K8S学习--Kubeadm-3-dashboard部署和升级
1.4.10 部署 web 服务 dashboardhttps://github.com/kubernetes/dashboard #web 服务 dashboard兼容1.17https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc6/aio/deploy/recommended.yaml#安装配置文件 但是下载ur...
·
K8S学习–Kubeadm 安装 kubernetes-1-组件简介
K8S学习–Kubeadm 安装 kubernetes-2-安装部署
1.4.10 部署 web 服务 dashboard
https://github.com/kubernetes/dashboard #web 服务 dashboard
兼容1.17
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc6/aio/deploy/recommended.yaml
#安装配置文件 但是下载url不可用 需要改为国内地址 而且需要修改一定的内容
拉入配置文件admin-user.yml 和 admin-user.yml
采用最简单的方式 让其直接能够给vmware访问
#vim dashboard-2.0.0-rc6.yml
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30002
selector:
k8s-app: kubernetes-dashboard
image: harbor.linux39.com/baseimages/dashboard:v2.0.0-rc6 #镜像地址修改
1.4.10.1 部署 dashboard 2.0.0 rc6
# kubectl apply f dashboard 2.0.0 rc6.yml f admin user.yml
1.4.10.2 获取登录 token
# kubectl get secret A | grep admin user
kubernetes dashboard admin user token lkwbr
kubernetes.io/service account toke n 3 3m15s
# kubectl describe secret admin-user-token-lkwbr n kubernetes dashboard
1.4.10.3:基于kubeconfig文件登入验证
root@master-1:~# cp /root/.kube/config /opt/kubeconfig
root@master-1:~# vim /opt/kubeconfig #再最后添加获取到的token 注意格式
然后上传到宿主机即可
实验:
把镜像pull下来之后打到harbor中:
root@master-1:/usr/local/src# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kubernetesui/dashboard v2.0.0-rc6 cdc71b5a8a0e 2 weeks ago 221MB
quay.io/coreos/flannel v0.12.0-amd64 4e9f801d2217 2 weeks ago 52.8MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.17.2 cba2a99699bd 2 months ago 116MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.17.2 41ef50a5f06a 2 months ago 171MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.17.2 da5fd66c4068 2 months ago 161MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.17.2 f52d4c527ef2 2 months ago 94.4MB
registry.cn-hangzhou.aliyuncs.com/google_containers/coredns 1.6.5 70f311871ae1 4 months ago 41.6MB
registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 5 months ago 288MB
registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 2 years ago 742kB
在master和node节点中增加hosts域名解析给harbor地址
# vim /etc/hosts
172.20.10.33 harbor.linux39.com
在每一个需要上传下载镜像的master或者node都要配置下面的参数 node节点通常比较多的要上传下载镜像
# vim /lib/systemd/system/docker.service #在后面新增参数--insecure-registry harbor.linux39.com
14 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harbor.linux39.com
# systemctl daemon-reload
# systemctl restart docker
root@master-1:~# docker login harbor.linux39.com
Login Succeeded
root@master-1:~# docker tag cdc71b5a8a0e harbor.linux39.com/baseimages/dashboard:v2.0.0-rc6
root@master-1:~#
root@master-1:~# docker push harbor.linux39.com/baseimages/dashboard:v2.0.0-rc6
The push refers to repository [harbor.linux39.com/baseimages/dashboard]
f6419c845e04: Pushed
v2.0.0-rc6: digest: sha256:7d7273c38f37c62375bb8262609b746f646da822dc84ea11710eed7082482b12 size: 529
访问harbor网页:
新建了一个文件项目baseimages 然后push之后复制相应的URL
URL:
docker pull harbor.linux39.com/baseimages/dashboard:v2.0.0-rc6
root@master-1:/usr/local/src# vim dashboard-2.0.0-rc6.yml
192 image: harbor.linux39.com/baseimages/dashboard:v2.0.0-rc6 #修改为harbor镜像地址
276 image: harbor.linux39.com/baseimages/metrics-scraper:v1.0.3
dashboard服务需要上面的镜像提前下好上传到harbor镜像上去
这2个文件在:
https://github.com/kubernetes/dashboard/releases
打开url
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc6/aio/deploy/recommended.yaml
2个image后面的镜像下载 地址
kubernetesui/dashboard:v2.0.0-rc6
kubernetesui/metrics-scraper:v1.0.3
root@master-1:~# docker pull harbor.linux39.com/baseimages/dashboard:v2.0.0-rc6
