搜狗竞价绑定网站要求,wordpress音乐分享,企业管理app软件,网站的标题标签一般是写在Kubeadm 一、Kubeadm 部署1. 环境准备2. 所有节点安装 docker3. 所有节点安装 kubeadm#xff0c;kubelet 和 kubectl4. 部署 K8S 集群4.1 配置 master01 节点4.2 配置 node 节点 二、Kubeadm 高可用部署1. 环境准备2. 所有节点安装 docker2. 所有节点安装kubeadm#xff0c;… Kubeadm 一、Kubeadm 部署1. 环境准备2. 所有节点安装 docker3. 所有节点安装 kubeadmkubelet 和 kubectl4. 部署 K8S 集群4.1 配置 master01 节点4.2 配置 node 节点 二、Kubeadm 高可用部署1. 环境准备2. 所有节点安装 docker2. 所有节点安装kubeadmkubelet和kubectl3. 高可用组件安装、配置4. 部署 K8S 集群 总结kubeadm 部署过程kubeadm 部署的K8S集群更新证书 一、Kubeadm 部署
集群服务器主机名服务器IP地址集群服务器部署的服务master2C/4Gcpu核心数要求大于2192.168.145.15docker、kubeadm、kubelet、kubectl、flannelnode012C/2G192.168.145.30docker、kubeadm、kubelet、kubectl、flannelnode022C/2G192.168.145.45docker、kubeadm、kubelet、kubectl、flannel
1、在所有节点上安装Docker和kubeadm
2、部署Kubernetes Master
3、部署容器网络插件
4、部署 Kubernetes Node将节点加入Kubernetes集群中1. 环境准备
#所有节点关闭防火墙规则关闭selinux关闭swap交换
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i s/enforcing/disabled/ /etc/selinux/config
iptables -F iptables -t nat -F iptables -t mangle -F iptables -X
swapoff -a #交换分区必须要关闭
sed -ri s/.*swap.*/#/ /etc/fstab #永久关闭swap分区符号在sed命令中代表上次匹配的结果
#加载 ip_vs 模块
for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o ^[^.]*);do echo $i; /sbin/modinfo -F filename $i /dev/null 21 /sbin/modprobe $i;done#修改主机名
hostnamectl set-hostname master01
hostnamectl set-hostname node01
hostnamectl set-hostname node02#所有节点修改hosts文件
vim /etc/hosts
192.168.145.15 master01
192.168.145.30 node01
192.168.145.45 node02#调整内核参数
cat /etc/sysctl.d/kubernetes.conf EOF
#开启网桥模式可将网桥的流量传递给iptables链
net.bridge.bridge-nf-call-ip6tables1
net.bridge.bridge-nf-call-iptables1
#关闭ipv6协议
net.ipv6.conf.all.disable_ipv61
net.ipv4.ip_forward1
EOF#生效参数
sysctl --system2. 所有节点安装 docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.iocd /etc/docker
cat /etc/docker/daemon.json EOF
{registry-mirrors: [https://00ub0bmk.mirror.aliyuncs.com],exec-opts: [native.cgroupdriversystemd],log-driver: json-file,log-opts: {max-size: 500m, max-file: 3}
}
EOF
#使用Systemd管理的Cgroup来进行资源控制与管理因为相对Cgroupfs而言Systemd限制CPU、内存等资源更加简单和成熟稳定。
#日志使用json-file格式类型存储大小为100M保存在/var/log/containers目录下方便ELK等日志系统收集和管理日志。systemctl daemon-reload #重载配置文件
systemctl start docker.service #启动 docker 服务
systemctl enable docker.service #将 docker 服务设置开机自启docker info | grep Cgroup Driver #查看 dokcer 的配置信息
Cgroup Driver: systemd3. 所有节点安装 kubeadmkubelet 和 kubectl
#定义kubernetes源
cat /etc/yum.repos.d/kubernetes.repo EOF
[kubernetes]
nameKubernetes
baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled1
gpgcheck0
repo_gpgcheck0
gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOFyum install -y kubelet-1.20.15 kubeadm-1.20.15 kubectl-1.20.15#开机自启kubelet
systemctl enable kubelet.service
#K8S通过kubeadm安装出来以后都是以Pod方式存在即底层是以容器方式运行所以kubelet必须设置开机自启4. 部署 K8S 集群
4.1 配置 master01 节点
#查看初始化需要的镜像
kubeadm config images list --kubernetes-version 1.20.15#初始化kubeadm
kubeadm config print init-defaults /opt/kubeadm-config.yamlcd /opt/
vim kubeadm-config.yaml
......
