# CentOS7系統部署K8s集群的示例分析
## 前言
Kubernetes(簡稱K8s)作為當前最流行的容器編排平臺,已成為企業級容器化應用部署的事實標準。本文將詳細介紹在CentOS7操作系統上部署Kubernetes集群的全過程,包括環境準備、組件安裝、集群初始化和應用部署等關鍵步驟,并針對常見問題提供解決方案。
---
## 一、環境準備
### 1.1 系統要求
- **操作系統**:CentOS 7.6及以上(推薦7.9)
- **硬件配置**:
- Master節點:2核CPU/4GB內存/20GB磁盤
- Worker節點:1核CPU/2GB內存/15GB磁盤
- **網絡要求**:
- 節點間網絡互通
- 關閉防火墻或開放6443、2379-2380等端口
### 1.2 節點規劃
| 主機名 | IP地址 | 角色 |
|------------|-------------|--------------------|
| k8s-master | 192.168.1.10 | Master + Etcd |
| k8s-node1 | 192.168.1.11 | Worker |
| k8s-node2 | 192.168.1.12 | Worker |
### 1.3 基礎環境配置
```bash
# 所有節點執行
# 1. 關閉SELinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# 2. 關閉防火墻
systemctl stop firewalld
systemctl disable firewalld
# 3. 配置主機名解析
cat >> /etc/hosts <<EOF
192.168.1.10 k8s-master
192.168.1.11 k8s-node1
192.168.1.12 k8s-node2
EOF
# 4. 禁用swap
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 所有節點執行
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7
systemctl enable docker && systemctl start docker
# 所有節點執行
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
yum install -y kubelet-1.22.3 kubeadm-1.22.3 kubectl-1.22.3
systemctl enable kubelet
# 僅在Master節點執行
kubeadm init \
--apiserver-advertise-address=192.168.1.10 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.22.3 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
# 成功后會輸出join命令,類似:
kubeadm join 192.168.1.10:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
# 在每個Worker節點執行前面輸出的join命令
kubeadm join 192.168.1.10:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
驗證集群狀態:
kubectl get nodes
# 預期輸出
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 10m v1.22.3
k8s-node1 Ready <none> 5m v1.22.3
k8s-node2 Ready <none> 5m v1.22.3
# nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.19
ports:
- containerPort: 80
kubectl apply -f nginx-deploy.yaml
kubectl expose deployment nginx-deployment --port=80 --type=NodePort
kubectl get svc
# 訪問測試(假設NodePort為31234)
curl http://<任意節點IP>:31234
[kubelet-check]階段
journalctl -xeu kubelet # 查看日志
systemctl restart kubelet
kubectl describe pod <pod-name>
kubectl logs <pod-name> [-c <container-name>]
calico-nodeDaemonSet日志
kubectl logs -n kube-system -l k8s-app=calico-node
定期備份:
# 備份etcd數據
kubectl exec -n kube-system etcd-k8s-master -- sh -c 'ETCDCTL_API=3 etcdctl snapshot save /snapshot.db'
版本升級:
yum list --showduplicates kubeadm --disableexcludes=kubernetes
kubeadm upgrade plan
節點維護:
kubectl drain <node-name> --ignore-daemonsets
kubectl delete node <node-name>
