投稿
  1. 我是皮皮虾首页
  2. 网站部署

再来一次k8s部署

站长 网站部署

布局

master节点

192.168.0.11是vip节点不是实体机器

  1. 192.168.0.8 (keepalived master)
  2. 192.168.0.9
  3. 192.168.0.10

node节点

  1. 192.168.0.12
  2. 192.168.0.13

dns服务

我这里用的是ikuai,dns指向爱快192.168.10.1,如果要自建dns可以参考以前的文章,搜索bind9就行;配置所有机器

[root@k8s-master2 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search host.com
nameserver 192.168.10.1
nameserver 223.5.5.5

开始安装

  1. 先安装基础内容,可以看看之前的文章,安装完之后作为template机器
    1. 防火墙/docker
  2. 基于上面的模版机器,开启新的机器

master节点

# 设置hostname
hostnamectl set-hostname k8s-master1.host.com

# 修改ip
vi /etc/sysconfig/network-scripts/ifcfg-eth0
service network restart

# 安装keepalived
yum install keepalived -y

# 配置keepalived
[root@k8s-master-1 ~]# tee /etc/keepalived/check_port.sh << 'EOF'
#!/bin/bash
# keepalived 监控端口脚本
CHK_PORT=$1
if [ -n "$CHK_PORT" ];then
        PORT_PROCESS=`ss -lnt|grep $CHK_PORT |wc -l`
        if [ $PORT_PROCESS -eq 0 ];then
                echo "Port $CHK_PORT Is Not Used,End."
                exit 1
        fi
else
        echo "Check Port Cant Be Empty!"
fi
EOF

# 主keepalived配置,注意需要修改网卡名称ens33,查看自己的网卡名称:ip addr |grep "ens"
[root@k8s-master-1 ~]# tee /etc/keepalived/keepalived.conf << "EOF"
! Configuration File for keepalived
global_defs {
   router_id 192.168.0.8
}
vrrp_script chk_nginx {
    script "/etc/keepalived/check_port.sh 6443"
    interval 2
    weight -20
}
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 251
    priority 100
    advert_int 1
    mcast_src_ip 192.168.0.8
     nopreempt
   authentication {
        auth_type PASS
        auth_pass 11111111
    }
    track_script {
        chk_nginx
    }
    virtual_ipaddress {
        192.168.0.11
    }
}
EOF

# 启动kebelet 这个一定要加,因为部署二进制部署,所有的节点都需要kebelet去调度docker,不然重启了机器,docker不会自动拉去所有的doker
systemctl enable kubelet.service

# kubeadm 安装master,安装成功之后有加入master的代码和加入node节点的代码,注意区分
kubeadm init  --kubernetes-version=v1.22.3  \
--image-repository=registry.aliyuncs.com/google_containers \
--service-cidr=172.17.0.0/16 \
--pod-network-cidr=10.244.0.0/16 \
--upload-certs \
--control-plane-endpoint 192.168.0.11:6443

# 配置config
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装备master节点

# 设置hostname
hostnamectl set-hostname k8s-master2.host.com

# 修改ip
vi /etc/sysconfig/network-scripts/ifcfg-eth0
service network restart

# 安装keepalived
yum install keepalived -y

# 配置keepalived
tee /etc/keepalived/check_port.sh << 'EOF'
#!/bin/bash
# keepalived 监控端口脚本
CHK_PORT=$1
if [ -n "$CHK_PORT" ];then
        PORT_PROCESS=`ss -lnt|grep $CHK_PORT |wc -l`
        if [ $PORT_PROCESS -eq 0 ];then
                echo "Port $CHK_PORT Is Not Used,End."
                exit 1
        fi
else
        echo "Check Port Cant Be Empty!"
fi
EOF

# 配置keepalived
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
   router_id 192.168.0.10
}
vrrp_script chk_nginx {
    script "/etc/keepalived/check_port.sh 6443"
    interval 2
    weight -20
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 251
    priority 90
    advert_int 1
    mcast_src_ip 192.168.0.10
    nopreempt
    authentication {
        auth_type PASS
        auth_pass 11111111
    }
    track_script {
        chk_nginx
    }
    virtual_ipaddress {
        192.168.0.11
    }
}

