k8s部署手册
创始人
2024-03-03 22:21:14
0次
一、基础配置
1.修改主机名
hostnamectl set-hostname k8s-master01
hostnamectl set-hostname k8s-master02
hostnamectl set-hostname k8s-master03
hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-node02
2.添加 主机名与IP地址解析
cat > /etc/hosts <3.升级服务器内核,时间同步,关闭防火墙,重启服务器
#添加访问互联路由
cat > /etc/resolv.conf </dev/null 2>&1'>/var/spool/cron/root && crontab -l#设置防火墙为 Iptables 并设置空规则
systemctl stop firewalld && systemctl disable firewalldyum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save#关闭 SELINUX
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config#调整内核参数,对于 K8S
cat > /etc/sysctl.d/kubernetes.conf < 4.升级内核,重启服务器
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.orgyum -y install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpmyum --enablerepo="elrepo-kernel" -y install kernel-lt.x86_64awk -F \' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
grub2-set-default "CentOS Linux (5.4.204-1.el7.elrepo.x86_64) 7 (Core)"
#grub2-set-default 'CentOS Linux (4.4.222-1.el7.elrepo.x86_64) 7 (Core)'
#重启服务器
reboot
################################
二、sealos部署k8s-v1.19
1.安装sealos3.3
#添加访问互联路由
cat > /etc/resolv.conf <2.离线安装k8s 1.19
链接:https://pan.baidu.com/s/1F9sZoHBX1K1ihBP9rZSHBQ?pwd=jood
提取码:jood#安装
sealos init --passwd 1qaz@WSX \--master 192.168.1.60 \--master 192.168.1.61 \--master 192.168.1.62 \--node 192.168.1.63 \--node 192.168.1.64 \--pkg-url /root/kube1.19.16.tar.gz \--version v1.19.16
3.验证集群
kubectl get nodeskubectl get pod -A#配置kubectl自动补全
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> /etc/profile#查看污点
kubectl describe node |grep -i taints#去除污点#kubectl taint node k8s-master02 node-role.kubernetes.io/master:NoSchedule-
#kubectl taint node k8s-master03 node-role.kubernetes.io/master:NoSchedule-4.sealos3.3常用命令
#添加 node 节点:
sealos join --node 192.168.1.63,192.168.1.64#添加master
sealos join -master 192.168.1.61,192.168.1.62#删除 node 节点:
sealos clean --node 192.168.1.63,192.168.1.64#删除 master 节点:
sealos clean --master 192.168.1.61,192.168.1.62#重置集群
sealos clean --all -f
三、部署nfs
1.服务端
# 我们这里在192.168.1.60上安装(在生产中,大家要提供作好NFS-SERVER环境的规划)
yum -y install nfs-utils# 创建NFS挂载目录
mkdir /nfs_dir
chown nobody.nobody /nfs_dir# 修改NFS-SERVER配置
echo '/nfs_dir *(rw,sync,no_root_squash)' > /etc/exports# 重启服务
systemctl restart rpcbind.service
systemctl restart nfs-utils.service
systemctl restart nfs-server.service # 增加NFS-SERVER开机自启动
systemctl enable rpcbind.service
systemctl enable nfs-utils.service
systemctl enable nfs-server.service # 验证NFS-SERVER是否能正常访问
#showmount -e 192.168.1.60 2.客户端
#需要挂载的服务器执行
mkdir /nfs_dir
yum install nfs-utils -y#挂载
mount 192.168.1.60:/nfs_dir /nfs_dir#添加开机挂载
echo "mount 192.168.1.60:/nfs_dir /nfs_dir" >> /etc/rc.localcat /etc/rc.local
四、部署StorageClass
1.创建nfs-sc.yaml
cat > /root/nfs-sc.yaml <五、kuboard界面管理
1.下载地址
curl -o kuboard-v3.yaml https://addons.kuboard.cn/kuboard/kuboard-v3-storage-class.yaml
2.编辑yaml
#编辑 kuboard-v3.yaml 文件中的配置,该部署文件中,有1处配置必须修改:storageClassNamevolumeClaimTemplates:- metadata:name: dataspec:# 请填写一个有效的 StorageClass namestorageClassName: nfs-bogeaccessModes: [ "ReadWriteMany" ]resources:requests:storage: 5Gi
3.执行
kubectl create -f kuboard-v3.yamlkubectl get pod -n kuboard#############################################访问
