kubeadm开快速的搭建一个k8s集群

二进制适合大集群,50台以上主机

kubeadm更适合中小企业的业务集群。

master节点 20.0.0.92 docker kubelet kubeadm kubectl flannel

node1 20.0.0. 94 docker kubelet kubeadm kubectl flanne

node2 20.0.0.03 docker kubelet kubeadm kubectl flanne

harbor 20.0.0.95 docker docker-compose harbor

systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i 's/enforcing/disabled/' /etc/selinux/config iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X swapoff -a

hostnamectl set-hostname master01 hostnamectl set-hostname node01 hostnamectl set-hostname node02

sysctl --system

所有节点安装docker yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install -y docker-ce docker-ce-cli containerd.

所有节点安装kubeadm,kubelet和kubectl //定义kubernetes源 cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=kubernetes-yum-repos-kubernetes-el7-x86_64安装包下载_开源镜像站-阿里云 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF

yum install -y kubelet-1.20.15 kubeadm-1.20.15 kubectl-1.20.15 systemctl enable kubelet.service

kudeadm config images list --kubernetes-version 1.20.15

pause:特殊的pod

pause:会在节点上创建一个网络命名空间,其他容器可以加入这个网络命名空间

pod里面的容器可能使用不同的代码和架构代码,可以在一个网络空间里面实现通信,协调这个命名里面的资源(实现pod内容器兼容性)

kubeadm安装的k8s组件都是以pod的形式运行在kube-system这个命名空间当中

kubeketnode管理器可以进行系统控制

master 节点上传 v1.20.15.zip 压缩包至 /opt 目录
unzip v1.20.15.zip -d /opt/k8s
cd /opt/k8s/
for i in $(ls *.tar); do docker load -i $i; done



[root@k8s1 ~]# kubeadm init \

> --apiserver-advertise-address=192.168.233.91 \
> --image-repository registry.aliyuncs.com/google_containers \
> --kubernetes-version=v1.20.15 \
> --service-cidr=10.96.0.0/16 \
> --pod-network-cidr=10.244.0.0/16 \
> --token-ttl=0



--apiserver -advertise-addre :声明master节点的apiserver的监听地址是

--image-repository registry.aliyuncs.com/google_containers \:声明拉去镜像的仓库,使用阿里云

--service-cidr=10.96.0.0/16 \ 所有sevice的对外代理地址都是10.96.0.0/16

--pod-network-cidr=10.244.0.0/16 \ 所有pod的ip地址网段

--token-ttl=0

在node节点加入集群

kubeadm join 20.0.0.92:6443 --token j7h4sa.yau6cfyzva2zk9ll \
    --discovery-token-ca-cert-hash sha256:13b961db6119c69691992ef0e33b46a97339290d6ff19d8effe00329e543d28f

mkdir -p $HOME/.kube

cd /etc/kubernetes

cp admin.conf /root/.kube/config

cd /root/.kube

chown $(id -u):$(id -g) $HOME/.kube/config

systemctl restart kubelet

kubectl edit cm kube-proxy -n=kube-system

systemctl restart kubelet

kubectl get node

kubectl get cs

vim /etc/kubernetes/manifests/kube-controller-manager.yaml

vim /etc/kubernetes/manifests/kube-controller-manager.yaml             vim /etc/kubernetes/manifests/kube-controller-manager.yaml

systemctl restart kubelt

kubectl get cs

kubectl get pods -n kube-system

cd /opt docker load < flannel.tar

mv /opt/cni /opt/cni_bak mkdir -p /opt/cni/bin tar zxvf cni-plugins-linux-amd64-v0.8.6.tgz -C /opt/cni/bin

node01

docker load -i flannel.tar

mv /opt/cni /opt/cin_bak

mkdir -p /opt/cni/bin

tar zxvf 

./update-kubeadm-cert.sh all

5上

              vim harbor.yml

//生成证书
mkdir -p /data/cert
cd /data/cert
#生成私钥
openssl genrsa -des3 -out server.key 2048
输入两遍密码:123456

生成证书签名请求文件
openssl req -new -key server.key -out server.c

#备份私钥
cp server.key server.key.org

#清除私钥密码
openssl rsa -in server.key.org -out server.key
输入私钥密码:123456

cd /opt/harbor

./prepare

./install.sh

node01

mdkir -p /etc/docker/certs.d/hub.test.com

在harbor主机上

scp -r data/ root20.0.0.93:/

scp -r data/ root20.0.0.94:/

在node01和node02

cp server.crt server.csr server.key /etc/docker/hun.com.test

在harbor上

vim /etc/hosts 192.168.233.94 hub.test.com

vim /lib/systemd/system/docker.service

systemctl daemon-reload

systemctl restart docker

在node节点上

docker login -u admin -p 123456 https://hub.test.com

docker tag nginx:latest hub.test.com/library/nginx:v1

docker push hub.test.com/library/nginx:v1

在master节点上删除之前创建的nginx资源
kubectl delete deployment myapp-test

kubectl create deployment myapp-test  --image=hub.test.com/library/nginx:v1 --port=80 --replicas=3
kubectl expose deployment myapp1-test  --port=30000 --target-port=80

 部署 Dashboard

master01 节点上操作

vim recommended.yaml

kubectl apply -f recommended.yaml

#创建service account并绑定默认cluster-admin管理员集群角色
kubectl create serviceaccount dashboard-admin -n kube-system

kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin


#获取token值
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

#使用输出的token登录Dashboard
https://20.0.0.92:30001


 

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