开始之前
要遵循本指南,你需要:
- 一台或多台运行兼容 deb/rpm 的 Linux 操作系统的计算机;例如:Ubuntu 或 CentOS。
- 每台机器 2 GB 以上的内存,内存不足时应用会受限制。
- 用作控制平面节点的计算机上至少有2个 CPU。
- 集群中所有计算机之间具有完全的网络连接。你可以使用公共网络或专用网络。
端口开放
- 如果你是用虚拟机部署,确保系统防火墙关闭即可
- 如果你是云服务器部署,请在你的服务器的安全组策略中,开放以下端口
k8s中需要开放的端口
参考kubernetes官方文档
控制面
| 协议 |
方向 |
端口范围 |
目的 |
使用者 |
| TCP |
入站 |
6443 |
Kubernetes API server |
所有 |
| TCP |
入站 |
2379-2380 |
etcd server client API |
kube-apiserver, etcd |
| TCP |
入站 |
10250 |
Kubelet API |
自身, 控制面 |
| TCP |
入站 |
10259 |
kube-scheduler |
自身 |
| TCP |
入站 |
10257 |
kube-controller-manager |
自身 |
尽管 etcd 的端口也列举在控制面的部分,但你也可以在外部自己托管 etcd 集群或者自定义端口。
工作节点
| 协议 |
方向 |
端口范围 |
目的 |
使用者 |
| TCP |
入站 |
10250 |
Kubelet API |
自身, 控制面 |
| TCP |
入站 |
30000-32767 |
NodePort Services |
所有 |
calico网络插件需要开放的端口
参考calico官方文档
网络要求
确保您的主机和防火墙根据您的配置允许必要的流量。
| 配置 |
主持人 |
连接类型 |
端口/协议 |
| BGP |
全部 |
双向 |
TCP 179 |
基础命令
查看Pod详情
1
| kubectl describe pod xxx
|
删除pod
安装环境
master与node都需要执行
设置hostname
1
2
| hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node-1
|
配置hosts
1
2
3
4
| cat >> /etc/hosts << EOF
192.168.2.60 k8s-master
192.168.2.61 k8s-node-1
EOF
|
关闭交换空间
临时关闭
永久关闭
1
| sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
|
查看是否关闭成功
1
2
3
| total used free shared buff/cache available
Mem: 1941 239 1527 0 174 1543
Swap: 0 0 0
|
Swap都为0说明关闭成功
设置kernel
1
2
3
4
| sudo tee /etc/modules-load.d/containerd.conf<<EOF
overlay
br_netfilter
EOF
|
1
| sudo modprobe br_netfilter
|
1
2
3
4
5
| sudo tee /etc/sysctl.d/kubernetes.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
|
安装containerd 运行环境
注意,必须从docker的源里安装最新版的containerd,ubuntu默认源的版本过低
1. 安装依赖
1
| sudo apt update && sudo apt install -y curl vim gnupg2 software-properties-common apt-transport-https ca-certificates
|
2. 设置docker源
1
| curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
1
| sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
3. 安装containerd
1
| sudo apt update && sudo apt install -y containerd.io-1.6.7-3.1.el7
|
4. 配置
1
| crictl config runtime-endpoint unix:///run/containerd/containerd.sock
|
1
| crictl config image-endpoint unix:///run/containerd/containerd.sock
|
1
| containerd config default | sudo tee /etc/containerd/config.toml >/dev/null 2>&1
|
1
| sudo sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
|
国内用户还需要执行
1
| sudo sed -i 's/k8s.gcr.io/registry.aliyuncs.com\/google_containers/g' /etc/containerd/config.toml
|
5. 重启启动并设置开机启动
1
| sudo systemctl restart containerd && sudo systemctl enable containerd
|
安装Kubernetes
1. 设置Kubernetes储存库
国外
1
| curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
|
1
| sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
|
国内
1
| curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
|
1
| sudo apt-add-repository "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main"
|
2. 安装
1
| sudo apt update && sudo apt install -y kubelet kubeadm kubectl
|
3. 配置
以下部分仅master执行
修改–control-plane-endpoint=1.1.1.90红色部分为自己的master机器ip
1
| sudo kubeadm init --kubernetes-version=v1.25.2 --image-repository registry.aliyuncs.com/google_containers --v=5 --control-plane-endpoint=192.168.2.60
|
1
| sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
|
1
| sudo chown $(id -u):$(id -g) $HOME/.kube/config
|
查看nodes
配置calico网络环境
1
| curl https://projectcalico.docs.tigera.io/manifests/calico.yaml -O
|
1
| kubectl apply -f calico.yaml
|
查看运行情况
1
| kubectl get pods -n kube-system
|
一件安装脚本
安装时注意必须赋予脚本执行权限,否则可能会出现未知问题:chmod +x xxx.sh
master.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
| #!/bin/bash
sudo timedatectl set-local-rtc 0
sudo apt update
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "1.关闭防火墙"
ufw disable
echo "2.关闭交换空间"
swapoff -a
sed -i 's#\/swap.img#\#\/swap.img#g' /etc/fstab
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "3.配置kernel"
sudo tee /etc/modules-load.d/containerd.conf<<EOF
