K8S—二进制部署安装(包含UI界面设置)
安装步骤一、准备工作二、部署etcd集群master 节点一、准备工作K8S集群master:192.168.253.11服务:kube-apiserver kube-controller-manager kube-scheduler etcdnode1:192.168.253.22服务:kubelet kube-proxy docker flannelnode2:192.168.253.33et
·
一、准备工作
K8S集群
master01:192.168.253.11
服务:kube-apiserver kube-controller-manager kube-scheduler etcd
master02:192.168.253.44
node1:192.168.253.22
服务:kubelet kube-proxy docker flannel
node2:192.168.253.33
etcd节点1:192.168.253.11
etcd节点2:192.168.253.22
etcd节点3:192.168.253.33
lb01:192.168.253.55
lb02:192.168.253.66
Keepalived:192.168.253.111/24
二、部署单master K8S
2.1 部署etcd集群
master 节点
下载证书
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl*
证书安装
#创建k8s目录
mkdir /opt/k8s
cd /opt/k8s
#上传脚本(etcd-cert脚本要修改集群IP)
chmod +x etcd-cert.sh etcd.sh
#创建脚本生成的证书目录
mkdir /opt/k8s/etcd-cert
cd /opt/k8s/etcd-cert
#运行脚本
bash etcd-cert.sh
安装etcd
#上传压缩包
cd /opt/k8s
tar zxvf etcd-v3.3.10-linux-amd64.tar.gz
#创建etcd配置文件、命令文件、证书的目录
mkdir -p /opt/etcd/{cfg,bin,ssl}
#移动到命令目录
mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/
#复制证书进目录
cp etcd-cert/*.pem /opt/etcd/ssl/
配置文件发送给node
#复制证书
scp -r /opt/etcd/ root@192.168.253.22:/opt/
scp -r /opt/etcd/ root@192.168.253.33:/opt/
#复制启动脚本
scp /usr/lib/systemd/system/etcd.service root@192.168.253.22:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/etcd.service root@192.168.253.33:/usr/lib/systemd/system/
开启集群
./etcd.sh etcd01 192.168.253.11 etcd02=https://192.168.253.22:2380,etcd03=https://192.168.253.33:2380
#进入后会卡住,需要所有节点都开启etcd,少一个,服务会卡死在这,直到全部开启
node 节点(1/2)
修改配置文件
vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd02" #更改为所在节点
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.253.22:2380" #更改IP号
ETCD_LISTEN_CLIENT_URLS="https://192.168.253.22:2379" #更改IP号
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.253.22:2380" #更改IP号
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.253.22:2379" #更改IP号
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.253.11:2380,etcd02=https://192.168.253.22:2380,etcd03=https://192.168.253.33:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
开启服务
systemctl start etcd
systemctl status etcd
systemctl enable etcd
查看集群状态
方法一
ln -s /opt/etcd/bin/etcdctl /usr/local/bin/
cd /opt/etcd/ssl/
etcdctl \
--ca-file=ca.pem \
--cert-file=server.pem \
--key-file=server-key.pem \
--endpoints="https://192.168.253.11:2379,https://192.168.253.22:2379,https://192.168.253.33:2379" cluster-health
方法二
切换到etcd3版本查看
#切换etc3,默认为2
export ETCDCTL_API=3
#查看版本状态
etcdctl --write-out=table endpoint status
#查看成员状态
etcdctl --write-out=table member list
2.2 部署docker引擎
node 节点(1/2)
安装docker
#进入yum目录
cd /etc/yum.repos.d/
#repo文件移动回原目录
mv repos.bak/* ./
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#安装docker
yum install -y docker-ce
开启
systemctl start docker
systemctl status docker
2.3 设置flannel网络
master 节点
添加配置信息,写入分配的子网段到etcd中
cd /opt/etcd/ssl/
/opt/etcd/bin/etcdctl \
--ca-file=ca.pem \
--cert-file=server.pem \
--key-file=server-key.pem \
--endpoints="https://192.168.253.11:2379,https://192.168.253.22:2379,https://192.168.253.33:2379" \
set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
查看写入的信息
etcdctl \
--ca-file=ca.pem \
--cert-file=server.pem \
--key-file=server-key.pem \
--endpoints="https://192.168.253.11:2379,https://192.168.253.22:2379,https://192.168.253.33:2379" \
get /coreos.com/network/config
node 节点操作(1/2)
上传文件解压
cd /opt/
#上传
rz -E
rz waiting to receive.