http://192.168.1.60:30080/
输入初始用户名和密码,并登录用户名: admin密码: Kuboard123
############################################# #查看错误
journalctl -f -u kubelet.service
六、安装top命令
cat > /root/top.yaml <七、helm3安装
1.helm包下载地址
wget https://get.helm.sh/helm-v3.6.1-linux-amd64.tar.gz
2.安装helm
#解压 && 移动到 /usr/bin 目录下:tar -xvf helm-v3.6.1-linux-amd64.tar.gz && cd linux-amd64/ && mv helm /usr/bin #查看版本
helm version
3.配置仓库
#添加公用的仓库
helm repo add incubator https://charts.helm.sh/incubator
helm repo add bitnami https://charts.bitnami.com/bitnami
# 配置helm微软源地址
helm repo add stable http://mirror.azure.cn/kubernetes/charts
# 配置helm阿里源地址
helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/chartshelm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm repo add google https://kubernetes-charts.storage.googleapis.com
helm repo add jetstack https://charts.jetstack.io# 查看仓库
helm repo list
# 更新仓库
helm repo update # 删除仓库
#helm repo remove aliyun# helm list
八、haproxy+keepalived+ingress
1.部署阿里云ingress
mkdir -p /data/k8s/cd /data/k8s/cat > /data/k8s/aliyun-ingress-nginx.yaml <2.节点打标签
#允许节点打标签
kubectl label node k8s-master01 boge/ingress-controller-ready=true
kubectl label node k8s-master02 boge/ingress-controller-ready=true
kubectl label node k8s-master03 boge/ingress-controller-ready=true#删除标签
#kubectl label node k8s-master01 boge/ingress-controller-ready=true --overwrite
#kubectl label node k8s-master02 boge/ingress-controller-ready=true --overwrite
#kubectl label node k8s-master03 boge/ingress-controller-ready=true --overwrite3.haproxy+keepalived部署
3.0 部署
yum install haproxy keepalived -y#重启程序
systemctl restart haproxy.service
systemctl restart keepalived.service# 查看运行状态
systemctl status haproxy.service
systemctl status keepalived.service#开机自启动
systemctl enable keepalived.service
systemctl enable haproxy.service
3.1 修改配置haproxy
vim /etc/haproxy/haproxy.cfg
###################################################
listen ingress-httpbind 0.0.0.0:80mode tcpoption tcplogoption dontlognulloption dontlog-normalbalance roundrobinserver 192.168.1.60 192.168.1.60:80 check inter 2000 fall 2 rise 2 weight 1server 192.168.1.61 192.168.1.61:80 check inter 2000 fall 2 rise 2 weight 1server 192.168.1.62 192.168.1.62:80 check inter 2000 fall 2 rise 2 weight 1listen ingress-httpsbind 0.0.0.0:443mode tcpoption tcplogoption dontlognulloption dontlog-normalbalance roundrobinserver 192.168.1.60 192.168.1.60:443 check inter 2000 fall 2 rise 2 weight 1server 192.168.1.61 192.168.1.61:443 check inter 2000 fall 2 rise 2 weight 1server 192.168.1.62 192.168.1.62:443 check inter 2000 fall 2 rise 2 weight 13.2 A机器修改keepalived配置
cat > /etc/keepalived/keepalived.conf <3.3 B机器修改keepalived配置
cat > /etc/keepalived/keepalived.conf <3.4 重启
#重启程序
systemctl restart haproxy.service
systemctl restart keepalived.service# 查看运行状态
systemctl status haproxy.service
systemctl status keepalived.service4.部署nginx-ingress
cat > /root/nginx-ingress.yaml <5.测试nginx-ingress
kubectl apply -f /root/nginx-ingress.yaml
#查看创建的ingress资源
kubectl get ingress -A#服务器新增域名解析
echo "192.168.1.100 nginx.boge.com" >> /etc/hosts# 我们在其它节点上,加下本地hosts,来测试下效果
20.6.1.226 nginx.boge.com#测试
curl nginx.boge.com
九、elk日志监控
1.创建测试tomcat
cat > 01-tomcat-test.yaml <2.部署elasticsearch
