生产环境kubernetes集群安装部署-1.15.3
发表于:2025-02-07 作者:千家信息网编辑
千家信息网最后更新 2025年02月07日,版本介绍NAME VERSION INTERNAL-IP cnvs-kubm-101-103 v1.15.3 172.20.101
千家信息网最后更新 2025年02月07日生产环境kubernetes集群安装部署-1.15.3
版本介绍
NAME VERSION INTERNAL-IP cnvs-kubm-101-103 v1.15.3 172.20.101.103 OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIMECentOS Linux 7 (Core) 5.2.9-1.el7.elrepo.x86_64 docker://18.6.1 项目地址:
https://gitlab.com/PtmindDev/devops/kub-deploy/tree/cn-k8s-prod分支:cn-k8s-prod集群介绍
#master[kub-m]172.20.101.103 name=cnvskubm-101-103 172.20.101.104 name=cnvskubm-101-104 172.20.101.105 name=cnvskubm-101-105 #node[kub-n]172.20.101.106 name=cnvs-kubnode-101-106 172.20.101.107 name=cnvs-kubnode-101-107172.20.101.108 name=cnvs-kubnode-101-108172.20.101.118 name=cnvs-kubnode-101-118 172.20.101.120 name=cnvs-kubnode-101-120172.20.101.122 name=cnvs-kubnode-101-122172.20.101.123 name=cnvs-kubnode-101-123 172.20.101.124 name=cnvs-kubnode-101-124ansible 安装环境:
cd /workspace/kub-deploy/roles1:升级内核 -按需
ansible-playbook 1-kernelup.yaml 验证效果
ansible kub-all -a "uname -a"
Linux kubm-01 5.2.9-1.el7.elrepo.x86_64 #1 SMP Fri Aug 16 08:17:55 EDT 2019 x86_64 x86_64 x86_64 GNU/Linux系统初始化
ansible-playbook 2-basic.yml#单独指定其中一台运行:ansible-playbook -i /etc/ansible/hosts 2-basic.yml --limit 172.20.101.103安装nginx
ansible-playbook 3-nginx.yaml验证
#版本[root@kubm-01 roles]# ansible kub-m -a "nginx -v" 172.20.101.103 | CHANGED | rc=0 >>nginx version: nginx/1.16.1....#端口ansible kub-m -m shell -a "lsof -n -i:16443"172.20.101.103 | CHANGED | rc=0 >>COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEnginx 21392 root 5u IPv4 434526 0t0 TCP *:16443 (LISTEN)。。。。安装keepalived
ansible-playbook 4-keepalived.yml 返回
********ok: [172.20.101.103] => { "output.stdout_lines": [ " inet 172.20.101.253/32 scope global eth0" ].......ok: [172.20.101.105] => { "output.stdout_lines": []}监测 vip
[root@kubm-01 roles]# ping 172.20.101.253PING 172.20.101.253 (172.20.101.253) 56(84) bytes of data.64 bytes from 172.20.101.253: icmp_seq=1 ttl=64 time=0.059 ms新建安装部署目录
mkdir -p /etc/kubeinstallcd /etc/kubeinstall创建一个初始初始化文件 (kubm-01执行)
我使用的flannel 网络插件需要配置网络参数 --pod-network-cidr=10.244.0.0/16 。
cat < /etc/kubeinstall/kubeadm-config.yamlapiVersion: kubeadm.k8s.io/v1beta2bootstrapTokens:- groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authenticationkind: InitConfigurationlocalAPIEndpoint: advertiseAddress: 172.20.101.103 bindPort: 6443nodeRegistration: criSocket: /var/run/dockershim.sock name: cnvs-kubm-101-103 taints: - effect: NoSchedule key: node-role.kubernetes.io/master---apiServer: timeoutForControlPlane: 4m0sapiVersion: kubeadm.k8s.io/v1beta2certificatesDir: /etc/kubernetes/pkiclusterName: cn-k8s-prodcontrolPlaneEndpoint: "172.20.101.253:16443"controllerManager: {}dns: type: CoreDNSetcd: local: dataDir: /var/lib/etcdimageRepository: k8s.gcr.iokind: ClusterConfigurationkubernetesVersion: v1.15.0networking: dnsDomain: cluster.local serviceSubnet: 10.245.0.0/16 podSubnet: "10.244.0.0/16"scheduler: {}EOF 注意我使用nginx做的代理