#解压
tar zxvf flannel-v0.10.0-linux-amd64.tar.gz
创建目录
mkdir -p /opt/kubernetes/{cfg,bin,ssl}
#移动
mv mk-docker-opts.sh flanneld /opt/kubernetes/bin/
开启服务,开启flannel网络功能
./flannel.sh https://192.168.253.11:2379,https://192.168.253.22:2379,https://192.168.253.33:2379
ifconfig
修改docker连接flannel
vim /usr/lib/systemd/system/docker.service
#添加下行
13 EnvironmentFile=/run/flannel/subnet.env
#修改下行,添加$DOCKER_NETWORK_OPTIONS进入
14 ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS -H fd:// --containerd=/run/containerd/contain erd.sock
#查看flannel网段
cat /run/flannel/subnet.env
重启服务
systemctl daemon-reload
systemctl restart docker
ifconfig
测试网络
node1节点设置
#node节点安装centos7镜像
docker run -d centos:7
#运行容器
docker run -itd centos:7 bash
#进入
docker exec -it 7116f3026c6d bash
#安装net-tools
yum -y install net-tools
#获取IP
ifconfig
node2节点设置
#node节点安装centos7镜像
docker run -d centos:7
#运行容器
docker run -itd centos:7 bash
#进入
docker exec -it 2cf56e1f1d02 bash
#安装net-tools
yum -y install net-tools
#获取IP
ifconfig
#测试与node1节点容器网络
ping 172.17.86.2
2.4 部署master组件
上传文件并解压
cd /opt/k8s
rz
master.zip
k8s-cert.sh
#解压
unzip master.zip
#加权限
chmod +x *.sh
创建kubernetes目录
mkdir -p /opt/kubernetes/{cfg,bin,ssl}
创建证书、相关组件和私钥的目录
#创建目录
mkdir k8s-cert
cd k8s-cert/
#移动脚本进来
mv /opt/k8s/k8s-cert.sh /opt/k8s/k8s-cert
#修改配置文件内IP信息
vim k8s-cert.sh
#运行脚本
./k8s-cert.sh
#安装好的配置文件复制到ssl目录
cp ca*pem apiserver*pem /opt/kubernetes/ssl/
上传kubernetes压缩包
#建议使用winscp软件上传
#解压
tar zxvf kubernetes-server-linux-amd64.tar.gz
复制命令文件到kubernetes/bin目录
cp kube-apiserver kubectl kube-controller-manager kube-scheduler /opt/kubernetes/bin/
创建随机序列号文件
vim /opt/k8s/token.sh
#!/bin/bash
BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
cat > /opt/kubernetes/cfg/token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF
chmod +x token.sh
cat /opt/kubernetes/cfg/token.csv
2a48e85a17c0de53f0f2605d7136d1b3,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
开启apiserver
./apiserver.sh 192.168.253.11 https://192.168.253.11:2379,https://192.168.253.22:2379,https://192.168.253.33:2379
systemctl status kube-apiserver.service
查看配置文件
cat /opt/kubernetes/cfg/kube-apiserver
查看HTTPS端口
netstat -anpt | grep 6443
netstat -anpt | grep 8080
启动服务
#启动scheduler服务
./scheduler.sh 127.0.0.1
#启动manager服务
./controller-manager.sh 127.0.0.1
#查看节点状态
/opt/kubernetes/bin/kubectl get cs
2.5 node节点部署
master节点操作
发送文件给node
cd /opt/k8s/kubernetes/server/bin/
#远程复制
scp kubelet kube-proxy root@192.168.253.22:/opt/kubernetes/bin/
scp kubelet kube-proxy root@192.168.253.33:/opt/kubernetes/bin/
上传文件
cd /opt/k8s/
mkdir kubeconfig
cd kubeconfig/
rz -E
kubeconfig.sh
chmod +x *.sh
设置环境变量
export PATH=$PATH:/opt/kubernetes/bin/
kubectl get cs
生成kubelet配置文件
cd /opt/k8s/kubeconfig/
./kubeconfig.sh 192.168.253.11 /opt/k8s/k8s-cert/
复制文件到node节点
scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.253.22:/opt/kubernetes/cfg/
scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.253.33:/opt/kubernetes/cfg/
创建bootstrap角色赋予权限
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
#查看角色
kubectl get clusterroles | grep system:node-bootstrapper
#查看授权角色
kubectl get clusterrolebinding
node节点操作(1/2)
上传文件并解压
rz -E
node.zip
#解压
unzip node.zip
chmod +x *.sh
启动kubelet
./kubelet.sh 192.168.253.22/33
ps aux | grep kubelet
master操作
检查到node1节点的请求
kubectl get csr
给集群颁发证书
kubectl certificate approve node-csr-7QLmDgr4zKfFZcCPdW3luBl3nkKs-KVE-WXx_Hu0Qn8
kubectl certificate approve node-csr-qOzA2zIsXQFxZWRTNvMoO2-GV91miuBywuBsUf2Mb3Y
查看状态
kubectl get nodes
node节点启动服务(1/2)
./proxy.sh 192.168.253.22/33
systemctl status kube-proxy.service
2.6 测试
启动一个pod
kubectl create deployment nginx-test --image=nginx
正在启动
查看pod
kubectl get pods
三、部署多master K8S(加入负载均衡)
3.1 master02 设置
master01拷贝文件过来
scp -r /opt/etcd/ root@192.168.253.44:/opt/
scp -r /opt/kubernetes/ root@192.168.253.44:/opt
scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.253.44:/usr/lib/systemd/system/
修改配置文件
vim /opt/kubernetes/cfg/kube-apiserver
4 --bind-address=192.168.253.44 \
6 --advertise-address=192.168.253.44 \
开启服务
systemctl start kube-apiserver.service
systemctl enable kube-apiserver.service
systemctl start kube-controller-manager.service
systemctl enable kube-controller-manager.service
systemctl start kube-scheduler.service
systemctl enable kube-scheduler.service
查看node节点状态
ln -s /opt/kubernetes/bin/* /usr/local/bin/
kubectl get nodes
kubectl get nodes -o wide
3.2 负载均衡(lb01、lb02)设置
安装nginx服务
使用yum在线安装nginx
vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
yum -y install nginx
修改nginx配置文件
vim /etc/nginx/nginx.conf
#12行添加
13 stream {
14 log_format main '$remote_addr $upstream_addr - [$time_local] $status $upstream_bytes_sent';
15
16 access_log /var/log/nginx/k8s-access.log main;
17
18 upstream k8s-apiserver {
19 server 192.168.253.11:6443;
20 server 192.168.253.44:6443;
21 }
22 server {
23 listen 6443;
24 proxy_pass k8s-apiserver;
25 }
26 }
启动服务
systemctl start nginx
systemctl enable nginx
netstat -natp | grep nginx
安装Keepalived服务
yum -y install keepalived
修改keepalived配置文件
vim /etc/keepalived/keepalived.conf
10 smtp_server 127.0.0.1
11 smtp_connect_timeout 30
12 router_id NGINX_MASTER #lb01节点的为NGINX_MASTER,lb02节点的为NGINX_BACKUP
13 # vrrp_skip_check_adv_addr
14 # vrrp_strict
15 # vrrp_garp_interval 0
16 # vrrp_gna_interval 0
#添加一个周期性执行的脚本
19 vrrp_script check_nginx {
20 script "/etc/nginx/check_nginx.sh" #检查nginx存活的脚本路径
21 }
23 vrrp_instance VI_1 {
24 state MASTER #lb01节点的为MASTER,lb02节点的为BACKUP
25 interface ens33 #指定网卡名称 ens33
26 virtual_router_id 51 #指定vrid,两个节点要一致
27 priority 100 #lb01节点的为 100,lb02节点的为 90
28 advert_int 1
29 authentication {
30 auth_type PASS
31 auth_pass 1111
32 }
