kubeadm安装生产环境多master节点k8s高可用集群
作者:互联网
环境准备
三台虚拟机(所有节点做好host解析)
cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.128 k8s-node 10.0.0.129 k8s-master1 10.0.0.130 k8s-master2
kubeadm是工具,可以快速搭建集群,属于自动部署,简化部署操作。kubeadm适合需要经常部署k8s,或者对自动化要求比较高的场景下使用。
一、初始化安装k8s集群的实验环境 1. 修改网卡配置文件[root@k8s-node ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes NAME=eth0 DEVICE=eth0 ONBOOT=yes IPADDR=10.0.0.128 NETMASK=255.255.255.0 GATEWAY=10.0.0.254 DNS1=8.8.8.8
[root@k8s-master1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes NAME=eth0 DEVICE=eth0 ONBOOT=yes IPADDR=10.0.0.129 NETMASK=255.255.255.0 GATEWAY=10.0.0.254 DNS1=8.8.8.8
[root@k8s-master2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes NAME=eth0 DEVICE=eth0 ONBOOT=yes IPADDR=10.0.0.130 NETMASK=255.255.255.0 GATEWAY=10.0.0.254 DNS1=8.8.8.8
#修改配置文件之后需要重启网络服务才能使配置生效
systemctl restart network
2. 配置主机之间无密码登录
在k8s-node主机上操作:
[root@k8s-node ~]# ssh-keygen
[root@k8s-node ~]# ssh-copy-id k8s-master2
[root@k8s-node ~]# ssh-copy-id k8s-master1
在k8s-master1主机上操作:
[root@k8s-master1 ~]# ssh-keygen
[root@k8s-master1 ~]# ssh-copy-id k8s-master2
[root@k8s-master1 ~]# ssh-copy-id k8s-node
在k8s-master2主机上操作:
[root@k8s-master2 ~]# ssh-keygen
[root@k8s-master2 ~]# ssh-copy-id k8s-master1
[root@k8s-master2 ~]# ssh-copy-id k8s-node
或者用脚本实现
yum install -y sshpass ssh-keygen -f /root/.ssh/id_rsa -P '' export IP=:10.0.0.128 10.0.0.129 10.0.0.130" export SSHPASS=kvm-kvm@ECS for HOST in $IP;do sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $HOST; done
3. 关闭交换分区swap,提升性能
#临时关闭
[root@k8s-node ~]# swapoff -a [root@k8s-master1 ~]# swapoff -a [root@k8s-master2 ~]# swapoff -a
#永久关闭,注释swap挂载,给swap这行开头加一下注释
[root@k8s-node ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Thu Jul 21 04:56:59 2022 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=25df1604-f316-4d70-b007-e905a7ec9d55 /boot xfs defaults 0 0 #/dev/mapper/centos-swap swap swap defaults 0 0
[root@k8s-master1 ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Sun Jul 24 17:18:04 2022 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=ec12e2e1-faeb-432d-b5f6-2768a14c6e9c /boot xfs defaults 0 0 #/dev/mapper/centos-swap swap swap defaults 0 0
[root@k8s-master2 ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Sun Jul 24 17:18:04 2022 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 #/dev/mapper/centos-swap swap swap defaults 0 0
关闭swap分区的原因:
Swap是交换分区,如果机器内存不够,会使用swap分区,但是swap分区的性能较低,k8s设计的时候为了能提升性能,默认是不允许使用交换分区的。Kubeadm初始化的时候会检测swap是否关闭,如果没关闭,那就初始化失败。如果不想要关闭交换分区,安装k8s的时候可以指定--ignore-preflight-errors=Swap来解决
4. 修改机器内核参数
[root@k8s-master1 ~]# modprobe br_netfilter
[root@k8s-master1 ~]# cat > /etc/sysctl.d/k8s.conf <<EOF >net.bridge.bridge-nf-call-ip6tables = 1 >net.bridge.bridge-nf-call-iptables = 1 >net.ipv4.ip_forward = 1 >EOF
[root@k8s-master1 ~]# sysctl -p /etc/sysctl.d/k8s.conf
其他节点同理,相同的操作
要让Linux系统具有路由转发功能,需要配置一个Linux的内核参数net.ipv4.ip_forward。这个参数指定了Linux系统当前对路由转发功能的支持情况;其值为0时表示禁止进行IP转发;如果是1,则说明IP转发功能已经打开。
