• 基于docker 搭建k8s

    一、部署环境架构以及方式

    一、环境准备

    1、网络yum配置(阿里云yum源)

     1 # CentOS-Base.repo
 2 #
 3 # The mirror system uses the connecting IP address of the client and the
 4 # update status of each mirror to pick mirrors that are updated to and
 5 # geographically close to the client.  You should use this for CentOS updates
 6 # unless you are manually picking other mirrors.
 7 #
 8 # If the mirrorlist= does not work for you, as a fall back you can try the 
 9 # remarked out baseurl= line instead.
10 #
11 #
12  
13 [base]
14 name=CentOS-$releasever - Base - mirrors.aliyun.com
15 failovermethod=priority
16 baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
17         http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
18         http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
19 gpgcheck=1
20 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
21  
22 #released updates 
23 [updates]
24 name=CentOS-$releasever - Updates - mirrors.aliyun.com
25 failovermethod=priority
26 baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
27         http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
28         http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
29 gpgcheck=1
30 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
31  
32 #additional packages that may be useful
33 [extras]
34 name=CentOS-$releasever - Extras - mirrors.aliyun.com
35 failovermethod=priority
36 baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
37         http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
38         http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
39 gpgcheck=1
40 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
41  
42 #additional packages that extend functionality of existing packages
43 [centosplus]
44 name=CentOS-$releasever - Plus - mirrors.aliyun.com
45 failovermethod=priority
46 baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
47         http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
48         http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
49 gpgcheck=1
50 enabled=0
51 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
52  
53 #contrib - packages by Centos Users
54 [contrib]
55 name=CentOS-$releasever - Contrib - mirrors.aliyun.com
56 failovermethod=priority
57 baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
58         http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
59         http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
60 gpgcheck=1
61 enabled=0
62 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
    View Code

    2、docker yum源配置(阿里云)

     1 [docker-ce-stable]
 2 name=Docker CE Stable - $basearch
 3 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
 4 enabled=1
 5 gpgcheck=1
 6 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 7 
 8 [docker-ce-stable-debuginfo]
 9 name=Docker CE Stable - Debuginfo $basearch
10 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/stable
11 enabled=0
12 gpgcheck=1
13 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
14 
15 [docker-ce-stable-source]
16 name=Docker CE Stable - Sources
17 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/stable
18 enabled=0
19 gpgcheck=1
20 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
21 
22 [docker-ce-test]
23 name=Docker CE Test - $basearch
24 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/test
25 enabled=0
26 gpgcheck=1
27 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
28 
29 [docker-ce-test-debuginfo]
30 name=Docker CE Test - Debuginfo $basearch
31 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/test
32 enabled=0
33 gpgcheck=1
34 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
35 
36 [docker-ce-test-source]
37 name=Docker CE Test - Sources
38 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/test
39 enabled=0
40 gpgcheck=1
41 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
42 
43 [docker-ce-nightly]
44 name=Docker CE Nightly - $basearch
45 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightly
46 enabled=0
47 gpgcheck=1
48 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
49 
50 [docker-ce-nightly-debuginfo]
51 name=Docker CE Nightly - Debuginfo $basearch
52 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/nightly
53 enabled=0
54 gpgcheck=1
55 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
56 
57 [docker-ce-nightly-source]
58 name=Docker CE Nightly - Sources
59 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/nightly
60 enabled=0
61 gpgcheck=1
62 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
    View Code

    3、kubectl yum 配置

    1 [kubernetes]
2 name=Kubernetes
3 baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
4 enabled=1
5 gpgcheck=1
6 repo_gpgcheck=1
7 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
    View Code

    4、加载网络yum源

    yum repolist

    二、master安装组件

    1、安装组件

    yum install docker-ce kubelet kubeadm kubectl

    1.1校验可能会报错

    提前下载 wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

    1.2下载组件kubectl

    1 [root@master packages]# ll
2 total 63772
3 -rw-r--r-- 1 root root  5318270 Jan  4  2021 14bfe6e75a9efc8eca3f638eb22c7e2ce759c67f95b43b16fae4ebabde1549f3-cri-tools-1.13.0-0.x86_64.rpm
4 -rw-r--r-- 1 root root  9513430 Jul 17 05:03 23f7e018d7380fc0c11f0a12b7fda8ced07b1c04c4ba1c5f5cd24cd4bdfb304d-kubeadm-1.21.3-0.x86_64.rpm
5 -rw-r--r-- 1 root root 20970442 Jul 17 05:07 7e38e980f058e3e43f121c2ba73d60156083d09be0acc2e5581372136ce11a1c-kubelet-1.21.3-0.x86_64.rpm
6 -rw-r--r-- 1 root root 10005798 Jul 17 05:05 b04e5387f5522079ac30ee300657212246b14279e2ca4b58415c7bf1f8c8a8f5-kubectl-1.21.3-0.x86_64.rpm
7 -rw-r--r-- 1 root root 19487362 Jan  4  2021 db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1876bb18604ad-kubernetes-cni-0.8.7-0.x86_64.rpm
    View Code

