2

k8s 架构图:
桌面1.png
桌面2.png

第一章

前期准备工作:
(1)关闭防火墙,和selinux

 yum -y install wget vim net-tools ntpdate
 systemctl stop firewalld
 systemctl disable firewalld
 sed -i 's/enforcing/disabled/' /etc/selinux/config
 setenforce 0
 systemctl stop NetworkManager
 systemctl disable NetworkManager

(2)时钟同步

 echo '*/10 * * * * /usr/sbin/ntpdate -s 10.100.60.6 >/dev/null 2>&1 && /sbin/clock -w' > /spool/cron/root 
 
 service crond restart 
 
 ntpdate -s 10.100.60.6

(3)私有主机禁用swap分区

 swapoff -a   
 [root@master01 ~]# cat /etc/fstab 
 /dev/mapper/centos-root /                       xfs          defaults        0 0
 UUID=8d103c59-0306-4493-94f2-1e3726d87cfb /boot                   xfs     defaults        0 0
 #/dev/mapper/centos-swap swap                    swap         defaults        0 0

(4)互相解析

 cat >> /etc/hosts << EOF
 192.168.187.141 master01
 192.168.187.142 master02
 192.168.187.143 node01
 192.168.187.144 node02
 192.168.187.145 node03
 EOF

(5)master对node节点ssh互信

 [root@master01 ~]# ssh-keygen
 [root@master01 ~]# ssh-copy-id node01
 [root@master01 ~]# ssh-copy-id node02

(6)修改内核参数

 cat > /etc/sysctl.d/k8s.conf << EOF
 net.bridge.bridge-nf-call-ip6tables = 1
 net.bridge.bridge-nf-call-iptables = 1
 EOF
 sysctl --system

第二章

注意:以下在所有节点执行(master+node),安装docker,kubeadm,kubelet
1、配置docker源

 cat >> /etc/yum.repos.d/docker.repo <<EOF
 [docker-repo]
 name=Docker Repository
 baseurl=http://mirrors.aliyun.com/docker-engine/yum/repo/main/centos/7
 enabled=1
 gpgcheck=0
 EOF

配置kubernetes源

 cat >> /etc/yum.repos.d/kubernetes.repo <<EOF
 [kubernetes]
 name=Kubernetes
 baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
 enabled=1
 gpgcheck=0
 EOF

 yum clean all
 yum makecache

2、安装kubeadm和相关工具包(所有节点)

 yum install -y docker --disableexcludes=docker-repo
 systemctl enable docker && systemctl start docker

 yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
 systemctl enable kubelet && systemctl start kubelet

3、初始kubeadm集群环境(仅master节点)

 kubeadm init --image-repository=registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.15.2

安装完成后记录一下

 Your Kubernetes control-plane has initialized successfully!

 To start using your cluster, you need to run the following as a regular user:

   mkdir -p $HOME/.kube
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
   sudo chown $(id -u):$(id -g) $HOME/.kube/config

 You should now deploy a pod network to the cluster.
 Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
   https://kubernetes.io/docs/concepts/cluster-administration/addons/

 Then you can join any number of worker nodes by running the following on each as root:

 kubeadm join 192.168.187.141:6443 --token wfj4bi.qmsscvrqwc816qm2 \
--discovery-token-ca-cert-hash sha256:8835f7dac11f8a8a10a0eae322b5b6b61a192da0f7d3bd7cfc0db40c4883b161 


 #执行操作:
 mkdir -p $HOME/.kube
 cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 chown $(id -u):$(id -g) $HOME/.kube/config

 [root@master01 ~]# kubectl get nodes
 NAME       STATUS     ROLES    AGE     VERSION     
 master01   NotReady   master   2m42s   v1.15.1      #状态是Notready,在等待网络的加入

