构建Kubernetes集群

2021-07-08  本文已影响0人  bear_small

对应的每台设备都需要操作 kubernetes-master kubernetes-node1 kubernetes-node2

1. 修改主机名

cat >> /etc/hosts << EOF
192.168.141.150 kubernetes-master
EOF

2. 配置静态IP

为 Master 和 Node 节点单独配置对应的 IP
编辑配置文件
vim /etc/netplan/50-cloud-init.yaml

image.png

配置生效
netplan apply

3. 配置kubeadm

安装概述
安装 kubernetes 主要是安装它的各个镜像,而 kubeadm 已经为我们集成好了运行 kubernetes 所需的基本镜像。但由于国内的网络原因,在搭建环境时,无法拉取到这些镜像。此时我们只需要修改为阿里云提供的镜像服务即可解决该问题。

  • 创建并修改配置
    • 新建配置目录(后续自定义配置都置于此目录)
      mkdir -p /usr/local/kubernetes
    • 在上述目录导出配置文件
      kubeadm config print init-defaults --kubeconfig ClusterConfiguration > kubeadm.yml
    • 修改配置如下
#修改为当前服务器(主节点)的IP地址 
advertiseAddress: 192.168.141.150 
#国内不能访问 Google,修改为阿里云 
imageRepository: registry.aliyuncs.com/google_containers  
#默认为当前下载kubernetes版本的大版本中的第一个版本,如我下载的是1.20.1,此处为1.20.0,更新为 > 1.20.1即可 
kubernetesVersion: v1.20.1   
 # 配置成 Calico 的默认网段,属性没有则添加 
podSubnet: "10.244.0.0/16"   

以上配置会有个小坑,即Calico 的默认网段,此处,因为我虚拟机的网段是192.168.141.0/24,此处就会和Calico 的默认网段产生冲突,建议更换其他网段(此处说明是因为我安装单节点集群时没问题,但是安装高可用时就产生了问题,具体问题后面会单独说明分析)

  • 拉取镜像
    • 查看所需镜像列表
      kubeadm config images list --config kubeadm.yml
    • 拉取镜像
      kubeadm config images pull --config kubeadm.yml
      image.png

4. 使用 kubeadm 构建 kubernetes 集群-主节点

  • 安装kubernetes主节点
    kubeadm init --config=kubeadm.yml --upload-certs | tee kubeadm-init.log
    执行以上命令初始化主节点,该命令指定了初始化时需要使用的配置文件
    --experimental-upload-certs(在v1.16及以上版本会报错, 新版本不再支持此参数了,变更为:--upload-certs即可,见: http://www.suoniao.com/article/5e7b9559ab939f14c42a9784) 参数可以在后续执行加入节点时自动分发证书文件。
    追加的 tee kubeadm-init.log 用以输出日志。
  • 安装成功则会有如下输出
[init] Using Kubernetes version: v1.20.1
[preflight] Running pre-flight checks
  [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The > recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes-master kubernetes.default > kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.2.129]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [kubernetes-master localhost] and IPs > [192.168.2.129 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [kubernetes-master localhost] and IPs > [192.168.2.129 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory > "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 73.009161 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" > Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.20" in namespace kube-system with the configuration for > the kubelets in the cluster
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
4def8ffa89bd642c033713e0b715ee074341987164c2ae23fc4394536203c421
[mark-control-plane] Marking the node kubernetes-master as control-plane by adding the labels "node-> role.kubernetes.io/master=''" and "node-role.kubernetes.io/control-plane='' (deprecated)"
[mark-control-plane] Marking the node kubernetes-master as control-plane by adding the taints [node-> role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: abcdef.0123456789abcdef
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes > to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs > from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the > cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate > and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.2.129:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash > sha256:1d5c20e7497d1c710c2f83aa1de8cdc2a8c73c7dfd005e1d155a0360cc510d72 
root@kubernetes-master:/usr/local/kubernetes#

注意:如果安装 kubernetes 版本和下载的镜像版本不统一则会出现 timed out waiting for the condition 错误。
中途失败或是想修改配置可以使用 kubeadm reset 命令重置配置,再做初始化操作即可。
如果执行kubeadm reset后,执行kubectl get nodes报错(权限相关),
则删除$HOME/.kube目录下的.kube文件(rm -rf $HOME/.kube)
重新执行mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/config

