kubeadm如何部署多節(jié)點(diǎn)master集群

kubeadm如何部署多節(jié)點(diǎn)master集群，針對這個問題，這篇文章詳細(xì)介紹了相對應(yīng)的分析和解答，希望可以幫助更多想解決這個問題的小伙伴找到更簡單易行的方法。

版本信息

linux   Centos7
kubernetes v1.14.5
docker v18.06.1-ce

節(jié)點(diǎn)信息

VIP:47.110.19.11    阿里云負(fù)載均衡

安裝前準(zhǔn)備

開始部署前確保所有節(jié)點(diǎn)網(wǎng)絡(luò)正常，能訪問公網(wǎng)。主要操作都在VPC-OPEN-MASTER001節(jié)點(diǎn)進(jìn)行，設(shè)置VPC-OPEN-MASTER001可以免密碼登陸其他節(jié)點(diǎn)。所有操作都使用root用戶身份進(jìn)行。

服務(wù)器說明

我們這里使用的是五臺centos-7.6的虛擬機(jī)，具體信息如下表：
系統(tǒng)類型    IP地址            節(jié)點(diǎn)角色    CPU Memory  Hostname
centos-7.6  192.168.3.42    master      >=2 >=4G    master01
centos-7.6  192.168.3.43    master      >=2 >=4G    master02
centos-7.6  192.168.3.44    master      >=2 >=4G    master03
centos-7.6  192.168.3.45    worker      >=2 >=4G    node01
centos-7.6  192.168.3.46    worker      >=2 >=4G    node02

一、環(huán)境準(zhǔn)備

1、設(shè)置主機(jī)名

# 查看主機(jī)名
$ hostname
# 修改主機(jī)名
$ hostnamectl set-hostname huoban-k8s-master01
# 配置host，使所有節(jié)點(diǎn)之間可以通過hostname互相訪問

>2、配置hosts解析

vim /etc/hosts

192.168.3.42 huoban-k8s-master01    master01
192.168.3.43 huoban-k8s-master02    master02
192.168.3.44 huoban-k8s-master03    master03
192.168.3.45 huoban-k8s-node01      node01
192.168.3.46 huoban-k8s-node02      node02

>3、安裝依賴包

更新yum

$ yum update

安裝依賴包

$ yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp

>4、關(guān)閉防火墻、swap，重置iptables

關(guān)閉防火墻

$ systemctl stop firewalld && systemctl disable firewalld

重置iptables

$ iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT

關(guān)閉swap

$ swapoff -a
$ sed -i '/swap/s/^(.*)$/#\1/g' /etc/fstab

關(guān)閉selinux

$ setenforce 0

關(guān)閉dnsmasq(否則可能導(dǎo)致docker容器無法解析域名)

$ service dnsmasq stop && systemctl disable dnsmasq

>5、系統(tǒng)參數(shù)設(shè)置

制作配置文件

$ cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
EOF

生效文件

$ sysctl -p /etc/sysctl.d/kubernetes.conf

二、安裝docker

使用阿里云鏡像倉庫

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

安裝docker

查看可以安裝的版本
yum list docker-ce --showduplicates|sort -r
yum install -y docker-ce-18.06.1.ce-3

設(shè)置docker啟動參數(shù)（可選）

- graph: 設(shè)置docker數(shù)據(jù)目錄：選擇比較大的分區(qū)（我這里是根目錄就不需要配置了，默認(rèn)為/var/lib/docker）

- exec-opts: 設(shè)置cgroup driver（默認(rèn)是cgroupfs，不推薦設(shè)置systemd）

- registry-mirrors 配置docker鏡像加速

cat > /etc/docker/daemon.json <<EOF
{
"graph": "/docker/data/path",
"exec-opts": ["native.cgroupdriver=cgroupfs"],
"registry-mirrors":["https://k9e55i4n.mirror.aliyuncs.com"]
}
EOF

啟動docker服務(wù)并加入開機(jī)啟動項(xiàng)

systemctl start docker && systemctl enable docker

三、安裝 kubeadm, kubelet 和 kubectl

>1、配置yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

>2、安裝kubelet,kubeadm,kubectl

找到安裝的版本號

yum list kubeadm --showduplicates | sort -r

#安裝指定版本
yum install -y kubelet-1.14.5 kubeadm-1.14.5 kubectl-1.14.5

>3、查看安裝情況

systemctl cat kubelet

可以看到kubelet以設(shè)置為系統(tǒng)服務(wù)，生成kubelet.service和10-kubeadm.conf兩文件

/etc/systemd/system/kubelet.service

[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=http://kubernetes.io/docs/

[Service]
ExecStart=/usr/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10

[Install]
WantedBy=multi-user.target

/etc/systemd/system/kubelet.service.d/10-kubeadm.conf

Note: This dropin only works with kubeadm and kubelet v1.11+

[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"

This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically

EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env

This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use

the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.

EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

四、配置系統(tǒng)相關(guān)參數(shù)

#以下操作在所有節(jié)點(diǎn)操作
#!/bin/bash

開啟forward

Docker從1.13版本開始調(diào)整了默認(rèn)的防火墻規(guī)則

禁用了iptables filter表中FOWARD鏈

這樣會引起Kubernetes集群中跨Node的Pod無法通信

iptables -P FORWARD ACCEPT

加載ipvs相關(guān)內(nèi)核模塊

如果重新開機(jī)，需要重新加載

modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
lsmod | grep ip_vs

五、配置阿里云負(fù)載均衡及修改證書

#下載源碼包
cd /usr/local/src/
git clone https://github.com/kubernetes/kubernetes.git
git checkout -b kubernetes-1.14.5 origin/release-1.14

#docker拉取修改鏡像,對應(yīng)的版本有1.11.5、1.12.3、1.13.0、1.13.2、1.13.4
docker pull icyboy/k8s_build:v1.14.1

#k8s-1.14以上修改有效期的兩個文件,找到NotAfter字段并修改日期有效期
/usr/local/src/kubernetes/staging/src/k8s.io/client-go/util/cert/cert.go
NotAfter:              now.Add(duration365d 100).UTC(),
/usr/local/src/kubernetes/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
NotAfter:     time.Now().Add(duration365d 100).UTC(),   #改成100年

#執(zhí)行編譯
docker run --rm -v /usr/local/src/kubernetes:/go/src/k8s.io/kubernetes -it icyboy/k8s_build:v1.14.1 bash

編譯kubeadm, 這里主要編譯kubeadm 即可

make all WHAT=cmd/kubeadm GOFLAGS=-v

編譯kubelet

make all WHAT=cmd/kubelet GOFLAGS=-v

編譯kubectl

make all WHAT=cmd/kubectl GOFLAGS=-v

#編譯完產(chǎn)物在 /usr/local/src/kubernetes/_output/local/bin/linux/amd64 目錄下
#將kubeadm 文件拷貝出來，替換系統(tǒng)中的kubeadm

#用新的kubeadm 替換官方的kubeadm
chmod +x kubeadm && \cp -f kubeadm /usr/bin

六、部署第一個主節(jié)點(diǎn)
>1、配置kubelet

以下操作需要在所有節(jié)點(diǎn)上執(zhí)行

重新載入kubelet系統(tǒng)配置

systemctl daemon-reload

設(shè)置開機(jī)啟動，暫時(shí)不啟動kubelet

systemctl enable kubelet

>2、根據(jù)配置文件初始化集群

使用kubeadm-config.yaml配置k8s1.14.5集群

cat init.sh

LOAD_BALANCER_DNS="47.110.19.11"
LOAD_BALANCER_PORT="6443"

生成kubeadm配置文件

cat > kubeadm-master.config <<EOF
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration

kubernetes版本

kubernetesVersion: v1.14.5

使用國內(nèi)阿里鏡像

imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers

apiServer:
certSANs:

• "$LOAD_BALANCER_DNS"
  controlPlaneEndpoint: "$LOAD_BALANCER_DNS:$LOAD_BALANCER_PORT"

networking:
podSubnet: 10.244.0.0/16
EOF

#初始化k8s集群
kubeadm init --config=kubeadm-master.config

>3、驗(yàn)證證書有效時(shí)間

cd /etc/kubernetes/pki

for crt in $(find /etc/kubernetes/pki/ -name "*.crt"); do openssl x509 -in $crt -noout -dates; done

notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:46 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:45 2119 GMT
notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:47 2119 GMT
notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:47 2119 GMT
notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:47 2119 GMT
notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:46 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:46 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:45 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:45 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:45 2119 GMT

notBefore代表生效時(shí)間，notAfter代表失效時(shí)間。

>4、安裝網(wǎng)絡(luò)插件

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

>5、拷貝master證書到其他節(jié)點(diǎn)

cat scp.sh

USER=root
CONTROL_PLANE_IPS="192.168.3.43 192.168.3.44"
for host in ${CONTROL_PLANE_IPS}; do
scp /etc/kubernetes/pki/ca.crt "${USER}"@$host:
scp /etc/kubernetes/pki/ca.key "${USER}"@$host:
scp /etc/kubernetes/pki/sa.key "${USER}"@$host:
scp /etc/kubernetes/pki/sa.pub "${USER}"@$host:
scp /etc/kubernetes/pki/front-proxy-ca.crt "${USER}"@$host:
scp /etc/kubernetes/pki/front-proxy-ca.key "${USER}"@$host:
scp /etc/kubernetes/pki/etcd/ca.crt "${USER}"@$host:etcd-ca.crt
scp /etc/kubernetes/pki/etcd/ca.key "${USER}"@$host:etcd-ca.key
scp /etc/kubernetes/admin.conf "${USER}"@$host:
ssh ${USER}@${host} 'mkdir -p /etc/kubernetes/pki/etcd'
ssh ${USER}@${host} 'mv /${USER}/ca.crt /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/ca.key /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/sa.pub /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/sa.key /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/front-proxy-ca.crt /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/front-proxy-ca.key /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/etcd-ca.crt /etc/kubernetes/pki/etcd/ca.crt'
ssh ${USER}@${host} 'mv /${USER}/etcd-ca.key /etc/kubernetes/pki/etcd/ca.key'
ssh ${USER}@${host} 'mv /${USER}/admin.conf /etc/kubernetes/admin.conf'
done

七、其他節(jié)點(diǎn)上部署

#master

kubeadm join 47.110.19.11:6443 --token qlrq5y.1yhm3rz9r7ynfqf1 --discovery-token-ca-cert-hash sha256:62579157003c3537deb44b30f652c500e7fa6505b5ef6826d796ba1245283899 --experimental-control-plane

#node

kubeadm join 47.110.19.11:6443 --token qlrq5y.1yhm3rz9r7ynfqf1 --discovery-token-ca-cert-hash sha256:62579157003c3537deb44b30f652c500e7fa6505b5ef6826d796ba1245283899

關(guān)于kubeadm如何部署多節(jié)點(diǎn)master集群問題的解答就分享到這里了，希望以上內(nèi)容可以對大家有一定的幫助，如果你還有很多疑惑沒有解開，可以關(guān)注億速云行業(yè)資訊頻道了解更多相關(guān)知識。