前置准备

1、所有机器关闭防火墙

  • bash

    1
    2
    3
    systemctl stop firewalld	#关闭
    systemctl disable firewalld		#开机不自启
    systemctl status firewalld		#查看状态

2、所有机器关闭selinux

  • bash

    1
    2
    sed -i 's/enforcing/disabled/' /etc/selinux/config 
    setenforce 0

3、所有机器关闭swap

  • bash

    1
    2
    swapoff -a # 临时关闭
    sed -ri 's/.*swap.*/#&/' /etc/fstab  #永久关闭

4、所有机器上添加主机名与ip的对应关系

  • bash

    1
    2
    3
    4
    5
    6
    7
    8
    vim /etc/hosts

    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    192.168.103.101 k8s-master
    192.168.103.102 k8s-node1
    192.168.103.103 k8s-node2

5、在所有主机上将桥接的ipv4流量传递到iptables的链

  • bash

    1
    2
    3
    4
    cat > /etc/sysctl.d/k8s.conf << EOF
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    EOF

为所有节点安装docker

1
2
3
4
5
6
7
8
yum install wget.x86_64 -y
rm -rf /etc/yum.repos.d/*
wget -O /etc/yum.repos.d/centos7.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce-20.10.11 -y
systemctl start docker
systemctl enable docker

集群部署

1、为所有节点修改仓库,安装kubeadm、kubelet、kubectl

1
2
3
4
5
6
7
8
9
10
11
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install kubelet-1.22.2 kubeadm-1.22.2 kubectl-1.22.2 -y
systemctl enable kubelet && systemctl start kubelet

2、修改docker的配置(所有节点)

cat > /etc/docker/daemon.json <<’EOF’
{
“exec-opts”: [“native.cgroupdriver=systemd”]
}
EOF

systemctl daemon-reload
systemctl restart docker.service
systemctl restart kubelet.service
systemctl status kubelet.service

3、部署master节点(主节点k8s-master)

kubeadm init
–apiserver-advertise-address=192.168.103.101
–image-repository registry.aliyuncs.com/google_containers
–kubernetes-version v1.22.2
–control-plane-endpoint k8s-master
–service-cidr=172.16.0.0/16
–pod-network-cidr=10.244.0.0/16

记住需要保存好这段内容

kubeadm join k8s-master:6443 –token blja6l.uj72oz95v8eh7lil
–discovery-token-ca-cert-hash sha256:16b6cad3a7579655ee5c6a323b4505610d0c9abd0cfd749126c8aef6d2dbd75d
–control-plane

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join k8s-master:6443 –token qmez7o.rm6ztslz3w5p6ndl
–discovery-token-ca-cert-hash sha256:e0bb141e15f179c4b7baa6a1c4aef0d3b97d34dc047c318f1e04874106dca50b

4、按照指示执行

[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@k8s-master ~]# export KUBECONFIG=/etc/kubernetes/admin.conf

6、查看节点状态为notready

1
kubectl get nodes

安装网络插件,官方文档:https://github.com/flannel-io/flannel

1
2
3
4
5
注意在master节点进行

[root@k8s-master ~]# docker pull quay.io/coreos/flannel:v0.14.0
[root@k8s-master ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml

添加node节点

bash

1
2
3
4
5
6
7
# 为node拉取网络插件镜像
[root@k8s-node1 ~]# docker pull quay.io/coreos/flannel:v0.14.0
[root@k8s-node2 ~]# docker pull quay.io/coreos/flannel:v0.14.0
[root@k8s-node1 ~]# kubeadm join k8s-master:6443 --token byfq2h.myv4dj0yqmmjz6qx \
>         --discovery-token-ca-cert-hash sha256:f6b364e22cd4e61897a9a58583ae072c5a3724ac14f44319b5f72021614eaadf
[root@k8s-node2 ~]# kubeadm join k8s-master:6443 --token byfq2h.myv4dj0yqmmjz6qx \
>         --discovery-token-ca-cert-hash sha256:f6b364e22cd4e61897a9a58583ae072c5a3724ac14f44319b5f72021614eaadf

kubeadm join k8s-master:6443 –token blja6l.uj72oz95v8eh7lil
–discovery-token-ca-cert-hash sha256:16b6cad3a7579655ee5c6a323b4505610d0c9abd0cfd749126c8aef6d2dbd75d

使用上方保存的内容增加节点

kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane,master 25m v1.22.2
k8s-node1 NotReady 28s v1.22.2
k8s-node2 NotReady 32s v1.22.2

检查确实已经添加

部署 Nginx 服务

  1. 将镜像预先加载到各节点(避免网络拉取失败):

    1
    2
    3
    4
    5
    docker pull nginx:latest
    docker save -o nginx_latest.tar nginx:latest
    scp nginx_latest.tar node2:/root/
    # 在 node2 加载
    docker load -i nginx_latest.tar

  2. 创建 Deployment

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: nginx
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: nginx
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - name: nginx
            image: nginx:latest
            imagePullPolicy: IfNotPresent
            ports:
            - containerPort: 80
    1
    kubectl apply -f nginx-deployment.yaml

  3. 创建 Service(NodePort 方式)

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx-service
    spec:
      type: NodePort
      selector:
        app: nginx
      ports:
        - port: 80
          targetPort: 80
          nodePort: 32763
    1
    kubectl apply -f nginx-service.yaml

  4. 检查 Pod 状态

    1
    kubectl get pods -o wide -w

访问即可

node2节点也可访问成功

注意:nginx服务不知道为何centos拉不下来从kali中获取后使用scp拉到centos中的