  • 配置 kubectl
    mkdir -p $HOME/.kube
    cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    非 ROOT 用户执行
    chown $(id -u):$(id -g) $HOME/.kube/config
  • 验证
    kubectl get node
    能够打印出节点信息即表示成功

至此主节点配置完成

说明:
kubeadm init 的执行过程
init:指定版本进行初始化操作
preflight:初始化前的检查和下载所需要的 Docker 镜像文件
kubelet-start:生成 kubelet 的配置文件 var/lib/kubelet/config.yaml,没有这个文件 kubelet 无法启动,所以初 始化之前的 kubelet 实际上启动不会成功
certificates:生成 Kubernetes 使用的证书,存放在 /etc/kubernetes/pki 目录中
kubeconfig:生成 KubeConfig 文件,存放在 /etc/kubernetes 目录中,组件之间通信需要使用对应文件
control-plane:使用 /etc/kubernetes/manifest 目录下的 YAML 文件,安装 Master 组件
etcd:使用 /etc/kubernetes/manifest/etcd.yaml 安装 Etcd 服务
wait-control-plane:等待 control-plan 部署的 Master 组件启动
apiclient:检查 Master 组件服务状态。
uploadconfig:更新配置
kubelet:使用 configMap 配置 kubelet
patchnode:更新 CNI 信息到 Node 上,通过注释的方式记录
mark-control-plane:为当前节点打标签,打了角色 Master,和不可调度标签,这样默认就不会使用 Master 节点来运行 Pod
bootstrap-token:生成 token 记录下来,后边使用 kubeadm join 往集群中添加节点时会用到
addons:安装附加组件 CoreDNS 和 kube-proxy


5. 使用 kubeadm 配置 slave 节点

kubeadm join 192.168.141.150:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:1d5c20e7497d1c710c2f83aa1de8cdc2a8c73c7dfd005e1d155a0360cc510d72

6. 安装网络插件 Calico

参考官方文档安装:https://docs.projectcalico.org/getting-started/kubernetes/quickstart

7. 运行Kubernetes 容器

  • 检查组件运行状态
    scheduler和controller-manager显示Unhealthy
    异常 scheduler controller-manager connection refused
    解决方案:
    出现这种情况,是/etc/kubernetes/manifests下的kube-controller-manager.yaml和kube-scheduler.yaml设置> 的默认端口是0,在文件中注释掉就可以了
    重启kubelet服务: systemctl restart kubelet.service

  • 检查 Master 状态,输出如下
    kubectl cluster-info
# 主节点状态
Kubernetes control plane is running at [<u>https://192.168.2.129:6443</u>](https://192.168.2.129:6443)
# DNS 状态
KubeDNS is running at https://192.168.2.129:6443/api/v1/namespaces/kube-system/services/kube-> dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

  • 检查 Nodes 状态
    kubectl get nodes
    输出如下,STATUS 为 Ready 即为正常状态
    image.png

  • 运行容器实例
    replicas说明已经被废弃,未来版本中会删除, 推荐用 deployment 创建 pods创建yaml文件
    image.png
    创建pods
    kubectl apply -f nginx-deployment.yaml
    image.png

  • 各类状态获取命令
    • 查看全部 Pods 的状态(需要等待一小段实践,STATUS 为 Running 即为运行成功)
      kubectl get pods
      image.png
    • 查看已部署的服务
      kubectl get deployment
      image.png
    • 映射服务,让用户可以访问
      kubectl expose deployment nginx-deployment --port=80 --type=LoadBalancer
      image.png
    • 查看已发布的服务
      kubectl get services
      image.png
      Nginx 服务已成功发布并将 80 端口映射为 31218
    • 验证
      直接浏览器访问ip:3121
      此时 Kubernetes 会以负载均衡的方式访问部署的 Nginx 服务,能够正常看到 Nginx 的欢迎页即表示成功。容器实际部署在其它 Node 节点上,通过访问 Node 节点的 IP:Port 也是可以的
    • 停止服务
      kubectl delete deployment nginx-deployment
      kubectl delete service nginx-deployment
      image.png
      image.png

根据次版本核配置,本人已搭建集群与高可用集群环境,如遇到相关问题,未在文章中说明,可联系本人
谢谢大家关注,点个赞呗~
如需转载请标明出处,谢谢~~

上一篇下一篇

猜你喜欢

热点阅读