5. 关闭关闭firewalld防火墙,selinux
[root@k8s-master1 ~]# systemctl stop firewalld ; systemctl disable firewalld [root@k8s-master1 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config [root@k8s-master1 ~]# reboot [root@k8s-master1 ~]# getenforce
其他节点相同操作
6. 配置清华k8s源
[root@k8s-master1 ~]# cat /etc/yum.repos.d/kubernetes.repo [kubernetes] name=kubernetes baseurl=https://mirrors.tuna.tsinghua.edu.cn/kubernetes/yum/repos/kubernetes-el7-$basearch enabled=1
其他节点配置相同的源
7. 开启ipvs
[root@k8s-master1 ~]# cat /etc/sysconfig/modules/ipvs.modules
#!/bin/bash ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack" for kernel_module in ${ipvs_modules}; do /sbin/modinfo -F filename ${kernel_module} > /dev/null 2>&1 if [ 0 -eq 0 ]; then /sbin/modprobe ${kernel_module} fi done
[root@k8s-master1 ~]# bash /etc/sysconfig/modules/ipvs.modules
其他节点相理,做相同的操作
ipvs (IP Virtual Server) 实现了传输层负载均衡,ipvs运行在主机上,在真实服务器集群前充当负载均衡器。ipvs可以将基于TCP和UDP的服务请求转发到真实服务器上,并使真实服务器的服务在单个 IP 地址上显示为虚拟服务。
kube-proxy支持 iptables 和 ipvs 两种模式。 iptables 就是 kube-proxy 默认的操作模式,ipvs 和 iptables 都是基于netfilter的,但是ipvs采用的是hash表,因此当service数量达到一定规模时,hash查表的速度优势就会显现出来,从而提高service的服务性能。
1)、ipvs 为大型集群提供了更好的可扩展性和性能
2)、ipvs 支持比 iptables 更复杂的复制均衡算法(最小负载、最少连接、加权等等)
3)、ipvs 支持服务器健康检查和连接重试等功能
二、 安装docker服务
[root@k8s-master1 ~]# yum install yum-utils device-mapper-persistent-data lvm2 [root@k8s-master1 ~]# curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo [root@k8s-master1 ~]# sed -i 's#download.docker.com#mirrors.tuna.tsinghua.edu.cn/docker-ce#g' /etc/yum.repos.d/docker-ce.repo [root@k8s-master1 ~]# yum install docker-ce-20.10.6 docker-ce-cli-20.10.6 containerd.io -y [root@k8s-master1 ~]# systemctl start docker [root@k8s-master1 ~]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
#配置加速器
[root@k8s-master1 ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn","https://reg-mirror.qiniu.com/","https://hub-mirror.c.163.com/"], "exec-opts": ["native.cgroupdriver=systemd"] }
[root@k8s-master1 ~]# systemctl daemon-reload && systemctl restart docker
k8s-master2和k8s-node节点相同
三、安装初始化k8s需要的软件包
[root@k8s-master1 ~]# yum install kubelet-1.20.6 kubeadm-1.20.6 kubectl-1.20.6 --nogpgcheck -y [root@k8s-master1 ~]# systemctl enable kubelet && systemctl start kubelet
[root@k8s-master1 ~]# systemctl status kubelet ● kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/kubelet.service.d └─10-kubeadm.conf Active: activating (auto-restart) (Result: exit-code) since Wed 2022-07-27 23:47:32 CST; 9s ago Docs: https://kubernetes.io/docs/ Process: 4919 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS (code=exited, status=255) Main PID: 4919 (code=exited, status=255) Jul 27 23:47:32 k8s-master1 systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a Jul 27 23:47:32 k8s-master1 systemd[1]: Unit kubelet.service entered failed state. Jul 27 23:47:32 k8s-master1 systemd[1]: kubelet.service failed.
