使用kubeadm搭建K8S
文章目录一、环境准备二、master部署三、node节点一、环境准备master192.168.195.180node01192.168.195.181node02192.168.195.1821:在所有节点上安装Docker和kubeadm2:部署Kubernetes Master3:部署容器网络插件4:部署 Kubernetes Node,将节点加入Kubernetes集群中5:部署Dashb
一、环境准备
master 192.168.195.180
node01 192.168.195.181
node02 192.168.195.182
1:在所有节点上安装Docker和kubeadm
2:部署Kubernetes Master
3:部署容器网络插件
4:部署 Kubernetes Node,将节点加入Kubernetes集群中
5:部署Dashboard Web页面,可视化查看Kubernetes资源
//所有节点,关闭防火墙规则,关闭selinux,关闭swap交换
[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0
[root@localhost ~]# swapoff -a
//修改主机名
hostnamectl set-hostname master
hostnamectl set-hostname node01
hostnamectl set-hostname node02
//所有节点修改hosts文件
vim /etc/hosts
192.168.195.180 master
192.168.195.181 node01
192.168.195.182 node02
//所有节点将网桥的ipv4流量传递给iptables链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
//生效参数
sysctl --system
//所有节点安装Docker/kubeadm/kubelet
//安装docker
yum install -y wget && wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce-18.06.1.ce-3.el7
systemctl enable docker && systemctl start docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://05vz3np5.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl -p
service network restart
systemctl restart docker
//安装kubeadm,kubelet和kubectl
//定义kubernetes源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
//开机自启kubelet
systemctl enable kubelet.service
二、master部署
//初始化kubeadm(注意:master核心数至少为2)
kubeadm init \
--apiserver-advertise-address=192.168.195.180 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.15.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
提示:
...省略...
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.195.180:6443 --token 7jq4pr.uun93lkuxvwid6g8 \
--discovery-token-ca-cert-hash sha256:b016be0179d0741256add374cbf8e5484565450b2a0ec763dc1269558d5a3945
//使用kubectl工具
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
//所有节点安装flannel(master节点复制kube-flannel.yml脚本)
//所有节点复制flannel.tar
//所有节点载入flannel镜像
docker load < flannel.tar
7bff100f35cb: Loading layer 4.672MB/4.672MB
5d3f68f6da8f: Loading layer 9.526MB/9.526MB
9b48060f404d: Loading layer 5.912MB/5.912MB
3f3a4ce2b719: Loading layer 35.25MB/35.25MB
9ce0bb155166: Loading layer 5.12kB/5.12kB
Loaded image: chenyan/flannel:v0.11.0-amd64
//所有节点必须有flannel镜像
[root@master ~]# docker images
chenyan/flannel v0.11.0-amd64 ff281650a721 22 months ago 52.6MB
[root@master ~]# kubectl apply -f kube-flannel.yml
[root@master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-bccdc95cf-c9w6l 0/1 Pending 0 25m
coredns-bccdc95cf-nql5j 0/1 Pending 0 25m
etcd-master 1/1 Running 0 24m
kube-apiserver-master 1/1 Running 0 24m
kube-controller-manager-master 1/1 Running 0 24m
kube-flannel-ds-amd64-qkdfh 1/1 Running 0 37s
kube-proxy-qpz8t 1/1 Running 0 25m
kube-scheduler-master 1/1 Running 0 24m
三、node节点
//node节点加入群集
kubeadm join 192.168.195.180:6443 --token 7jq4pr.uun93lkuxvwid6g8 \
--discovery-token-ca-cert-hash sha256:b016be0179d0741256add374cbf8e5484565450b2a0ec763dc1269558d5a3945
//在master节点查看node节点添加
[root@master ~]# kubectl get nodes (需要等待一小会)
NAME STATUS ROLES AGE VERSION
master Ready master 71m v1.15.0
node01 Ready <none> 99s v1.15.0
node02 Ready <none> 96s v1.15.0
//在master查看所有系统pods资源
[root@master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-bccdc95cf-c9w6l 1/1 Running 0 71m
coredns-bccdc95cf-nql5j 1/1 Running 0 71m