root@master-1:~# docker pull kubernetesui/metrics-scraper:v1.0.3
root@master-1:~# docker tag docker.io/kubernetesui/metrics-scraper:v1.0.3 harbor.linux39.com/baseimages/metrics-scraper:v1.0.3
root@master-1:~# docker push harbor.linux39.com/baseimages/metrics-scraper
harbor.linux39.com/baseimages/metrics-scraper harbor.linux39.com/baseimages/metrics-scraper:v1.0.3
root@master-1:~# docker push harbor.linux39.com/baseimages/metrics-scraper:v1.0.3
The push refers to repository [harbor.linux39.com/baseimages/metrics-scraper]
4e247d9378a1: Pushed
0aec45b843c5: Pushed
3ebaca24781b: Pushed
v1.0.3: digest: sha256:e24a74b3b1cdc84d6285d507a12eb06907fd8c457b3e8ae9baa9418eca43efc4 size: 946
执行创建
root@master-1:/usr/local/src# ll
total 20
drwxr-xr-x 2 root root 4096 Mar 29 18:28 ./
drwxr-xr-x 10 root root 4096 Dec 28 05:33 ../
-rw-r--r-- 1 root root 374 Mar 28 10:54 admin-user.yml
-rw-r--r-- 1 root root 7641 Mar 29 18:28 dashboard-2.0.0-rc6.yml
root@master-1:/usr/local/src# kubectl apply -f dashboard-2.0.0-rc6.yml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
root@master-1:/usr/local/src# kubectl apply -f admin-user.yml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
root@master-1:/usr/local/src#
查看服务是否起来 (最后2行)
root@master-1:/usr/local/src# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default net-test1-5fcc69db59-jz944 1/1 Running 1 116m
default net-test1-5fcc69db59-wzlmg 1/1 Running 1 116m
default net-test1-5fcc69db59-xthfd 1/1 Running 1 116m
kube-system coredns-7f9c544f75-bml7d 1/1 Running 1 4h15m
kube-system coredns-7f9c544f75-jwhtr 1/1 Running 2 4h15m
kube-system etcd-master-1 1/1 Running 2 4h15m
kube-system etcd-master-2 1/1 Running 1 3h33m
kube-system etcd-master-3 1/1 Running 1 3h17m
kube-system kube-apiserver-master-1 1/1 Running 4 4h15m
kube-system kube-apiserver-master-2 1/1 Running 2 3h33m
kube-system kube-apiserver-master-3 1/1 Running 2 3h17m
kube-system kube-controller-manager-master-1 1/1 Running 3 4h15m
kube-system kube-controller-manager-master-2 1/1 Running 3 3h33m
kube-system kube-controller-manager-master-3 1/1 Running 0 3h17m
kube-system kube-flannel-ds-amd64-4dc22 1/1 Running 1 95m
kube-system kube-flannel-ds-amd64-6nvgm 1/1 Running 1 95m
kube-system kube-flannel-ds-amd64-9pxvg 1/1 Running 1 95m
kube-system kube-flannel-ds-amd64-fxtv6 1/1 Running 0 95m
kube-system kube-flannel-ds-amd64-hmd27 1/1 Running 0 95m
kube-system kube-flannel-ds-amd64-njpcd 1/1 Running 2 95m
kube-system kube-proxy-5prrc 1/1 Running 0 3h18m
kube-system kube-proxy-cfbv5 1/1 Running 2 163m
kube-system kube-proxy-cjghs 1/1 Running 1 4h15m
kube-system kube-proxy-dmknx 1/1 Running 2 3h5m
kube-system kube-proxy-lhxz4 1/1 Running 1 3h3m
kube-system kube-proxy-wxgf5 1/1 Running 0 3h33m
kube-system kube-scheduler-master-1 1/1 Running 3 4h15m
kube-system kube-scheduler-master-2 1/1 Running 3 3h33m
kube-system kube-scheduler-master-3 1/1 Running 0 3h17m
kubernetes-dashboard dashboard-metrics-scraper-5bc5bdcbc5-hbhvm 1/1 Running 0 53s
kubernetes-dashboard kubernetes-dashboard-d498886d6-7qqnc 1/1 Running 0 53s
查看service的端口:可以看到最后一行显示30002端口
root@master-1:~# kubectl get service -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 4h17m
kube-system kube-dns ClusterIP 192.168.0.10 <none> 53/UDP,53/TCP,9153/TCP 4h17m
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 192.168.13.82 <none> 8000/TCP 2m29s
kubernetes-dashboard kubernetes-dashboard NodePort 192.168.12.204 <none> 443:30002/TCP 2m32s
访问dashboard页面:访问任何一个node节点端口都可:
由于没有做跳转 所以要用 https 访问
