本文将介绍通过kubeadm部署K8s集群的详细过程,且通过两个mater节点实现K8s集群的高可用。
  本次演示使用 k8s 官方提供的部署工具 kubeadm 自动安装, 需要在 master 和 node 节点上安装 docker 等组件, 然后初始化, 把管理端的控制服务和 node 上的服务都以pod 的方式运行。

  架构结构示意图如下路所示
K8s架构
  环境搭建(master及node节点均为ubuntu1804):
  master1:192.168.32.18
  master2:192.168.32.19
  harbor:192.168.32.20
  node1:192.168.32.21
  node2:192.168.32.22
  需要禁用 swap, selinux, iptables。

swapoff -a

搭建master节点

安装keepalived

  可以通过apt快速安装或者源码编译,下面以apt包管理工具安装为例

apt update
apt install keepalived -y
cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf

  然后修改配置文件,实例如下

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    garp_master_delay 10
    smtp_alert
    virtual_router_id 32
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        # optional label. should be of the form "realdev:sometext" for
        # compatibility with ifconfig.
        172.18.32.250 label eth0:1
    }
}

  另一个节点也安装keepalived,然后测试VIP是否可以漂移成功。

安装 docker

  在主节点上先安装docker,详细可参考之前文章
  可以通过阿里云镜像,使用脚本来安装vim docker1806.sh

#!/bin/bash
# step 1: 安装必要的一些系统工具
apt-get update
apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
apt-get -y update
apt-get -y install docker-ce=18.06.0~ce~3-0~ubuntu

# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# apt-cache madison docker-ce
#   docker-ce | 17.03.1~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
#   docker-ce | 17.03.0~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
# Step 2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.1~ce-0~ubuntu-xenial)
# sudo apt-get -y install docker-ce=[VERSION]
bash docker1806.sh

配置阿里加速器

vim /etc/docker/daemon.json
{
        "registry-mirrors": ["https://360k4x9i.mirror.aliyuncs.com","https://registry.docker-cn.com"],
        "insecure-registries": ["https://harbor.local.com"],
        "bip": "10.20.0.1/24"
}

安装kubeadm

  先配置k8s的镜像源,并安装kubeadm

curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 

 cat  >/etc/apt/sources.list.d/kubernetes.list <<EOF
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF

apt-get update
apt install kubeadm=1.16.1-00 kubectl=1.16.1-00 kubelet=1.16.1-00
systemctl start kubelet && systemctl enable kubelet

安装K8s

  因为默认使用的是google的镜像仓库,国内是连接不上的,所以我们最好提前下载好镜像。本次演示安装版本为kubernetes v1.16.1
  先查看需要下载的镜像及版本
kubeadm config images list --kubernetes-version v1.16.1

k8s.gcr.io/kube-apiserver:v1.16.1
k8s.gcr.io/kube-controller-manager:v1.16.1
k8s.gcr.io/kube-scheduler:v1.16.1
k8s.gcr.io/kube-proxy:v1.16.1
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2

  我们先去阿里云镜像仓库提前下载好镜像,可以通过快速实现.。如果有harbor服务器,可以先上传到本地harbor。

#!/bin/bash
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2

master 初始化

  因为我们打算做master的高可用。所以我们在master初始化时,要加选项--control-plane-endpoint=172.18.32.250指定``VIP`。只需在一个master节点上做初始化即可。

kubeadm init \
--apiserver-advertise-address=172.18.32.18 \
--control-plane-endpoint=172.18.32.250 \
--apiserver-bind-port=6443 \
--kubernetes-version=v1.16.1 \
--pod-network-cidr=10.10.0.0/16 \
--service-cidr=10.20.0.0/16 \
--service-dns-domain=k8s.local \
--image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
--ignore-preflight-errors=swap 

  也可以基于yaml文件而不是用命令行命令来进行初始化。可以使用命令kubeadm init --config kubeadm-init.yaml ,基于文件初始化。
  kubeadm config print init-defaults 输出默认初始化配置
  kubeadm config print init-defaults > kubeadm-init.yaml 将默认配置输出至文件

root@k8s-master1:~# cat kubeadm-init.yaml #修改后的初始化文件内容

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 172.18.32.18
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master1.k8s.local
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: 172.18.32.250:6443 #添加基于 VIP 的 Endpoint
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.16.1
networking:
dnsDomain: k8s.local
podSubnet: 10.10.0.0/16
serviceSubnet: 10.20.0.0/16
scheduler: {}

  初始化成功,记录下来--token--discovery-token-ca-cert-hash,,之后加入其他节点时需要用到。
  如果初始化失败了需要 使用命令kubeadm reset可以清除已有容器数据以便重新安装,PS:此命令如果在安装完成后使用会清除已创建的k8s集群。

配置kube证书

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

配置网卡

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml

加入其他节点

  其他三台k8s节点也要安装docker及k8s,可以通过脚本快速实现

vim node.sh

#!/bin/bash
# step 1: 安装必要的一些系统工具
apt-get update
apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
apt-get -y update
apt-get -y install docker-ce=18.06.0~ce~3-0~ubuntu

cat > /etc/docker/daemon.json << EOF
{
        "registry-mirrors": ["https://360k4x9i.mirror.aliyuncs.com","https://registry.docker-cn.com"],
        "insecure-registries": ["https://harbor.local.com"],
        "bip": "10.20.0.1/24"
}
EOF

curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 

cat  >/etc/apt/sources.list.d/kubernetes.list <<EOF
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

EOF

apt-get update

apt install kubeadm=1.16.1-00 kubectl=1.16.1-00 kubelet=1.16.1-00 -y
systemctl start kubelet && systemctl enable kubelet

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.16.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.16.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.16.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.16.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.3.15-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.2

systemctl enable --now docker kubelet

  当前 maste 生成证书用于添加新控制节点:

kubeadm init phase upload-certs --upload-certs

  得到--certificate-key的值,也要记录下来。
  之后想加入哪个节点,就在哪个节点上操作。先加入另一个master节点。

kubeadm join 172.18.32.250:6443 --token 89beqy.13jxavbu7yz3187d \
--discovery-token-ca-cert-hash sha256:7388af4f1662805a844cce7c1371facb83f32dddb998370d11bfb41957fe75bf \
--certificate-key 3630d5719795c77e7071d77a206cc17078c912f9c3915e76e70bb26e75e26178 \
--control-plane

  再加入各个node节点,命令区别是少了--control-plane选项以及控制秘钥。

kubeadm join 172.18.32.250:6443 --token 89beqy.13jxavbu7yz3187d \
--discovery-token-ca-cert-hash sha256:7388af4f1662805a844cce7c1371facb83f32dddb998370d11bfb41957fe75bf

  之后通过命令,就可以看到4个主机都处于ready状态了。至此k8s集群的搭建就完成了。

kubectl get node

一个低调的男人