Yum 部署K8S集群

1、准备环境（温馨提示：尽量一次完成集群）

2.安装master节点

3、安装k8s-master上的node

4、安装配置k8s-node1节点

5、安装k8s-node2节点

6、为所有node节点配置flannel网络

7、配置docker开启加载防火墙规则允许转发数据

一. 环境搭建

1、准备环境（温馨提示：尽量一次完成集群）

集群很容易断网

1) 计算机说明，建议系统版本7.4或者7.6

主机名	IP地址	角色	硬件
k8s-master	192.168.50.53	master+node	Etcd、apiserver、controlor-manager、scheduler、kube-proxy、docker、registry
k8s-node1	192.168.50.50	node	Kubletel、kube-proxy、docker
k8s-node2	192.168.50.51	node	Kubletel、kube-proxy、docker

2) 修改主机的计算机名设置host文件

[root@localhost ~]# hostname k8s-master

[root@localhost ~]# bash

[root@k8s-master ~]# vim /etc/hosts

192.168.50.53 k8s-master
192.168.50.50 k8s-node1
192.168.50.51 k8s-node2
~

[root@k8s-master ~]# scp /etc/hosts 192.168.50.51:/etc

[root@k8s-master ~]# scp /etc/hosts 192.168.50.50:/etc

2.安装master节点

1）安装etcd配置etcd

[root@k8s-master ~]# yum -y install etcd

[root@k8s-master ~]# cp /etc/etcd/etcd.conf /etc/etcd/etcd.conf.bak

[root@k8s-master ~]# vim /etc/etcd/etcd.conf

6 ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"

21 ETCD_ADVERTISE_CLIENT_URLS="http://192.168.50.53:2379"

[root@k8s-master ~]# systemctl start etcd

[root@k8s-master ~]# systemctl enable etcd

Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.

2）安装k8s-master节点

[root@k8s-master ~]# yum -y install kubernetes-master.x86_64

3）配置apiserver

[root@k8s-master ~]# vim /etc/kubernetes/apiserver

  1 ###

  2 # kubernetes system config

  3 #

  4 # The following values are used to configure the kube-apiserver

  5 #

  6

  7 # The address on the local server to listen to.

  8 KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

  9

10 # The port on the local server to listen on.

11 KUBE_API_PORT="--port=8080"

12

13 # Port minions listen on

14 KUBELET_PORT="--kubelet-port=10250"

15

16 # Comma separated list of nodes in the etcd cluster

17 KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.50.53:2379"

18

19 # Address range to use for services

20 KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

21

22 # default admission control policies

23KUBE_ADMISSION_CONTROL="admissioncontrol=NamespaceLifecycle,NamespaceExists,LimitRanger,Security    ContextDeny,ResourceQuota"

24

25 # Add your own!

26 KUBE_API_ARGS=""

4）配置controller和scheduler

[root@k8s-master ~]# vim /etc/kubernetes/config

22 KUBE_MASTER="--master=http://192.168.50.53:8080"

启动k8s服务

[root@k8s-master ~]# systemctl start kube-apiserver.service

[root@k8s-master ~]# systemctl start kube-controller-manager.service

[root@k8s-master ~]# systemctl start kube-scheduler.service

[root@k8s-master ~]# systemctl enable kube-apiserver.service

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.

[root@k8s-master ~]# systemctl enable kube-controller-manager.service

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.

[root@k8s-master ~]# systemctl enable kube-scheduler.server

Failed to execute operation: No such file or directory

[root@k8s-master ~]# systemctl enable kube-scheduler.service

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.