master上面都配置Nginx反向代理 API Server;172.20.101.253 是master节点的vip;Nginx 代理端口为 16443 端口;API Server使用 6443 端口;使用config指定初始化集群。
kubeadm init \--config=/etc/kubeinstall/kubeadm-config.yaml \--upload-certs master 节点:
[kub-m]172.20.101.103 name=cnvs-kubm-101-103 172.20.101.104 name=cnvs-kubm-101-104 172.20.101.105 name=cnvs-kubm-101-105 第一台master节点初始化返回结果
To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of the control-plane node running the following command on each as root: kubeadm join 172.20.101.253:16443 --token hgep1g.fwo8y7rt8o8xqjml \ --discovery-token-ca-cert-hash sha256:08462cf2017a1e3292ea355a7fc56c49ac713b84d5af45b649d7c8be539b97cf \ --control-plane --certificate-key 1c20a3656bbcc9be4b5a16bcb4c4bab5445d221d4721900bf31b5b196b733cecPlease note that the certificate-key gives access to cluster sensitive data, keep it secret!As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use "kubeadm init phase upload-certs --upload-certs" to reload certs afterward.Then you can join any number of worker nodes by running the following on each as root:kubeadm join 172.20.101.253:16443 --token hgep1g.fwo8y7rt8o8xqjml \ --discovery-token-ca-cert-hash sha256:08462cf2017a1e3292ea355a7fc56c49ac713b84d5af45b649d7c8be539b97cf 在执行节点上执行如下操作,初始化k8s环境。
mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config节点验证:
[root@cnvs-kubnode-101-103 kubeinstall]# mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config#节点状态[root@cnvs-kubnode-101-103 kubeinstall]# kubectl get nodesNAME STATUS ROLES AGE VERSIONcnvs-kubm-101-103 NotReady master 3m35s v1.15.3 <=== 状态 NotReady,安装网络插件后恢复#服务状态[root@cnvs-kubnode-101-103 kubeinstall]# kubectl get csNAME STATUS MESSAGE ERRORcontroller-manager Healthy ok scheduler Healthy ok etcd-0 Healthy {"health":"true"} 部署flannel网络
使用与podSubnet上面配置匹配的pod CIDR 安装CNI插件,按照实际情况修改。
kubernetes 版本更新较快,推荐部署前阅读相关文档,使用匹配版本网络插件。!!!
https://github.com/coreos/flannel#flannel
kubeadm join 172.20.101.253:16443 --token hgep1g.fwo8y7rt8o8xqjml \ --discovery-token-ca-cert-hash sha256:08462cf2017a1e3292ea355a7fc56c49ac713b84d5af45b649d7c8be539b97cf \ --control-plane --certificate-key 1c20a3656bbcc9be4b5a16bcb4c4bab5445d221d4721900bf31b5b196b733cec验证节点状态:
[root@cnvs-kubnode-101-103 kubeinstall]# kubectl get nodesNAME STATUS ROLES AGE VERSIONcnvs-kubm-101-103 Ready master 4m51s v1.15.3 <=== Ready#服务状态全部为runningroot@cnvs-kubm-101-103 kubeinstall]# kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEcoredns-5c98db65d4-kl66m 1/1 Running 0 83scoredns-5c98db65d4-xjlkl 0/1 Running 0 83setcd-cnvs-kubm-101-103 1/1 Running 0 40skube-apiserver-cnvs-kubm-101-103 1/1 Running 0 25skube-controller-manager-cnvs-kubm-101-103 1/1 Running 0 27skube-flannel-ds-amd64-jln7d 1/1 Running 0 17skube-proxy-g2b2p 1/1 Running 0 83skube-scheduler-cnvs-kubm-101-103 1/1 Running 0 35s添加第(2 ~ 3)master节点执行如下操作
kubeadm join 172.20.101.253:16443 --token m1n5s7.ktdbt3ce3yj4czm1 \ --discovery-token-ca-cert-hash sha256:0eca032dcb2354f8c9e4f3ecfd2a19941b8a7b0c6cc4cc0764dc61a3a8e5ff68 \ --control-plane --certificate-key e5b5fe5b9576a604b7107bbe12a8aa09d4ddc309c9d9447bc5552fdd481df627 在执行节点上执行如下操作,初始化一下k8s环境。
mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config验证
所有master节点ready
[root@cnvs-kubm-101-105 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONcnvs-kubm-101-103 Ready master 4m35s v1.15.3cnvs-kubm-101-104 Ready master 96s v1.15.3cnvs-kubm-101-105 Ready master 22s v1.15.3所有node节点,执行如下操作
[kub-n]172.20.101.106172.20.101.107172.20.101.108172.20.101.118172.20.101.120172.20.101.122172.20.101.123172.20.101.124单节点安装
kubeadm join 172.20.101.253:16443 --token hgep1g.fwo8y7rt8o8xqjml \ --discovery-token-ca-cert-hash sha256:08462cf2017a1e3292ea355a7fc56c49ac713b84d5af45b649d7c8be539b97cf ansible 安装
ansible kub-n -m shell -a "kubeadm join 172.20.101.253:16443 --token hgep1g.fwo8y7rt8o8xqjml \ --discovery-token-ca-cert-hash sha256:08462cf2017a1e3292ea355a7fc56c49ac713b84d5af45b649d7c8be539b97cf"返回
[preflight] Running pre-flight checks[preflight] Reading configuration from the cluster...[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"[kubelet-start] Activating the kubelet service[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...This node has joined the cluster:* Certificate signing request was sent to apiserver and a response was received.* The Kubelet was informed of the new secure connection details.Run 'kubectl get nodes' on the control-plane to see this node join the cluster.验证:
[root@cnvs-kubm-101-104 ~]# kubectl get nodeNAME STATUS ROLES AGE VERSIONcnvs-kubm-101-103 Ready master 8m32s v1.15.3cnvs-kubm-101-104 Ready master 5m33s v1.15.3cnvs-kubm-101-105 Ready master 4m19s v1.15.3cnvs-kubnode-101-106 Ready 28s v1.15.3cnvs-kubnode-101-107 Ready 28s v1.15.3cnvs-kubnode-101-108 Ready 28s v1.15.3cnvs-kubnode-101-118 Ready 28s v1.15.3cnvs-kubnode-101-120 Ready 28s v1.15.3cnvs-kubnode-101-122 Ready 13s v1.15.3cnvs-kubnode-101-123 Ready 13s v1.15.3cnvs-kubnode-101-124 Ready 2m31s v1.15.3 添加标签
为部署traefik做准备
kubectl label nodes {cnvs-kubnode-101-106,cnvs-kubnode-101-107} traefik=traefik-outer --overwritekubectl label nodes {cnvs-kubnode-101-123,cnvs-kubnode-101-124} traefik=traefik-inner --overwrite验证
[root@cnvs-kubm-101-103 kub-deploy]# kubectl get node -l "traefik=traefik-outer"NAME STATUS ROLES AGE VERSIONcnvs-kubnode-101-106 Ready 5m25s v1.15.3cnvs-kubnode-101-107 Ready 5m25s v1.15.3[root@cnvs-kubm-101-103 kub-deploy]# kubectl get node -l "traefik=traefik-inner"NAME STATUS ROLES AGE VERSIONcnvs-kubnode-101-123 Ready 5m18s v1.15.3cnvs-kubnode-101-124 Ready 7m36s v1.15.3 集群总体验证
#所有服务状态均为 running[root@cnvs-kubm-101-103 kub-deploy]# kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEcoredns-5c98db65d4-kl66m 1/1 Running 0 13mcoredns-5c98db65d4-xjlkl 1/1 Running 0 13metcd-cnvs-kubm-101-103 1/1 Running 0 13metcd-cnvs-kubm-101-104 1/1 Running 0 7m57setcd-cnvs-kubm-101-105 1/1 Running 0 5m26skube-apiserver-cnvs-kubm-101-103 1/1 Running 0 13mkube-apiserver-cnvs-kubm-101-104 1/1 Running 1 7m47skube-apiserver-cnvs-kubm-101-105 1/1 Running 0 4m8skube-controller-manager-cnvs-kubm-101-103 1/1 Running 1 13mkube-controller-manager-cnvs-kubm-101-104 1/1 Running 0 6m38skube-controller-manager-cnvs-kubm-101-105 