使用kubeadm在Centos上部署kubernetes1.18

Kubernetes1.18是2020年3月26日发行的第一个新的版本,Kubernetes 1.18包含了38个增强功能,其中15个增强功能已趋于稳定,beta增强了11个,alpha增强了12个。今天保哥使用kubeadm在Centos7系统上部署一个简单的kubernetes环境。

扩展阅读:

  • alpha:表示内测版本
  • beta:表示公测版本,还没有稳定
  • stable:表示稳定版本

主要功能


1.KubernetesTopology Manager(kubernetes拓扑管理器)-beta版本

拓扑管理器是kubernetes1.18版中的beta功能,在引入拓扑管理器之前,CPU和设备管理器将做出彼此独立的资源分配决策,这可能会导致在多套接字系统上分配不良信息,从而导致延迟关键型应用程序的性能下降,拓扑管理器可以使CPU和设备实现NUMA对齐,这将使工作负载在针对低延迟而优化的环境中运行

2.ServersideApply(服务端apply)-beta2版本

服务器端Apply在1.16中升级为Beta,现在在1.18中增强到第二版Beta,这个新版本将跟踪和管理所有新Kubernetes对象的字段更改,从而知道什么更改了资源以及何时更改。

3.ExtendingIngress with and replacing a deprecated annotation with IngressClass(使用IngressClass扩展Ingress并用IngressClass替换不推荐使用的注释)-stable版

在Kubernetes 1.18中,Ingress有两个重要的改进:pathType字段和IngressClass资源。该pathType字段允许指定路径应如何匹配。除了默认ImplementationSpecific类型外,还有new Exact和Prefixpath类型,该IngressClass资源用于描述Kubernetes集群中的Ingress类型。入口可以通过ingressClassName在入口上使用新字段来指定与它们关联的类。此新资源和字段替换了不建议使用的kubernetes.io/ingress.class注释。

4.SIG-CLIintroduces kubectl alpha debug(SIG-CLI引入kubectlalpha调试)-alpha版

随着临时容器的发展,我们可以通过在kubectl exec,该kubectlalpha debug命令的添加使开发人员可以轻松地在集群中调试其Pod,此命令允许创建一个临时容器,该容器在要检查的Pod旁边运行,并且还附加到控制台以进行交互式故障排除。

5.IntroducingWindows CSI support alpha for Kubernetes(为Kubernetes引入Windows CSI支持A)-alpha版

随着Kubernetes1.18的发布,用于Windows的CSI代理的Alpha版本也已发布。CSI代理使非特权(预先批准)的容器能够在Windows上执行特权存储操作。现在,可以利用CSI代理在Windows中支持CSI驱动程序。

系统准备


查看系统版本

[root@gcdr-kubernetes-t01 ~]# cat /etc/redhat-release

CentOS Linux release 7.7.1908 (Core)

[root@gcdr-kubernetes-t01 ~]# cat /etc/centos-release

CentOS Linux release 7.7.1908 (Core)

添加阿里源

rm -rf /etc/yum.repos.d/*

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

配置主机名

[root@gcdr-kubernetes-t01 ~]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

10.5.11.24 gcdr-kubernetes-t01

关闭swap,注释swap分区

[root@gcdr-kubernetes-t01 ~]# swapoff -a

[root@gcdr-kubernetes-t01 ~]# cat /etc/fstab

使用kubeadm在Centos上部署kubernetes1.18

配置内核参数,将桥接的IPv4流量传递到iptables的链

[root@gcdr-kubernetes-t01 ~]# cat > /etc/sysctl.d/k8s.conf <<EOF

> net.bridge.bridge-nf-call-ip6tables = 1

> net.bridge.bridge-nf-call-iptables = 1

> EOF

[root@gcdr-kubernetes-t01 ~]# sysctl –system

安装常用包


[root@gcdr-kubernetes-t01 ~]# yum install vim bash-completion net-tools gcc -y

安装docker-ce

[root@gcdr-kubernetes-t01 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 wget
[root@gcdr-kubernetes-t01 ~]# yum-config-manager –add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@gcdr-kubernetes-t01 ~]# yum install docker-ce -y

添加aliyundocker仓库加速器

[root@gcdr-kubernetes-t01 ~]# mkdir -p /etc/docker

[root@gcdr-kubernetes-t01 ~]# tee /etc/docker/daemon.json <<-‘EOF’

{

“registry-mirrors”: [“https://fl791z1h.mirror.aliyuncs.com“]

}

EOF

[root@gcdr-kubernetes-t01 ~]# systemctl daemon-reload

[root@gcdr-kubernetes-t01 ~]# systemctl restart docker

[root@gcdr-kubernetes-t01 ~]# systemctl enabled docker

安装kubectl、kubelet、kubeadm

添加阿里kubernetes源

[root@gcdr-kubernetes-t01 ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo

> [kubernetes]

> name=Kubernetes

> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/

> enabled=1

> gpgcheck=1

> repo_gpgcheck=1

> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

> EOF

安装

[root@gcdr-kubernetes-t01 ~]# yum install kubectl kubelet kubeadm
[root@gcdr-kubernetes-t01 ~]# systemctl enable kubelet

初始化k8s集群


[root@gcdr-kubernetes-t01 ~]# kubeadm init –kubernetes-version=1.18.1 \

–apiserver-advertise-address=10.5.11.24 \

–image-repository registry.aliyuncs.com/google_containers \

–service-cidr=10.10.0.0/16 –pod-network-cidr=10.122.0.0/16

POD的网段为: 10.122.0.0/16, api server地址就是master本机IP。

这一步很关键,由于kubeadm 默认从官网k8s.grc.io下载所需镜像,国内无法访问,因此需要通过–image-repository指定阿里云镜像仓库地址。

集群初始化成功后返回如下信息:

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.

Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:

https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.5.11.24:6443 –token x7o9xt.96mriw99refv5l67 \

–discovery-token-ca-cert-hash sha256:291622fa9d68d957ca36eb041b8ba9d969258c779683e29a75f54e08d98e8736

记录生成的最后部分内容,此内容需要在其它节点加入Kubernetes集群时执行。

根据提示创建kubectl

[root@gcdr-kubernetes-t01 ~]# mkdir -p $HOME/.kube

[root@gcdr-kubernetes-t01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

[root@gcdr-kubernetes-t01 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

执行下面命令,使kubectl可以自动补充

[root@gcdr-kubernetes-t01 ~]# source <(kubectl completion bash)

查看节点,pod

[root@gcdr-kubernetes-t01 ~]# kubectl get nodes

NAME STATUS ROLES AGE VERSION

gcdr-kubernetes-t01 NotReady master 7m57s v1.18.1

[root@gcdr-kubernetes-t01 ~]# kubectl get pod –all-namespaces

使用kubeadm在Centos上部署kubernetes1.18

node节点为NotReady,因为corednspod没有启动,缺少网络pod

安装calico网络

[root@gcdr-kubernetes-t01 ~]# kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

configmap/calico-config created

customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created

customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created

clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created

clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created

clusterrole.rbac.authorization.k8s.io/calico-node created

clusterrolebinding.rbac.authorization.k8s.io/calico-node created

daemonset.apps/calico-node created

serviceaccount/calico-node created

deployment.apps/calico-kube-controllers created

serviceaccount/calico-kube-controllers created

查看pod和node

[root@gcdr-kubernetes-t01 ~]# kubectl get pod –all-namespaces

NAMESPACE NAME READY STATUS RESTARTS AGE

kube-system calico-kube-controllers-555fc8cc5c-v5cn2 1/1 Running 0 5m20s

kube-system calico-node-2rjs6 1/1 Running 0 5m20s

kube-system coredns-7ff77c879f-v8qfz 1/1 Running 0 15m

kube-system coredns-7ff77c879f-zcgd4 1/1 Running 0 15m

kube-system etcd-gcdr-kubernetes-t01 1/1 Running 0 15m

kube-system kube-apiserver-gcdr-kubernetes-t01 1/1 Running 0 15m

kube-system kube-controller-manager-gcdr-kubernetes-t01 1/1 Running 0 15m

kube-system kube-proxy-kmj4l 1/1 Running 0 15m

kube-system kube-scheduler-gcdr-kubernetes-t01 1/1 Running 0 15m

[root@gcdr-kubernetes-t01 ~]# kubectl get node

NAME STATUS ROLES AGE VERSION

gcdr-kubernetes-t01 Ready master 18m v1.18.1

此时集群状态正常

查看pod,service

[root@gcdr-kubernetes-t01 ~]# kubectl get svc -n kubernetes-dashboard

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

dashboard-metrics-scraper ClusterIP 10.10.41.93 <none> 8000/TCP 8m1s

kubernetes-dashboard NodePort 10.10.206.82 <none> 443:31467/TCP 8m1s

使用token进行登录,执行下面命令获取token

[root@gcdr-kubernetes-t01 ~]# kubectl describe secrets -n kubernetes-dashboard kubernetes-dashboard | grep token | awk ‘NR==3{print $2}’

eyJhbGciOiJSUzI1NiIsImtpZCI6IkVhLWViYWZCN0JEb0JwcGU1dC1VNHp3eXpBT1lXTHMzMndoSGs5Qnd4NGMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1qbmxmeCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjZmN2RlZDc3LWU4ZWUtNGVjZS1hNTkwLWUwMGYzNjg0NTIxZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.doA-05afSGfi43P1wtBWtdUmU0BtWUGy8B4_GYBwx3fa5LsAzaGY8kMeUj4jxgLH0U_PkowYvdNklM0GJeqhY7NcZ4BwpPl67Ux4JIlB4Dgt_LVQ2enwP3rVfst0oTBroG42eB92GOGvcY4g8orUiuCG3ezb3490FQdlqHmLvSfUa4gYTwi3fSf3R5zTbzEFvuIJi7Kz3QbwpHusCp55Jj0DZ69jHe2_Ay274C_n0Cnsb4KampUdfVa6lE6Qnl29tItzNyA8fetq558PaC1cs7BsHmP-m4pwxM6gF3HprimV35rqfZOlhWunjKxnPSXGq7tB_iT6H8NqqNuh3ux_iw

原创文章,作者:shengbao,如若转载,请注明出处:https://baogebiji.com/150.html

发表评论

电子邮件地址不会被公开。