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
sudo tee /etc/sysctl.d/kubernetes.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "4.安装containerd 与运行环境"
sudo apt install -y curl vim gnupg2 software-properties-common apt-transport-https ca-certificates
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
sudo apt install -y containerd.io-1.6.7-3.1.el7
containerd config default | sudo tee /etc/containerd/config.toml >/dev/null 2>&1
sudo sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
sudo sed -i 's/k8s.gcr.io/registry.aliyuncs.com\/google_containers/g' /etc/containerd/config.toml
sudo systemctl restart containerd && sudo systemctl enable containerd
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "5.安装Kubernetes"
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
sudo apt-add-repository "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main"
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "6.配置Kubernetes"
for IP in $(ip a | grep inet | grep -v 127.0.0.1 | grep -v inet6 | awk '{print $2}' | cut -d "/" -f1)
do
echo "本机IP地址:"${IP}
done
for V in $(kubeadm version | cut -d \, -f 3 | sed 's/"//g' | awk -F ":" '{print $2}')
do
echo "版本:"${V}
done
sudo kubeadm init --kubernetes-version=${V} --image-repository registry.aliyuncs.com/google_containers --v=5 --control-plane-endpoint=${IP}
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl cluster-info
kubectl get nodes
curl https://projectcalico.docs.tigera.io/manifests/calico.yaml -O
kubectl apply -f calico.yaml
watch kubectl get pods -n kube-system
|
node.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
| #!/bin/bash
sudo timedatectl set-local-rtc 0
sudo apt update
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "1.关闭防火墙"
ufw disable
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "2.关闭交换空间"
swapoff -a
sed -i 's#\/swap.img#\#\/swap.img#g' /etc/fstab
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "3.配置kernel"
sudo tee /etc/modules-load.d/containerd.conf<<EOF
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
sudo tee /etc/sysctl.d/kubernetes.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "4.安装containerd 与运行环境"
sudo apt install -y curl vim gnupg2 software-properties-common apt-transport-https ca-certificates
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
sudo apt install -y containerd.io-1.6.7-3.1.el7
containerd config default | sudo tee /etc/containerd/config.toml >/dev/null 2>&1
sudo sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
sudo sed -i 's/k8s.gcr.io/registry.aliyuncs.com\/google_containers/g' /etc/containerd/config.toml
sudo systemctl restart containerd && sudo systemctl enable containerd
echo "-------------------------------------------------------------------------------------------------------------------------"
echo "5.安装Kubernetes"
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
sudo apt-add-repository "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main"
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
|
加入Kubernetes集群
只在Node执行
1. 查看master下的安装日志文件(xxx.log)找到加入指令:
1
| kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>
|
2. 令牌有效期24小时,可以在master节点生成新令牌命令
1
| kubeadm token create --print-join-command
|
部署Dashboard
只在master执行
Kubernetes官方可视化界面
1. 部署
1
| kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
|
2. 执行以下代码,将type: ClusterIP改为:type: NodePort
1
| kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
|
3. 查看端口
1
| kubectl get svc -A | grep kubernetes-dashboard
|
4. 创建用户,获取token
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| cat >> admin-user.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
|
5. 创建用户
1
| kubectl apply -f admin-user.yaml
|
6. 生成token
1
| kubectl -n kubernetes-dashboard create token admin-user
|
7. 查看端口
1
| kubectl get svc -A | grep kubernetes-dashboard
|
