一,安装docker-ce19.03.11
1,卸载podman
[root@kubemaster ~]# dnf remove podmanpodman是红帽系os自带的容器,卸载是为了避免冲突
2,下载containerd.io
/usr/local/source/docker
[root@kubemaster docker]# wget https://download.docker.com/linux/fedora/30/x86_64/stable/Packages/containerd.io-1.2.13-3.2.fc30.x86_64.rpm安装containerd.io
[root@kubemaster docker]# rpm -ivh containerd.io-1.2.13-3.2.fc30.x86_64.rpm如果遇到提示:
[root@kubemaster docker]# rpm -ivh containerd.io-1.2.13-3.2.fc30.x86_64.rpm
警告:containerd.io-1.2.13-3.2.fc30.x86_64.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID 621e9f35: NOKEY
错误:依赖检测失败:
container-selinux >= 2:2.74 被 containerd.io-1.2.13-3.2.fc30.x86_64 需要则执行:
dnf install container-selinux3,下载/安装docker-ce下载docker-ce的repo
[root@kubemaster ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo安装docker-ce:
[root@kubemaster docker]# dnf install docker-ce4,查看docker版本
[root@kubemaster docker]# docker --version
Client: Docker Engine - Community
Version: 20.10.13
API version: 1.41
Go version: go1.16.15
Git commit: a224086
Built: Thu Mar 10 14:09:51 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.13
API version: 1.41 (minimum version 1.12)
Go version: go1.16.15
Git commit: 906f57f
Built: Thu Mar 10 14:08:16 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.10
GitCommit: 2a1d4dbdb2a1030dc5b01e96fb110a9d9f150ecc
runc:
Version: 1.0.3
GitCommit: v1.0.3-0-gf46b6ba
docker-init:
Version: 0.19.0
GitCommit: de40ad0查看docker这个服务是否已设置为自启动?
[root@kubemaster docker]# systemctl enable docker
systemctl is-enabled docker
enabled6,启动docker
[root@kubemaster docker]# systemctl start docker二,配置docker的cgroup驱动为systemd
[root@kubemaster docker]# docker info | grep Cgroup
Cgroup Driver: cgroupfs2,修改docker的cgroup驱动为systemd
vi /etc/docker/daemon.json增加一条:
{
"exec-opts": ["native.cgroupdriver=systemd"]
}3,重启docker服务
systemctl restart docker4,查看效果:
[root@kubemaster docker]# docker info | grep Cgroup
Cgroup Driver: systemd三,关闭selinux
1,临时关闭
[root@kubemaster liuhongdi]# setenforce 02,重启后也生效,直接禁用
[root@kubemaster liuhongdi]# vi /etc/selinux/config
SELINUX=disabled重启服务器
reboot
getenforce四,关闭swap
1,临时关闭swap
[root@kubemaster ~]# swapoff -a查看效果:
free -m
total used free shared buff/cache available
Mem: 3752 338 2611 9 802 3173
Swap: 0 0 0可以看到swap的total值为0 2,使重启也可以生效:
vi /etc/fstab把有swap分区的一行记录注释掉修改后形如:
[root@kubemaster ~]# more /etc/fstab
...
/dev/mapper/cl-root / xfs defaults 0 0
UUID=01d7e24f-b591-41f5-904c-78534f8e257e /boot ext4 defaults 1 2
/dev/mapper/cl-home /home xfs defaults 0 0
#/dev/mapper/cl-swap swap swap defaults 0 0五,配置hostname
1,用ip a查询本地的ip:
[root@kubemaster ~]# ip a2,把主机名添加到/etc/hosts
[root@kubemaster ~]# vi /etc/hosts192.168.219.136 kubemaster 3,如需修改本地hostname,用hostnamectl命令:例:
[root@centos8 ~]# hostnamectl set-hostname kubemaster六,配置防火墙:firewalld
看到有一些教程在教给大家关闭防火墙,这个做法在内网测试还可以,生产环境肯定不能这样做,大家可以把node节点的ip加入到master的防火墙中,例如: node节点的地址为192.168.3.59
[root@kubemaster ~]# firewall-cmd --permanent --zone=trusted --add-source=192.168.3.59
success重新加载防火墙规则
[root@kubemaster ~]# firewall-cmd --reload
success查看添加的效果:
[root@kubemaster ~]# firewall-cmd --list-all --zone=trusted七,查看linux的版本
[root@kubemaster ~]# cat /etc/redhat-releaseCentOS Linux release 7.9.2009 (Core)master节点默认不承担node角色的工作, 我们这里为了在单机上做测试,允许master节点也运行pod ip:192.168.219.130 hostname:kubemaster, hostname和ip的对应也加入到了/etc/hosts
master节点默认不承担node角色的工作, 我们这里为了在单机上做测试,允许master节点也运行pod ip:192.168.219.130 hostname:kubemaster, hostname和ip的对应也加入到了/etc/hosts
二,在kubemaster这台server上安装kubernetes的kubelet/kubectl/kubeadm
1,新建kubernetes的repo
[root@kubemaster ~]# vi /etc/yum.repos.d/kubernetes.repo内容:
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg2,安装kube三大件:(当前版本均为:1.23.4)说明:三大件的作用:
版本号以安装成功侯kubeadmin version 查看为准,然后后面init不成功
kubelet:是systemd管理的一个daemon,负责启动pod和容器,
它是k8s中唯一在宿主机中启动的后台进程;
kubeadm: 负责安装初始化集群,部署完成之后不会再使用
kubectl: k8s的命令行工具,是管理k8s使用的主要工具
用于管理pod/service安装:
dnf install kubectl kubelet kubeadm说明:如果提示是否确定导入 GPG 公钥,输入y后回车即可 3,查看安装后的效果:查看版本:
kubectl version
kubeadm version
kubelet --version4,把kubelet配置为自启动
systemctl enable kubelet.service
