Kubernetes教程FG092-Kubernetes操作系统与运行时环境实战解析
目录大纲
Part01-基础概念与理论知识
1.1 操作系统支持
Kubernetes支持多种Linux发行版,以下是常用的操作系统。,风哥提示:。。。
- Ubuntu:18.04 LTS, 20.04 LTS, 22.04 LTS
- Debian:9, 10, 11
- CentOS:7, 8
- RHEL:7, 8, 9
- Oracle Linux:7, 8, 9
- SUSE Linux Enterprise Server:15
- 国产操作系统:麒麟OS, 欧拉OS
1.2 容器运行时
- Docker:最常用的容器运行时
- containerd:Docker的容器运行时组件,轻量级
- CRI-O:专门为Kubernetes设计的容器运行时
- rkt:CoreOS开发的容器运行时
1.3 系统要求
- 内核版本:至少3.10以上,推荐4.14+
- 内存:至少2GB,推荐4GB+
- CPU:至少2核,推荐4核+
- 存储:至少20GB,推荐50GB+
- 网络:支持IPv4和IPv6
Part02-生产环境规划与建议
2.1 操作系统选择
- 企业级环境:推荐使用RHEL、Oracle Linux或SUSE Linux,稳定性高
- 开源环境:推荐使用Ubuntu或Debian,更新快,社区活跃
- 国产环境:推荐使用麒麟OS或欧拉OS,符合国内法规要求
- 云环境:根据云服务提供商的推荐选择操作系统
2.2 容器运行时选择
- 简单部署:使用Docker,生态成熟,文档丰富
- 轻量级部署:使用containerd,资源占用少
- Kubernetes原生:使用CRI-O,专为Kubernetes优化
2.3 系统配置建议
- 关闭不必要的服务:减少系统资源占用
- 优化内核参数:提高系统性能
- 配置时间同步:确保集群时间一致
- 配置防火墙:限制不必要的网络访问
- 安装必要的软件包:如容器运行时、Kubernetes组件等
2.4 运行时配置建议
- 配置容器镜像仓库:加速镜像拉取
- 配置容器日志:便于排查问题
- 配置容器资源限制:防止资源滥用
- 配置容器安全:启用容器安全特性
Part03-生产环境项目实施方案
,风哥提示:。
3.1 操作系统配置
3.1.1 配置Ubuntu系统
# 更新系统 apt-get update apt-get upgrade -y # 安装必要的软件包 apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common # 关闭防火墙 ufw disable # 关闭swap swapoff -a sed -i '/swap/s/^/#/' /etc/fstab # 配置内核参数 cat > /etc/sysctl.d/kubernetes.conf << EOF net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF # 应用内核参数 sysctl -p /etc/sysctl.d/kubernetes.conf # 配置时间同步 apt-get install -y chrony systemctl start chronyd systemctl enable chronyd
执行 →
# 更新系统 ... Reading package lists... Done Building dependency tree... Done Reading state information... Done ... # 安装必要的软件包 ... Reading package lists... Done Building dependency tree... Done Reading state information... Done ... # 关闭防火墙 Firewall stopped and disabled on system startup # 应用内核参数 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 # 配置时间同步 ... Created symlink /etc/systemd/system/multi-user.target.wants/chronyd.service → /lib/systemd/system/chronyd.service.
3.2 容器运行时安装
3.2.1 安装Docker
# 添加Docker仓库
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# 安装Docker
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io
# 配置Docker
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",学习交流加群风哥微信: itpux-com。
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
# 重启Docker
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
执行 →
# 添加Docker仓库
OK
# 安装Docker
...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
...
# 重启Docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
# 检查Docker状态
systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-01-01 10:00:00 UTC; 1min ago
Docs: https://docs.docker.com
Main PID: 12345 (dockerd)
Tasks: 10
Memory: 100.0M
CPU: 1.0%
CGroup: /system.slice/docker.service
└─12345 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
3.3 安装containerd
3.3.1 安装containerd
# 安装containerd apt-get install -y containerd # 配置containerd mkdir -p /etc/containerd containerd config default > /etc/containerd/config.toml # 修改配置 sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml # 重启containerd systemctl restart containerd systemctl enable containerd
执行 →
# 安装containerd
...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
...
