小语种外贸网站建设,wordpress数据库改密码,没有网站如何做营销,江西南昌网站建设招标1. 安装要求
在开始之前#xff0c;部署Kubernetes集群机器需要满足以下几个条件#xff1a;
一台或多台机器#xff0c;操作系统 CentOS7.x-86_x64硬件配置#xff1a;2GB或更多RAM#xff0c;2个CPU或更多CPU#xff0c;硬盘20GB或更多可以访问外网#xff0c;需要拉…1. 安装要求
在开始之前部署Kubernetes集群机器需要满足以下几个条件
一台或多台机器操作系统 CentOS7.x-86_x64硬件配置2GB或更多RAM2个CPU或更多CPU硬盘20GB或更多可以访问外网需要拉取镜像如果服务器不能上网需要提前下载镜像并导入节点禁止swap分区
2. 准备环境
角色IPmaster192.168.88.146node1192.168.88.145node2192.168.88.144
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld# 关闭selinux
sed -i s/enforcing/disabled/ /etc/selinux/config # 永久
setenforce 0 # 临时# 关闭swap
swapoff -a # 临时
sed -ri s/.*swap.*/#/ /etc/fstab # 永久# 根据规划设置主机名分别为k8smaster、k8snode1、k8snode2
hostnamectl set-hostname hostname# 在三台机器中都添加hosts
cat /etc/hosts EOF
192.168.44.146 k8smaster
192.168.44.145 k8snode1
192.168.44.144 k8snode2
EOF#允许检查桥接流量
cat EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF# 将桥接的IPv4流量传递到iptables的链
cat /etc/sysctl.d/k8s.conf EOF
net.bridge.bridge-nf-call-ip6tables 1
net.bridge.bridge-nf-call-iptables 1
EOF
sysctl --system # 生效# 时间同步
yum install ntpdate -y
ntpdate ntp1.aliyun.com;hwclock --systohc3. 所有节点安装Docker/kubeadm/kubelet
Kubernetes默认CRI容器运行时为Docker因此先安装Docker。
3.1 安装Docker
$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
$ yum install -y docker-ce-20.10.0 docker-ce-cli-20.10.0 containerd.io
$ systemctl enable docker systemctl start docker
$ docker --versionsudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json -EOF
{registry-mirrors: [https://ogrhbvcd.mirror.aliyuncs.com],exec-opts: [native.cgroupdriversystemd]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker3.2 添加阿里云YUM软件源
$ cat /etc/yum.repos.d/kubernetes.repo EOF
[kubernetes]
nameKubernetes
baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled1
gpgcheck0
repo_gpgcheck0
gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF3.3 安装kubeadmkubelet和kubectl
由于版本更新频繁这里指定版本号部署
$ yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
$ systemctl enable kubelet4. 部署Kubernetes Master
在192.168.31.61Master执行。
kubeadm init \--apiserver-advertise-address192.168.88.146 \--image-repository registry.aliyuncs.com/google_containers \--kubernetes-version v1.23.0 \--service-cidr10.96.0.0/12 \--pod-network-cidr10.244.0.0/16 \--ignore-preflight-errorsall由于默认拉取镜像地址k8s.gcr.io国内无法访问这里指定阿里云镜像仓库地址。
使用kubectl工具
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config#查看结点
kubectl get nodes5. 加入Kubernetes Node
在192.168.88.145/144两个Node分别执行。
向集群添加新节点执行在kubeadm init输出的kubeadm join命令
#这里以实际情况为准不可直接复制
kubeadm join 192.168.88.146:6443 --token jsyb9j.ciokhd4r1to3nzxc --discovery-token-ca-cert-hash sha256:24229cd370978cbdde1c549bd36d27da7581ede172cb18a77755020b44f3c481默认token有效期为24小时当过期之后该token就不可用了。这时就需要重新创建token操作如下
kubeadm token create --print-join-command6. 部署CNI网络插件
ymal文件内容如下
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:name: psp.flannel.unprivilegedannotations:seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/defaultseccomp.security.alpha.kubernetes.io/defaultProfileName: docker/defaultapparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/defaultapparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:privileged: falsevolumes:- configMap- secret- emptyDir- hostPathallowedHostPaths:- pathPrefix: /etc/cni/net.d- pathPrefix: /etc/kube-flannel- pathPrefix: /run/flannelreadOnlyRootFilesystem: false# Users and groupsrunAsUser:rule: RunAsAnysupplementalGroups:rule: RunAsAnyfsGroup:rule: RunAsAny# Privilege EscalationallowPrivilegeEscalation: falsedefaultAllowPrivilegeEscalation: false# CapabilitiesallowedCapabilities: [NET_ADMIN]defaultAddCapabilities: []requiredDropCapabilities: []# Host namespaceshostPID: falsehostIPC: falsehostNetwork: truehostPorts:- min: 0max: 65535# SELinuxseLinux:# SELinux is unused in CaaSPrule: RunAsAny
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: flannel
rules:- apiGroups: [extensions]resources: [podsecuritypolicies]verbs: [use]resourceNames: [psp.flannel.unprivileged]- apiGroups:- resources:- podsverbs:- get- apiGroups:- resources:- nodesverbs:- list- watch- apiGroups:- resources:- nodes/statusverbs:- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: flannel
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: flannel
