群,需要从主节点复制这个文件过去其他节点$ mkdir -p $HOME/.kube$ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config$ chown $(id -u):$(id -g) $HOME/.kube/config# 在其他机器上创建 ~/.kube/config 文件也能通过 kubectl 访问到集群
有兴趣了解 kubeadm init 具体做了什么的,可以 查看文档
把工作节点加入集群(只在工作节点跑)
$ kubeadm join 172.16.32.10:6443 --token xxx --discovery-token-ca-cert-hash xxx
安装网络插件,否则 node 是 NotReady 状态(主节点跑)
# 很有可能国内网络访问不到这个资源,你可以网上找找国内的源安装 flannel$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看节点,要在主节点查看(其他节点有安装 kubectl 也可以查看)
若有收获,就点个赞吧
0 人点赞