    1.3下载容器组件

    1 [root@master packages]# ll
2 total 105416
3 -rw-r--r-- 1 root root 31283812 Jul 20 05:15 containerd.io-1.4.8-3.1.el7.x86_64.rpm
4 -rw-r--r-- 1 root root 27902344 Jun  3 03:29 docker-ce-20.10.7-3.el7.x86_64.rpm
5 -rw-r--r-- 1 root root 34717572 Jun  3 03:29 docker-ce-cli-20.10.7-3.el7.x86_64.rpm
6 -rw-r--r-- 1 root root  9659320 Jun  3 03:29 docker-ce-rootless-extras-20.10.7-3.el7.x86_64.rpm
7 -rw-r--r-- 1 root root  4373740 Jun  3 03:29 docker-scan-plugin-0.8.0-3.el7.x86_64.rpm
    View Code

    三、启动容器

    3.1写加速文件

    1 [root@master docker]# cat daemon.json 
2 {
3     "insecure-registries":["192.168.33.79:5000"],
4       "registry-mirrors": [
5         "https://registry.docker-cn.com",
6         "http://hub-mirror.c.163.com",
7         "https://docker.mirrors.ustc.edu.cn"
8   ]
9 }
    View Code

    3.2启动docker

    [root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl start docker

    3.3查看docker 信息

     1 [root@master docker]# docker info
 2 Client:
 3  Context:    default
 4  Debug Mode: false
 5  Plugins:
 6   app: Docker App (Docker Inc., v0.9.1-beta3)
 7   buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
 8   scan: Docker Scan (Docker Inc., v0.8.0)
 9 
10 Server:
11  Containers: 37
12   Running: 24
13   Paused: 0
14   Stopped: 13
15  Images: 20
16  Server Version: 20.10.7
17  Storage Driver: overlay2
18   Backing Filesystem: xfs
19   Supports d_type: true
20   Native Overlay Diff: true
21   userxattr: false
22  Logging Driver: json-file
23  Cgroup Driver: cgroupfs
24  Cgroup Version: 1
25  Plugins:
26   Volume: local
27   Network: bridge host ipvlan macvlan null overlay
28   Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
29  Swarm: inactive
30  Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
31  Default Runtime: runc
32  Init Binary: docker-init
33  containerd version: 7eba5930496d9bbe375fdf71603e610ad737d2b2
34  runc version: v1.0.0-0-g84113ee
35  init version: de40ad0
36  Security Options:
37   seccomp
38    Profile: default
39  Kernel Version: 3.10.0-862.11.6.el7.x86_64
40  Operating System: CentOS Linux 7 (Core)
41  OSType: linux
42  Architecture: x86_64
43  CPUs: 8
44  Total Memory: 7.638GiB
45  Name: master
46  ID: HGKJ:IOYV:VZ2Z:MBDV:3NPE:ISKU:JMDZ:TO67:LOFK:I6ZG:NSGF:G7XC
47  Docker Root Dir: /var/lib/docker
48  Debug Mode: false
49  HTTPS Proxy: http:www.ik8s.io:10080
50  No Proxy: 127.0.0.0/8
51  Registry: https://index.docker.io/v1/
52  Labels:
53  Experimental: false
54  Insecure Registries:
55   192.168.33.79:5000
56   127.0.0.0/8
57  Registry Mirrors:
58   https://registry.docker-cn.com/
59   http://hub-mirror.c.163.com/
60   https://docker.mirrors.ustc.edu.cn/
61  Live Restore Enabled: false
    View Code

    注意!!!

    通过网桥转发的IP数据包会iptables规则过滤,而这两个选项将阻止过滤,Netfilter是默认情况下启用了桥梁,如果不阻止会导致严重的混乱

    echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

    四、启动kubelet

    4.1设置开机自启

    systemctl enable kubelet
systemctl enable docker

    4.2下拉初始化软件包(脚本)

