美文网首页KubernetesDocker容器
搭建高可用Kubernetes集群之kubernetes集群搭建

搭建高可用Kubernetes集群之kubernetes集群搭建

作者: olaH | 来源:发表于2019-05-16 17:25 被阅读6次


在搭建kubernetes集群之前,请参考我的文章搭建高可用Kubernetes集群之etcd集群搭建篇(一)完成各节点配置

Docker

每一个kubernetes集群节点都需要安装

  • 添加Docker源
    wget https://download.docker.com/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
  • 列出docker版本
    yum list docker-ce.x86_64 --showduplicates | sort -r
  • 安装docker
    yum install docker-ce-18.06.1.ce -y
  • 配置docker
    因为Docker自1.13版本起会自动设置iptables的FORWARD默认策略为DROP,这可能会影响Kubernetes集群依赖的报文转发功能,因此,需要在docker服务启动后,重新将FORWARD链的默认策略设置为ACCEPT。
    vim /usr/lib/systemd/system/docker.service
    在如下位置增加ExecStartPost这一行
image.png

systemctl daemon-reload
systemctl start docker.service
systemctl enable docker.service

因为DockerHub下载镜像的速度较缓慢,所以我这里使用我自己的阿里云加速镜像加速服务。
vim /etc/docker/daemon.json

image.png

systemctl restart docker.service

安装kubeadm kubelet kubectl

  • 添加Kubernetes源
    vim /etc/yum.repos.d/kubernetes.repo
image.png
  • 安装kubeadm kubelet kubectl
    yum install kubelet kubeadm kubectl

  • 配置kubelet
    因为我需要使用swap,所以需要添加如下来取消swap限制
    vim /etc/sysconfig/kubelet

KUBELET_EXTRA_ARGS="--fail-swap-on=false"

systemctl enable kubelet.service

配置初始化文件

  • master1
    vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1alpha2
kind: MasterConfiguration
kubernetesVersion: v1.12.4
tokenTTL: 0
api:
  advertiseAddress: 192.168.88.97
  bindPort: 6443
  controlPlaneEndpoint: "192.168.88.201:6443"
apiServerCertSANs:   #每一个需要去访问apiserver的ip
- master1
- master2
- master3
- lb1
- lb2
- lb3
- gfs0
- gfs1
- gfs2
- 192.168.88.94
- 192.168.88.95
- 192.168.88.96
- 192.168.88.97
- 192.168.88.98
- 192.168.88.99
- 127.0.0.1
- 192.168.88.200
- 192.168.88.201 #vip
- 192.168.88.130
- 192.168.88.131
- 192.168.88.132
etcd:
  external:
    endpoints:
    - "https://192.168.88.90:2379"
    - "https://192.168.88.92:2379"
    - "https://192.168.88.93:2379"
    caFile: /etc/kubernetes/pki/etcd/etcd-ca.pem
    certFile: /etc/kubernetes/pki/etcd/etcd.pem
    keyFile: /etc/kubernetes/pki/etcd/etcd-key.pem
imageRepository: registry.cn-hangzhou.aliyuncs.com/csdc
kubeProxy:
  config:
    mode: "ipvs"
    ipvs:
      ExcludeCIDRs: null
      minSyncPeriod: 0s
      scheduler: ""
      syncPeriod: 30s
kubeletConfiguration:
  baseConfig:
    cgroupDriver: cgroupfs
    clusterDNS:
    - 10.96.0.10
    clusterDomain: cluster.local
    failSwapOn: false
    resolvConf: /etc/resolv.conf
    staticPodPath: /etc/kubernetes/manifests
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
  • master2
    vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1alpha2
kind: MasterConfiguration
kubernetesVersion: v1.12.4
tokenTTL: 0
api:
  advertiseAddress: 192.168.88.98
  bindPort: 6443
  controlPlaneEndpoint: "192.168.88.201:6443"
apiServerCertSANs:   #每一个需要去访问apiserver的ip
- master1
- master2
- master3
- lb1
- lb2
- lb3
- gfs0
- gfs1
- gfs2
- 192.168.88.94
- 192.168.88.95
- 192.168.88.96
- 192.168.88.97
- 192.168.88.98
- 192.168.88.99
- 127.0.0.1
- 192.168.88.200
- 192.168.88.201 #vip
- 192.168.88.130
- 192.168.88.131
- 192.168.88.132
etcd:
  external:
    endpoints:
    - "https://192.168.88.90:2379"
    - "https://192.168.88.92:2379"
    - "https://192.168.88.93:2379"
    caFile: /etc/kubernetes/pki/etcd/etcd-ca.pem
    certFile: /etc/kubernetes/pki/etcd/etcd.pem
    keyFile: /etc/kubernetes/pki/etcd/etcd-key.pem
imageRepository: registry.cn-hangzhou.aliyuncs.com/csdc
kubeProxy:
  config:
    mode: "ipvs"
    ipvs:
      ExcludeCIDRs: null
      minSyncPeriod: 0s
      scheduler: ""
      syncPeriod: 30s
kubeletConfiguration:
  baseConfig:
    cgroupDriver: cgroupfs
    clusterDNS:
    - 10.96.0.10
    clusterDomain: cluster.local
    failSwapOn: false
    resolvConf: /etc/resolv.conf
    staticPodPath: /etc/kubernetes/manifests
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
  • master3
    vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1alpha2                     
kind: MasterConfiguration                               
kubernetesVersion: v1.12.4                              
tokenTTL: 0                                             
api:                                                    
  advertiseAddress: 192.168.88.99                       
  bindPort: 6443                                        
  controlPlaneEndpoint: "192.168.88.201:6443"           
apiServerCertSANs:   #每一个需要去访问apiserver的ip              
- master1                                               
- master2                                               
- master3                                               
- lb1                                                   
- lb2                                                   
- lb3                                                   
- gfs0                                                  
- gfs1                                                  
- gfs2                                                  
- 192.168.88.94                                         
- 192.168.88.95                                         
- 192.168.88.96                                         
- 192.168.88.97                                         
- 192.168.88.98                                         
- 192.168.88.99                                         
- 127.0.0.1                                             
- 192.168.88.200                                        
- 192.168.88.201 #vip                                   
- 192.168.88.130                                        
- 192.168.88.131                                        
- 192.168.88.132                                        
etcd:                                                   
  external:                                             
    endpoints:                                          
    - "https://192.168.88.90:2379"                      
    - "https://192.168.88.92:2379"                      
    - "https://192.168.88.93:2379"                      
    caFile: /etc/kubernetes/pki/etcd/etcd-ca.pem        
    certFile: /etc/kubernetes/pki/etcd/etcd.pem         
    keyFile: /etc/kubernetes/pki/etcd/etcd-key.pem      
imageRepository: registry.cn-hangzhou.aliyuncs.com/csdc 
kubeProxy:                                              
  config:                                               
    mode: "ipvs"                                        
    ipvs:                                               
      ExcludeCIDRs: null                                
      minSyncPeriod: 0s                                 
      scheduler: ""                                     
      syncPeriod: 30s                                   
kubeletConfiguration:                                   
  baseConfig:                                           
    cgroupDriver: cgroupfs                              
    clusterDNS:                                         
    - 10.96.0.10                                        
    clusterDomain: cluster.local                        
    failSwapOn: false                                   
    resolvConf: /etc/resolv.conf                        
    staticPodPath: /etc/kubernetes/manifests            
networking:                                             
  dnsDomain: cluster.local                              
  podSubnet: 10.244.0.0/16                              
  serviceSubnet: 10.96.0.0/12                           