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service.1,执行初始化:#–apiserver-advertise-address: apiserver的地址:使用本机的ip#–image-repository:kubeadm 默认从官网k8s.grc.io下载所需镜像,需要FQ才能访问,所以用–image-repository指定阿里云镜像仓库地址
[root@kubemaster ~]# kubeadm init --kubernetes-version=1.23.4 --apiserver-advertise-address=192.168.219.130 \
--image-repository registry.aliyuncs.com/google_containers init输出内容中需要注意的地方:生成配置文件
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/confi配置网络
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/添加worker node到集群
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.219.130:6443 --token up139x.98qlng4m7qk61p0z \
--discovery-token-ca-cert-hash sha256:c718e29ccb1883715489a3fdf53dd810a7764ad038c50fd62a2246344a4d9a732,查看init操作下载的images
[root@kubemaster ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-proxy v1.18.3 3439b7546f29 3 weeks ago 117MB
registry.aliyuncs.com/google_containers/kube-apiserver v1.18.3 7e28efa976bd 3 weeks ago 173MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.18.3 da26705ccb4b 3 weeks ago 162MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.18.3 76216c34ed0c 3 weeks ago 95.3MB
registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 4 months ago 683kB
registry.aliyuncs.com/google_containers/coredns 1.6.7 67da37a9a360 4 months ago 43.8MB
registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 7 months ago 288MB3,添加kubectl的默认配置注意:这些就是 kubeadm init的提示命令按命令执行一遍即可:生成.kube这个隐藏目录
[root@kubemaster ~]# mkdir -p $HOME/.kube把admin.conf复制为config文件
[root@kubemaster ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/confi配置config文件的所有者
[root@kubemaster ~]# chown $(id -u):$(id -g) $HOME/.kube/config查看效果
[root@kubemaster ~]# ll .kube/config
-rw------- 1 root root 5451 6月 16 18:25 .kube/config四,安装网络插件
1,查看node/pod查看node
[root@kubemaster ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
kubemaster NotReady master 5m39s v1.18.3查看pod
[root@kubemaster ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7ff77c879f-ttnr9 0/1 Pending 0 6m41s
kube-system coredns-7ff77c879f-x5vps 0/1 Pending 0 6m41s
kube-system etcd-kubemaster 1/1 Running 0 6m40s
kube-system kube-apiserver-kubemaster 1/1 Running 0 6m40s
kube-system kube-controller-manager-kubemaster 1/1 Running 0 6m40s
kube-system kube-proxy-gs7q7 1/1 Running 0 6m40s
kube-system kube-scheduler-kubemaster 1/1 Running 0 6m40s 说明:node状态是NotReadypod中coredns的状态是Pending原因在于我们还没有安装网络pod 2,安装calicocalico的用途?calico是一个虚拟网络解决方案,它利用路由规则实现动态组网,通过BGP协议通告路由
[root@kubemaster ~]# kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml然后稍后查看pod状态:
[root@kubemaster ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-76d4774d89-nnp4h 1/1 Running 0 20m
kube-system calico-node-xmmj4 1/1 Running 0 20m
kube-system coredns-7ff77c879f-ttnr9 1/1 Running 0 36m
kube-system coredns-7ff77c879f-x5vps 1/1 Running 0 36m
kube-system etcd-kubemaster 1/1 Running 1 36m
kube-system kube-apiserver-kubemaster 1/1 Running 1 36m
kube-system kube-controller-manager-kubemaster 1/1 Running 1 36m
kube-system kube-proxy-gs7q7 1/1 Running 1 36m
kube-system kube-scheduler-kubemaster 1/1 Running 1 36m状态都是Running,表示网络插件安装无误查看node状态:
[root@kubemaster ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
kubemaster Ready master 41m v1.18.3状态已变成了Ready 查看calico安装的镜像:
[root@kubemaster ~]# docker images | grep calico
calico/node v3.14.1 04a9b816c753 2 weeks ago 263MB
calico/pod2daemon-flexvol v3.14.1 7f93af2e7e11 2 weeks ago 112MB
calico/cni v3.14.1 35a7136bc71a 2 weeks ago 225MB
calico/kube-controllers v3.14.1 ac08a3af350b 2 weeks ago 52.8MB3,安装colico后报错的一个情况:如果pod的状态出现Init:ImagePullBackOff或Init:ErrImagePull, 表示docker在下载calico的镜像时出错:可以在docker的配置文件中增加aliyun的镜像地址:例如:
[root@kubemaster ~]# more /etc/docker/daemon.json
{
"registry-mirrors":["https://o3trwnyj.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}修改完成后重启docker服务即可:
systemctl restart docker五,开启单机模式:配置master节点也作为worker node可运行pod
1,删除原有的taint设置
[root@kubemaster ~]# kubectl taint nodes kubemaster node-role.kubernetes.io/master-
node/kubemaster untainted说明:此命令的作用是删除taint 2,如何查看当前taint的情况?
