赞
踩
主机名 | IP地址 | 角色 |
---|---|---|
k8s-master | 192.168.16.134 | 主节点 |
node1 | 192.168.16.141 | 工作节点1 |
node2 | 192.168.16.140 | 工作结点2 |
1、关闭防火墙、selinux和交换分区
[root@k8s-master ~]# systemctl stop firewalld
[root@k8s-master ~]# setenforce 0
[root@k8s-master ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
[root@k8s-master ~]# swapoff -a
# 永久关闭,修改/etc/fstab,注释掉swap一行
2、修改hosts文件
[root@k8s-master ~]# vi /etc/hosts
# 添加
192.168.16.134 k8s-master
192.168.16.141 node1
192.168.16.140 node2
3、时间同步
[root@k8s-master ~]# yum install chrony -y
[root@k8s-master ~]# systemctl start chronyd
[root@k8s-master ~]# systemctl enable chronyd
[root@k8s-master ~]# chronyc sources
4、修改内核参数
[root@k8s-master ~]# vi /etc/sysctl.d/k8s.conf
# 添加
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@k8s-master ~]# sysctl --system
5、安装docker
# 修改docker的yum源为阿里源
[root@k8s-master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
[root@k8s-master ~]# yum install -y docker-ce
[root@k8s-master ~]# docker --version
Docker version 20.10.2, build 2291f61
[root@k8s-master ~]# systemctl enable docker
[root@k8s-master ~]# systemctl start docker
6、配置docker加速并修改驱动
root@k8s-master ~]# vi /etc/docker/daemon.json # 添加 { "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": [ "https://1nj0zren.mirror.aliyuncs.com", "https://kfwkfulq.mirror.aliyuncs.com", "https://2lqq34jg.mirror.aliyuncs.com", "https://pee6w651.mirror.aliyuncs.com", "http://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn", "http://f1361db2.m.daocloud.io", "https://registry.docker-cn.com" ] } [root@k8s-master ~]# systemctl restart docker [root@k8s-master ~]# docker info | grep "Cgroup Driver" Cgroup Driver: systemd
7、安装kubenetes
[root@k8s-master ~]# vi /etc/yum.repos.d/kubernetes.repo # 添加 [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg # 安装kubelet kubeadm kubectl组件 [root@k8s-master ~]# yum -y install kubelet kubeadm kubectl [root@k8s-master ~]# kubelet --version Kubernetes v1.20.1 [root@k8s-master ~]# systemctl start kubelet [root@k8s-master ~]# export KUBECONFIG=/etc/kubernetes/admin.conf # 初始化kubenetes [root@k8s-master ~]# kubeadm init --image-repository=registry.aliyuncs.com/google_containers # 配置kubectl与kube-apiserver交互 [root@k8s-master ~]# mkdir -p $HOME/.kube [root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config # 安装网络组件 [root@k8s-master ~]# wget https://docs.projectcalico.org/v3.14/manifests/calico.yaml [root@k8s-master ~]# kubectl apply -f calico.yaml # 查看节点状态 [root@k8s-master ~]# kubectl get nodes
# 查看组件状态
[root@k8s-master ~]# kubectl get cs
# 如果显示为unHealthy状态,注释掉/etc/kubernetes/manifests下的kube-controller-manager.yaml和kube-scheduler.yaml的 -- port=0。
8、工作节点加入集群,工作节点同样需要关闭防火墙、swap分区,安装docker、kubenetes组件,不需要init操作
# 生成token
[root@k8s-master ~]# kubeadm token create
ngq3sd.0qx38uuare9u91zh
# 生成证书
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
9540ca794ce6b383c7d2202bd64614af5993371b5030b5746eb775a0bbbe662f
# 工作节点加入
[root@node1 ~]# kubeadm join 192.168.16.134:6443 --token ngq3sd.0qx38uuare9u91zh --discovery-token-ca-cert-hash sha256:9540ca794ce6b383c7d2202bd64614af5993371b5030b5746eb775a0bbbe662f
# 查看节点状态,如果是NotReady,请等待几分钟加载
[root@k8s-master ~]# kubectl get nodes
# 查看pod的状态
[root@k8s-master ~]# kubectl get pods -A
使用master节点部署安装
下载istio安装文件
[root@k8s-master ~]# curl -L https://istio.io/downloadIstio | sh -
如果速度太慢可以使用迅雷访问https://github.com/istio/istio/releases/download/1.8.1/istio-1.8.1-linux-amd64.tar.gz 下载下列tar包
istio-1.8.1-linux-amd64.tar.gz
[root@k8s-master ~]# tar -zxvf istio-1.8.1-linux-amd64.tar.gz
[root@k8s-master ~]# cd istio-1.8.1 [root@k8s-master ~]# export PATH=$PWD/bin:$PATH [root@k8s-master ~]# istioctl install --set profile=demo -y ✔ Istio core installed ✔ Istiod installed ✔ Egress gateways installed ✔ Ingress gateways installed ✔ Installation complete [root@k8s-master ~]# kubectl label namespace default istio-injection=enabled namespace/default labeled [root@k8s-master ~]# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml service/details created serviceaccount/bookinfo-details created deployment.apps/details-v1 created service/ratings created serviceaccount/bookinfo-ratings created deployment.apps/ratings-v1 created service/reviews created serviceaccount/bookinfo-reviews created deployment.apps/reviews-v1 created deployment.apps/reviews-v2 created deployment.apps/reviews-v3 created service/productpage created serviceaccount/bookinfo-productpage created deployment.apps/productpage-v1 created [root@k8s-master ~]# kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE details ClusterIP 10.0.0.212 <none> 9080/TCP 29s kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 25m productpage ClusterIP 10.0.0.57 <none> 9080/TCP 28s ratings ClusterIP 10.0.0.33 <none> 9080/TCP 29s reviews ClusterIP 10.0.0.28 <none> 9080/TCP 29s [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE details-v1-558b8b4b76-2llld 2/2 Running 0 2m41s productpage-v1-6987489c74-lpkgl 2/2 Running 0 2m40s ratings-v1-7dc98c7588-vzftc 2/2 Running 0 2m41s reviews-v1-7f99cc4496-gdxfn 2/2 Running 0 2m41s reviews-v2-7d79d5bd5d-8zzqd 2/2 Running 0 2m41s reviews-v3-7dbcdcbc56-m8dph 2/2 Running 0 2m41s [root@k8s-master ~]# kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -s productpage:9080/productpage | grep -o "<title>.*</title>" <title>Simple Bookstore App</title> [root@k8s-master ~]# kubectl get svc istio-ingressgateway -n istio-system
# 当使用的环境没有外部负载均衡器时使用下列指令,否则查看官方文档 https://istio.io/latest/docs/setup/getting-started/ [root@k8s-master ~]# export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}') [root@k8s-master ~]# export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}') [root@k8s-master ~]# export INGRESS_HOST=$(kubectl get po -l istio=ingressgateway -n istio-system -o jsonpath='{.items[0].status.hostIP}') # 设置网关URL [root@k8s-master ~]# export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT [root@k8s-master ~]# echo "$GATEWAY_URL" 192.168.16.141:31679 # 使用浏览器访问输出的URL [root@k8s-master ~]# echo "http://$GATEWAY_URL/productpage" http://192.168.16.141:31679/productpage
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。