注:ubelet状态不是running状态,这个是正常的,不用管,等k8s组件起来这个kubelet就正常了。
[root@k8s-master1 ~]# kubelet --version
Kubernetes v1.20.6
其他节点相同的操作
kubeadm: kubeadm是一个工具,用来初始化k8s集群的
kubelet: 安装在集群所有节点上,用于启动Pod的
kubectl: 通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件
四、通过keepalive+nginx实现k8s apiserver节点高可用
1. 安装keepalive 和nginx
在k8s-master1和k8s-master2上做nginx主备安装(配置文件相同)
[root@k8s-master1 ~]# yum install nginx keepalived -y
2. 修改nginx配置文件。主备一样
[root@k8s-master1 ~]# cat /etc/nginx/nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } # 四层负载均衡,为两台Master apiserver组件提供负载均衡 stream { log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent'; access_log /var/log/nginx/k8s-access.log main; upstream k8s-apiserver { server 10.0.0.129:6443; # Master1 APISERVER IP:PORT server 10.0.0.130:6443; # Master2 APISERVER IP:PORT } server { listen 16443; # 由于nginx与master节点复用,这个监听端口不能是6443,否则会冲突 proxy_pass k8s-apiserver; } } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; server { listen 80 default_server; server_name _; location / { } } }
查看配置文件是否正确
[root@k8s-master1 ~]# nginx -t nginx: [emerg] unknown directive "stream" in /etc/nginx/nginx.conf:13 nginx: configuration file /etc/nginx/nginx.conf test failed
定位原因是nginx缺少modules模块
[root@k8s-master1 ~]# yum install -y nginx-all-modules.noarch
再次检查配置文件正常
[root@k8s-master1 ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
3. keepalive配置
主keepalived
[root@k8s-master1 ~]# cat /etc/keepalived/keepalived.conf global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" } vrrp_instance VI_1 { state MASTER interface eth0 # 修改为实际网卡名 virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 priority 100 # 优先级,主服务器设置100,备服务器设置 90 advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒 authentication { auth_type PASS auth_pass 1111 } # 虚拟IP virtual_ipaddress { 10.0.0.131/24 } track_script { check_nginx } }
vrrp_script:指定检查nginx工作状态脚本(根据nginx状态判断是否故障转移)
virtual_ipaddress:虚拟IP(VIP)
[root@k8s-master1 ~]# cat /etc/keepalived/check_nginx.sh #!/bin/bash #1、判断Nginx是否存活 counter=`ps -C nginx --no-header | wc -l` if [ $counter -eq 0 ]; then #2、如果不存活则尝试启动Nginx service nginx start sleep 2 #3、等待2秒后再次获取一次Nginx状态 counter=`ps -C nginx --no-header | wc -l` #4、再次进行判断,如Nginx还不存活则停止Keepalived,让地址进行漂移 if [ $counter -eq 0 ]; then service keepalived stop fi fi
[root@k8s-master1 ~]# scp /etc/keepalived/check_nginx.sh root@k8s-master2:/etc/keepalived/check_nginx.sh [root@xianchaomaster1 ~]# chmod +x /etc/keepalived/check_nginx.sh
备keepalive
[root@k8s-master2 ~]# cat /etc/keepalived/keepalived.conf global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id NGINX_MASTER } vrrp_script check_nginx { script "/etc/keepalived/check_nginx.sh" } vrrp_instance VI_1 { state BACKUP interface eth0 # 修改为实际网卡名 virtual_router_id 51 # VRRP 路由 ID实例,每个实例是唯一的 priority 90 # 优先级,备服务器设置 90 advert_int 1 # 指定VRRP 心跳包通告间隔时间,默认1秒 authentication { auth_type PASS auth_pass 1111 } # 虚拟IP virtual_ipaddress { 10.0.0.131/24 } track_script { check_nginx } }