11 localAPIEndpoint:
12 advertiseAddress: 192.168.145.15 #指定master节点的IP地址
13 bindPort: 6443
......
32 imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers #指定拉取镜像的仓库默认是k8s.gcr.io
33 kind: ClusterConfiguration
34 kubernetesVersion: v1.20.15 #指定kubernetes版本号
35 networking:
36 dnsDomain: cluster.local
37 podSubnet: 10.244.0.0/16 #指定pod网段10.244.0.0/16用于匹配flannel默认网段
38 serviceSubnet: 10.96.0.0/16 #指定service网段
39 scheduler: {}
#末尾再添加以下内容
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs #把默认的kube-proxy调度方式改为ipvs模式#在线拉取镜像
kubeadm config images pull --config /opt/kubeadm-config.yaml
#查看镜像
docker images#初始化 master
kubeadm init --config/opt/kubeadm-config.yaml --upload-certs | tee kubeadm-init.log
#--upload-certs 参数可以在后续执行加入节点时自动分发证书文件
#tee kubeadm-init.log 用以输出日志#查看 kubeadm-init 日志
less kubeadm-init.log#kubernetes配置文件目录
ls /etc/kubernetes/#存放ca等证书和密码的目录
ls /etc/kubernetes/pki#设定kubectl
kubectl需经由API server认证及授权后方能执行相应的管理操作kubeadm 部署的集群为其生成了一个具有管理员权限的认证配置文件 /etc/kubernetes/admin.conf它可由 kubectl 通过默认的 “$HOME/.kube/config” 的路径进行加载。mkdir -p $HOME/.kube #在家目录中新键 .kube 目录
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config #将自动生成的 admin.conf 文件复制到家目录中 ./kube 目录
chown $(id -u):$(id -g) $HOME/.kube/config #给 config 文件授权#部署网络插件flannel
#上传 flannel 镜像 flannel.tar 和网络插件 cni-plugins-linux-amd64-v0.8.6.tgz 到 /opt 目录master节点上传 kube-flannel.yml 文件
cd /opt/
unzip flannel-v0.21.5.zipdocker load -i flannel.tar
docker load -i flannel-cni-plugin.tar)
mv /opt/cni /opt/cni_bak
mkdir -p /opt/cni/bin
tar xf cni-plugins-linux-amd64-v0.8.6.tgz -C /opt/cni/bin#在 master 节点创建 flannel 资源
kubectl apply -f kube-flannel.yml #在master节点查看节点状态
kubectl get nodeskubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-xffxg 1/1 Running 0 24s
kube-system coredns-54d67798b7-7jjll 1/1 Running 0 9m49s
kube-system coredns-54d67798b7-txdlc 1/1 Running 0 9m49s
kube-system etcd-master01 1/1 Running 0 9m58s
kube-system kube-apiserver-master01 1/1 Running 0 9m58s
kube-system kube-controller-manager-master01 1/1 Running 0 9m58s
kube-system kube-proxy-ll5bh 1/1 Running 0 9m49s
kube-system kube-scheduler-master01 1/1 Running 0 9m58s4.2 配置 node 节点
#将 master01 节点上的 flannel 相关文件传送到所有 node 节点
scp flannel*tar node01:/opt #在master操作
scp flannel*tar node02:/opt #在master操作#将node节点根据根据kubeadm init初始化的提示信息快速的加入到K8S集群当中
kubeadm join 192.168.145.15:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:508d252e11aadcbe12da889eb90038a6f72d8aa4922f166a1fa4f765bfe723ce#部署网络插件flannel
cd /opt/
docker load -i flannel.tar