检查节点是否监控

[root@k8s-master ~]# kubectl get componentstatus

NAME                 STATUS    MESSAGE             ERROR

etcd-0               Healthy   {"health":"true"}

controller-manager   Healthy   ok

scheduler            Healthy   ok

3、安装k8s-master上的node

1）安装node

[root@k8s-master ~]# yum -y install kubernetes node.x86_64

2）配置kubelet

[root@k8s-master ~]# vim /etc/kubernetes/kubelet

5 KUBELET_ADDRESS="--address=192.168.50.53"

11 KUBELET_HOSTNAME="--hostname-override=k8s-master"

14 KUBELET_API_SERVER="--api-servers=http://192.168.50.53:8080"

3）启动kubelet启动自动启动docker服务

[root@k8s-master ~]# systemctl start kubelet

[root@k8s-master ~]# systemctl enable kubelet

Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

4）启动kubelet-proxy

[root@k8s-master ~]# systemctl start kube-proxy

[root@k8s-master ~]# systemctl enable kube-proxy

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

5）检查node节点

[root@k8s-master ~]# kubectl get nodes

NAME STATUS AGE

k8s-master Ready 1m

4、安装配置k8s-node1节点

1）安装node

[root@k8s-node1 ~]# yum -y install kubernetes node.x86_64

2）node1连接k8s-master

[root@k8s-node1 ~]# vim /etc/kubernetes/config

22 KUBE_MASTER="--master=http://192.168.50.53:8080"

3）配置kubelet

[root@k8s-node1 ~]# vim /etc/kubernetes/kubelet

5 KUBELET_ADDRESS="--address=192.168.50.50"

11 KUBELET_HOSTNAME="--hostname-override=k8s-node1"

14 KUBELET_API_SERVER="--api-servers=http://192.168.50.53:8080"

4）启动服务

[root@k8s-node1 ~]# systemctl start kubelet

[root@k8s-node1 ~]# systemctl start kube-proxy

[root@k8s-node1 ~]# systemctl enable kubelet

Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

[root@k8s-node1 ~]# systemctl enable kube-proxy

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

5）在master节点检测node节点状态

[root@k8s-master ~]# kubectl get nodes

NAME         STATUS    AGE

k8s-master   Ready     13m

k8s-node1    Ready     1m

5、安装k8s-node2节点

1）安装node

[root@k8s-node2 ~]# yum -y install kubernetes node.x86_64

2）node1连接k8s-master

[root@k8s-node2 ~]# vim /etc/kubernetes/config

22 KUBE_MASTER="--master=http://192.168.50.53:8080"

3）配置kubelet

[root@k8s-node2 ~]# vim /etc/kubernetes/kubelet

5 KUBELET_ADDRESS="--address=192.168.50.51"

11 KUBELET_HOSTNAME="--hostname-override=k8s-node2"

14 KUBELET_API_SERVER="--api-servers=http://192.168.50.53:8080"

4）启动服务

[root@k8s-node2 ~]# systemctl start kubelet

[root@k8s-node2 ~]# systemctl start kube-proxy

[root@k8s-node2 ~]# systemctl enable kubelet

Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

[root@k8s-node2 ~]# systemctl enable kube-proxy

Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

5）在master节点检测node节点状态

[root@k8s-master ~]# kubectl get nodes

NAME         STATUS    AGE

k8s-master   Ready     19m

k8s-node1    Ready     7m

k8s-node2    Ready     1m

6、为所有node节点配置flannel网络

1）在k8s-master节点安装flannel

[root@k8s-master ~]# yum -y install flannel -y

[root@k8s-master ~]# vim /etc/sysconfig/flanneld

4 FLANNEL_ETCD_ENDPOINTS="http://192.168.50.53:2379"

[root@k8s-master ~]# etcdctl set /atomic.io/network/config '{"Network":"172.16.0.0/16"}'

{"Network":"172.16.0.0/16"} //查看多一个网络

[root@k8s-master ~]# systemctl start flanneld //重新启动docker服务和flannel网络一至

[root@k8s-master ~]# systemctl enable flanneld

Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

[root@k8s-master ~]# ifconfig //查看多一个网络

flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472

        inet 172.16.48.0 netmask 255.255.0.0 destination 172.16.48.0

        inet6 fe80::4fff:f857:41f4:3894 prefixlen 64 scopeid 0x20<link>

        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)

        RX packets 0 bytes 0 (0.0 B)

        RX errors 0 dropped 0 overruns 0 frame 0

        TX packets 3 bytes 144 (144.0 B)

        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@k8s-master ~]# systemctl restart docker

sys[root@k8s-master ~]# systemctl enable docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

[root@k8s-master ~]# ifconfig

docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500

        inet 172.16.48.1 netmask 255.255.255.0 broadcast 0.0.0.0

        ether 02:42:87:58:2f:59 txqueuelen 0 (Ethernet)

        RX packets 0 bytes 0 (0.0 B)

        RX errors 0 dropped 0 overruns 0 frame 0

        TX packets 0 bytes 0 (0.0 B)