# 启动
systemctl start keepalived && systemctl enable keepalived && systemctl status keepalived

# 启动kebelet 这个一定要加,因为部署二进制部署,所有的节点都需要kebelet去调度docker,不然重启了机器,docker不会自动拉去所有的doker
systemctl enable kubelet.service

# 加入master
kubeadm join 192.168.0.11:6443 --token dzhz5q.aaaaa \
	--discovery-token-ca-cert-hash sha256:xxxx\
	--control-plane --certificate-key yyyy

[root@k8s-master3 ~]# mkdir -p $HOME/.kube
[root@k8s-master3 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master3 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@k8s-master3 ~]# kubectl get nodes
NAME                   STATUS     ROLES                  AGE    VERSION
k8s-master1.host.com   NotReady   control-plane,master   89m    v1.22.3
k8s-master2.host.com   NotReady   control-plane,master   78m    v1.22.3
k8s-master3.host.com   NotReady   control-plane,master   114s   v1.22.3

安装node节点

# 设置hostname
hostnamectl set-hostname k8s-node1.host.com

# 修改ip
vi /etc/sysconfig/network-scripts/ifcfg-eth0
service network restart

# 启动kebelet
systemctl enable kubelet.service
# 加入集群
kubeadm join 192.168.0.11:6443 --token dzhz5q.hai470943hxem57x \
	--discovery-token-ca-cert-hash sha256:e196d4a0cb34ce34e291e8f11bdc8a15cebf7a05929830ee8d54f82a851d4f84
# 如果token过去可以手动生成
kubeadm join 192.168.0.11:6443 --token vntnea.ab55r6dgvgkrzr9w --discovery-token-ca-cert-hash sha256:e196d4a0cb34ce34e291e8f11bdc8a15cebf7a05929830ee8d54f82a851d4f84 
# 给node节点加上标签
kubectl label node k8s-node1.host.com node-role.kubernetes.io/node=node

安装网络插件

  • kubectl get nodes 可以看到这里的status状态都是NotReady,是因为它们网络不同,需要安装网络插件,才能使得容器跨主机通信
  • 在任意一台master节点或者有kubeconfig的机器上
# 安装flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 这里从init到running的状态需要20分钟的样子
[root@k8s-master2 ~]# kubectl get pods -A | grep flannel
kube-system   kube-flannel-ds-2pv9g                          0/1     Init:0/2   0             50s
kube-system   kube-flannel-ds-f4ltq                          0/1     Init:0/2   0             50s
kube-system   kube-flannel-ds-fdcpr                          0/1     Init:0/2   0             50s
kube-system   kube-flannel-ds-gvbtj                          0/1     Init:1/2   0             50s

[root@k8s-master2 ~]# k get nodes
NAME                   STATUS     ROLES                  AGE    VERSION
k8s-master1.host.com   Ready      control-plane,master   102m   v1.22.3
k8s-master2.host.com   Ready      control-plane,master   91m    v1.22.3
k8s-master3.host.com   Ready      control-plane,master   15m    v1.22.3
k8s-node1.host.com     Ready      node                   10m    v1.22.3
k8s-node2.host.com     Ready   node                   86s    v1.22.3

测试网络是否通了

[root@k8s-master2 ~]# kubectl run test1 -it --rm --image=busybox:1.28.3
If you don't see a command prompt, try pressing enter.
/ # nslookup kubernetes
Server:    172.17.0.10
Address 1: 172.17.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes
Address 1: 172.17.0.1 kubernetes.default.svc.cluster.local

部署nginx服务

[root@k8s-master2 ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@k8s-master2 ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@k8s-master2 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   172.17.0.1       <none>        443/TCP        105m
nginx        NodePort    172.17.246.106   <none>        80:31930/TCP   4s
# 下面的结果表示成功了
[root@k8s-master2 ~]# curl 172.17.246.106
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
# 也可以本地访问
http://192.168.0.8:31930/
http://192.168.0.9:31930/
http://192.168.0.10:31930/
http://192.168.0.11:31930/
http://192.168.0.12:31930/
http://192.168.0.14:31930/

