阿里云-ECS部署k8s集群
目录
阿里云-ECS部署k8s集群
一、服务器资源规划
二、部署k8s-master
三、部署k8s-node
一、服务器资源规划
IP地址 | 使用 |
---|---|
172.17.47.100 | Rancher |
172.17.47.101 | k8s-master-01、etcd-01 |
172.17.47.102 | k8s-master-02、etcd-02 |
172.17.47.103 | k8s-master-03、etcd-03 |
172.16.47.104 | k8s-node-01 |
172.16.47.105 | k8s-node-02 |
172.17.47.60 | 内网SLB |
二、部署k8s-master
1、修改服务器基础配置(环境内机器都需要处理)
修改主机名
# 修改主机名
# 172.17.47.101
hostnamectl set-hostname k8s-master-01
# 172.17.47.102
hostnamectl set-hostname k8s-master-02
# 172.17.47.103
hostnamectl set-hostname k8s-master-03
# 172.17.47.104
hostnamectl set-hostname k8s-node-01
# 172.17.47.105
hostnamectl set-hostname k8s-node-02
修改hosts
# vim /etc/hosts
# 172.17.47.101
172.17.47.101 k8s-master-01
172.17.47.101 k8s-api-server
# 172.17.47.102
172.17.47.102 k8s-master-02
172.17.47.102 k8s-api-server
# 172.17.47.103
172.17.47.103 k8s-master-03
172.17.47.103 k8s-api-server
# 172.17.47.104
172.17.47.104 k8s-node-01
172.17.47.60 k8s-api-server
# 172.17.47.105
172.17.47.105 k8s-node-02
172.17.47.60 k8s-api-server
注:阿里SLB不能由本机访问通过负载均衡再访问本机地址,故在配置上做了一些特殊处理。work(node)都使用SLB,其它的master 使用IP映射本机IP访问(此处为阿里SLB坑)
关闭 SELINUX
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
关闭swap分区
[[email protected] ~]# swapoff -a
[[email protected] ~]#
## vim /etc/fstab 注释如下语句,注意:centos-swap 可能不一样,如:rhel-swap
/dev/mapper/centos-swap swap swap defaults 0 0
基础应用安装
yum install -y kubelet-1.18.18-0.x86_64 kubeadm-1.18.18-0.x86_64 kubectl-1.18.18-0.x86_64 kubernetes-cni-0.8.7-0.x86_64
安装docker
# 安装依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
# 下载阿里源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce-19.03.15-3.el7 docker-ce-cli-19.03.15-3.el7
2、下载镜像&&加载镜像
[[email protected] ~]# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.18.18
k8s.gcr.io/kube-controller-manager:v1.18.18
k8s.gcr.io/kube-scheduler:v1.18.18
k8s.gcr.io/kube-proxy:v1.18.18
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.7
3、安装k8s-master
生成默认配置
kubeadm config print init-defaults > kubeadm-init.yaml
kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 172.17.47.101 # 主机IP
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master-01 #主机名
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
# local:
# dataDir: /var/lib/etcd
external:
endpoints:
- https://172.17.47.101:2379
- https://172.17.47.102:2379
- https://172.17.47.103:2379
caFile: /etc/kubernetes/pki/etcd/ca.pem #搭建etcd集群时生成的ca证书
certFile: /etc/kubernetes/pki/apiserver-etcd-client.pem #搭建etcd集群时生成的客户端证书
keyFile: /etc/kubernetes/pki/apiserver-etcd-client-key.pem #搭建etcd集群时生成的客户端密钥
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers # 阿里云加速网址可换其它
kind: ClusterConfiguration
kubernetesVersion: v1.18.18
controlPlaneEndpoint: k8s-api-server # vip地址
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.1.0.0/24
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
将etcd 下的证书文件保存到指定目录 (ETCD安装查看ETCD安装文档)
mkdir -p /etc/kubernetes/pki/etcd/
cp /opt/etcd/ssl/ca.pem /etc/kubernetes/pki/etcd/
cp /opt/etcd/ssl/server.pem /etc/kubernetes/pki/apiserver-etcd-client.pem
cp /opt/etcd/ssl/server-key.pem /etc/kubernetes/pki/apiserver-etcd-client-key.pem
初始化
kubeadm init --config=kubeadm-init.yaml
添加配置(待初始化完成后)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
配置flannel
kubectl apply -f kube-flannel.yaml
验证
[[email protected] bin]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master-01 Ready master 1m v1.18.18
添加k8s-master-02、k8s-master-03
1)、修改hosts映射(此处很重要)
# vim /etc/hosts
172.17.47.101k8s-api-server
# 注:在接入后,重新修改为本机地址
2)、 将k8s-master-01证书传输到 master-02、master-03服务器中
scp /etc/kubernetes/pki/ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/ca.key [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.pub [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.key [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/ca.key [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/sa.pub [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.crt [email protected]:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/front-proxy-ca.key [email protected]:/etc/kubernetes/pki/
3)、创建k8s-master-02、k8s-master-03
# 此处在master 初始化完成后会生成使用即可
kubeadm join k8s-api-server:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:6997d9c13cf7d9f108b2a6c8b3ce8d0838fa9ed9fda7a14e3513b3e4bd123456 \
--control-plane
验证
[[email protected] bin]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master-01 Ready master 45h v1.18.18
k8s-master-02 Ready master 45h v1.18.18
k8s-master-03 Ready master 45h v1.18.18
4、配置SLB
SLB(6443)->ECS(6443)
SLB指定:172.17.47.101:6443、172.17.47.102:6443、172.17.47.103:6443
三、部署k8s-node
1、修改配置
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
2、初始化
kubeadm join k8s-api-server:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:6997d9c13cf7d9f108b2a6c8b3ce8d0838fa9ed9fda7a14e3513b3e4bd123456
3、传flannel网络配置
scp -r /etc/cni/ [email protected]:/etc/
scp -r /etc/cni/ [email protected]:/etc/
4、验证
[[email protected] bin]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master-01 Ready master 45h v1.18.18
k8s-master-02 Ready master 45h v1.18.18
k8s-master-03 Ready master 45h v1.18.18
k8s-node-01 Ready <none> 43h v1.18.18
k8s-node-02 Ready <none> 43h v1.18.18