Kubernetes安装
k8s环境配置首先准备三台虚拟机,配置为CentOS7,4G内存,每个虚拟机两块硬盘各20G,安装Docker,管理节点能免密登录工作节点。然后三台虚拟机关闭防火墙、iptables、SELinuxsystemctl stop firewalldsystemctl disable firewalldvi /etc/sysconfig/selinuxSELINUX=disabeld然后重启使配置生效
k8s环境配置
-
首先准备三台虚拟机,配置为CentOS7,4G内存,每个虚拟机两块硬盘各20G,安装Docker,管理节点能免密登录工作节点。
-
然后三台虚拟机关闭防火墙、iptables、SELinux
systemctl stop firewalld
systemctl disable firewalld
vi /etc/sysconfig/selinux
SELINUX=disabeld
-
然后重启使配置生效
-
然后把彼此的hosts表填写完整,例如
- 测试一下虚拟机的网络连通性
-
配置daemon.json
[root@node2 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": [
"https://dockerhub.azk8s.cn",
"https://reg-mirror.qiniu.com"
],
"insecure-registries":["registry:5000"]
}
- 配置本地镜像仓库:docker pull 如下镜像
-
可以写个脚本执行下载
-
由于以上带有google的镜像需要到谷歌hub下载,然而经过各种尝试,无法直接翻墙下载(虽然安装了代理软件之后阔以下载google首页网页),于是转为间接下载,在hub.docker.com上搜索相关镜像下载,然后docker pull时记得带上版本号
-
然后每一个镜像进行类似操作,将下载的镜像传入到本地镜像仓库:
docker tag docker.io/php:5.5 registry:5000/pre_images/php:5.5 docker push registry:5000/pre_images/php:5.5
-
测试:
docker安装完成后,开始安装k8s
-
添加源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
安装指定版本的工具:
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0 --disableexcludes=kubernetes
systemctl enable kubelet & systemctl start kubelet
(我这边选的版本较低,现在已经更新至1.22了)
修改网络配置
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables =1
net.bridge.bridge-nf-call-iptables =1
EOF
sysctl --system
初始化Master节点
生成初始化文件
配置文件方式
在主节点执行:
kubeadm config print init-defaults > kubeadm-init.yaml
此时在目录下会看到一个文件: kubeadm-init.yaml
修改该文件的两处配置:
advertiseAddress: 192.168.242.132 修改为本机地址
imageRepository: 修改为registry.cn-hangzhou.aliyuncs.com/google_containers
然后可以添加一个podSubnet: 10.244.0.0/16 在serviceSubnet: 10.96.0.0/12后面
修改后文件如下:
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.242.132
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: node2
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.18.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
下载镜像:
[root@node2 ~]# kubeadm config images pull --config kubeadm-init.yaml
禁用swap分区:
swap,当内存不足时,linux会自动使用swap,将部分内存数据存放到磁盘中,这个这样会使性能下降,为了性能考虑推荐关掉
[root@node2 ~]# vim /etc/fstab
注释掉swap那一行,重启即生效
[root@node2 ~]# swapoff -a #不用重启立即生效
执行初始化:
显示:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
**mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config**
**sudo chown $(id -u):$(id -g) $HOME/.kube/config**
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.242.132:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:860e48e348924d0dd2c63abec1bfd47efa5cb3b30556b527a089157e1eafd91f
执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
然后查看节点状态:
[root@node2 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
node2 NotReady master 3m33s v1.18.0
配置网络:
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
这个calico的网络可能会出现node或者controller 0/ running或者ContainerCreating或者其他状况,像这种
你需要下载这个calico.yaml文件,根据自己实际情况修改,有几个我改过的写在这里:
node节点和Master节点都需要开启ipv4转发:
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
每修改一个地方都查看一下状态
进入到出现问题的容器内部查看router id的绑定值
[root@master01 ~]# kubectl exec -ti calico-node-j4f5m -n kube-system -- bash