subjects:- kind: ServiceAccountname: flannelnamespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:name: flannelnamespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:name: kube-flannel-cfgnamespace: kube-systemlabels:tier: nodeapp: flannel
data:cni-conf.json: |{name: cbr0,cniVersion: 0.3.1,plugins: [{type: flannel,delegate: {hairpinMode: true,isDefaultGateway: true}},{type: portmap,capabilities: {portMappings: true}}]}net-conf.json: |{Network: 10.244.0.0/16,Backend: {Type: vxlan}}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-amd64namespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linux- key: kubernetes.io/archoperator: Invalues:- amd64hostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:amd64command:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:amd64command:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: 100mmemory: 50Milimits:cpu: 100mmemory: 50MisecurityContext:privileged: falsecapabilities:add: [NET_ADMIN]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-arm64namespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linux- key: kubernetes.io/archoperator: Invalues:- arm64hostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:arm64command:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:arm64command:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: 100mmemory: 50Milimits:cpu: 100mmemory: 50MisecurityContext:privileged: falsecapabilities:add: [NET_ADMIN]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-armnamespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linux- key: kubernetes.io/archoperator: Invalues:- armhostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:armcommand:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:armcommand:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: 100mmemory: 50Milimits:cpu: 100mmemory: 50MisecurityContext:privileged: falsecapabilities:add: [NET_ADMIN]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-ppc64lenamespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linux- key: kubernetes.io/archoperator: Invalues:- ppc64lehostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:ppc64lecommand:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:ppc64lecommand:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: 100mmemory: 50Milimits:cpu: 100mmemory: 50MisecurityContext:privileged: falsecapabilities:add: [NET_ADMIN]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:name: kube-flannel-ds-s390xnamespace: kube-systemlabels:tier: nodeapp: flannel
spec:selector:matchLabels:app: flanneltemplate:metadata:labels:tier: nodeapp: flannelspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linux- key: kubernetes.io/archoperator: Invalues:- s390xhostNetwork: truetolerations:- operator: Existseffect: NoScheduleserviceAccountName: flannelinitContainers:- name: install-cniimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:s390xcommand:- cpargs:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistvolumeMounts:- name: cnimountPath: /etc/cni/net.d- name: flannel-cfgmountPath: /etc/kube-flannel/containers:- name: kube-flannelimage: registry.cn-zhangjiakou.aliyuncs.com/test-lab/coreos-flannel:s390xcommand:- /opt/bin/flanneldargs:- --ip-masq- --kube-subnet-mgrresources:requests:cpu: 100mmemory: 50Milimits:cpu: 100mmemory: 50MisecurityContext:privileged: falsecapabilities:add: [NET_ADMIN]env:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespacevolumeMounts:- name: runmountPath: /run/flannel- name: flannel-cfgmountPath: /etc/kube-flannel/volumes:- name: runhostPath:path: /run/flannel- name: cnihostPath:path: /etc/cni/net.d- name: flannel-cfgconfigMap:name: kube-flannel-cfg文件直接通过shell软件放到当前目录执行如下操作
kubectl apply -f kube-flannel.yml查看运行情况全部running时使用kubectl get nodes可以看到结点状态为ready则为部署完毕。
kubectl get pods -n kube-systemkubectl get nodes若仍存在k8sNotReady情况这里提供如下一种解决方案
【 failed to find plugin “flannel” in path [/opt/cni/bin]】 需要下载CNI插件CNI plugins v0.8.6
github下载地址https://github.com/containernetworking/plugins/releases/tag/v0.8.6
下载后通过shell软件 上传到Linux中的/home目录并解压
tar zxvf cni-plugins-linux-amd64-v0.8.6.tgz复制 flannel 到 /opt/cni/bin/即可
[rootk8s-node1 home]# cp flannel /opt/cni/bin/7. 测试kubernetes集群
在Kubernetes集群中创建一个pod验证是否正常运行
$ kubectl run nginx --imagenginx
$ kubectl create deployment nginx --imagenginx
$ kubectl expose deployment nginx --port80 --typeNodePort
$ kubectl get pod,svc #查看端口映射访问地址http://NodeIP:Port
