部署Kubernetes集群

背景

部署 Kubernetes 集群

安装 Vagrant

1
2
3
4
5
6
7
8
9
10
11
12
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum install -y vagrant-2.3.4

sudo vagrant plugin install vagrant-disksize --plugin-clean-sources --plugin-source https://gems.ruby-china.com/

sudo vagrant plugin install vagrant-vbguest --plugin-clean-sources --plugin-source https://gems.ruby-china.com/

wget https://rubygems.org/downloads/vagrant-disksize-0.1.3.gem
wget https://rubygems.org/downloads/vagrant-vbguest-0.31.0.gem
sudo vagrant plugin install vagrant-disksize-0.1.3.gem
sudo vagrant plugin install vagrant-vbguest-0.31.0.gem

安装 VirtualBox

1
2
3
4
sudo yum install -y kernel-devel kernel-headers make patch gcc
sudo wget https://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo -P /etc/yum.repos.d

sudo yum install -y VirtualBox-7.0

1. 创建虚拟机

创建 Vagrantfile

1
2
3
4
5
6
7
8
在 wuxianrong 目录下
mkdir pika-k8s
cd pika-k8s
mkdir master
mkdir worker01
mkdir worker02
进入这三个目录下分别创建虚拟机
vagrant init

修改 Vagrantfile 文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# -*- mode: ruby -*-
# vi: set ft=ruby :

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.

  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "bento/centos-7.9"
  config.vm.hostname = "master"

  config.disksize.size = '200GB'
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"

  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  config.vm.network "private_network", ip: "192.168.56.10"

  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"

  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.

注意:

1.这里是给每个虚拟机配置私有 IP,所以三台机器的 IP 都得是不一样的,我这里配置的是 192.168.56.10 192.168.56.11 192.168.56.12 这三个。

1
2
3
# Create a private network, which allows host-only access to the machine
  # using a specific IP.
  config.vm.network "private_network", ip: "192.168.56.10"

2.这里的主机名字也需要更改,我三个文件配置的分别是 master, worker01, worker02

1
2
3
# boxes at https://vagrantcloud.com/search.
  config.vm.box = "bento/centos-7.9"
  config.vm.hostname = "master"

启动虚拟机

1
2
vagrant up
vagrant ssh

1.1 集群规划

主机名 节点 IP OS
master master 192.168.56.10 CentOS 7.9
worker01 worker01 192.168.56.11 CentOS 7.9
worker02 worker01 192.168.56.12 CentOS 7.9

1.2 Host

1
2
3
4
cat /etc/hosts 
192.168.56.10 master
192.168.56.11 worker01
192.168.56.12 worker02

2. 配置

2.1 配置防火墙

建议关闭防火墙:

1
2
sudo systemctl stop firewalld
sudo systemctl disable firewalld

2.2 配置 Iptables

FORWARD 链默认配置成 ACCEPT,并将其设置到开机启动脚本里:

1
iptables -P FORWARD ACCEPT

2.3 禁用 SELinux

1
2
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

2.4 关闭 Swap

Kubelet 正常工作需要关闭 Swap,并且把 /etc/fstab 里面有关 Swap 的那行注释掉:

1
2
swapoff -a
sed -i 's/^\(.*swap.*\)$/#\1/' /etc/fstab

2.5 内核参数设置

按照下面的配置设置内核参数,也可根据自身环境进行微调:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
modprobe br_netfilter

cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.core.somaxconn = 32768
vm.swappiness = 0
net.ipv4.tcp_syncookies = 0
net.ipv4.ip_forward = 1
fs.file-max = 1000000
fs.inotify.max_user_watches = 1048576
fs.inotify.max_user_instances = 1024
net.ipv4.conf.all.rp_filter = 1
net.ipv4.neigh.default.gc_thresh1 = 80000
net.ipv4.neigh.default.gc_thresh2 = 90000
net.ipv4.neigh.default.gc_thresh3 = 100000

sysctl --system

2.6 配置 Irqbalance 服务

Irqbalance 服务可以将各个设备对应的中断号分别绑定到不同的 CPU 上,以防止所有中断请求都落在同一个 CPU 上而引发性能瓶颈。

1
2
systemctl enable irqbalance
systemctl start irqbalance

3. K8S 集群搭建

3.1 更新 yum

1
2
yum -y update
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp

3.2 安装 Docker

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
yum -y install wget yum yum-utils net-tools device-mapper-persistent-data lvm2