# 重启containerd
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
# 检查containerd状态
systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/lib/systemd/system/containerd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-01-01 10:05:00 UTC; 1min ago
Docs: https://containerd.io,学习交流加群风哥QQ113257174。
Main PID: 67890 (containerd)
Tasks: 10
Memory: 50.0M
CPU: 0.5%
CGroup: /system.slice/containerd.service
└─67890 /usr/bin/containerd
Part04-生产案例与实战讲解
4.1 实战案例:Ubuntu系统部署Kubernetes
4.1.1 系统配置
# 更新系统
apt-get update
apt-get upgrade -y
# 安装必要的软件包
apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
# 关闭swap
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
# 配置内核参数
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf
# 安装Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io
# 配置Docker
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
# 添加Kubernetes仓库
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat > /etc/apt/sources.list.d/kubernetes.list << EOF
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
# 安装Kubernetes组件
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
# 初始化集群
kubeadm init --pod-network-cidr=10.244.0.0/16
# 配置kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 安装网络插件,更多视频教程www.fgedu.net.cn。
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
执行 →
# 初始化集群 ... Your Kubernetes control-plane has initialized successfully! # 检查集群状态 kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master-1 Ready control-plane 10m v1.27.0
4.2 实战案例:RHEL系统部署Kubernetes
4.2.1 系统配置
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭SELinux
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
# 关闭swap
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
# 配置内核参数
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf
# 安装Docker
yum install -y docker
systemctl start docker
systemctl enable docker
# 配置Docker
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
systemctl daemon-reload
systemctl restart docker
# 添加Kubernetes仓库
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
# 安装Kubernetes组件
yum install -y kubelet kubeadm kubectl
systemctl start kubelet
systemctl enable kubelet
# 初始化集群
kubeadm init --pod-network-cidr=10.244.0.0/16
# 配置kubectl,更多学习教程公众号风哥教程itpux_com。
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 安装网络插件
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
执行 →
# 初始化集群 ... Your Kubernetes control-plane has initialized successfully! # 检查集群状态 kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master-1 Ready control-plane 10m v1.27.0
4.3 实战案例:国产操作系统部署Kubernetes
4.3.1 系统配置(麒麟OS)
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭SELinux
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
# 关闭swap
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
# 配置内核参数
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf
# 安装Docker
yum install -y docker
systemctl start docker
systemctl enable docker
# 配置Docker
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
systemctl daemon-reload
systemctl restart docker
# 添加Kubernetes仓库
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装Kubernetes组件。
yum install -y kubelet kubeadm kubectl
systemctl start kubelet,from K8S+DB视频:www.itpux.com。
systemctl enable kubelet
# 初始化集群
kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers
# 配置kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 安装网络插件
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
执行 →
# 初始化集群 ... Your Kubernetes control-plane has initialized successfully! # 检查集群状态 kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master-1 Ready control-plane 10m v1.27.0
Part05-风哥经验总结与分享
5.1 操作系统选择最佳实践
- 根据企业需求选择合适的操作系统
- 优先选择LTS版本,确保稳定性和长期支持
- 定期更新系统和安全补丁
- 关闭不必要的服务和功能
- 优化系统参数,提高系统性能
- 配置时间同步,确保集群时间一致
- 建立系统备份和恢复机制
5.2 容器运行时选择最佳实践
- 根据部署规模和需求选择合适的运行时
- 生产环境推荐使用containerd或CRI-O,轻量高效
- 配置容器镜像仓库,加速镜像拉取
- 配置容器日志,便于排查问题
- 配置容器资源限制,防止资源滥用
- 启用容器安全特性,提高安全性
- 定期更新容器运行时版本
5.3 风哥提示
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