安装kube-dashboard

[root@k8s-master2 ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
# 修改对外暴露端口,修改倒数第三行的样子,type:ClusterIP改为 type: NodePort
[root@homelab-0-11 ~]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
  type: NodePort
status:
  loadBalancer: {}
# 查看外部访问端口,这里为31544
[root@k8s-master2 ~]# kubectl get svc  -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   172.17.91.110   <none>        8000/TCP        38s
kubernetes-dashboard        NodePort    172.17.161.20   <none>        443:31544/TCP   39s
# 本地访问
https://192.168.0.12:31544/
https://192.168.0.14:31544/
# 获取token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

安装ingress

  • 默认的配置是deploymen的
# 下载yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/baremetal/deploy.yaml
# 修改文件名
mv deploy.yaml ingress-nginx-v1.1.0.yaml
# 修改镜像
[root@k8s-master2 tmp]# grep "image: *" deploy.yaml 
          image: k8s.gcr.io/ingress-nginx/controller:v1.0.5@sha256:55a1fcda5b7657c372515fe402c3e39ad93aa59f6e4378e82acd99912fe6028d
          image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
          image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
# 修改为下面的
[root@k8s-master2 ~]# grep "image: *" ingress-nginx-v1.1.0.yaml
          image: liangjw/ingress-nginx-controller:v1.1.0
          image: liangjw/kube-webhook-certgen:v1.1.1
          image: liangjw/kube-webhook-certgen:v1.1.1
[root@k8s-master2 tmp]# kubectl  apply -f ingress-nginx-v1.1.0.yaml 
# 下面表示安装成功
[root@k8s-master2 tmp]# kubectl get pods -n ingress-nginx -o wide --watch
NAME                                       READY   STATUS      RESTARTS   AGE   IP            NODE                   NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create--1-hkkcj    0/1     Completed   0          15m   10.244.3.46   k8s-node-11.host.com   <none>           <none>
ingress-nginx-admission-patch--1-kj6bc     0/1     Completed   1          15m   10.244.3.45   k8s-node-11.host.com   <none>           <none>
ingress-nginx-controller-6fb6b646f-jgttm   1/1     Running     0          15m   10.244.3.47   k8s-node-11.host.com   <none>           <none>
  • 修改deployment为daemonset
    • 建议您不要将Ingress服务部署到Master节点上,尽量选择Worker节点添加标签
    • 给node节点打上ingress标签:kubectl label node k8s-node1.host.com node-role.kubernetes.io/ingress=”true”
找到文件中deployment位置,修改如下
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: DaemonSet # 修改这里将deployment改为DaemonSet 
metadata:
  labels:
    helm.sh/chart: ingress-nginx-4.0.10
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 1.1.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/component: controller
  revisionHistoryLimit: 10
  minReadySeconds: 0
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/component: controller
    spec:
      serviceAccountName: nginx-ingress-serviceaccount # 增加
      nodeSelector: # 增加这个,可以固定部署到打了标签的node上面
        node-role.kubernetes.io/ingress: 'true' # 增加这个,可以固定部署到打了标签的node上面
      hostNetwork: true # 增加这个是必须的,不然访问ingress端口不是80和443
      dnsPolicy: ClusterFirst

测试ingress

  • 配置域名
再来一次k8s部署
  • 启动helloword服务
    • 参考这个文章 文末有内容

给dashboard配置ingress

  • 创建一个dash-ingress.yaml文件,内容如下即可,
  • 执行kubectl apply -f dash-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress  
metadata:
  name: k8s-dashboard-ingress
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: "nginx"
    # 开启use-regex,启用path的正则匹配
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
    # 默认为 true,启用 TLS 时,http请求会 308 重定向到https
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    # 默认为 http,开启后端服务使用 proxy_pass https://协议
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  tls:
    - hosts:
      - k8s.host.com
  rules:
  - host: "k8s.host.com"
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443

原创文章,作者:站长,如若转载,请注明出处:https://wsppx.cn/2551/%e7%bd%91%e7%ab%99%e9%83%a8%e7%bd%b2/

(0)
打赏 微信扫一扫 微信扫一扫
站长站长
0 0
« 上一篇 2022年5月6日 pm5:57
下一篇 » 2022年5月8日 am7:37

相关推荐

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注

记住昵称、邮箱和网址,下次评论免输入