[root@kubemaster ~]# kubectl describe node kubemasterTaints:一项的值如果是:<none>,表示删除taint成功说明:如果要取消master节点运行pod,使用下面的命令:
kubectl taint nodes kubemaster node-role.kubernetes.io/master=:NoSchedule这个命令作用是指定:master上的taint权限是:一定不能被调度三个取值的含义分别是
NoSchedule: 一定不能被调度
PreferNoSchedule: 尽量不要调度
NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod说明:默认值就是: node-role.kubernetes.io/master:NoSchedule
六,测试:在master上运行一个tomcat容器:
1,生成rc的配置文件
[root@kubemaster k8s]# vi tomcat-rc.yamlapiVersion: v1
kind: ReplicationController
metadata:
name: tomcat-demo
spec:
replicas: 1
selector:
app: tomcat-demo
template:
metadata:
labels:
app: tomcat-demo
spec:
containers:
- name: tomcat-demo
image: tomcat
ports:
- containerPort: 80802,创建rc
[root@kubemaster k8s]# kubectl apply -f tomcat-rc.yaml
replicationcontroller/tomcat-demo created查看效果
[root@kubemaster k8s]# kubectl get pods
NAME READY STATUS RESTARTS AGE
tomcat-demo-7pnzw 0/1 ContainerCreating 0 23s状态变为running后可用:
[root@kubemaster k8s]# kubectl get pods
NAME READY STATUS RESTARTS AGE
tomcat-demo-7pnzw 1/1 Running 0 6m43s查看ip:
[root@kubemaster k8s]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
tomcat-demo-7pnzw 1/1 Running 0 10m 172.16.141.7 kubemaster <none> <none>在宿主机上用curl查看,这个默认是一个404报错页面,
[root@kubemaster k8s]# curl http://172.16.141.7:8080
<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.36</h3></body></html>因为webapps目录下没有可显示的内容 我们登录到容器手动调整一下:登录到tomcat容器,
[root@kubemaster k8s]# docker exec -it k8s_tomcat-demo_tomcat-demo-7pnzw_default_b59ef37a-6ffe-4ef1-b6dd-1b2186039294_0 /bin/bash 复制文件到webapps目录下:
root@tomcat-demo-7pnzw:/usr/local/tomcat# cp -axv webapps.dist/* webapps/用curl查看效果:
[root@kubemaster ~]# curl http://172.16.141.7:8080/
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Apache Tomcat/9.0.36</title>
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="tomcat.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<div id="navigation" class="curved container">
<span id="nav-home"><a href="https://tomcat.apache.org/">Home</a></span>
<span id="nav-hosts"><a href="/docs/">Documentation</a></span>
<span id="nav-config"><a href="/docs/config/">Configuration</a></span>
<span id="nav-examples"><a href="/examples/">Examples</a></span>
<span id="nav-wiki"><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></span>
<span id="nav-lists"><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></span>
<span id="nav-help"><a href="https://tomcat.apache.org/findhelp.html">Find Help</a></span>
<br class="separator" />
</div>
…可以正常显示了3,生成service配置文件说明:service此处的作用是把容器端口映射到宿主机端口,允许通过宿主机ip访问
[root@kubemaster k8s]# vi tomcat-svc.yaml 内容:
apiVersion: v1
kind: Service
metadata:
name: tomcat-demo
spec:
type: NodePort
ports:
- port: 8080
nodePort: 30010
selector:
app: tomcat-demo
4,创建service
[root@kubemaster k8s]# kubectl apply -f tomcat-svc.yaml
service/tomcat-demo created查看service是否创建成功?
[root@kubemaster k8s]# kubectl get service -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18h <none>
tomcat-demo NodePort 10.111.234.185 <none> 8080:30010/TCP 35s app=tomcat-demo 测试用浏览器从外部访问:
centos 7 安装k8s 最新版