docker load -i flannel-cni-plugin.tar#在master节点查看节点状态
kubectl get nodeskubectl get pods -A二、Kubeadm 高可用部署
#注意事项
master节点cpu核心数要求大于2
● 最新的版本不一定好但相对于旧版本核心功能稳定但新增功能、接口相对不稳
● 学会一个版本的 高可用部署其他版本操作都差不多
● 宿主机尽量升级到CentOS 7.9
● 内核kernel升级到 4.19 这种稳定的内核
● 部署k8s版本时尽量找 1.xx.5 这种大于5的小版本这种一般是比较稳定的版本集群服务器主机名服务器IP地址集群服务器部署的服务master012C/4Gcpu核心数要求大于2192.168.145.15docker、kubeadm、kubelet、kubectl、flannelmaster022C/4Gcpu核心数要求大于2192.168.145.30docker、kubeadm、kubelet、kubectl、flannelmaster032C/4Gcpu核心数要求大于2192.168.145.45docker、kubeadm、kubelet、kubectl、flannelnode012C/2G192.168.145.60docker、kubeadm、kubelet、kubectl、flannelnode022C/2G192.168.145.75docker、kubeadm、kubelet、kubectl、flannel
1. 环境准备
#所有节点关闭防火墙规则关闭selinux关闭swap交换
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i s/enforcing/disabled/ /etc/selinux/config
iptables -F iptables -t nat -F iptables -t mangle -F iptables -X
swapoff -a
sed -ri s/.*swap.*/#/ /etc/fstab#修改主机名
hostnamectl set-hostname master01
hostnamectl set-hostname master02
hostnamectl set-hostname master03
hostnamectl set-hostname node01
hostnamectl set-hostname node02#所有节点修改hosts文件
vim /etc/hosts
192.168.145.15 master01
192.168.145.30 master02
192.168.145.45 master03
192.168.145.60 node01
192.168.145.75 node02#所有节点时间同步
yum -y install ntpdate
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo Asia/Shanghai /etc/timezone
ntpdate time2.aliyun.comsystemctl enable --now crondcrontab -e
*/30 * * * * /usr/sbin/ntpdate time2.aliyun.com#所有节点实现Linux的资源限制
vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited#调整内核参数
cat /etc/sysctl.d/k8s.conf EOF
net.ipv4.ip_forward 1
net.bridge.bridge-nf-call-iptables 1
net.bridge.bridge-nf-call-ip6tables 1
fs.may_detach_mounts 1
vm.overcommit_memory1
vm.panic_on_oom0
fs.inotify.max_user_watches89100
fs.file-max52706963
fs.nr_open52706963
net.netfilter.nf_conntrack_max2310720net.ipv4.tcp_keepalive_time 600
net.ipv4.tcp_keepalive_probes 3
net.ipv4.tcp_keepalive_intvl 15
net.ipv4.tcp_max_tw_buckets 36000
net.ipv4.tcp_tw_reuse 1
net.ipv4.tcp_max_orphans 327680
net.ipv4.tcp_orphan_retries 3
net.ipv4.tcp_syncookies 1
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.ip_conntrack_max 65536
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.tcp_timestamps 0
net.core.somaxconn 16384
EOF#生效参数
sysctl --system #加载 ip_vs 模块
for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o ^[^.]*);do echo $i; /sbin/modinfo -F filename $i /dev/null 21 /sbin/modprobe $i;done2. 所有节点安装 docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.iocd /etc/docker
