Kubernetes指南: 從零開始搭建集群
成都創新互聯主要從事成都網站建設、做網站、網頁設計、企業做網站、公司建網站等業務。立足成都服務玉泉,十余年網站建設經驗,價格優惠、服務專業,歡迎來電咨詢建站服務:13518219792
在云計算時代,容器化已經成為了一種廣泛使用的技術,Kubernetes是其中的佼佼者,其作為一個容器編排平臺,在管理上的優勢及其高可用性、易擴展性深受企業和開發者的喜愛。在本文章中,我們將從零開始搭建Kubernetes集群,并解釋其中的技術知識點。
1. 環境準備
在開始之前,需要先確定好環境,Kubernetes分為Master節點和Worker節點,其中Master節點需要至少2個,Worker節點至少1個,硬件環境和軟件環境需要滿足一定的要求。硬件環境建議:
- Master節點:CPU 2核,內存 2GB,硬盤 40GB以上
- Worker節點:CPU 4核,內存 4GB,硬盤 40GB以上
軟件環境建議:
- 操作系統:CentOS7.4以上
- Docker:18.09.0以上
- Kubeadm:1.20.1及以上
2. 安裝Docker
在CentOS系統下,我們可以執行下方腳本安裝Docker:
`bash
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
$ sudo yum install -y docker-ce-18.09.0 docker-ce-cli-18.09.0 containerd.io
$ sudo systemctl start docker
$ sudo systemctl enable docker
3. 安裝Kubeadm我們可以執行如下腳本安裝Kubeadm:`bash$ sudo vi /etc/sysctl.d/k8s.conf # 寫入如下內容net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1$ sudo sysctl --system$ sudo setenforce 0$ sudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config $ sudo vi /etc/yum.repos.d/kubernetes.repo# 寫入如下內容[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg$ sudo yum install -y kubelet-1.20.1 kubeadm-1.20.1 kubectl-1.20.1 --disableexcludes=kubernetes$ sudo systemctl enable kubelet$ sudo systemctl start kubelet4. 搭建Master節點
在搭建Master節點時,我們需要先確定好IP地址,并編輯好如下配置文件:
`yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: stable
apiServer:
certSANs:
- "{{ Master節點IP地址 }}"
controlPlaneEndpoint: "{{ Master節點IP地址 }}:6443"
extraArgs:
audit-log-path: /var/log/kubernetes/audit.log
audit-log-maxage: "30"
audit-log-maxbackup: "3"
audit-log-maxsize: "100"
authorization-mode: Node,RBAC
enable-admission-plugins: NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
runtime-config: api/all=true
service-node-port-range: 30000-32767
controllerManager:
extraArgs:
node-cidr-mask-size: "24"
node-monitor-grace-period: "30s"
pod-eviction-timeout: "2m"
use-service-account-credentials: "true"
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"
serviceSubnet: "10.96.0.0/12"
然后,我們在Master節點上執行如下腳本:`bash$ sudo kubeadm init --config kubeadm-config.yaml在執行完成后,我們可以看到如下輸出:
`bash
[init] Using Kubernetes version: v1.20.0
[preflight] Running pre-flight checks
[WARNING FileExisting-crictl]: crictl not found in system path
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [master-1 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.1.120]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost] and IPs [192.168.1.120 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost] and IPs [192.168.1.120 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 80.001069 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.20" in namespace kube-system with the configuration for the kubelets in the cluster
[kubelet-start] Restarting the kubelet to use the new kubelet configuration
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[csr-approver] CSR approval is disabled. Nodes that match this CSR will be not be permitted to join the cluster. Passing --apiserver-advertise-address=0.0.0.0 may allow unauthorized nodes to join the cluster.
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join {{ Master節點IP地址 }}:6443 --token {{ Token }} \
--discovery-token-ca-cert-hash sha256:{{ CA證書哈希值 }}
在執行完成后,我們需要執行如下腳本,讓普通用戶也擁有使用Kubernetes的權限:`bash$ mkdir -p $HOME/.kube$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config$ sudo chown $(id -u):$(id -g) $HOME/.kube/config5. 搭建Worker節點
在搭建Worker節點時,我們需要使用之前Master節點輸出的join命令,并將其執行在Worker節點上,如下:
`bash
$ sudo kubeadm join {{ Master節點IP地址 }}:6443 --token {{ Token }} \
--discovery-token-ca-cert-hash sha256:{{ CA證書哈希值 }}
執行成功后,在Master節點上執行如下腳本:`bash$ kubectl get nodes如果輸出了剛剛加入的Worker節點信息,說明Worker節點已經成功加入到了集群中。
至此,我們已經成功搭建了一個Kubernetes集群,并且已經加入了一個Worker節點。在實際生產環境中,我們還需要進行更多的配置和優化,例如網絡、存儲、高可用性等方面,這將在后續的文章中進行探討。
網頁標題:Kubernetes指南從零開始搭建集群
標題網址:http://m.newbst.com/article18/dgphegp.html
成都網站建設公司_創新互聯,為您提供網站設計公司、網站改版、標簽優化、微信公眾號、商城網站、網站維護
聲明:本網站發布的內容(圖片、視頻和文字)以用戶投稿、用戶轉載內容為主,如果涉及侵權請盡快告知,我們將會在第一時間刪除。文章觀點不代表本網站立場,如需處理請聯系客服。電話:028-86922220;郵箱:631063699@qq.com。內容未經允許不得轉載,或轉載時需注明來源: 創新互聯