K8S是什么?

K8S是一个开源系统,核心目标应用部署、自动扩充容,能够实现自动化。管理容器化的应用。
K8s主要特征

  1. 以服务为中心
  2. 自动化

集群搭建方案

  1. 社区方案

(1)杂乱
(2)不可靠
(3)升级难

  1. Kubeadm

(1) 优雅
(2) 简单
(3)支持高可用
bad
(4) 升级困难
(5) 不易维护
(6)文档不够细致

  1. Binary(二进制安装)

(1)易于维护
(2)灵活
(3)升级方便
bad
(1)没有文档
(2)安装复杂

K8S高可用集群安装

配置环境 3台master 节点 2台worker节点

1. 主机名 置节点的所有节点hostname所有的hostname必须都不一样

  1. #查看主机名称
  2. $ hostname
  3. #修改主机名称
  4. $ hostnamectl set-hostname <your_hostname>
  5. #配置host,使所有节点之间可以通过hostname访问
  6. $ vim /etc/hosts
  7. # <node-ip> <node-hostname>

2.安装依赖包

 $ yum update
 $ yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp

3. 关闭防火墙、swap、重置IPTABLES

#关闭冰停止防火墙
$ systemct stop firewalld  && systemctl diable firewalld
#重置iptables
$ iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
#禁止swap
$ swapoff -a
#禁止开启启动swap
$ sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
#关闭selinux
setenforce 0
#关闭dnsmasq服务
service dnsmasq stop && systemctl disable dnsmasq

4.设置系统参数

#制作配置文件
$ cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
EOF
#生效文件
sysctl -p /etc/sysctl.d/kubernetes.conf

5.安装必要工具

kubeadm:部署集群用的命令
kubelet:在集群中每台机器上都要运行的组件负责管理pod、容器生命周期
kubectl:集群管理工具
cat > /etc/yum.repos.d/kubernetes.repo <<EOF 
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#安装工具
$ yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
#启动kubelet
$ systemctl enable kubelet && systemctl  start kubelet

6.准备配置文件

#随便找个节点
$ git clone https://gitee.com/pa/kubernetes-ha-kubeadm.git
addons kubernetes插件 calico 和dashboard
configs 包含了集群过程中用到的各种配置文件
scripts 部署集群过程中用到的脚本、比如下载镜像脚本、keepalive检查脚本
global-configs.properties 全局配置 包含各种容易改变的配置内容
init.sh 初始化脚本 配置好global-config之后会自动生成所有配置文件

7.生成配置文件

$ cd kubernetes
$ vi global-config.properties

#kubernetes版本
VERSION=v1.18.6
#POD网段
POD_CIDR=192.168.0.0/16
#master虚拟IP
MASTER_VIP=192.168.174.41
#master虚拟ip
MASTER_0_VIP=192.168.174.130
MASTER_1_VIP=192.168.174.131
MASTER_2_IP=192.168.174.132
#3个master节点的hostname
MASTER_0_HOSTNAME=k8s_1
MASTER_1_HOSTNAME=K8s_2
MASTER_2_HOSTNAME=k8s_3
#keepalived用到的网卡接口名
VIP_IF=ens33

生成配置文件 
$ chmod 777 -R init.sh
#执行脚本
$ ./init.sh

====替换变量列表====
VERSION=v1.18.6
POD_CIDR=192.168.0.0/16
MASTER_VIP=172.168.41.41
MASTER_0_VIP=192.168.174.130
MASTER_1_VIP=192.168.174.131
MASTER_2_IP=192.168.174.132
MASTER_0_HOSTNAME=k8s_1
MASTER_1_HOSTNAME=K8s_2
MASTER_2_HOSTNAME=k8s_3
VIP_IF=ens33

====替换脚本====
scripts/check-apiserver.sh

====替换配置文件====
configs/keepalived-backup.conf
configs/keepalived-master.conf
configs/kubeadm-config.yaml
addons/calico-rbac-kdd.yaml
addons/calico.yaml
addons/dashboard-all.yaml
配置生成成功,位置: /root/kubernetes/kubernetes-ha-kubeadm/target

8.配置免密登录 方便分发

$ ssh-keygen -t rsa
$ cat ~/.ssh/id_rsa.pub
$ echo "ssh-key_rsa" >> /root/.ssh/authorized_keys

9. 下载master镜像

#download-images是docker下载的K8S一些基础组件 
echo ""
echo "=========================================================="
echo "Pull Kubernetes v1.14.2 Images from aliyuncs.com ......"
echo "=========================================================="
echo ""

MY_REGISTRY=registry.cn-hangzhou.aliyuncs.com/openthings

## 拉取镜像
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.14.2
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.14.2
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.14.2
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.14.2
docker pull ${MY_REGISTRY}/k8s-gcr-io-etcd:3.3.10
docker pull ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-coredns:1.3.1

## 添加Tag
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.14.2 k8s.gcr.io/kube-apiserver:v1.14.2
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.14.2 k8s.gcr.io/kube-scheduler:v1.14.2
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.14.2 k8s.gcr.io/kube-controller-manager:v1.14.2
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.14.2 k8s.gcr.io/kube-proxy:v1.14.2
docker tag ${MY_REGISTRY}/k8s-gcr-io-etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag ${MY_REGISTRY}/k8s-gcr-io-pause:3.1 k8s.gcr.io/pause:3.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-coredns:1.3.1 k8s.gcr.io/coredns:1.3.1

docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.14.2
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.14.2
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.14.2
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.14.2
docker rmi ${MY_REGISTRY}/k8s-gcr-io-etcd:3.3.10
docker rmi ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
docker rmi ${MY_REGISTRY}/k8s-gcr-io-coredns:1.3.1
echo ""
echo "=========================================================="
echo "Pull Kubernetes v1.14.2 Images FINISHED."
echo "=========================================================="
echo ""


把分发节点的下载镜像脚本传到master节点
scp target/configs/download-images.sh <user>@<node_ip>:~

二、搭建高可用集群

#安装keepalived
$ yum install -y keepalived(一主一备)
#创建keepalived配置文件
$ mkdir -p /etc/keepalived
#分发配置文件
$ scp -r keepalived-master.conf root@192.168.174.130:/etc/keepalived
$ scp -r keepalived-backup.conf root@192.168.174.130:/etc/keepalived
#分发监测脚本
$ scp check-apiserver.sh root@192.168.174.130:/etc/keepalived
$ scp check-apiserver.sh root@192.168.174.131:/etc/keepalived
#启动keepalived 开启自启动
systemctl enable keepalived && service keepalived start