etcd-master 1/1 Running 0 71m
kube-apiserver-master 1/1 Running 0 70m
kube-controller-manager-master 1/1 Running 0 70m
kube-flannel-ds-amd64-kfhwf 1/1 Running 0 2m53s
kube-flannel-ds-amd64-qkdfh 1/1 Running 0 46m
kube-flannel-ds-amd64-vffxv 1/1 Running 0 2m56s
kube-proxy-558p8 1/1 Running 0 2m53s
kube-proxy-nwd7g 1/1 Running 0 2m56s
kube-proxy-qpz8t 1/1 Running 0 71m
kube-scheduler-master 1/1 Running 0 70m
//测试pod资源创建
[root@master ~]# kubectl create deployment nginx --image=nginx
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-554b9c67f9-z8zzc 1/1 Running 0 31s
//暴露端口提供服务
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
//查看服务
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 74m
nginx NodePort 10.0.211.221 <none> 80:31481/TCP 8s
//访问地址
http://192.168.195.181:31481/
//扩展3个副本
[root@master ~]# kubectl scale deployment nginx --replicas=3
deployment.extensions/nginx scaled
//查看pods资源
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-554b9c67f9-jbdpv 1/1 Running 0 45h
nginx-554b9c67f9-svksn 1/1 Running 0 45h
nginx-554b9c67f9-z8zzc 1/1 Running 0 45h
//在master节点(复制kubernetes-dashboard.yaml和dashboard.tar到/opt目录)
//在所有节点导入dashboard.tar (node节点也要加载导入镜像)
[root@master opt]# docker load < dashboard.tar
fbdfe08b001c: Loading layer 122.3MB/122.3MB
Loaded image: chenyan/kubernetes-dashboard-amd64:v1.10.1
[root@master opt]# kubectl apply -f kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
//查看所有容器运行
[root@master opt]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/coredns-bccdc95cf-c9w6l 1/1 Running 0 2d8h
pod/coredns-bccdc95cf-nql5j 1/1 Running 0 2d8h
pod/etcd-master 1/1 Running 0 2d8h
pod/kube-apiserver-master 1/1 Running 0 2d8h
pod/kube-controller-manager-master 1/1 Running 0 2d8h
pod/kube-flannel-ds-amd64-kfhwf 1/1 Running 0 2d7h
pod/kube-flannel-ds-amd64-qkdfh 1/1 Running 0 2d8h
pod/kube-flannel-ds-amd64-vffxv 1/1 Running 0 2d7h
pod/kube-proxy-558p8 1/1 Running 0 2d7h
pod/kube-proxy-nwd7g 1/1 Running 0 2d7h
pod/kube-proxy-qpz8t 1/1 Running 0 2d8h
pod/kube-scheduler-master 1/1 Running 0 2d8h
pod/kubernetes-dashboard-68cbfbd778-dgqt5 1/1 Running 0 38s #一定要是Running
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 10.0.0.10 <none> 53/UDP,53/TCP,9153/TCP 2d8h
service/kubernetes-dashboard NodePort 10.0.171.42 <none> 443:30001/TCP 126m
//访问https://NodeIP:30001/ 测试访问
//创建service account并绑定默认cluster-admin管理员集群角色
[root@master opt]# kubectl create serviceaccount dashboard-admin -n kube-system
[root@master opt]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
[root@master opt]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name: dashboard-admin-token-tx8x8
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: fcc99ed6-59e7-43e4-aa86-0018a52a863f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHg4eDgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZmNjOTllZDYtNTllNy00M2U0LWFhODYtMDAxOGE1MmE4NjNmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.IAQrPHVh08EsCD3JRSZTOjSoYWaX7hkSWtsK00TCXaNIqGqRCsdAL_SHHTbglLBMVE8BWpWt-G48YqkfAPHqWZ1epY1CPedPz9hzFIjmqBXRLxBTOMmhkzFJJSad8RpftcqItfV-awmxPKB2pnW8lP4ZBAvZzgs-PW-1gv5Bpt8NB2qnoxgoYXYtvFUvey91eZkb-5CDXAC3NOq8BZaChtGuWPqqtCMnOQie4bpd-4DBkt6nHVkEZWBUcfsjmZ9IpjI6ONRCWH337X568cWjW6cYna_HqyTPk0p9PH2HmhbUH4oTCd3N9j5GqiZPyx-yqJ-qkJ01hop7-o_nt3kr_Q
//最终使用token令牌直接登录网站
更多推荐
所有评论(0)