        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

2）配置node1节点flannel网络

[root@k8s-node1 ~]# yum -y install flannel -y

[root@k8s-node1 ~]# vim /etc/sysconfig/flanneld

4 FLANNEL_ETCD_ENDPOINTS="http://192.168.50.53:2379"

[root@k8s-node1 ~]# systemctl start flanneld

[root@k8s-node1 ~]# systemctl enable flanneld

Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

[root@k8s-node1 ~]# systemctl restart docker

[root@k8s-node1 ~]# systemctl enable docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

3）安装node2节点flannel网络

[root@k8s-node2 ~]# yum -y install flannel -y

[root@k8s-node2 ~]# vim /etc/sysconfig/flanneld

4 FLANNEL_ETCD_ENDPOINTS="http://192.168.50.53:2379"

[root@k8s-node2 ~]# systemctl start flanneld

[root@k8s-node2 ~]# systemctl enable flanneld

Created symlink from /etc/systemd/system/multi-user.target.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

Created symlink from /etc/systemd/system/docker.service.wants/flanneld.service to /usr/lib/systemd/system/flanneld.service.

[root@k8s-node2 ~]# systemctl restart docker

sy[root@k8s-node2 ~]# systemctl enable docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

master查看

[root@k8s-master ~]# kubectl get nodes

NAME         STATUS    AGE

k8s-master   Ready     35m

k8s-node1    Ready     23m

k8s-node2    Ready     17m

4）测试docker容器跨宿主机通信

[root@k8s-master ~]# iptables -P FORWARD ACCEPT

[root@k8s-master ~]#

[root@k8s-node1 ~]# iptables -P FORWARD ACCEPT

[root@k8s-node1 ~]#

[root@k8s-node2 ~]# iptables -P FORWARD ACCEPT

[root@k8s-node2 ~]#

iptables -P FORWARD ACCEPT: 这个命令将iptables的FORWARD链的默认策略设置为ACCEPT（接受）。iptables是Linux上的防火墙工具，它可以用来设置网络规则和过滤器。

-P FORWARD: 指定要更改的链是FORWARD链，这个链控制通过Linux主机的转发流量

ACCEPT: 设置为接受（允许）转发流量，默认情况下，FORWARD链的默认策略是DROP（拒绝）。

#: 这是Linux命令行中用于表示注释的符号。在这个上下文中，#后面的内容被视为注释，不会被执行。

这意味着iptables的FORWARD链的默认策略已被成功更改为接受（ACCEPT），允许通过Linux主机的转发流量。

7、配置docker开启加载防火墙规则允许转发数据

1）配置k8s-master节点

[root@k8s-master ~]# vim /usr/lib/systemd/system/docker.service

1 [Unit]

  2 Description=Docker Application Container Engine

  3 Documentation=http://docs.docker.com

  4 After=network.target

  5 Wants=docker-storage-setup.service

  6 Requires=docker-cleanup.timer

  7

  8 [Service]

  9 Type=notify

10 NotifyAccess=main

11 EnvironmentFile=-/run/containers/registries.conf

12 EnvironmentFile=-/etc/sysconfig/docker

13 EnvironmentFile=-/etc/sysconfig/docker-storage

14 EnvironmentFile=-/etc/sysconfig/docker-network

15 Environment=GOTRACEBACK=crash

16 Environment=DOCKER_HTTP_HOST_COMPAT=1

17 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin

18 ExecStartPort=/usr/sbin/iptables -P FORWARD ACCEPT       添加这一行

19 ExecStart=/usr/bin/dockerd-current \

[root@k8s-master ~]# systemctl daemon-reload

[root@k8s-master ~]# systemctl restart docker

2）配置k8s-node1节点

[root@k8s-node1 ~]# vim /usr/lib/systemd/system/docker.service

18 ExecStartPort=/usr/sbin/iptables -P FORWARD ACCEPT

[root@k8s-node1 ~]# systemctl daemon-reload

[root@k8s-node1 ~]# systemctl restart docker

3）配置k8s-node2节点

[root@k8s-node2 ~]# vim /usr/lib/systemd/system/docker.service

18 ExecStartPort=/usr/sbin/iptables -P FORWARD ACCEPT

[root@k8s-node2 ~]# systemctl daemon-reload

[root@k8s-node2 ~]# systemctl restart docker