[root@k8s-master2 ~]# cat /etc/keepalived/check_nginx.sh #!/bin/bash counter=`ps -C nginx --no-header | wc -l` if [ $counter -eq 0 ]; then service nginx start sleep 2 counter=`ps -C nginx --no-header | wc -l` if [ $counter -eq 0 ]; then service keepalived stop fi fi [root@xianchaomaster2 ~]# chmod +x /etc/keepalived/check_nginx.sh
4. 启动服务
[root@k8s-master1 keepalived]# systemctl daemon-reload [root@k8s-master1 keepalived]# systemctl start nginx [root@k8s-master1 keepalived]# systemctl status nginx [root@k8s-master1 keepalived]# systemctl start keepalived [root@k8s-master1 keepalived]# systemctl status keepalived [root@k8s-master1 ~]# systemctl enable nginx Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service. [root@k8s-master1 ~]# systemctl enable keepalived Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
k8s-master2 相同,启动服务
vip绑定成功
5. 测试keepalived
#停掉k8s-master1上的nginx或者keepalived,查看vip是否会漂移到k8s-master2上
[root@k8s-master1 ~]# systemctl stop keepalived
五、kubeadm初始化k8s集群
初始化k8s集群需要的离线镜像包上传到三个节点上
[root@k8s-master1 images]# docker load -i k8simage-1-20-6.tar.gz [root@k8s-master2 images]# docker load -i k8simage-1-20-6.tar.gz [root@k8s-node images]# docker load -i k8simage-1-20-6.tar.gz
创建kubeadm-config.yaml文件:
[root@k8s-master1 ~]# cat kubeadm-config.yaml apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: v1.20.6 controlPlaneEndpoint: 10.0.0.131:16443 imageRepository: registry.aliyuncs.com/google_containers apiServer: certSANs: - 10.0.0.128 - 10.0.0.129 - 10.0.0.130 - 10.0.0.131 networking: podSubnet: 10.244.0.0/16 serviceSubnet: 10.10.0.0/16 --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs
注:生成kubeadm默认配置文件,执行如下命令:
[root@k8s-master1 ~]# kubeadm config print init-defaults > init-config.yaml
初始化命令如下:
[root@k8s-master1 ~]# kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=SystemVerification
注:若初始化有问题,修改init-config.yaml,先重置kubeadm,然后再执行kubeadm init命令
[root@k8s-master1 ~]# kubeadm reset -f #重置命令
[root@k8s-master1 ~]# kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=SystemVerification
显示如下截图,表明初始化成功
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of control-plane nodes by copying certificate authorities and service account keys on each node and then running the following as root: kubeadm join 10.0.0.131:16443 --token 4zorkh.jn5cjqr4chab0mdt \ --discovery-token-ca-cert-hash sha256:8843d4409ec381f6c3747f0ffa7620075e60cb29f48f2eae8fe3c2f835839bfc \ --control-plane Then you can join any number of worker nodes by running the following on each as root: kubeadm join 10.0.0.131:16443 --token 4zorkh.jn5cjqr4chab0mdt \ --discovery-token-ca-cert-hash sha256:8843d4409ec381f6c3747f0ffa7620075e60cb29f48f2eae8fe3c2f835839bfc
根据上述提示命令配置kubectl的配置文件config,相当于对kubectl进行授权,这样kubectl命令可以使用这个证书对k8s集群进行管理
[root@k8s-master1 ~]# mkdir -p $HOME/.kube [root@k8s-master1 ~]# sudo cp -i /etc/kubernetes/admin.conf [root@k8s-master1 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看集群状态
[root@k8s-master1 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master1 NotReady control-plane,master 8m42s v1.20.6
节点显示不正常,此时集群状态还是NotReady状态,因为没有安装网络插件。
六、扩容k8s集群-添加master节点
1. 在k8s-master2上创建证书存放目录
[root@k8s-master2 ~]# cd /root && mkdir -p /etc/kubernetes/pki/etcd &&mkdir -p ~/.kube/
2. 将k8s-master1上的证书拷贝到k8s-master2上
