标签:ssl reference 出现 标准 sele 设置 target 系统配置 package
角色 | 主机名 | ip | 系统 |
---|---|---|---|
master | m8s-master01 | 192.168.219.160 | CentOS 7.9.2009 |
node | m8s-node01 | 192.168.219.164 | CentOS 7.9.2009 |
软件 | 版本 |
---|---|
docker | 19.03.11 |
kubernetes | 1.18.18 |
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@localhost ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
[root@localhost ~]# yum update -y && yum install -y containerd.io-1.2.13 docker-ce-19.03.11 docker-ce-cli-19.03.11
[root@localhost ~]# mkdir /etc/docker
[root@localhost ~]# cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
[root@localhost ~]# vim /etc/docker/daemon.json
在最后加上
"registry-mirrors": ["https://n0k07cz2.mirror.aliyuncs.com"]
[root@localhost ~]# cat /etc/docker/daemon.json
输出如下
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"registry-mirrors": ["https://n0k07cz2.mirror.aliyuncs.com"]
}
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# systemctl stop firewalld
k8s-master01
[root@localhost ~]# hostnamectl set-hostname k8s-master01
k8s-node01
[root@localhost ~]# hostnamectl set-hostname k8s-node01
[root@k8s-master01 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.219.160 k8s-master01
192.168.219.164 k8s-node01
[root@k8s-master01 ~]# swapoff -a
[root@k8s-master01 ~]# vi /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Apr 1 06:39:41 2021
#
# Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=8bb2a63e-0853-417f-8c2d-c231588e4b07 /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
# 注释swap相关信息
# /dev/mapper/centos-swap swap swap defaults 0 0
Setup required sysctl params, these persist across reboots.
[root@k8s-master01 ~]# cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
Apply sysctl params without reboot
[root@k8s-master01 ~]# sysctl --system
[root@k8s-master01 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
centos6我们一直用的ntp时间服务器,虽然到CentOS7上也可以装ntp。但是各种问题。所以建议centos7使用chrony同步工具
[root@k8s-master01 ~]# yum install chrony -y
[root@k8s-master01 ~]# systemctl enable chronyd
[root@k8s-master01 ~]# systemctl start chronyd
[root@k8s-master01 ~]# chronyc sources
[root@k8s-master01 ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
[root@k8s-master01 ~]# yum -y install kubectl-1.18.18 kubelet-1.18.18 kubeadm-1.18.18
[root@k8s-master01 ~]# systemctl enable kubelet.service
[root@k8s-master01 ~]# kubeadm config print init-defaults --kubeconfig ClusterConfiguration > kubeadm.yml
[root@master01 ~]# vi kubeadm.yml
修改一下注释内容
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
# 修改主节点IP
advertiseAddress: 192.168.219.160
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: test1
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
# 国内不能访问 Google,修改为阿里云
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
# 修改为对应的k8s版本
kubernetesVersion: v1.18.18
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
[root@k8s-master01 ~]# kubeadm config images list --config kubeadm.yml
输出一下信息
W0610 02:42:29.980212 83223 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
registry.aliyuncs.com/google_containers/kube-apiserver:v1.18.18
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.18.18
registry.aliyuncs.com/google_containers/kube-scheduler:v1.18.18
registry.aliyuncs.com/google_containers/kube-proxy:v1.18.18
registry.aliyuncs.com/google_containers/pause:3.2
registry.aliyuncs.com/google_containers/etcd:3.4.3-0
registry.aliyuncs.com/google_containers/coredns:1.6.7
[root@k8s-master01 ~]# kubeadm config images pull --config kubeadm.yml
[root@k8s-master01 ~]# kubeadm init --config=kubeadm.yml --upload-certs | tee kubeadm-init.log
说明 :
注意:
安装 kubernetes 版本和下载的镜像版本不统一则会出现
timed out waiting for the condition 错误。
想修改配置可以使用 kubeadm reset 命令重置配置,
重新初始化操作即可。
安装成功
[root@k8s-master01 ~]# mkdir -p $HOME/.kube
[root@k8s-master01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master01 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
验证是否成功
[root@k8s-master01 ~]# kubectl get nodes
显示如下信息
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady master 11m v1.18.18
在node节点上执行
[root@k8s-master01 ~]# kubeadm join 192.168.219.129:6443 --token abcdef.0123456789abcdef
--discovery-token-ca-cert-hash sha256:6dad4602dd288cbfbc952e3a9db40ee192ae8c4229479d60b330c95940131c06
节点验证
返回主节点查看
[root@k8s-master01 ~]# kubectl get nodes
输出如下
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady master 40m v1.18.18
k8s-node01 NotReady <none> 5m15s v1.18.18
这里的STATUS是NotReady因为coredns,需要安装网络插件
在master节点上查看 Pods 状态
[root@k8s-master01 ~]# kubectl get pods -n kube-system -o wide
输出如下
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-7ff77c879f-94wq9 1/1 Running 0 24h 192.168.32.129 k8s-master01 <none> <none>
coredns-7ff77c879f-kg4gd 0/1 Running 0 24h 192.168.85.194 k8s-node01 <none> <none>
etcd-k8s-master01 1/1 Running 0 24h 192.168.219.160 k8s-master01 <none> <none>
kube-apiserver-k8s-master01 1/1 Running 0 24h 192.168.219.160 k8s-master01 <none> <none>
kube-controller-manager-k8s-master01 1/1 Running 1 24h 192.168.219.160 k8s-master01 <none> <none>
kube-proxy-qwbpg 1/1 Running 0 24h 192.168.219.160 k8s-master01 <none> <none>
kube-proxy-t92jc 1/1 Running 0 24h 192.168.219.164 k8s-node01 <none> <none>
kube-scheduler-k8s-master01 1/1 Running 1 24h 192.168.219.160 k8s-master01 <none> <none>
在使用使用容器的时候,只是提供一个CNI(Container Network Interface) 标准的通用的接口,容器网络解决方案 flannel,calico,Canal,weave,使用这些解决方案可以满足该协议的所有容器平台提供网络功能。
Calico链接 https://docs.projectcalico.or...