1.4.10.2 获取登录 token
root@master-1:~# kubectl get secret -A | grep admin-user
kubernetes-dashboard admin-user-token-4hl98 kubernetes.io/service-account-token 3 16m
root@master-1:~# kubectl get secret -A | grep admin-user
kubernetes-dashboard admin-user-token-4hl98 kubernetes.io/service-account-token 3 16m
root@master-1:~# kubectl describe secret admin-user-token-4hl98
Error from server (NotFound): secrets "admin-user-token-4hl98" not found #要指定在哪里寻找
root@master-1:~# kubectl describe secret admin-user-token-4hl98 -n kubernetes-dashboard
Name: admin-user-token-4hl98
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: cfbe8a23-183e-4718-ba77-2ccb7b734619
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImRrMDFORkYtZlBUdEpwSDZBbTNuc1BvdWxTWFdReU5ySmpTMTk5RVF5NWsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTRobDk4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZmJlOGEyMy0xODNlLTQ3MTgtYmE3Ny0yY2NiN2I3MzQ2MTkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.IEdJFARZoPA0nbS5J9Sw3nQ-CE2Hfe4QhgXyadcxv5ezKpM6cxmgKq5TjEYzIe1w4UNGXcmGlP_IlJvNlhJtTSzgVapFD0H_zZWOfl10lBWQA0ajZhrIAqAg3z6ME1BBwW6CZxyI23I0RJcQ5ciraVEUGV1CbXvzeaAtvgwZHpX3eiFwQ3vQj91NiX_ogLmuFo7ueHO3swP5Nz23sbGpOuKAed5fMe7jyBaW_Jms5_IcrBBbyUWvuObAXZytM355ttYIITMkTJrKplMqIYzXMbNTo8OgqY89qy1olpbfnElLD5P4yIuIFaQanzk43wmA9wNJeuxvda2J2BbG_DNbiQ
ca.crt: 1025 bytes
namespace: 20 bytes
1.4.10.3:验证 NodePort
root@master-1:~# kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 4h37m
kube-system kube-dns ClusterIP 192.168.0.10 <none> 53/UDP,53/TCP,9153/TCP 4h37m
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 192.168.13.82 <none> 8000/TCP 22m
kubernetes-dashboard kubernetes-dashboard NodePort 192.168.12.204 <none> 443:30002/TCP 22m
复制上面的token 然后再web界面上用token认证的方式登入即可
1.4.11 k8s 集群 升级
升级时间选择在凌晨。适合kubeadm和ansible的方式升级
升级k8s 集群必须 先 升级 kubeadm 版本到目的 k8s 版本也就是说 kubeadm 是k8s升级的准升证 。
1.4.11.1 升级 k8s master 服务
在k8s 的所有 master 进行升级 将管理端服务 kube-controller-manager 、 kube-apiserver 、kube-scheduler 、 kube-proxy
1.4.11 .1 1 :验证 当 k8s 前版本:
root@master-1:~# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"clean", BuildDate:"2020-01-18T23:27:49Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"}
1.4.11 1. 2 各 master 安装指定 新 版本 kubeadm
root@master-1:~# apt-cache madison kubeadm
root@master-1:~# apt install kubeadm=1.17.4 00
root@master-1:~# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.4", GitCommit:"793658f2d7ca7f064d2bdf606519f9fe1229c381", GitTreeState:"clean", BuildDate:"2017-08-17T08:30:51Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
1.4.11 1. 3 kubeadm 升级 命令 使用 帮助
root@master-1:~# kubeadm upgrade --help
Upgrade your cluster smoothly to a newer version with this command
Usage:
kubeadm upgrade [flags]
kubeadm upgrade [command]
Available Commands:
apply Upgrade your Kubernetes cluster to the specified version
diff Show what differences would be applied to existing static pod manifests. See also: kubeadm upgrade apply --dry-run
node Upgrade commands for a node in the cluster
plan Check which versions are available to upgrade to and validate whether your current cluster is upgradeable. To skip the internet check, pass in the optional [version] parameter
Flags:
-h, --help help for upgrade
Global Flags:
--add-dir-header If true, adds the file directory to the header
--log-file string If non-empty, use this log file
--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files
-v, --v Level number for the log level verbosity
Use "kubeadm upgrade [command] --help" for more information about a command.