     1 set -o errexit
 2 set -o nounset
 3 set -o pipefail
 4 
 5 ##这里定义版本,按照上面得到的列表自己改一下版本号
 6 
 7 KUBE_VERSION=v1.21.3
 8 KUBE_PAUSE_VERSION=3.4.1
 9 ETCD_VERSION=3.4.13-0
10 DNS_VERSION=v1.8.0
11 
12 ##这是原始仓库名,最后需要改名成这个
13 GCR_URL=k8s.gcr.io
14 
15 ##这里就是写你要使用的仓库
16 DOCKERHUB_URL=aiotceo
17 
18 ##这里是镜像列表,新版本要把coredns改成coredns/coredns
19 images=(
20 kube-proxy:${KUBE_VERSION}
21 kube-scheduler:${KUBE_VERSION}
22 kube-controller-manager:${KUBE_VERSION}
23 kube-apiserver:${KUBE_VERSION}
24 pause:${KUBE_PAUSE_VERSION}
25 etcd:${ETCD_VERSION}
26 coredns/coredns:${DNS_VERSION}
27 )
28 
29 ##这里是拉取和改名的循环语句
30 for imageName in ${images[@]} ; do
31   docker pull $DOCKERHUB_URL/$imageName
32   docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName
33   docker rmi $DOCKERHUB_URL/$imageName
34 done
    View Code

    4.3初始化kubeadm

    初始化时需要加镜像来源:  --image-repository=registry.aliyuncs.com/google_containers(这个是我自己的阿里云镜像仓库)

    查看k8版本 :

    1 [root@node ~]# kubectl version
2 Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.3", GitCommit:"ca643a4d1f7bfe34773c74f79527be4afd95bf39", GitTreeState:"clean", BuildDate:"2021-07-15T21:04:39Z", GoVersion:"go1.16.6", Compiler:"gc", Platform:"linux/amd64"}
    View Code

    初始化

    1  kubeadm init --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.21.3 --service-cidr=10.96.0.0/12
    View Code

    五、创建登陆配置

    5.1 创建kube目录,添加kubectl配置

    1 mkdir -p $HOME/.kube;
2 
3 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config;
4 
5 sudo chown $(id -u):$(id -g) $HOME/.kube/config
    View Code

    六、安装网络

    6.1添加网络组件(flannel)

     组件flannel可以通过https://github.com/coreos/flannel中获取,此处也有介绍怎么安装,也可以自己在网上找网络镜像安装(最好到官网下载网络yaml文件)

    1 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    View Code

    七、node安装组件

    1、安装组件

    yum install docker-ce kubelet kubeadm kubectl

    1.1校验可能会报错

    提前下载 wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

    八、启动容器

    1写加速文件

    root@master:/k8s/pod/image/harbor# cat  /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://7hgbbnxx.mirror.aliyuncs.com"],
  "insecure-registries":["master:5000","192.168.27.141:8093"]
}

    2启动docker

    [root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl start docker

    注意!!!

    通过网桥转发的IP数据包会iptables规则过滤,而这两个选项将阻止过滤,Netfilter是默认情况下启用了桥梁,如果不阻止会导致严重的混乱

    echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

     

    kubeadm 生成 token

    查看

    kubeadm token create --print-join-command

    生成新的token

    [root@k8s-master ~]# kubeadm token create
iuv3h7.9yhwvfm9f3phpfcl
[root@k8s-master ~]# kubeadm token list
TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
iuv3h7.9yhwvfm9f3phpfcl   23h       2019-05-14T10:26:50+08:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token

    获取ca证书sha256编码hash值

    [root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
91ca783858fbe9806560e8253ec47fe734addba3c8ee64ddbeace077a5101aee

    node加入到master

    kubeadm join 192.168.1.110:6443 --token wgrs62.vy0trlpuwtm5jd75 --discovery-token-ca-cert-hash sha256:6e947e63b176acf976899483d41148
    --ignore-preflight-errors=Swap

     注意:join需要以下软件

    遇到的问题

     vim /etc/sysconfig/kubelet       

     KUBELET_EXTRA_ARGS="--fail-swap-on=false"

    kubeadm init --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.21.3 --service-cidr=10.96.0.0/12  --ignore-preflight-errors=Swap   #在初始化时加入--ignore选项 

    作者:赵世渊

    -------------------------------------------

    个性签名:独学而无友,则孤陋而寡闻。

    如果觉得这篇文章对你有小小的帮助的话,记得在右下角点个“推荐”哦,博主在此感谢!
  • 相关阅读:
    读书笔记之: 操作系统概念(第6版)第三部分 存储管理2(文件系统接口, 文件系统实现)
    Padding 属性中参数的定义
    谷歌“抄袭门”:可能祸及价值660亿品牌形象
    最常用的20个ASP代码片段 上
    可定制的数据库备份和恢复程序
    最常用的20个ASP代码片段 下
    Google Ajax Search API的使用
    Ajax 中跨域问题的结决办法 [转]
    JAVA面试题汇总 一
    WebService的描述与注册、发布
  • 原文地址:https://www.cnblogs.com/Raphel/p/15091412.html
Copyright © 2020-2023  润新知