cat /etc/docker/daemon.json EOF
{registry-mirrors: [https://00ub0bmk.mirror.aliyuncs.com],exec-opts: [native.cgroupdriversystemd],log-driver: json-file,log-opts: {max-size: 500m, max-file: 3}
}
EOFsystemctl daemon-reload
systemctl restart docker.service
systemctl enable docker.service 2. 所有节点安装kubeadmkubelet和kubectl
#定义kubernetes源
cat /etc/yum.repos.d/kubernetes.repo EOF
[kubernetes]
nameKubernetes
baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled1
gpgcheck0
repo_gpgcheck0
gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOFyum install -y kubelet-1.20.15 kubeadm-1.20.15 kubectl-1.20.15#配置Kubelet使用阿里云的pause镜像
cat /etc/sysconfig/kubelet EOF
KUBELET_EXTRA_ARGS--cgroup-driversystemd --pod-infra-container-imageregistry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2
EOF#开机自启kubelet
systemctl enable --now kubelet3. 高可用组件安装、配置
#所有 master 节点部署 Haproxy
yum -y install haproxy keepalivedcat /etc/haproxy/haproxy.cfg EOF
globallog 127.0.0.1 local0 infolog 127.0.0.1 local1 warningchroot /var/lib/haproxypidfile /var/run/haproxy.pidmaxconn 4000user haproxygroup haproxydaemonstats socket /var/lib/haproxy/statsdefaultsmode tcplog globaloption tcplogoption dontlognulloption redispatchretries 3timeout queue 1mtimeout connect 10stimeout client 1mtimeout server 1mtimeout check 10smaxconn 3000frontend monitor-inbind *:33305mode httpoption httplogmonitor-uri /monitorfrontend k8s-masterbind *:16443mode tcpoption tcplogdefault_backend k8s-masterbackend k8s-mastermode tcpoption tcplogoption tcp-checkbalance roundrobinserver k8s-master1 192.168.145.15:6443 check inter 10000 fall 2 rise 2 weight 1server k8s-master2 192.168.145.30:6443 check inter 10000 fall 2 rise 2 weight 1server k8s-master3 192.168.145.45:6443 check inter 10000 fall 2 rise 2 weight 1
EOF#所有 master 节点部署 keepalived
cd /etc/keepalived/
vim keepalived.conf
! Configuration File for keepalived
global_defs {router_id LVS_HA1 #路由标识符每个节点配置不同
}vrrp_script chk_haproxy {script /etc/keepalived/check_haproxy.shinterval 2weight 2
}vrrp_instance VI_1 {state MASTER #本机实例状态MASTER/BACKUP备机配置文件中设置BACKUPinterface ens33virtual_router_id 51priority 100 #本机初始权重备机设置小于主机的值advert_int 1virtual_ipaddress {192.168.145.100 #设置VIP地址}track_script {chk_haproxy}
}vim check_haproxy.sh
#!/bin/bash
if ! killall -0 haproxy; thensystemctl stop keepalived
fisystemctl enable --now haproxy
systemctl enable --now keepalived4. 部署 K8S 集群
#在 master01 节点上设置集群初始化配置文件
kubeadm config print init-defaults /opt/kubeadm-config.yamlcd /opt/
vim kubeadm-config.yaml
......
