手把手教你安装单Master的K8S集群
云原生时代,一起学习
CKA学习之路
云原生时代,我们一起学习
文章目录
- 系统环境
- 服务器规划
- 一、前置配置
- 二、安装Docker和kubeadm/kubelet
- 三、部署K8sMaster节点
- 四、加入K8sNode节点
- 五、部署容器网络(CNI)
- 六、部署Dashboard
系统环境:
| CentOS | 7.9 |
| Docker | 20-ce |
| Kubernetes | 1.23 |
服务器规划:
| 192.168.1.186 | k8s-master |
| 192.168.1.187 | k8s-node1 |
| 192.168.1.188 | k8s-node2 |
一、前置配置
1、执行yum update -y 更新服务器系统到最新
yum update -y执行成功后,预期结果如图:
2、关闭系统防护墙、Selinux、Swap分区(所有节点)
#关闭系统防火墙:
systemctl stop firewalld
systemctl disable firewalld
#关闭Selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
#关闭Swap分区
sed -ri 's/.*swap.*/#&/' /etc/fstab预期结果如下(截图仅为Master节点):
在Master节点上添加上hosts
cat >> /etc/hosts << EOF
192.168.1.186 k8s-master
192.168.1.187 k8s-node1
192.168.1.188 k8s-node2
EOF预期结果如图:
将桥接的IPV4流量传递到iptables
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF使配置生效:
sysctl --system配置后预期结果:
二、安装Docker、kubeadm、kubelet【所有节点】
1、安装Docker
#下载docker的阿里云安装源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#安装docker
yum -y install docker-ce
#设置为开机启动,并启动docker
systemctl enable docker && systemctl start docker预期结果如下:
配置Docker加速器
#配置docker加速
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#重启docker
systemctl restart docker
#查看docker信息
docker info预期结果如下:
3、配置阿里云yum 软件源,安装Kubeadm,kubelet,kubectl
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
4、安装指定版本的K8s,指定安装1.23.0版本
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0安装过程:
安装完成后的预期结果:
添加开机启动
systemctl enable kubelet 
三、部署K8SMaster节点
在规划好的主节点上执行
kubeadm init \
--apiserver-advertise-address=192.168.1.186 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all安装过程:
安装好预期效果如下:
注意:这一步安装的时候会有提示
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.
Unfortunately, an error has occurred:
timed out waiting for the conditionThis error is likely caused by:
- The kubelet is not running
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
- 'systemctl status kubelet'
- 'journalctl -xeu kubelet'Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI.Here is one example how you may list all Kubernetes containers running in docker:
- 'docker ps -a | grep kube | grep -v pause'
Once you have found the failing container, you can inspect its logs with:
- 'docker logs CONTAINERID'error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher
这是没有直接临时关闭swap分区导致的,执行 swapoff -a 重新启动kubelet就好
#临时关闭swap分区
swapoff -a四、加入K8Snode节点
使用kubeadm将node节点加入集群(所有子节点都要执行):
kubeadm join 192.168.1.186:6443 --token rd8ymi.oeztlaletd9agkp0 \
--discovery-token-ca-cert-hash sha256:b0c8918fc95faab2cc71d49a8f7ebde6902c4e5c60034f91252db6454f01c24c添加kubectl环境变量和认证,查看加入的node节点
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
#查看node节点
kubectl get nodes 目前节点还在准备中,并未运行
准备好的预期结果如图:
注意:默认的token24小时内有效,超过24小时需要重新生成:
kubeadm token create --print-join-command五、加入Calico(CNI)容器网络
calico是一个纯三层的数据网络中心方案,属于k8s主流的网络方案
下载yaml
wget https://docs.projectcalico.org/manifests/calico.yaml下载后,部署calico
kubectl apply -f calico.yaml查看calico的部署信息
kubectl get pods -n kube-system预期结果如图:
六、部署Dashboard
Dashboard是k8s官方提供的一个UI,可以管理K8S 集群的资源
vi recommended.yaml
...
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
type: NodePort
...
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard
添加:
nodePort: 30001
type: NodePort
# 创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
# 用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# 获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
访问的地址是:http://masterip:30001
登录的时候使用获取的Token进行登录
登录预期如图:
欢迎大家关注我的公众号,一起学习运维、安全、开发相关的知识,一起加油,一起进步。
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)