非常详细的kubeadm部署k8s集群步骤
1Master+2Node1.k8smaster:192.168.68.1272.k8snode1:192.168.68.1283.k8snode2:192.168.68.129一、安装前准备每个节点执行:1.关闭防火墙,禁用selinuxsystemctl stop firewalldsystemctl disable firewalldsetenforce 0vim /etc/selinux/
1Master+2Node
1.k8smaster:192.168.68.127
2.k8snode1:192.168.68.128
3.k8snode2:192.168.68.129
一、安装前准备
每个节点执行:
1.关闭防火墙,禁用selinux
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/selinux/config
#设定selinux=disabled
2.加载br_netfilter模块,开启内核ipv4转发
modprobe br_netfilter
vim /etc/sysctl.d/k8.conf
#增加:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
#执行修改并生效
sysctl -p /etc/sysctl.d/k8s.conf
安装ipvs
vim /etc/sysconfig/modules/ipvs.modules
#增加:
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
#授权
chmod 755 /etc/sysconfig/modules/ipvs.modules
#执行
bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv
3.配置hosts与免密钥
hostnamectl set-hostname k8smaster
hostnamectl set-hostname k8snode1
hostnamectl set-hostname k8snode2
vim /etc/hosts
增加:
192.168.68.127 k8smaster
192.168.68.128 k8snode1
192.168.68.129 k8snode2
#配置免秘钥
ssh-keygen
ssh-copy-id k8snode1
ssh-copy-id k8snode2
4、同步服务器时间
yum install ntpdate -y
systemctl enable ntpdated
ntpdate pool.ntp.org
5、关闭swap分驱
swapoff -a
vim /etc/fstab
#注释掉swap挂载
6、安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
#添加源
yum-config-manager --add-repo \https://download.docker.com/linux/centos/docker-ce.repo
#如果慢,可替换清华源
sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+'
/etc/yum.repos.d/docker-ce.repo
#安装19.03版
yum install -y docker-ce-19.03.11
配置 Docker 镜像加速器
mkdir -p /etc/docker # 如果没有这个目录先创建,然后添加 daemon.json 文件
vi /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"registry-mirrors" : [
"https://ot2k4d59.mirror.aliyuncs.com/"
]
}
启动 Docker
systemctl daemon-reload
systemctl start docker
systemctl enable docker
7、安装kubeadm
#添加源,使用阿里的
vim /etc/yum.repos.d/kubernetes.repo
#增加:
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
执行安装
yum install -y kubelet-1.19.3 kubeadm-1.19.3 kubectl-1.19.3 --
disableexcludes=kubernetes
查看安装版本:
[root@k8smaster ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:47:53Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
设定开机启动:
systemctl enable --now kubelet
至此,准备工作完成。
下面开始部署集群。
1.初始华集群,在k8smaster节点执行
vim kubeadm.yaml
#增加:
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.68.127 # apiserver 节点内网IP
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8smaster
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.19.3
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16 # Pod 网段,flannel插件需要使用这个网段
serviceSubnet: 10.96.0.0/12
scheduler: {}
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs # kube-proxy 模式
先把镜像pull下来
kubeadm config images pull --config kubeadm.yaml
再执行初始化
kubeadm init --config kubeadm.yaml
拷贝 kubeconfig 文件
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
添加node节点
分别在在每个k8snode1和k8snode2节点上执行。
kubeadm join 192.168.68.127:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:31020d84f523a2af6fc4fea38e514af8e5e1943a26312f0515e65075da314b29 --ignore-preflight-errors=all
`
查询,成功加入node节点
由于没有网络,status为notready
下面加入网络,使用flannel。Status为OK
安装dashboard,便于web查看集群信息
下载
$ wget
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recomme
nded.yaml
``
service处更改为:
$ kubectl apply -f recommended.yaml
[root@k8smaster ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper NodePort 10.103.139.222 <none> 8000:31603/TCP 2d7h
kubernetes-dashboard NodePort 10.101.87.116 <none> 443:32695/TCP 2d7h
映射了端口,通过宿主机ip加端口号访问。
使用token访问,先创建一个具有全局所有权限的用户来登录 Dashboard:(admin.yaml)
vim admin.yaml
#增加:
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: admin
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: admin
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kubernetes-dashboard
执行:
$ kubectl apply -f admin.yaml
[root@k8smaster ~]# kubectl get secret -n kubernetes-dashboard |grep admin-token
admin-token-bfw7p kubernetes.io/service-account-token 3 169m
[root@k8smaster ~]# kubectl describe secret admin-token-bfw7p -n kubernetes-dashboard
Name: admin-token-bfw7p
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin
kubernetes.io/service-account.uid: 7d5600a3-13f4-4332-9667-04deaa0c5ac7
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ii0zVEtTWXNiMjZDbDNVRVoxSFBkZzB1V0VwT3NRU1hBYXAxbHU2MUFvMTgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1iZnc3cCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjdkNTYwMGEzLTEzZjQtNDMzMi05NjY3LTA0ZGVhYTBjNWFjNyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbiJ9.SaNm-yIaT5rfI-S5suM2U218wAEb-YvyMWo1RI10PklNkminy9Be1f8f3hO4MUSEcB6HRx0qvK3S9yDENxsHXcXXZ00CtGhFYP_gM7AaeXZ7HtErPBkAckLIU2EEMevljYBSHQYM-VbyTfOO4uriUjNkUUD5-YXXj9hVmAWBpSiY9qZswdQEng74w71bGLVdcAabGCs0c85fgYd8xLP2A6QBJqWfkrEGNXsmejmD6MAd2-GsSp1tnXPhL8f44KzurRqWm6iMQdmq1SjbOsy7dnBM34zXwxybBxcRQgmfKzvkI7SjjRhU028vrvAjApP8y3xrAgX8NknJCMCSu6a2Qg
ca.crt: 1066 bytes
namespace: 20 bytes
使用token登录
更多推荐
所有评论(0)