環境參數
<code>centos version: CentOS Linux release 7.7.1908 (Core) docker version: Docker version 19.03.8, build afacb8b kubectl version: v1.13.6 etcdctl version: 3.2.18 Flannel version: 0.12.0/<code>
基本架構:
IP地址主機名服務
<code>10.88.0.1 k8s-master etcd/docker/kube-apiserver/kube-controller-manager/kube-scheduler/flannel 10.88.0.2 k8s-node1 etcd/docker/kube-proxy/kubelet/flannel 10.88.0.3 k8s-node2 etcd/docker/kube-proxy/kubelet/flannel/<code>
1. 關閉SELinux和防火牆
<code>設置後重啟生效,或者(# setenforce 0) # cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted/<code>
<code>#systemctl disable firewalld.service #systemctl stop firewalld.service/<code>
2.設置主機名:
<code>hostnamectl set-hostname k8s-master hostnamectl set-hostname k8s-node1 hostnamectl set-hostname k8s-node2/<code>
3.設置/etc/hosts保證主機名能夠解析
<code>10.88.0.1 k8s-master 10.88.0.2 k8s-node1 10.88.0.3 k8s-node2/<code>
4. 設置部署節點到其它所有節點的SSH免密碼登錄
<code>[root@k8s-master ~]# ssh-keygen -t rsa [root@k8s-master ~]# ssh-copy-id k8s-master [root@k8s-master ~]# ssh-copy-id k8s-node1 [root@k8s-master ~]# ssh-copy-id k8s-node2/<code>
5.安裝Docker(三臺主機都安裝)
第一步:使用國內Docker源
<code>[root@k8s-master ~]# cd /etc/yum.repos.d/ [root@k8s-master yum.repos.d]# wget \ https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo --2018-05-30 17:20:48-- https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 103.15.99.96, 103.15.99.93, 103.15.99.94, ... Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|103.15.99.96|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2640 (2.6K) [application/octet-stream] Saving to: ‘docker-ce.repo’ 100%[===========================================================================================>] 2,640 --.-K/s in 0s 2018-05-30 17:20:49 (63.8 MB/s) - ‘docker-ce.repo’ saved [2640/2640]/<code>
第二步:Docker安裝:
<code>[root@k8s-master yum.repos.d]# yum install -y docker-ce/<code>
第三步:啟動後臺進程:
<code>[root@k8s-master ~]# systemctl start docker [root@k8s-master ~]# systemctl enable docker/<code>
6.準備部署目錄,三臺機器均操作
<code>#mkdir -p /opt/kubernetes/{cfg,bin,ssl,log}/<code>
Kubernetes主要由以下幾個核心組件組成:
etcd 保存了整個集群的狀態;
apiserver 提供了資源操作的唯一入口,並提供認證、授權、訪問控制、API註冊和發現等機制;
controller manager 負責維護集群的狀態,比如故障檢測、自動擴展、滾動更新等;
scheduler 負責資源的調度,按照預定的調度策略將Pod調度到相應的機器上;
kubelet 負責維護容器的生命週期,同時也負責Volume(CSI)和網絡(CNI)的管理;
Container runtime 負責鏡像管理以及Pod和容器的真正運行(CRI);
kube-proxy 負責為Service提供cluster內部的服務發現和負載均衡;
除了核心組件,還有一些推薦的Add-ons:
kube-dns負責為整個集群提供DNS服務
Ingress Controller為服務提供外網入口
Heapster提供資源監控
Dashboard提供GUI
Federation提供跨可用區的集群