Flannel链接 https://github.com/coreos/fla...
Weave链接 https://www.weave.works/oss/net/
Canal 链接 https://github.com/projectcal...
我这里使用的是calico,因为支持网络策略、支持服务网格Istio集成
官方的安装文档:https://docs.projectcalico.or...
[root@k8s-master01 ~]# wget https://docs.projectcalico.org/v3.18/manifests/calico.yaml
[root@k8s-master01 ~]# kubectl apply -f calico.yaml
验证安装是否成功
[root@k8s-master01 ~]# kubectl get pods --all-namespaces
输出如下
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-545578d5-dmzsj 1/1 Running 0 24m
kube-system calico-node-rmq5x 1/1 Running 0 24m
kube-system calico-node-v89vb 1/1 Running 0 24m
kube-system coredns-7ff77c879f-94wq9 1/1 Running 0 56m
kube-system coredns-7ff77c879f-kg4gd 0/1 Running 0 56m
kube-system etcd-k8s-master01 1/1 Running 0 56m
kube-system kube-apiserver-k8s-master01 1/1 Running 0 56m
kube-system kube-controller-manager-k8s-master01 1/1 Running 1 56m
kube-system kube-proxy-qwbpg 1/1 Running 0 56m
kube-system kube-proxy-t92jc 1/1 Running 0 56m
kube-system kube-scheduler-k8s-master01 1/1 Running 1 56m
[root@k8s-master01 ~]# kubectl get nodes
显示STATUS -Ready代表网络已经组成
输出如下
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready master 24h v1.18.18
k8s-node01 Ready <none> 24h v1.18.18
这里需要注意的是,之前使用 --replicas方式已经不推荐使用了
Flag --replicas has been deprecated, has no effect and will be removed in the future.
在K8S v1.18.0以后,–replicas已弃用 ,推荐用 deployment 创建 pods。
我这里使用nginx-1.18.0容器,作为示例
[root@k8s-master01 ~]# vi nginx-deployment.yaml
内容如下:
apiVersion: apps/v1 #指定api版本,此值必须在kubectl apiversion中
kind: Deployment # 指定创建资源的角色/类型
metadata: #资源的元数据/属性
name: nginx-deployment #资源的名字,在同一个namespace中必须唯一
labels: #设定资源的标签
app: nginx
spec: #指定该资源的内容
replicas: 1 #创建1个nginx容器
selector: #节点选择
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx #设定资源的标签
spec:
containers:
- name: nginx #容器的名字
image: nginx:1.18.0 #容器使用的镜像地址
ports:
- containerPort: 80 #容器开发对外的端口
---
apiVersion: v1 # API 版本号
kind: Service # 类型,如:Pod/ReplicationController/Deployment/Service/Ingress
metadata: # 元数据
name: nginx-deployment # Kind 的名称
spec:
ports:
- port: 80 # Service 暴露的端口
targetPort: 80 # Pod 上的端口,这里是将 Service 暴露的端口转发到 Pod 端口上
type: LoadBalancer # 类型
selector: # 标签选择器
app: nginx # 需要和上面部署的 Deployment 标签名对应
[root@k8s-master01 ~]# kubectl apply -f nginx-deployment.yaml
[root@k8s-master01 ~]# kubectl get pods
显示如下
NAME READY STATUS RESTARTS AGE
nginx-deployment-75ddd4d4b4-6gtx5 1/1 Running 0 26h
[root@k8s-master01 ~]# kubectl get deployments
显示如下
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 1/1 1 1 26h
[root@k8s-master01 ~]# kubectl get services
显示如下
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 27h
nginx-deployment LoadBalancer 10.100.103.238 <pending> 80:32234/TCP 26h
验证服务
访问:http://192.168.219.160:32234/
如:service、pod、deployment等
[root@k8s-master01 ~]# kubectl describe service nginx-deployment
[root@k8s-master01 ~]# kubectl delete -f nginx-deployment.yaml
https://blog.csdn.net/qq_3241...
https://cloud.tencent.com/dev...
标签:ssl reference 出现 标准 sele 设置 target 系统配置 package
原文地址:https://www.cnblogs.com/netflix/p/14965581.html