1/1 Running 0 4m11skube-flannel-ds-amd64-2nfbb 1/1 Running 2 88skube-flannel-ds-amd64-2pbqs 1/1 Running 1 104skube-flannel-ds-amd64-4w7cb 1/1 Running 2 92skube-flannel-ds-amd64-gxzhw 1/1 Running 1 3m58skube-flannel-ds-amd64-jln7d 1/1 Running 0 12mkube-flannel-ds-amd64-lj9t4 1/1 Running 2 92skube-flannel-ds-amd64-mbp8k 1/1 Running 2 91skube-flannel-ds-amd64-r8t9c 1/1 Running 1 7m57skube-flannel-ds-amd64-rdsfm 1/1 Running 0 3m5skube-flannel-ds-amd64-w8gww 1/1 Running 1 5m26skube-flannel-ds-amd64-x7rh7 1/1 Running 2 92skube-proxy-4kxjv 1/1 Running 0 5m26skube-proxy-4vqpf 1/1 Running 0 92skube-proxy-677lf 1/1 Running 0 92skube-proxy-b9kr2 1/1 Running 0 104skube-proxy-dm9kd 1/1 Running 0 3m5skube-proxy-g2b2p 1/1 Running 0 13mkube-proxy-m79jv 1/1 Running 0 3m58skube-proxy-snqhr 1/1 Running 0 92skube-proxy-t7mkx 1/1 Running 0 91skube-proxy-z2f67 1/1 Running 0 7m57skube-proxy-zjpwn 1/1 Running 0 88skube-scheduler-cnvs-kubm-101-103 1/1 Running 1 13mkube-scheduler-cnvs-kubm-101-104 1/1 Running 0 7m4skube-scheduler-cnvs-kubm-101-105 1/1 Running 0 4m32s#所有节点状态为ready[root@cnvs-kubm-101-103 kub-deploy]# kubectl get nodesNAME STATUS ROLES AGE VERSIONcnvs-kubm-101-103 Ready master 15m v1.15.3cnvs-kubm-101-104 Ready master 9m32s v1.15.3cnvs-kubm-101-105 Ready master 7m1s v1.15.3cnvs-kubnode-101-106 Ready 3m6s v1.15.3cnvs-kubnode-101-107 Ready 3m19s v1.15.3cnvs-kubnode-101-108 Ready 3m7s v1.15.3cnvs-kubnode-101-118 Ready 3m7s v1.15.3cnvs-kubnode-101-120 Ready 3m7s v1.15.3cnvs-kubnode-101-122 Ready 3m3s v1.15.3cnvs-kubnode-101-123 Ready 4m40s v1.15.3cnvs-kubnode-101-124 Ready 5m33s v1.15.3 批量清理集群
kubectl delete node --allansible kub-all -m shell -a "kubeadm reset -f"ansible kub-all -m shell -a "rm -rf /etc/kubernetes && rm -rf /var/lib/etcd && rm -rf /var/lib/kubelet && rm -rf /var/lib/kubelet && rm -rf $HOME/.kube/config "ansible kub-all -m shell -a "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X"ansible kub-all -m shell -a "systemctl restart docker && systemctl enable kubelet"ansible kub-all -m shell -a "ip link del flannel.1 && ip a|grep flannel "推荐清理环境
如果之前配置过k8s或者首次配置没有成功等情况,推荐把系统环境清理一下,每一个节点。
systemctl stop kubeletdocker rm -f -v $(docker ps -a -q)rm -rf /etc/kubernetesrm -rf /var/lib/etcdrm -rf /var/lib/kubeletrm -rf $HOME/.kube/configip link del flannel.1 iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -Xyum reinstall -y kubeletsystemctl daemon-reloadsystemctl restart dockersystemctl enable kubelet参考文档
https://www.cnblogs.com/net2817/p/10513369.html
https://k8smeetup.github.io/docs/reference/setup-tools/kubeadm/kubeadm-config/
节点
验证
状态
环境
网络
配置
集群
插件
版本
端口
代理
推荐
服务
情况
文档
系统
成功
内核
分支
参数
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
软件开发培训学校招生简章
circbase数据库
sql数据库表格下载
区块链网络技术分析
智慧充值无法连接服务器
软件开发测试男友礼物
辽宁数据库安全箱批量定制
梦幻西游手游第八天服务器等级
ios14邮件未从服务器下载
方舟破解版服务器搭建
人民铁道网络安全
服务器日志主要做些什么
佛山贸多多网络技术有限公司
查看长连接数据库配置
2k19服务器关闭怎么联网
服务器主板过了自检但会强制关机
济宁市网络安全宣传
国内展馆馆网络技术
php 服务器响应时间
找不到域的域服务器
打印机代理服务器
网吧用的服务器
我的世界小蜜蜂服务器主播
2022coc详细数据库
数据库管理关键技术是什么
肇庆服务器铝合金外壳
我的世界服务器移动市场
网络软件开发支出
什么叫5g网络技术
网络安全检查内容
