k8s 架构图:
第一章
前期准备工作:
(1)关闭防火墙,和 selinux
yum -y install wget vim net-tools ntpdate
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
systemctl stop NetworkManager
systemctl disable NetworkManager(2)时钟同步
echo '*/10 * * * * /usr/sbin/ntpdate -s 10.100.60.6 >/dev/null 2>&1 && /sbin/clock -w' > /spool/cron/root
service crond restart
ntpdate -s 10.100.60.6(3)私有主机禁用 swap 分区
swapoff -a
[root@master01 ~]# cat /etc/fstab
/dev/mapper/centos-root / xfs defaults 0 0
UUID=8d103c59-0306-4493-94f2-1e3726d87cfb /boot xfs defaults 0 0
#/dev/mapper/centos-swap swap swap defaults 0 0(4)互相解析
cat >> /etc/hosts << EOF
192.168.187.141 master01
192.168.187.142 master02
192.168.187.143 node01
192.168.187.144 node02
192.168.187.145 node03
EOF(5)master 对 node 节点 ssh 互信
[root@master01 ~]# ssh-keygen
[root@master01 ~]# ssh-copy-id node01
[root@master01 ~]# ssh-copy-id node02
(6)修改内核参数
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
第二章
注意:以下在所有节点执行(master+node),安装 docker,kubeadm,kubelet
1、配置 docker 源
cat >> /etc/yum.repos.d/docker.repo <<EOF
[docker-repo]
name=Docker Repository
baseurl=http://mirrors.aliyun.com/docker-engine/yum/repo/main/centos/7
enabled=1
gpgcheck=0
EOF
配置 kubernetes 源
cat >> /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
yum clean all
yum makecache
2、安装 kubeadm 和相关工具包(所有节点)
yum install -y docker --disableexcludes=docker-repo
systemctl enable docker && systemctl start docker
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet
3、初始 kubeadm 集群环境(仅 master 节点)
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.15.2
安装完成后记录一下
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.187.141:6443 --token wfj4bi.qmsscvrqwc816qm2 \
--discovery-token-ca-cert-hash sha256:8835f7dac11f8a8a10a0eae322b5b6b61a192da0f7d3bd7cfc0db40c4883b161
#执行操作:mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
[root@master01 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 NotReady master 2m42s v1.15.1 #状态是 Notready,在等待网络的加入
[root@master01 ~]# kubectl get pod -n kube-system #看到有 2 个 pod 处于 pending
NAME READY STATUS RESTARTS AGE
coredns-bccdc95cf-bhtms 0/1 Pending 0 4m18s
coredns-bccdc95cf-jmbds 0/1 Pending 0 4m17s
etcd-master01 1/1 Running 0 3m30s
kube-apiserver-master01 1/1 Running 0 3m15s
kube-controller-manager-master01 1/1 Running 0 3m23s
kube-proxy-n62h7 1/1 Running 0 4m18s
kube-scheduler-master01 1/1 Running 0 3m14s
4、在 master 节点上安装 flannel 网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml
[root@master01 ~]# kubectl get pod -n kube-system #看到所有的 pod 都处于 running 状态。NAME READY STATUS RESTARTS AGE
coredns-bccdc95cf-bhtms 1/1 Running 0 6m4s
coredns-bccdc95cf-jmbds 1/1 Running 0 6m3s
etcd-master01 1/1 Running 0 5m16s
kube-apiserver-master01 1/1 Running 0 5m1s
kube-controller-manager-master01 1/1 Running 0 5m9s
kube-flannel-ds-amd64-6jjwf 1/1 Running 0 59s
kube-proxy-n62h7 1/1 Running 0 6m4s
kube-scheduler-master01 1/1 Running 0 5m
5、添加计算节点(在节点上执行)
[root@node01 ~]# kubeadm join 192.168.187.141:6443 --token wfj4bi.qmsscvrqwc816qm2 \
> --discovery-token-ca-cert-hash sha256:8835f7dac11f8a8a10a0eae322b5b6b61a192da0f7d3bd7cfc0db40c4883b161
[root@node02 ~]# kubeadm join 192.168.187.141:6443 --token wfj4bi.qmsscvrqwc816qm2 \
> --discovery-token-ca-cert-hash sha256:8835f7dac11f8a8a10a0eae322b5b6b61a192da0f7d3bd7cfc0db40c4883b161
[root@master01 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 Ready master 8m55s v1.15.2
node01 NotReady <none> 37s v1.15.2
node02 NotReady <none> 14s v1.15.2
6、部署 dashboard(在 master 上操作)
[root@master01 ~]# kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml
[root@master01 ~]# kubectl get pods --namespace=kubernetes-dashboard #查看创建的 namespace
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-5c8f9556c4-w6pzj 1/1 Running 0 7m46s
kubernetes-metrics-scraper-86456cdd8f-7js7v 1/1 Running 0 7m46s
[root@master01 ~]# kubectl get service --namespace=kubernetes-dashboard #查看端口映射关系
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.98.83.31 <none> 8000/TCP 55m
kubernetes-dashboard NodePort 10.107.192.48 <none> 443:30520/TCP 55m
7、修改 service 配置,将 type: ClusterIP 改成 NodePort
[root@master01 ~]# kubectl edit service kubernetes-dashboard --namespace=kubernetes-dashboard
如下:spec:
clusterIP: 10.107.192.48
externalTrafficPolicy: Cluster
ports:
- nodePort: 30520
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort #注意这行。8、创建 dashboard admin-token(仅 master 上执行)
cat >/root/admin-token.yaml<<EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: admin
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
EOF
#创建用户
[root@master01 ~]# kubectl create -f admin-token.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin created
serviceaccount/admin created
#获取 token
root@master01 ~]# kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system
Name: admin-token-lzkfl
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin
kubernetes.io/service-account.uid: 6f194e13-2f09-4800-887d-99a183b3d04d
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1semtmbCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjZmMTk0ZTEzLTJmMDktNDgwMC04ODdkLTk5YTE4M2IzZDA0ZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.vlSVy45l42tzpm2ppSJIBMSKm_OcL_f-miwOV6M37R3b3nda48FNvMQ1oTWFKRM4VZugJcrkSMg7OVBQqyZ7CVV94xaMiiV49eaDFfd9dKGmihHVAfQuywvwcA4wYnspf0TVQYmkQPOagPzPxQGzNZvulsB9LeCCvVUSnKXeW3O0U8rSL13WplBwwcjC2J91vZpljgNaBMiuemafR1kqRmdZ7CLGuaLNCLw5LGLeTi0OQKZhI15Wjhs2juIqP7ZI6qtgDsSeYe8Y3tUxD4Htqa5VtYxhZKll-5jFWgNXWE3xnzdUVCW8t4iLMoFbxrs5ar-vQOIL8C11zBAmeWdJeQ
[root@master01 ~]#
9. 登录 dashboard https://192.168.187.141:30520/#/overview?namespace=default
选择 token 登录。原文链接:https://blog.csdn.net/mtldswz…