部署3个节点的k8s 集群,三个虚机的信息如下所示:
主机名 | ip地址 | 角色 | 系统os |
---|---|---|---|
k8s-master | 192.168.1.38 | worker | Ubuntu 18.04.2 LTS |
k8s-node1 | 192.168.1.39 | node | Ubuntu 18.04.2 LTS |
k8s-node2 | 192.168.1.40 | node | Ubuntu 18.04.2 LTS |
1.2 设置hosts
设置三个节点的hosts文件,映射主机名和ip地址:
root@k8s-master:~# cat /etc/hosts 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts 192.168.1.38 k8s-master 192.168.1.39 k8s-node1 192.168.1.40 k8s-node2
1.3 配置apt源
配置apt源为阿里的源,替换sources.list内容为:
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
root@k8s-master:~# apt-get update
2. 安装docker
2.1 安装docker
在三个节点上都需要安装docker,执行如下命令来安装docker:
apt-get update && apt-get install apt-transport-https ca-certificates curl software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" apt-get update && apt-get install docker-ce cat > /etc/docker/daemon.json <<EOF { "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"], "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2" } EOF mkdir -p /etc/systemd/system/docker.service.d systemctl daemon-reload systemctl restart docker
2.2 查看版本
root@k8s-master:~# docker version Client: Docker Engine - Community Version: 19.03.5 API version: 1.40 Go version: go1.12.12 Git commit: 633a0ea838 Built: Wed Nov 13 07:29:52 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 19.03.5 API version: 1.40 (minimum version 1.12) Go version: go1.12.12 Git commit: 633a0ea838 Built: Wed Nov 13 07:28:22 2019 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.10 GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339 runc: Version: 1.0.0-rc8+dev GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 docker-init: Version: 0.18.0 GitCommit: fec3683
3. 安装k8s
3.1 安装kubeadm, kubelet and kubectl
在三个节点上执行如下命令来安装:
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF apt-get update apt-get install -y kubelet kubeadm kubectl apt-mark hold kubelet kubeadm kubectl
3.2 查看版本
root@k8s-master:~# kubectl version --short Client Version: v1.16.3 Server Version: v1.16.3
4. 初始化k8s集群
4.1 初始化
在master节点执行如下命令来初始化一个集群:
kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --apiserver-advertise-address 192.168.1.38
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
4.2 安装pod网络
k8s支持多种网络插件,这里选用calico网络插件:
kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
5. 添加node节点
5.1 生成hash值
在master节点执行如下命令来生成ca cert的hash值:
root@k8s-master:~# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' 2e8e6c9991a0f90623593458dc1fe8ac04c6f636d60d33ca1917ed69755f3675
5.2 添加node节点
分别在node1和node2两个节点上执行如下的join命令来将它们添加到集群中:
kubeadm join --token cw6ahy.p8qkc7grox56kf2l 192.168.1.38:6443 --discovery-token-ca-cert-hash sha256:2e8e6c9991a0f90623593458dc1fe8ac04c6f636d60d33ca1917ed69755f3675
其中,token可以通过如下命令来获取到:
root@k8s-master:~# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS cw6ahy.p8qkc7grox56kf2l 5h 2019-11-16T11:11:08Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
如果过期了,可以重新建一个:kubeadm token create
。
6.创建完成
6.1 查看集群
至此,一个简单的k8s集群已经创建完成:
root@k8s-master:~# kubectl get node NAME STATUS ROLES AGE VERSION k8s-master Ready master 18h v1.16.3 k8s-node1 Ready <none> 17h v1.16.3 k8s-node2 Ready <none> 3h46m v1.16.3 root@k8s-master:~# root@k8s-master:~# root@k8s-master:~# kubectl get pod -A -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system calico-kube-controllers-55754f75c-64lrg 1/1 Running 0 18h 192.168.235.195 k8s-master <none> <none> kube-system calico-node-d9qjv 1/1 Running 0 17h 192.168.1.39 k8s-node1 <none> <none> kube-system calico-node-h6nfh 1/1 Running 0 18h 192.168.1.38 k8s-master <none> <none> kube-system calico-node-pgjhf 1/1 Running 0 3h46m 192.168.1.40 k8s-node2 <none> <none> kube-system coredns-67c766df46-ltz7b 1/1 Running 0 18h 192.168.235.193 k8s-master <none> <none> kube-system coredns-67c766df46-zprgv 1/1 Running 0 18h 192.168.235.194 k8s-master <none> <none> kube-system etcd-k8s-master 1/1 Running 0 18h 192.168.1.38 k8s-master <none> <none> kube-system kube-apiserver-k8s-master 1/1 Running 0 18h 192.168.1.38 k8s-master <none> <none> kube-system kube-controller-manager-k8s-master 1/1 Running 0 18h 192.168.1.38 k8s-master <none> <none> kube-system kube-proxy-9wjqk 1/1 Running 0 3h46m 192.168.1.40 k8s-node2 <none> <none> kube-system kube-proxy-ckzw5 1/1 Running 0 18h 192.168.1.38 k8s-master <none> <none> kube-system kube-proxy-xp82s 1/1 Running 0 17h 192.168.1.39 k8s-node1 <none> <none> kube-system kube-scheduler-k8s-master 1/1 Running 0 18h 192.168.1.38 k8s-master <none> <none>