11 localAPIEndpoint:
12 advertiseAddress: 192.168.145.15 #指定当前master节点的IP地址
13 bindPort: 644321 apiServer:
22 certSANs: #在apiServer属性下面添加一个certsSANs的列表添加所有master节点的IP地址和集群VIP地址
23 - 192.168.145.100
24 - 192.168.145.15
25 - 192.168.145.30
26 - 192.168.145.4530 clusterName: kubernetes
31 controlPlaneEndpoint: 192.168.145.100:6443 #指定集群VIP地址
32 controllerManager: {}38 imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers #指定镜像下载地址
39 kind: ClusterConfiguration
40 kubernetesVersion: v1.20.15 #指定kubernetes版本号
41 networking:
42 dnsDomain: cluster.local
43 podSubnet: 10.244.0.0/16 #指定pod网段10.244.0.0/16用于匹配flannel默认网段
44 serviceSubnet: 10.96.0.0/16 #指定service网段
45 scheduler: {}
#末尾再添加以下内容
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs #把默认的kube-proxy调度方式改为ipvs模式#更新集群初始化配置文件
kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml#所有节点拉取镜像
#拷贝yaml配置文件给其他主机通过配置文件进行拉取镜像
for i in master02 master03 node01 node02; do scp /opt/new.yaml $i:/opt/; donekubeadm config images pull --config /opt/new.yaml#master01 节点进行初始化
kubeadm init --config new.yaml --upload-certs | tee kubeadm-init.log
Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run kubectl apply -f [podnetwork].yaml with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of the control-plane node running the following command on each as root:
#master节点加入使用的命令记录kubeadm join 192.168.145.100:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:63df6e626b225f6b60112bbc592d0ff69c1ae2e7869c9b41f142e4776df71d53 \--control-plane --certificate-key 0aad75a1c7f178755e4776e474e12616ab88086c93984ba311a465df1999d193Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
kubeadm init phase upload-certs --upload-certs to reload certs afterward.Then you can join any number of worker nodes by running the following on each as root:
#node节点加入使用的命令。记录
kubeadm join 192.168.145.100:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:63df6e626b225f6b60112bbc592d0ff69c1ae2e7869c9b41f142e4776df71d53 #将其他节点加入集群中#将mater节点加入集群中
kubeadm join 192.168.145.100:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:63df6e626b225f6b60112bbc592d0ff69c1ae2e7869c9b41f142e4776df71d53 \--control-plane --certificate-key 0aad75a1c7f178755e4776e474e12616ab88086c93984ba311a465df1999d193#将node节点加入集群中
kubeadm join 192.168.145.100:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:63df6e626b225f6b60112bbc592d0ff69c1ae2e7869c9b41f142e4776df71d53 #若初始化失败进行的操作
kubeadm reset -f
ipvsadm --clear
rm -rf ~/.kube
再次进行初始化#master01 节点进行环境配置
#配置 kubectl
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config#修改controller-manager和scheduler配置文件
vim /etc/kubernetes/manifests/kube-scheduler.yaml
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
......#- --port0 #搜索port0把这一行注释掉systemctl restart kubelet #部署网络插件flannel
所有节点上传 flannel 镜像 flannel.tar 和网络插件 cni-plugins-linux-amd64-v0.8.6.tgz 到 /opt 目录master节点上传 kube-flannel.yml 文件
cd /opt
unzip flannel-v0.21.5.zip
docker load -i flannel.tar
docker load -i flannel-cni-plugin.tarmv /opt/cni /opt/cni_bak
mkdir -p /opt/cni/bin
tar xf cni-plugins-linux-amd64-v1.3.0.tgz /opt/cni/binkubectl apply -f kube-flannel.yml#其他节点操作
#配置 kubectl
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/configkubectl apply -f kube-flannel.yml #在 master01 查看集群信息
kubectl get nodeskubectl get pod -n kube-system 总结
kubeadm 部署过程
1所有节点进行初始化,安装docker引擎和kubeadm kubelet kubectl
2生成集群初始化配置文件并进行修改
3使用kubeadm init根据初始化配置文件生成K8S的master控制管理节点
4安装CNI网络插件flannel、calico等
5在其他节点使用kubeadm join将节点以nodekubeadm 部署的K8S集群更新证书
1备份老证书和kubeconfig配置文件
mkdir /etc/kubernetes.bak
cp -r /etc/kubernetes/pki/ /etc/kubernetes.bak
cp /etc/kubernetes/*.conf /etc/kubernetes.bak2重新生成证书
kubeadm alpha certs renew all --configkubeadm.yaml3重新生成kubeconfig配置文件
kubeadm init phase kubeconfig all --config kubeadm.yaml4重启kubelet和其他K8S组件的Pod容器
systemctl restart kubeletmv /etc/kubernetes/manifests /tmp
mv /tmp/*.yaml /etc/kubernetes/manifests
