Kubernetes集群部署实战:从零到英雄
- 其他
- 2025-09-12 05:39:01
一、环境准备与规划 1.1 硬件与软件要求
最低配置:
控制节点:2核CPU/4GB内存/50GB磁盘工作节点:2核CPU/4GB内存/100GB磁盘操作系统:Ubuntu 20.04/CentOS 7.9+ 网络规划:bash复制
# 节点IP分配示例 192.168.1.100 master1 192.168.1.101 worker1 192.168.1.102 worker2 # Pod网络CIDR:10.244.0.0/16 # Service网络CIDR:10.96.0.0/1
1.2 系统初始化配置bash复制
# 所有节点执行 sudo swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab sudo systemctl stop firewalld && systemctl disable firewalld sudo setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config # 设置主机名解析 sudo hostnamectl set-hostname master1 echo "192.168.1.100 master1" | sudo tee -a /etc/hosts echo "192.168.1.101 worker1" | sudo tee -a /etc/hosts
二、Kubernetes组件安装 2.1 安装Docker容器运行时
bash复制
# 所有节点执行 sudo apt-get update && sudo apt-get install -y docker.io sudo systemctl enable docker && systemctl start docker # 配置镜像加速 sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": [" registry -hangzhou.aliyuncs "] } EOF sudo systemctl restart docker
2.2 安装kubeadm/kubelet/kubectlbash复制
# 添加Kubernetes源 sudo apt-get install -y apt-transport-https ca-certificates curl curl -s mirrors.aliyun /kubernetes/apt/doc/apt-key.gpg | sudo apt-key add - sudo tee /etc/apt/sources.list.d/kubernetes.list <<-'EOF' deb mirrors.aliyun /kubernetes/apt/ kubernetes-xenial main EOF # 安装组件 sudo apt-get update sudo apt-get install -y kubelet=1.25.0-00 kubeadm=1.25.0-00 kubectl=1.25.0-00 sudo apt-mark hold kubelet kubeadm kubectl
三、集群初始化与控制平面部署 3.1 初始化Master节点
bash复制
sudo kubeadm init \ --apiserver-advertise-address=192.168.1.100 \ --image-repository registry.aliyuncs /google_containers \ --kubernetes-version v1.25.0 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16 # 配置kubectl访问权限 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
3.2 加入Worker节点bash复制
# 在Worker节点执行初始化后生成的命令 kubeadm join 192.168.1.100:6443 \ --token 3zgbqz.5g7v4l8m3d9w6s2o \ --discovery-token-ca-cert-hash sha256:4f2c6d3...(实际哈希值)
四、网络插件与存储配置 4.1 安装Calico网络
bash复制
kubectl apply -f docs.projectcalico.org/manifests/calico.yaml # 验证Pod网络 kubectl get pods -n kube-system -l k8s-app=calico-node
4.2 配置NFS持久化存储bash复制
# 存储服务器执行 sudo apt install nfs-kernel-server sudo mkdir /nfsdata && chmod 777 /nfsdata echo "/nfsdata *(rw,sync,no_root_squash)" | sudo tee /etc/exports sudo systemctl restart nfs-server # Kubernetes节点执行 sudo apt install nfs-common kubectl apply -f - <<EOF apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: nfs-storage provisioner: example /nfs parameters: server: 192.168.1.200 path: /nfsdata EOF
五、监控与日志系统集成 5.1 部署Prometheus+Grafana
bash复制
helm repo add prometheus-community prometheus-community.github.io/helm-charts helm install prometheus prometheus-community/kube-prometheus-stack \ --namespace monitoring \ --set grafana.adminPassword=admin123
5.2 配置EFK日志收集yaml复制
# 部署Elasticsearch kubectl apply -f download.elastic.co/downloads/eck/2.6.1/crds.yaml kubectl apply -f download.elastic.co/downloads/eck/2.6.1/operator.yaml # 部署Fluentd DaemonSet apiVersion: apps/v1 kind: DaemonSet metadata: name: fluentd namespace: kube-system spec: template: spec: containers: - name: fluentd image: fluent/fluentd-kubernetes-daemonset:v1.16-debian-elasticsearch7 env: - name: FLUENT_ELASTICSEARCH_HOST value: "elasticsearch-logging" - name: FLUENT_ELASTICSEARCH_PORT value: "9200"
六、集群安全加固 6.1 RBAC权限控制
yaml复制
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: pod-reader rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"]
6.2 网络安全策略yaml复制
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny spec: podSelector: {} policyTypes: - Ingress - Egress
七、集群维护与优化 7.1 集群升级操作
bash复制
# 升级kubeadm sudo apt-get update && sudo apt-get install kubeadm=1.26.0-00 kubeadm upgrade plan kubeadm upgrade apply v1.26.0 # 升级节点 kubectl drain worker1 --ignore-daemonsets sudo apt-get install kubelet=1.26.0-00 kubectl=1.26.0-00 sudo systemctl restart kubelet kubectl uncordon worker1
7.2 资源调度优化yaml复制
apiVersion: v1 kind: Pod metadata: name: nginx spec: containers: - name: nginx image: nginx resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m" affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: disktype operator: In values: ["ssd"]
八、高可用方案实现 8.1 控制平面高可用
bash复制
# 使用kubeadm部署多Master节点 kubeadm init --control-plane-endpoint "LOAD_BALANCER_IP:6443" \ --upload-certs # 其他Master节点加入 kubeadm join LOAD_BALANCER_IP:6443 --token ... \ --control-plane --certificate-key ...
8.2 工作节点自动扩展yaml复制
apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: php-apache spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: php-apache minReplicas: 1 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 50
九、故障排查指南 9.1 常见问题分析 故障现象排查命令解决方案Pod处于Pending状态kubectl describe pod <pod-name>检查资源配额和节点调度服务无法访问kubectl get endpoints验证Service与Pod标签匹配节点NotReadyjournalctl -u kubelet检查kubelet日志和网络连通性 9.2 诊断工具箱
bash复制
# 查看集群事件 kubectl get events --sort-by='.metadata.creationTimestamp' # 网络连通性测试 kubectl run -it --rm debug --image=nicolaka/netshoot -- /bin/bash # 性能分析工具 kubectl top nodes kubectl top pods
总结与进阶建议
通过本指南,您已完成从零开始构建生产级Kubernetes集群的全过程。建议持续关注以下方向:
服务网格:集成Istio实现微服务治理GitOps实践:使用Argo CD实现持续部署混合云管理:探索Cluster API跨云管理集群Kubernetes集群部署实战:从零到英雄由讯客互联其他栏目发布,感谢您对讯客互联的认可,以及对我们原创作品以及文章的青睐,非常欢迎各位朋友分享到个人网站或者朋友圈,但转载请说明文章出处“Kubernetes集群部署实战:从零到英雄”
![[嵌入式系统-39]:龙芯1B开发学习套件-9-PMON的文件结构](/0pic/pp_24.jpg)