cat > 02-elasticsearch.6.8.13-statefulset.yaml <}securityContext:privileged: true- name: fix-permissionsimage: busyboxcommand: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]securityContext:privileged: truevolumeMounts:- name: elasticsearch-loggingmountPath: /usr/share/elasticsearch/datavolumes:- name: elasticsearch-logginghostPath:path: /esdata
---
apiVersion: v1
kind: Service
metadata:labels:k8s-app: elasticsearch-loggingname: elasticsearchnamespace: logging
spec:ports:- port: 9200protocol: TCPtargetPort: dbselector:k8s-app: elasticsearch-loggingtype: ClusterIPkubectl apply -f 02-elasticsearch.6.8.13-statefulset.yaml 3.部署kibana
cat > 03-kibana.6.8.13.yaml <4.部署log-pilot
cat > 04-log-pilot.yml <5.配置kibana页面
十、Prometheus监控
1.导入离线包
链接:https://pan.baidu.com/s/1DyMJPT8r_TUpI8Dr31SVew?pwd=m1bk
提取码:m1bk#导入上传tar包
sudo docker load -i alertmanager-v0.21.0.tar
sudo docker load -i grafana-7.3.4.tar
sudo docker load -i k8s-prometheus-adapter-v0.8.2.tar
sudo docker load -i kube-rbac-proxy-v0.8.0.tar
sudo docker load -i kube-state-metrics-v1.9.7.tar
sudo docker load -i node-exporter-v1.0.1.tar
sudo docker load -i prometheus-config-reloader-v0.43.2.tar
sudo docker load -i prometheus_demo_service.tar
sudo docker load -i prometheus-operator-v0.43.2.tar
sudo docker load -i prometheus-v2.22.1.tar2.主节点创建
#解压下载的代码包
sudo unzip kube-prometheus-master.zip
sudo rm -f kube-prometheus-master.zip && cd kube-prometheus-master#这里建议先看下有哪些镜像,便于在下载镜像快的节点上先收集好所有需要的离线docker镜像
find ./ -type f |xargs grep 'image: '|sort|uniq|awk '{print $3}'|grep ^[a-zA-Z]|grep -Evw 'error|kubeRbacProxy'|sort -rn|uniqkubectl create -f manifests/setup
kubectl create -f manifests/#过一会查看创建结果:
kubectl -n monitoring get all# 附:清空上面部署的prometheus所有服务:
# kubectl delete --ignore-not-found=true -f manifests/ -f manifests/setup3. 访问下prometheus的UI
# 修改下prometheus UI的service模式,便于我们访问
# kubectl -n monitoring patch svc prometheus-k8s -p '{"spec":{"type":"NodePort"}}'
service/prometheus-k8s patched# kubectl -n monitoring get svc prometheus-k8s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
prometheus-k8s NodePort 10.68.23.79 9090:22129/TCP 7m43s 3.1 修改用户权限
# kubectl edit clusterrole prometheus-k8s
#------ 原始的rules -------
rules:
- apiGroups:- ""resources:- nodes/metricsverbs:- get
- nonResourceURLs:- /metricsverbs:- get
#---------------------------apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: prometheus-k8s
rules:
- apiGroups:- ""resources:- nodes- services- endpoints- pods- nodes/proxyverbs:- get- list- watch
- apiGroups:- ""resources:- configmaps- nodes/metricsverbs:- get
- nonResourceURLs:- /metricsverbs:- get4. 监控ingress-nginx
cat > servicemonitor.yaml <下一篇:Java基础
相关内容
热门资讯
监控摄像头接入GB28181平...
流程简介将监控摄像头的视频在网站和APP中直播,要解决的几个问题是:1&...
Windows10添加群晖磁盘...
在使用群晖NAS时,我们需要通过本地映射的方式把NAS映射成本地的一块磁盘使用。 通过...
protocol buffer...
目录 目录 什么是protocol buffer 1.protobuf 1.1安装 1.2使用...
在Word、WPS中插入AxM...
引言 我最近需要写一些文章,在排版时发现AxMath插入的公式竟然会导致行间距异常&#...
【PdgCntEditor】解...
一、问题背景 大部分的图书对应的PDF,目录中的页码并非PDF中直接索引的页码...
Fluent中创建监测点
1 概述某些仿真问题,需要创建监测点,用于获取空间定点的数据...
MySQL下载和安装(Wind...
前言:刚换了一台电脑,里面所有东西都需要重新配置,习惯了所...
修复 爱普生 EPSON L4...
L4151 L4153 L4156 L4158 L4163 L4165 L4166 L4168 L4...
MFC文件操作
MFC提供了一个文件操作的基类CFile,这个类提供了一个没有缓存的二进制格式的磁盘...