1.4.11 1. 4 升级计划:
#kubeadm upgrade plan #查看 升级 计划
root@master-1:~# kubeadm upgrade plan
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[preflight] Running pre-flight checks.
[upgrade] Making sure the cluster is healthy:
[upgrade] Fetching available versions to upgrade to
[upgrade/versions] Cluster version: v1.17.2
[upgrade/versions] kubeadm version: v1.17.4
W0329 20:37:33.266420 121178 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable.txt": Get https://dl.k8s.io/release/stable.txt: net/http: request canceled (Client.Timeout exceeded while awaiting headers)
W0329 20:37:33.266466 121178 version.go:102] falling back to the local client version: v1.17.4
[upgrade/versions] Latest stable version: v1.17.4
[upgrade/versions] Latest version in the v1.17 series: v1.17.4
Components that must be upgraded manually after you have upgraded the control plane with 'kubeadm upgrade apply':
COMPONENT CURRENT AVAILABLE
Kubelet 6 x v1.17.2 v1.17.4
Upgrade to the latest version in the v1.17 series:
COMPONENT CURRENT AVAILABLE
API Server v1.17.2 v1.17.4
Controller Manager v1.17.2 v1.17.4
Scheduler v1.17.2 v1.17.4
Kube Proxy v1.17.2 v1.17.4
CoreDNS 1.6.5 1.6.5
Etcd 3.4.3 3.4.3-0
You can now apply the upgrade by executing the following command:
kubeadm upgrade apply v1.17.4
_____________________________________________________________________
1.4.11 1. 5 :开始升级
apt autoremove kubeadm=1.7.4-00 #删除版本命令
root@master-1:~# apt install kubeadm=1.17.4-00
root@master-2:~# apt install kubeadm=1.17.4-00
root@master-3:~# apt install kubeadm=1.17.4-00
root@master-1:~# kubeadm upgrade apply v1.17.4
root@master-2:~# kubeadm upgrade apply v1.17.4
root@master-3:~# kubeadm upgrade apply v1.17.4 #这里升级一个一个的升级 最好不要一起升级 可能会影响ks集群
1.4.11 .1 .6 验证镜像
1.4.11.2 升级 k8s node 服务
升级客户端服务kubectl kubelet
root@master-1:~# apt install kubelet=1.17.4-00 kubectl=1.17.4-00
root@master-2:~# apt install kubelet=1.17.4-00 kubectl=1.17.4-00
root@master-3:~# apt install kubelet=1.17.4-00 kubectl=1.17.4-00
root@master-1:~# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 7h26m v1.17.4
master-2 Ready master 6h43m v1.17.4
master-3 Ready master 6h28m v1.17.4
node-1 Ready <none> 6h15m v1.17.2
node-2 Ready <none> 6h14m v1.17.2
node-3 Ready <none> 5h53m v1.17.2
这里只要VERSION显示v1.17.4就说明kubelet已经升级了为v1.17.4
1.4.11 2.1 验证当前 node 版本信息
node 节点还是1.17.2的旧版本
1.4.15. 1. 7 升 各 node 节点配置文件
这个需要在各个node节点升级
root@Node-1:~# kubeadm upgrade node --kubelet-version v1.17.4
root@Node-2:~# kubeadm upgrade node --kubelet-version v1.17.4
root@Node-3:~# kubeadm upgrade node --kubelet-version v1.17.4
1.4.15.1.8 :各 Node 节点升级 kubelet 二进制包
root@Node-1:~# apt install kubeadm=1.17.4-00 kubelet=1.17.4-00
root@Node-2:~# apt install kubeadm=1.17.4-00 kubelet=1.17.4-00
root@Node-3:~# apt install kubeadm=1.17.4-00 kubelet=1.17.4-00
验证最终版本:
root@master-1:~# kubectl get node
NAME STATUS ROLES AGE VERSION
master-1 Ready master 7h46m v1.17.4
master-2 Ready master 7h3m v1.17.4
master-3 Ready master 6h48m v1.17.4
node-1 Ready <none> 6h35m v1.17.4
node-2 Ready <none> 6h34m v1.17.4
node-3 Ready <none> 6h13m v1.17.4
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献12条内容
所有评论(0)