[root@k8s-master1 /]# cat /etc/calico/confd/config/bird.cfg
如果发现router id的值是172.18.0.1则说明它没有绑定宿主机的IP,此时我们需要修改calico.yaml文件,查看你自己的网卡名称,记住它,然后加两句话到这里,让它自动发现宿主机的IP地址
- name: IP_AUTODETECTION_METHOD
value: "interface=ens33"
然后重新应用
rm -rf /var/lib/cni
kubectl apply -f calico.yaml
[root@node2 ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-57947f966b-xhm7z 1/1 Running 11 43h
calico-node-8n4gt 1/1 Running 2 43h
calico-node-pcbq2 1/1 Running 0 43h
calico-node-rxkc8 1/1 Running 0 43h
然后查看状态
kubectl get node
kubectl get pods --all-namespaces
要全部为running 1/1,并且Master节点的CPU核数要大于2,内存不够加内存即可
[root@node2 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
node2 Ready master 2d1h v1.18.0
node3 Ready <none> 2d1h v1.18.0
node4 Ready <none> 2d1h v1.18.0
当节点全部Ready时,表示集群已经构建完成
服务程序文件列表如下:
安装Dashboard
#下载
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.1.0/aio/deploy/recommended.yaml
官方的kubernetes-dashboard.yaml文件中service的type类型为clusterIp(service默认类型),这种方式要访问dashboard需要通过代理,所以我们改为NodePort方式,这样部署完后,就可以直接通过浏览器访问
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #添加
ports:
- port: 443
targetPort: 8443
nodePort: 30443 #添加,这个是你登录dashboard时用到的端口
selector:
k8s-app: kubernetes-dashboard
查看
[root@node2 dashboard]# kubectl get pods --all-namespaces | grep dashboard
kubernetes-dashboard dashboard-metrics-scraper-d596d58f6-xd469 1/1 Running 1 2d21h
kubernetes-dashboard kubernetes-dashboard-687cfb7dbd-hvshz 1/1 Running 2 2d2h
[root@node2 dashboard]# kubectl get pod,svc -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-d596d58f6-xd469 1/1 Running 1 2d21h 10.244.3.76 node4 <none> <none>
pod/kubernetes-dashboard-687cfb7dbd-hvshz 1/1 Running 2 2d2h 10.244.104.14 node2 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 10.104.44.204 <none> 8000/TCP 3d k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard NodePort 10.104.71.238 <none> 443:30443/TCP 3d k8s-app=kubernetes-dashboard
状态正常后开始创建用户:
[root@node2 dashboard]# cat dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
kubectl create -f dashboard-adminuser.yaml
生成登录token:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-f8h4d
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 4807ac11-9d6c-4eee-a2bd-9a7738dc8638
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImdYbi1aQTdSMDNra05fbGgxOGRIQXpuWkZ3U3kwWkhZZGhSSmZLTDJKT2sifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWY4aDRkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0ODA3YWMxMS05ZDZjLTRlZWUtYTJiZC05YTc3MzhkYzg2MzgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.FISLv6HScNJbRLQg87L_lf1QtgSmxfRFs-ej5Z8W6F4j_DF1cwW5GF8ThhefQhLIQq7m5Hi5RvV2ybh9H3F48AV8P_w17sPORRd1uShGfmGf5FgoC1SX2fcDyqJjPPUIIaK-NVhDLiPJgpFIxLq8c-rWWZNotBnMb0b8O0CIvdJTLE7guOklcvhHOrHaI7D2KZrF2GlUxdfN8CL51IC7_o6xV9yh49v46Tlx7qpjMXARxS6KdlVECt0wjaTU859C9_4B0Up4F6neIs9dijsovcwUXSPfooRSQd-D-m2LRghxYH3pLx5LY2dPKx0WH_lGqsxdZMwDWRpkmuoRenFKrQ
- 复制这个token到剪切板,一会会用到
- 登录dashboard
- 火狐浏览器输入:https://Master节点的虚拟机IP+端口
- 选择Token登录,粘贴刚刚复制的Token
- 成功登录,撒花~
更多推荐
所有评论(0)