33 virtual_ipaddress {
34 192.168.253.111/24 #指定的VIP
35 }
36 track_script {
37 check_nginx #指定vrrp_script配置的脚本
38 }
39 }
创建nginx状态检查脚本
vim /etc/nginx/check_nginx.sh
#!/bin/bash
#egrep -cv "grep|$$" 用于过滤掉包含grep 或者 $$ 表示的当前Shell进程ID
count=$(ps -ef | grep nginx | egrep -cv "grep|$$")
if [ "$count" -eq 0 ];then
systemctl stop keepalived
fi
chmod +x /etc/nginx/check_nginx.sh
启动服务
一定要先启动了nginx服务,再启动keepalived服务
systemctl start keepalived
systemctl enable keepalived
ip add #查看VIP是否生成
3.3 修改node两个节点的文件
bootstrap.kubeconfig,kubelet.kubeconfig配置文件的IP设置为VIP
vim /opt/kubernetes/cfg/bootstrap.kubeconfig
server: https://192.168.253.111:6443
vim /opt/kubernetes/cfg/kubelet.kubeconfig
server: https://192.168.253.111:6443
vim /opt/kubernetes/cfg/kube-proxy.kubeconfig
server: https://192.168.253.111:6443
重启kubelet和kube-proxy服务
systemctl restart kubelet.service
systemctl restart kube-proxy.service
3.4 master01 设置
基于前面单master创建的pod
查看Pod的状态信息
kubectl get pods
kubectl get pods -o wide
#READY为1/1,表示这个Pod中有1个容器
在对应网段的node节点上操作,可以直接使用浏览器或者curl命令访问
curl 172.17.86.3
查看nginx日志
#在master01节点上,将cluster-admin角色授予用户system:anonymous
kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
clusterrolebinding.rbac.authorization.k8s.io/cluster-system-anonymous created
#查看nginx日志
kubectl logs nginx-test-7d965f56df-h6655
四、部署 Dashboard UI
4.1 master01 节点上操作
创建dashborad工作目录
mkdir /opt/k8s/dashboard
cd /opt/k8s/dashboard
unzip Dashboard.zip
通过kubectl create 命令创建resources
cd /opt/k8s/dashboard
#第一步
##规定kubernetes-dashboard-minimal该角色的权限
kubectl create -f dashboard-rbac.yaml
##查看类型为 Role,RoleBinding 的资源对象 kubernetes-dashboard-minimal 是否生成
kubectl get role,rolebinding -n kube-system
#第二步
##证书和密钥创建
kubectl create -f dashboard-secret.yaml
##查看类型为 Secret 的资源对象 kubernetes-dashboard-certs,kubernetes-dashboard-key-holder 是否生成
kubectl get secret -n kube-system
#第三步
##配置文件,对于集群dashboard设置的创建
kubectl create -f dashboard-configmap.yaml
##查看类型为 ConfigMap 的资源对象 kubernetes-dashboard-settings 是否生成
kubectl get configmap -n kube-system
#第四部
##创建容器需要的控制器以及服务账户
kubectl create -f dashboard-controller.yaml
##查看类型为 ServiceAccount,Deployment 的资源对象 kubernetes-dashboard-settings 是否生成
kubectl get serviceaccount,deployment -n kube-system
#第五步
##将服务提供出去
kubectl create -f dashboard-service.yaml
查看创建在指定的 kube-system 命名空间下的 pod 和 service 状态信息
kubectl get pods,svc -n kube-system -o wide
4.2 访问
这里dashboard分配给了node02服务器,访问的入口是30001端口,打开浏览器访问
火狐浏览器可直接访问:https://192.168.253.33:30001
使用 k8s-admin.yaml 文件进行创建令牌
cd /opt/k8s/dashboard/
kubectl create -f k8s-admin.yaml
获取token简要信息
kubectl get secrets -n kube-system
查看令牌序列号,取 token: 后面的内容
kubectl describe secrets dashboard-admin-token-6htcm -n kube-system
将令牌序列号复制填入到浏览器页面中,点击登录
点击侧边栏中的“容器组”,点击容器名称,进入一个页面,点击右上方的“运行命令”或”日志“控件会弹出另一个额外页面
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献4条内容
所有评论(0)