Docker Kubernetes

# Docker Kubernetes ## Docker kubernetes Install :::info 除非有提示, 否則下列步驟均以 root 權限操作 ::: ### 相關工作 * 關閉 Swarm ```bash vim /etc/fstab # 把 swarm 的部分註解 #UUID=44845a88-d40d-4680-9519-69f3bfcfbaf6 swap swap defaults 0 0 # 確認 $ free -m ``` * 更改節點名稱 ```bash # 依照機器數量去改 hostnamectl set-hostname docker1 bash # 變更生效 vim /etc/hosts # 依照動應 IP 編輯名稱 192.168.68.201 docker1 192.168.68.202 docker2 192.168.68.203 docker3 ``` * 關閉 SELinux * 永久關閉 ```bash vim /etc/selinux/config # 更改下面那行 SELINUX=Disabled ``` * firewalld 設定 * 直接關掉 ``` systemctl stop firewalld && systemctl disable firewalld ``` * iptable 設定 ```bash vim /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 sysctl --system # 套用設定 echo '1' > /proc/sys/net/ipv4/ip_forward ``` ### containerd * 安裝/更新 containerd 的軟體包 ```bash yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo ``` * 安裝/更新 containerd 服務 ```bash yum install -y yum-utils containerd.io && rm -I /etc/containerd/config.toml ``` **刪除config.toml以免後續安裝錯誤** * 開機啟動 & 啟動/重啟服務 ```bash systemctl enable containerd systemctl restart containerd # systemctl start containerd ``` * 確認 containerd 啟動情況 ```bash systemctl status containerd ``` ### Kubernetes * 編輯安裝包 (CentOS 內建沒有) ```bash vim /etc/yum.repos.d/kubernetes.repo ``` * 會自動抓最新版 ```bash= [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg ``` * 安裝 ```bash yum install -y kubelet kubectl kubeadm ``` ### 控制節點初始化 (只需跑在master) ```bash kubeadm init --apiserver-advertise-address=192.168.68.201 --pod-network-cidr=192.168.0.0/16 # 會跑幾分鐘 ``` * 初始化完成 ``` Your Kubernetes control-plane has initialized successfully! ... 跟後續設定相關資訊 ... ... 加入的Token ... ``` * 在要執行 kubectl 的使用者家目錄下建立 (user) ```bash # 建目錄跟改權限 $ mkdir -p $HOME/.kube $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config && sudo chown $(id -u):$(id -g) $HOME/.kube/config ``` * 網路設定 (user) ```bash $ curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/calico.yaml -O $ kubectl apply -f calico.yaml ``` * pods check ```bash $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-kube-controllers-77bd7c5b-glxtf 1/1 Running 0 103m kube-system calico-node-654cb 1/1 Running 0 4m43s kube-system calico-node-d7cq7 1/1 Running 0 103m kube-system calico-node-ljlrh 1/1 Running 1 (17m ago) 103m kube-system coredns-5dd5756b68-5ls8t 1/1 Running 0 3h3m kube-system coredns-5dd5756b68-cs5jt 1/1 Running 0 3h3m kube-system etcd-docker1 1/1 Running 1 (107m ago) 3h3m kube-system kube-apiserver-docker1 1/1 Running 1 (107m ago) 3h3m kube-system kube-controller-manager-docker1 1/1 Running 1 (107m ago) 3h3m kube-system kube-proxy-7n7rn 1/1 Running 1 (107m ago) 3h3m kube-system kube-proxy-ckjsv 1/1 Running 1 (17m ago) 109m kube-system kube-proxy-pr8lb 1/1 Running 0 4m43s kube-system kube-scheduler-docker1 1/1 Running 1 (107m ago) 3h3m ``` ### Kubernetes 所有節點設定 * 開機啟動 (初始化之前不會是 Active 狀態) ```bash $ sudo systemctl enable kubelet ``` * 檢查 (user) ```bash $ kubectl get nodes $ kubectl get pods --all-namespaces ``` ### 節點加入 * master ```bash $ kubeadm token create --print-join-command ``` **產生的結果就是節點加入的指令** * nodes ```bash $ sudo kubeadm join 192.168.68.201:6443 --token 9b.............1m53tg0n --discovery-token-ca-cert-hash sha256:1d2fa230522c12a27defa633017eb634....................1f546eb31383 ``` ```bash $ sudo systemctl start kubelet ``` * master ```bash $ kubectl get node NAME STATUS ROLES AGE VERSION docker1 Ready control-plane 3h4m v1.28.2 docker2 Ready <none> 110m v1.28.2 docker3 Ready <none> 5m27s v1.28.2 ```