[root@k8s-master1 ~]# scp /etc/kubernetes/pki/ca.* k8s-master2:/etc/kubernetes/pki/ ca.crt 100% 1066 381.7KB/s 00:00 ca.key 100% 1679 579.4KB/s 00:00 [root@k8s-master1 ~]# scp /etc/kubernetes/pki/sa.* k8s-master2:/etc/kubernetes/pki/ sa.key 100% 1679 451.8KB/s 00:00 sa.pub 100% 451 139.6KB/s 00:00 [root@k8s-master1 ~]# scp /etc/kubernetes/pki/front-proxy-ca.* k8s-master2:/etc/kubernetes/pki/ front-proxy-ca.crt 100% 1078 566.0KB/s 00:00 front-proxy-ca.key 100% 1675 28.4KB/s 00:00 [root@k8s-master1 ~]# scp /etc/kubernetes/pki/etcd/ca.* k8s-master2:/etc/kubernetes/pki/etcd/ ca.crt 100% 1058 318.9KB/s 00:00 ca.key 100% 1679 585.2KB/s 00:00
3. 添加master节点,在k8s-master2上执行如下命令:
[root@k8s-master2 ~]# kubeadm join 10.0.0.131:16443 --token 4zorkh.jn5cjqr4chab0mdt --discovery-token-ca-cert-hash sha256:8843d4409ec381f6c3747f0ffa7620075e60cb29f48f2eae8fe3c2f835839bfc --control-plane
显示如下图所示,说明已经加入集群
注:token有效期是有限的,如果旧的token过期,可以使用kubeadm token create --print-join-command重新创建一条token
4. 在k8s-master1上查看集群状况
[root@k8s-master1 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master1 NotReady control-plane,master 17m v1.20.6 k8s-master2 NotReady control-plane,master 3m15s v1.20.6
可以看到k8s-master2已经加入集群
七 、扩容k8s集群-添加node节点
1. 在k8s-master1上查看加入加入节点的命令
[root@k8s-master1 ~]# kubeadm token create --print-join-command kubeadm join 10.0.0.131:16443 --token 6cidtt.kgl82ugmll1e9fbi --discovery-token-ca-cert-hash sha256:8843d4409ec381f6c3747f0ffa7620075e60cb29f48f2eae8fe3c2f835839bfc
2. 在k8s-node节点上执行如下命令,将k8s-node节点加入到集群中
[root@k8s-node ~]# kubeadm join 10.0.0.131:16443 --token 4zorkh.jn5cjqr4chab0mdt --discovery-token-ca-cert-hash sha256:8843d4409ec381f6c3747f0ffa7620075e60cb29f48f2eae8fe3c2f835839bfc
显示如下图所示,表明加入成功
3. 在k8s-master1上查看集群状况
[root@k8s-master1 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master1 NotReady control-plane,master 22m v1.20.6 k8s-master2 NotReady control-plane,master 8m41s v1.20.6 k8s-node NotReady <none> 46s v1.20.6
八、安装kubernetes网络组件-Calico
注:在线下载配置文件地址是: https://docs.projectcalico.org/manifests/calico.yaml
[root@k8s-master1 ~]# kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
显示报错信息如下:
将该文件下载下来,修改版本信息为:policy/v1beta1,重新执行
[root@k8s-master1 ~]# kubectl apply -f calico.yaml
查看node节点信息
[root@k8s-master1 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master1 Ready control-plane,master 37m v1.20.6 k8s-master2 Ready control-plane,master 23m v1.20.6 k8s-node Ready <none> 15m v1.20.6
已显示Ready状态
查看集群信息
[root@k8s-master1 ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-6949477b58-mx6wz 1/1 Running 1 19m calico-node-58k68 1/1 Running 3 19m calico-node-cnkd4 1/1 Running 2 19m calico-node-vk766 1/1 Running 3 19m coredns-7f89b7bc75-5l98h 1/1 Running 0 49m coredns-7f89b7bc75-gcqx6 1/1 Running 0 49m etcd-k8s-master1 1/1 Running 2 49m etcd-k8s-master2 1/1 Running 2 35m kube-apiserver-k8s-master1 1/1 Running 4 49m kube-apiserver-k8s-master2 1/1 Running 2 35m kube-controller-manager-k8s-master1 1/1 Running 6 49m kube-controller-manager-k8s-master2 1/1 Running 5 35m kube-proxy-4js8h 1/1 Running 0 49m kube-proxy-fq2nb 1/1 Running 0 35m kube-proxy-t4ptw 1/1 Running 0 27m kube-scheduler-k8s-master1 1/1 Running 5 49m kube-scheduler-k8s-master2 1/1 Running 4 35m
