centos7 kubeadm安装k8s:1.15.0(三节点)
1, 基本架构,安装流程角色基本配置ip安装的组件执行的动作解决操作失败(重置配置)master3核+, 4G+192.168.56.190docker, <kubeadm,kubectl, kubelet>kubeadm init …kubeadm resetnode13核+, 4G+192.168.56.191docker, &l...
·
1, 基本架构,安装流程
| 角色 | 基本配置 | ip | 安装的组件 | 执行的动作 | 解决操作失败(重置配置) |
|---|---|---|---|---|---|
| master | 3核+, 4G+ | 192.168.56.190 | docker, <kubeadm,kubectl, kubelet> | kubeadm init … | kubeadm reset |
| node1 | 3核+, 4G+ | 192.168.56.191 | docker, <kubeadm,kubectl, kubelet> | kubeadm join xx --token… | kubeadm reset |
| node2 | 3核+, 4G+ | 192.168.56.192 | docker, <kubeadm,kubectl, kubelet> | kubeadm join xx --token… | kubeadm reset |
2, 三节点环境准备:防火墙,docker,kubeadmin套件
# 1, 配置hosts文件
cat >> /etc/hosts<<EOF
192.168.56.190 master
192.168.56.191 node1
192.168.56.192 node2
EOF
#2, 关闭防火墙, 禁用swap内存交换
service firewalld stop
systemctl disable firewalld
setenforce 0
sed -i s/SELINUX=enforcing/SELINUX=disabled/ /etc/selinuc/config
swapoff -a
echo "swapoff -a" >>/etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
#或开机禁用swap: 编辑/etc/fstab --> 注释掉swap 分区
# 3, 配置iptable管理ipv4/6请求
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
#4, 安装docke-rce-18.06
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce-18.06.1.ce-3.el7
systemctl enable docker && systemctl start docker
docker --version
#5, 配置docker启动参数
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://yywkvob3.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#重启docker
systemctl daemon-reload
systemctl restart docker
#6, 安装kubeadm套件
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
systemctl enable kubelet
3, 集群初始化
a, 初始化集群
kubeadm init \
--apiserver-advertise-address=192.168.56.190 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.15.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
b, node节点加入集群
kubeadm join 192.168.56.190:6443 --token yxasby.0965o9ey5cvkhsx2 \
--discovery-token-ca-cert-hash sha256:8f14a02842632eb081c9bff98c843ef4cafe27f26a71fa897cf02f1fbce2bfba
c, master节点查看集群状态
#部署flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
## 由于flannel通信,apiserver要等待一段时间
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 7h41m v1.15.0
node1 Ready <none> 7h39m v1.15.0
node2 Ready <none> 7h39m v1.15.0
#部署一个nginx 应用,测试集群是否正常
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
#使用curl 节点ip:service暴露的端口,来验证
4, 安装dashboard
mkdir ui && cd ui
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
#修改image为:lizhenliang/kubernetes-dashboard-amd64:v1.10.1
#或使用aliyun的镜像:registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
#修改Service为NodePort, 可以指定固定的nodePort,否则就会随机分配端口
#spec:
# type: NodePort
# ports:
# - port: 443
# targetPort: 8443
# #nodePort: 30001
# selector:
# k8s-app: kubernetes-dashboard
kubectl apply -f kubernetes-dashboard.yaml
#[root@master ui]# kubectl get pod -A -o wide |grep dash
#kube-system kubernetes-dashboard-7d46676dcb-2zrs7 1/1 Running 0 63m 10.244.1.9 node2 <none> <none>
#[root@master ui]# kubectl get svc -A -o wide |grep dash
#kube-system kubernetes-dashboard NodePort 10.1.39.194 <none> 443:30389/TCP 7h17m k8s-app=kubernetes-dashboard
#创建登陆账户
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
#浏览器访问https://IP:30389, 输入登陆密钥:
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
########### 解决google浏览器不能访问dashboard页面 https://IP:30389 #########
#拷贝api证书充当dashboard的证书签名, 删除默认它的证书
cp /etc/kubernetes/pki/{apiserver.crt,apiserver.key} .
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
#修改dashboard.yaml,配置生成自定义证书(修改args内容)
- --auto-generate-certificates
- --tls-key-file=apiserver.key
- --tls-cert-file=apiserver.crt
#重启dashboard
kubectl apply -f kubernetes-dashboard.yaml
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献12条内容
所有评论(0)