k8s安装部署

1、介质获取
下载Kubernetes服务端介质和kubectl客户端介质，Kubernetes下载地址：
Kubernetes下载地址参考：https://kubernetes.io/docs/setup/release/notes/
kubectl下载地址参考：https://kubernetes.io/docs/tasks/tools/install-kubectl/
2、部署架构
Kubernetes集群由3个Master节点和5个Worker节点组成；
每个节点挂载2块磁盘；
采用Nginx作为负载均衡器；

IP hostname 部署服务 开通端口
192.168.1.10 k8s-nginx Nginx 80
192.168.1.11 k8s-master-1 Kubernetes 6443
192.168.1.12 k8s-master-2 Kubernetes 6443
192.168.1.13 k8s-master-3 Kubernetes 6443
192.168.1.14 k8s-worker-1 Kubernetes 10250
192.168.1.15 k8s-worker-2 Kubernetes 10250
192.168.1.16 k8s-worker-3 Kubernetes 10250
192.168.1.17 k8s-worker-4 Kubernetes 10250
192.168.1.18 k8s-worker-5 Kubernetes 10250

ip、hostname、port根据实际部署环境调整。

3、部署步骤

Kubernetes部署
各节点修改hostname
hostnamectl set-hostname xxx #具体值参考部署规划表
各节点修改hosts
vi /etc/hosts
192.168.1.10 k8s-nginx
192.168.1.11 k8s-master-1
192.168.1.12 k8s-master-2
192.168.1.13 k8s-master-3
192.168.1.14 k8s-worker-1
192.168.1.15 k8s-worker-2
192.168.1.16 k8s-worker-3
192.168.1.17 k8s-worker-4
192.168.1.18 k8s-worker-5
修改系统最大文件数
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
各节点挂载K8S数据磁盘
每个节点挂载2块磁盘，挂载目录分别为：/data/k8s-data1、/data/k8s-data2
挂载磁盘设备名称根据实际情况调整。
# 查看磁盘
fdisk -l
# 将两块磁盘格式化为xfs格式
mkfs.xfs /dev/sdb -L K8SDATA1
mkfs.xfs /dev/sdc -L K8SDATA2
# 创建挂载目录
mkdir -p /data/k8s-data1
mkdir -p /data/k8s-data2
# 挂载磁盘
mount /dev/sdb /data/k8s-data1
mount /dev/sdc /data/k8s-data2
# 确认挂载结果
df -Th
设置开机自动挂载
vim /etc/fstab
/dev/sdb /data/k8s-data1 xfs defaults,noatime 0 2
/dev/sdc /data/k8s-data2 xfs defaults,noatime 0 2
各节点创建启动用户
groupadd -r k8s
useradd -r -g k8s k8s
chown -R k8s:k8s /data/k8s-data*
上传介质到节点1，并重命名
将Kubernetes和kubectl介质上传到/home/k8s/目录，并重命名。
mv kubernetes-server-linux-amd64.tar.gz kubernetes
mv kubectl-linux-amd64 kubectl
节点1创建K8S启动脚本
使用k8s用户登录，创建脚本并赋权。
vim /home/k8s/start-k8s.sh
#!/bin/bash
export KUBE_APISERVER="https://192.168.1.11:6443"
export KUBE_CONFIG="/home/k8s/.kube/config"
nohup /home/k8s/kubernetes/server/bin/kube-apiserver --advertise-address=192.168.1.11 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/home/k8s/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/home/k8s/ca.crt --etcd-certfile=/home/k8s/server.crt --etcd-keyfile=/home/k8s/server.key --etcd-servers=https://192.168.1.11:2379,https://192.168.1.12:2379,https://192.168.1.13:2379 --kubelet-client-certificate=/home/k8s/server.crt --kubelet-client-key=/home/k8s/server.key --service-account-key-file=/home/k8s/sa.pub --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/home/k8s/server.crt --tls-private-key-file=/home/k8s/server.key > /home/k8s/nohup-k8s.log 2>&1 &
chmod +x start-k8s.sh
将介质和脚本文件分发到各节点
#节点1已存在，可以不用
#scp kubernetes k8s@k8s-master-1:/home/k8s/kubernetes
#scp kubectl k8s@k8s-master-1:/home/k8s/kubectl
#scp start-k8s.sh k8s@k8s-master-1:/home/k8s/start-k8s.sh
scp kubernetes k8s@k8s-master-2:/home/k8s/kubernetes
scp kubectl k8s@k8s-master-2:/home/k8s/kubectl
scp start-k8s.sh k8s@k8s-master-2:/home/k8s/start-k8s.sh
scp kubernetes k8s@k8s-master-3:/home/k8s/kubernetes
scp kubectl k8s@k8s-master-3:/home/k8s/kubectl
scp start-k8s.sh k8s@k8s-master-3:/home/k8s/start-k8s.sh
scp kubernetes k8s@k8s-worker-1:/home/k8s/kubernetes
scp kubectl k8s@k8s-worker-1:/home/k8s/kubectl
scp start-k8s.sh k8s@k8s-worker-1:/home/k8s/start-k8s.sh
scp kubernetes k8s@k8s-worker-2:/home/k8s/kubernetes
scp kubectl k8s@k8s-worker-2:/home/k8s/kubectl
scp start-k8s.sh k8s@k8s-worker-2:/home/k8s/start-k8s.sh
scp kubernetes k8s@k8s-worker-3:/home/k8s/kubernetes
scp kubectl k8s@k8s-worker-3:/home/k8s/kubectl
scp start-k8s.sh k8s@k8s-worker-3:/home/k8s/start-k8s.sh
scp kubernetes k8s@k8s-worker-4:/home/k8s/kubernetes
scp kubectl k8s@k8s-worker-4:/home/k8s/kubectl
scp start-k8s.sh k8s@k8s-worker-4:/home/k8s/start-k8s.sh
scp kubernetes k8s@k8s-worker-5:/home/k8s/kubernetes
scp kubectl k8s@k8s-worker-5:/home/k8s/kubectl
scp start-k8s.sh k8s@k8s-worker-5:/home/k8s/start-k8s.sh
各节点启动K8S服务
# 启动服务
/home/k8s/start-k8s.sh
# 检查启动日志是否有报错
tail -f -n 500 /home/k8s/nohup-k8s.log

Nginx部署配置
配置修改
创建K8S配置文件 nginx/conf.d/k8s.conf
upstream k8s_cluster {
server k8s-master-1:6443；
server k8s-master-2:6443;
server k8s-master-3:6443;
}
server {
listen 80;
server_name 192.168.1.10 localhost; #根据实际情况修改
# To allow special characters in headers
ignore_invalid_headers off;
# 允许上传的文件大小
client_max_body_size 1000m;
# To disable buffering
proxy_buffering off;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
#nginx与upstream server的连接超时时间
proxy_connect_timeout 300;
# 上游K8S服务端向客户端传输数据响应超时时间
send_timeout 300;
# 避免客户端上传较大文件时超时连接被关闭
client_body_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://k8s_cluster;
}
}
K8S Dashboard有启用，但服务端口默认未对外暴露，如果需要暴露，请在nginx中添加相关端口代理配置。
4、部署验证
通过以下命令负载方式对集群进行登录和操作。
kubectl config set-cluster myK8S --server=http://k8s-nginx:80
kubectl config set-context myK8S --cluster=myK8S --user=admin
kubectl config use-context myK8S
kubectl get nodes #查看集群状态
kubectl create namespace media #创建Namespace
kubectl create deployment nginx --image=nginx -n media #创建Deployment
kubectl get pods -n media # 查看Pod状态