需要把之前生成的etcd密钥放在master1节点的这个文件下 /etc/kubernetes/pki/etcd/
上述的镜像仓库地址是我的阿里云镜像仓库,上面已经有需要的镜像了,可以直接使用来下载。

拉取镜像

kubeadm config images pull --config kubeadm-config.yaml
并把pause镜像的名称改回原来的名称,如下
docker tag registry.cn-hangzhou.aliyuncs.com/csdc /pause:3.1 k8s.gcr.io/pause:3.1

初始化集群

做完以上操作之后,就可执行如下命令进行初始化

  • master1
    kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=Swap
    执行成功会像下面一样
image.png

按照提示的操作执行命令:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

把kubernetes生成的密钥文件复制到各个master节点,如下:
scp -r /etc/kubernetes/pki root@master2:/etc/kubernetes/
scp -r /etc/kubernetes/pki root@master3:/etc/kubernetes/
补全操作:

cat << EOF > /etc/profile.d/kubernetes.sh 
source <(kubectl completion bash)
EOF
source /etc/profile.d/kubernetes.sh
  • master2
    删除其他master节点的apiserver的密钥防止冲突,如下
    rm -fr /etc/kubernetes/pki/{apiserver.crt,apiserver.key}
    kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=Swap

按照提示的操作执行命令:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

补全操作:

cat << EOF > /etc/profile.d/kubernetes.sh 
source <(kubectl completion bash)
EOF
source /etc/profile.d/kubernetes.sh
  • master3
    删除其他master节点的apiserver的密钥防止冲突,如下
    rm -fr /etc/kubernetes/pki/{apiserver.crt,apiserver.key}
    kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=Swap

按照提示的操作执行命令:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

补全操作:

cat << EOF > /etc/profile.d/kubernetes.sh 
source <(kubectl completion bash)
EOF
source /etc/profile.d/kubernetes.sh
  • 在所有node主机上执行加入集群的命令
    kubeadm join 192.168.88.201:6443 --token 60yl6g.256rf16jt7a --discovery-token-ca-cert-hash sha256:8ece398f27a70cba97491a7cbeb8c93435fc7f0e7d8e1cb8aa4b0eee84 --ignore-preflight-errors=Swap

  • 查看集群状态(在任一主节点执行)
    kubectl get node

image.png

安装网络插件

从上图可以看出各个节点的状态还是未准备的状态,这是因为没有安装网络插件

  • 下载flannel插件
    任选一个主节点执行下列命令进行下载
    wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    然后把文件里的 - --iface=**改成你本机的网卡名就行,例如我的网卡名是eth0
    那么 - --iface=eth0(一共有五个地方需要修改)
    修改完成执行下面命令进行安装
    kubectl apply -f kube-flannel.yml
image.png

至此,Kubernetes的一些基本组件全部安装完成,如果你喜欢,请不要吝啬你的赞。如果有任何疑问,请直接评论或者私信我。

相关文章

网友评论

    本文标题:搭建高可用Kubernetes集群之kubernetes集群搭建

    本文链接:https://www.haomeiwen.com/subject/invsjqtx.html