九、测试在k8s创建pod是否可以正常访问网络
[root@k8s-master1 ~]# kubectl run busybox --image busybox:latest --restart=Never --rm -it busybox -- sh If you don't see a command prompt, try pressing enter. / # ifconfig eth0 Link encap:Ethernet HWaddr 4E:53:0F:E0:E0:D4 inet addr:10.244.113.133 Bcast:10.244.113.133 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1480 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:438 (438.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) / # ping baidu.com PING baidu.com (39.156.66.10): 56 data bytes 64 bytes from 39.156.66.10: seq=0 ttl=127 time=28.332 ms 64 bytes from 39.156.66.10: seq=1 ttl=127 time=27.305 ms 64 bytes from 39.156.66.10: seq=2 ttl=127 time=27.632 ms 64 bytes from 39.156.66.10: seq=3 ttl=127 time=31.171 ms ^C --- baidu.com ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 27.305/28.610/31.171 ms
可以看到能访问网络,说明calico网络插件已经被正常安装了
十、测试k8s集群中部署tomcat服务
将tomcat镜像文件上传至k8s-node节点上,获取tomcat:8.5-jre8-alpine此镜像
[root@k8s-node images]# docker load -i tomcat.tar.gz f1b5933fe4b5: Loading layer [==================================================>] 5.796MB/5.796MB 9b9b7f3d56a0: Loading layer [==================================================>] 3.584kB/3.584kB edd61588d126: Loading layer [==================================================>] 80.28MB/80.28MB 48988bb7b861: Loading layer [==================================================>] 2.56kB/2.56kB 8e0feedfd296: Loading layer [==================================================>] 24.06MB/24.06MB aac21c2169ae: Loading layer [==================================================>] 2.048kB/2.048kB Loaded image: tomcat:8.5-jre8-alpine
创建一个tomcat的pod
[root@k8s-master1 ~]# cat >tomcat.yaml <<EOF > apiVersion: v1 #pod属于k8s核心组v1 > kind: Pod #创建的是一个Pod资源 > metadata: #元数据 > name: demo-pod #pod名字 > namespace: default #pod所属的名称空间 > labels: > app: myapp #pod具有的标签 > env: dev #pod具有的标签 > spec: > containers: #定义一个容器,容器是对象列表,下面可以有多个name > - name: tomcat-pod-java #容器的名字 > ports: > - containerPort: 8080 > image: tomcat:8.5-jre8-alpine #容器使用的镜像 > imagePullPolicy: IfNotPresent > EOF
[root@k8s-master1 ~]# kubectl apply -f tomcat.yaml pod/demo-pod created [root@k8s-master1 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE demo-pod 0/1 ContainerCreating 0 12s [root@k8s-master1 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE demo-pod 1/1 Running 0 18s
创建一个service可以访问tomcat
[root@k8s-master1 ~]# cat >tomcat-service.yaml <<EOF > apiVersion: v1 > kind: Service > metadata: > name: tomcat > spec: > type: NodePort > ports: > - port: 8080 > nodePort: 30080 #外部端口访问 > selector: > app: myapp > env: dev > EOF [root@k8s-master1 ~]# kubectl apply -f tomcat-service.yaml service/tomcat created [root@k8s-master1 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.10.0.1 <none> 443/TCP 78m tomcat NodePort 10.10.104.169 <none> 8080:30080/TCP 19s
在浏览器访问k8s-node节点的ip:30080,可以看到tomcat页面:
标签:master1,master2,etc,nginx,master,kubeadm,k8s,root 来源: https://www.cnblogs.com/jiawei2527/p/16526300.html