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo

yum list docker-ce --showduplicates | sort -r
yum remove docker-ce docker-ce-cli containerd.io
yum install -y docker-ce-20.10.8 docker-ce-cli-20.10.8 containerd.io

systemctl enable docker --now

cat /etc/docker/daemon.json
{
  "registry-mirrors": [
          "https://e5p51ru4.mirror.aliyuncs.com"
  ],
  "exec-opts": ["native.cgroupdriver=systemd"]
}

systemctl daemon-reload
systemctl restart docker

3.3 安装 kubelet、kubeadm、kubectl

1
2
3
4
5
6
7
8
9
10
11
12
13
cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

yum remove kubeadm kubectl kubelet kubernetes-cni cri-tools socat
yum --showduplicates list kubeadm
yum -y install kubeadm-1.23.17 kubectl-1.23.17 kubelet-1.23.17
systemctl enable kubelet

3.4 kubeadm 初始化集群

PS: 仅限 MASTER 节点执行

1
2
3
4
5
6
kubeadm init \
--kubernetes-version=1.23.17 \
--apiserver-advertise-address=192.168.56.10 \
--pod-network-cidr=10.244.0.0/16 \
--image-repository registry.aliyuncs.com/google_containers \
--v=5

这里需要注意

–apiserver-advertise-address=192.168.56.10 是你自己配置虚拟机的私有 IP

3.4.1 worker 节点加入集群

将 MASTER 节点初始化后生成的 token 在 WORKER 上执行,下面是一个生成的例子:

PS: 仅限 WORKER 节点执行

请注意:

这里需要执行红框中的代码将 worker 节点加入集群中(下面是 kubeadm 初始化执行成功时会出现的画面)

截屏2023-08-15 15.58.48.png

如果初始化不成功使用以下命令进行 reset:

1
2
3
4
5
6
7
8
9
10
11
12
sudo rm -rf /etc/kubernetes /var/lib/dockershim /var/lib/etcd /var/lib/kubelet /var/run/kubernetes ~/.kube/*
sudo iptables -F && iptables -X
sudo iptables -t nat -F && iptables -t nat -X
sudo iptables -t raw -F && iptables -t raw -X
sudo iptables -t mangle -F && iptables -t mangle -X
sudo systemctl restart docker
sudo systemctl restart containerd
sudo kubeadm reset -f
sudo rm -rf /etc/cni/net.d
sudo rm -rf $HOME/.kube/config
systemctl daemon-reload
systemctl restart docker
为解决错误,可查看日志文件,要善于查看日志:
1
journalctl -xeu kubelet

3.5 对集群做 config 认证

PS: 仅限 MASTER 节点执行

1
2
3
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

3.6 配置网络

3.6.1 Flannel

1
2
3
4
wget https://github.com/flannel-io/flannel/releases/download/v0.21.4/flanneld-v0.21.4-amd64.docker

docker load < flanneld-v0.21.4-amd64.docker
docker tag quay.io/coreos/flannel:v0.21.4-amd64 docker.io/flannel/flannel:v0.21.4

回到 MASTER 节点,配置 flannel 网络:

1
2
3
wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

kubectl apply -f kube-flannel.yml

在每个节点上设置 /run/flannel/subnet.env,每个节点的 FLANNEL_SUBNE 不能相同:

节点 FLANNEL_SUBNE 备注
master 10.244.0.1
worker01 10.244.1.1
worker02 10.244.2.1 
1
2
3
4
5
6
mkdir /run/flannel
cat /run/flannel/subnet.env
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.0.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true

删除 pod 前对网络配置进行清理:

1
2
3
4
5
6
7
sudo ifconfig cni0 down
sudo ip link delete cni0
sudo ifconfig flannel.1 down
sudo ip link delete flannel.1
sudo rm -rf /var/lib/cni/
sudo rm -f /etc/cni/net.d/*
sudo systemctl restart kubelet

3.6.2 安装 CNI

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
mkdir -p /etc/cni/net.d
vi /etc/cni/net.d/10-mynet.conf 
{
  "cniVersion": "0.2.0",
  "name": "mynet",
  "type": "bridge",
  "bridge": "cni0",
  "isGateway": true,
  "ipMasq": true,
  "ipam": {
    "type": "host-local",
    "subnet": "172.19.0.0/24",
    "routes": [
      { "dst": "0.0.0.0/0" }
    ]
  }
}

配置完后重启:

1
2
sudo systemctl restart kubelet
kubectl get node -o wide

截屏2023-08-15 16.12.11.png

3.7 检验集群是否搭建成功

查看集群信息:

1
kubectl cluster-info

截屏2023-08-15 16.11.52.png

查看节点信息,所有节点状态都Ready即代表集群搭建成功:

1
kubectl get node -o wide

截屏2023-08-15 16.14.41.png

验证所有 pod:

1
kubectl get pods --all-namespaces -o wide

截屏2023-08-15 16.11.04.png