Kuebernetes 群集基于 Docker 部署

实验报告

资源列表

主机	操作系统	IP	配置
master	CentOS7	192.168.72.131	2C4G
node1	CentOS7	192.168.72.132	2C4G
node2	CentOS7	192.168.72.133	2C4G

基础环境

• 所有环境都要操作
• 关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

• 关闭内核安全机制

setenforce 0
sed -i "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config

• 关闭 swap

[root@master ~]# free -htotal        used        free      shared  buff/cache   available
Mem:           3.7G        154M        3.4G         11M        126M        3.3G
Swap:          3.9G          0B        3.9G# 临时关闭
swapoff -a  
# 永久关闭
sed -i 's/.*swap.*/#&/g' /etc/fstab    [root@master ~]# free -htotal        used        free      shared  buff/cache   available
Mem:           3.7G        152M        3.4G         11M        127M        3.4G
Swap:            0B          0B          0B

• 修改主机名

hostnamectl set-hostname master
hostnamectl set-hostname node1
hostnamectl set-hostname node2

• CentOS7已经停止维护了，这里我用的是华为源

# 阿里
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# 网易
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
# 华为
curl -o /etc/yum.repos.d/CentOS-Base.repo https://repo.huaweicloud.com/repository/conf/CentOS-7-anon.repo

• 添加 hosts 解析

cat >> /etc/hosts << EOF
192.168.72.131 master
192.168.72.132 node1
192.168.72.133 node2
EOF

• 时间同步

yum -y install chrony
systemctl enable chronyd --now
systemctl restart chronyd
chronyc sources -v

• 桥接的 IPv4 流量传递到 iptables 的链

modprobe overlay
modprobe br_netfiltercat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system

一、准备 Docker

• 所有节点都要操作

1、安装 Docker

1.方案一
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce2.方案二
# 上传软件包 docker-ce-24.0.7.rpm.tar.gz 
tar zxf docker-ce-24.0.7.rpm.tar.gz 
cd docker-ce-24.0.7.rpm
yum -y localinstall *# 启动服务
systemctl start docker
systemctl enable docker

2、配置 Docker

# 设置驱动
cat > /etc/docker/daemon.json << EOF
{"exec-opts": ["native.cgroupdriver=systemd"],"registry-mirrors": ["https://cf-workers-docker-io-8jv.pages.dev"]
}
EOF
systemctl daemon-reload
systemctl restart docker

二、安装 Kubeadm 工具

• 所有节点都要操作

1、配置 yum 源

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2、安装 Kubeadm 工具

# 这里指定了版本号，若需要其他版本的可自行更改
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
systemctl enable kubelet

三、初始化 Master 节点

• Master 节点操作即可

[root@master ~]# ls
anaconda-ks.cfg  kubernetes_images_1.23.tar.gz
[root@master ~]# docker load < kubernetes_images_1.23.tar.gz# --apiserver-advertise-address指定当前节点的IP
# --kubernetes-version指定版本号要与安装的版本一致
kubeadm init \--apiserver-advertise-address=192.168.72.131 \--image-repository registry.aliyuncs.com/google_containers \--kubernetes-version v1.23.0 \--service-cidr=10.1.0.0/16 \--pod-network-cidr=10.244.0.0/16

1、配置 Master 节点

# 初始化成功以后要根据提示执行以下3条命令，才可以操作集群mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config

2、常见故障

# 如果kubelet报以下错误可以尝试执行yum -y install systemd把systemd更新一下
11月 24 16:39:53 master kubelet[24746]: E1124 16:39:53.511808   24746 node_container_manager_linux.go:61] "Failed to create cgroup" err="Cannot set property TasksAccounting, or unknown property." cgroupName=[kubepods]
11月 24 16:39:53 master kubelet[24746]: E1124 16:39:53.511848   24746 kubelet.go:1431] "Failed to start ContainerManager" err="Cannot set property TasksAccounting, or unknown property."# 如果第一次初始化没有成功，可以使用kubeadm reset重置一下

四、Node 节点加入集群

• 所有 Node 节点操作

# 在master节点初始化的时候返回信息中最后的命令就是node节点加入集群的命令，将该命令复制到node节点执行即可
kubeadm join 192.168.72.131:6443 --token t91n8f.7nk8h1hayi0sqf8h \--discovery-token-ca-cert-hash sha256:6a4340629b2333076a33ff1942e95641179247ae6f4cc6c56539241eaead49a3# 如果加入集群的命令找不到了可以在master节点生成一个
[root@master ~]# kubeadm token create --print-join-command

五、部署网络插件（CNI）

• Master 节点操作

# 上传 kube-flannel.yaml
[root@master ~]# kubectl apply -f kube-flannel.yaml
namespace/kube-flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created

六、验证

1、查看节点状态

[root@master ~]# kubectl get node
NAME     STATUS   ROLES                  AGE     VERSION
master   Ready    control-plane,master   14m     v1.23.0
node1    Ready    <none>                 7m36s   v1.23.0
node2    Ready    <none>                 7m34s   v1.23.0

2、查看集群组件状态

[root@master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE                         ERROR
controller-manager   Healthy   ok                              
etcd-0               Healthy   {"health":"true","reason":""}   
scheduler            Healthy   ok       

3、查看集群中所有命名空间下的 Pod

[root@master ~]# kubectl get pod -A
NAMESPACE      NAME                             READY   STATUS    RESTARTS   AGE
kube-flannel   kube-flannel-ds-thq5p            1/1     Running   0          2m12s
kube-flannel   kube-flannel-ds-vx8jd            1/1     Running   0          2m12s
kube-flannel   kube-flannel-ds-wqsm6            1/1     Running   0          2m12s
kube-system    coredns-6d8c4cb4d-5fwct          1/1     Running   0          14m
kube-system    coredns-6d8c4cb4d-jph5p          1/1     Running   0          14m
kube-system    etcd-master                      1/1     Running   0          14m
kube-system    kube-apiserver-master            1/1     Running   0          14m
kube-system    kube-controller-manager-master   1/1     Running   0          14m
kube-system    kube-proxy-5zwhr                 1/1     Running   0          7m34s
kube-system    kube-proxy-6ntkf                 1/1     Running   0          14m
kube-system    kube-proxy-psgx4                 1/1     Running   0          7m32s
kube-system    kube-scheduler-master            1/1     Running   0          14m