 [root@master01 ~]# kubectl get pod -n kube-system      #看到有2个pod处于pending
 NAME                               READY   STATUS         RESTARTS   AGE
 coredns-bccdc95cf-bhtms            0/1     Pending   0          4m18s
 coredns-bccdc95cf-jmbds            0/1     Pending   0          4m17s
 etcd-master01                      1/1     Running   0          3m30s
 kube-apiserver-master01            1/1     Running   0          3m15s
 kube-controller-manager-master01   1/1     Running   0          3m23s
 kube-proxy-n62h7                   1/1     Running   0          4m18s
 kube-scheduler-master01            1/1     Running   0          3m14s

4、在master节点上安装flannel网络

 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml

 [root@master01 ~]# kubectl get pod -n kube-system    #看到所有的pod都处于running状态。
 NAME                               READY   STATUS    RESTARTS   AGE
 coredns-bccdc95cf-bhtms            1/1     Running   0          6m4s
 coredns-bccdc95cf-jmbds            1/1     Running   0          6m3s
 etcd-master01                      1/1     Running   0          5m16s
 kube-apiserver-master01            1/1     Running   0          5m1s
 kube-controller-manager-master01   1/1     Running   0          5m9s
 kube-flannel-ds-amd64-6jjwf        1/1     Running   0          59s
 kube-proxy-n62h7                   1/1     Running   0          6m4s
 kube-scheduler-master01            1/1     Running   0          5m

5、添加计算节点(在节点上执行)

 [root@node01 ~]# kubeadm join 192.168.187.141:6443 --token wfj4bi.qmsscvrqwc816qm2 \
 >     --discovery-token-ca-cert-hash sha256:8835f7dac11f8a8a10a0eae322b5b6b61a192da0f7d3bd7cfc0db40c4883b161 

 [root@node02 ~]# kubeadm join 192.168.187.141:6443 --token wfj4bi.qmsscvrqwc816qm2 \
 >     --discovery-token-ca-cert-hash sha256:8835f7dac11f8a8a10a0eae322b5b6b61a192da0f7d3bd7cfc0db40c4883b161 

 [root@master01 ~]# kubectl get nodes
 NAME       STATUS     ROLES    AGE     VERSION
 master01   Ready      master   8m55s   v1.15.2
 node01     NotReady   <none>   37s     v1.15.2
 node02     NotReady   <none>   14s     v1.15.2

6、部署dashboard(在master上操作)

 [root@master01 ~]# kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml

 [root@master01 ~]# kubectl get pods --namespace=kubernetes-dashboard      #查看创建的namespace
 NAME                                          READY   STATUS    RESTARTS   AGE
 kubernetes-dashboard-5c8f9556c4-w6pzj         1/1     Running   0          7m46s
 kubernetes-metrics-scraper-86456cdd8f-7js7v   1/1     Running   0          7m46s

 [root@master01 ~]# kubectl get service --namespace=kubernetes-dashboard   #查看端口映射关系
 NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
 dashboard-metrics-scraper   ClusterIP   10.98.83.31     <none>        8000/TCP        55m
 kubernetes-dashboard        NodePort    10.107.192.48   <none>        443:30520/TCP   55m

7、修改service配置,将type: ClusterIP改成NodePort

 [root@master01 ~]# kubectl edit service kubernetes-dashboard --namespace=kubernetes-dashboard
 如下:
 spec:
   clusterIP: 10.107.192.48
   externalTrafficPolicy: Cluster
   ports:
   - nodePort: 30520
     port: 443
     protocol: TCP
     targetPort: 8443
   selector:
     k8s-app: kubernetes-dashboard
   sessionAffinity: None
   type: NodePort      #注意这行。

8、创建dashboard admin-token(仅master上执行)

 cat >/root/admin-token.yaml<<EOF
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: admin
   annotations:
     rbac.authorization.kubernetes.io/autoupdate: "true"
 roleRef:
   kind: ClusterRole
   name: cluster-admin
   apiGroup: rbac.authorization.k8s.io
 subjects:
 - kind: ServiceAccount
   name: admin
   namespace: kube-system
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: admin
   namespace: kube-system
   labels:
     kubernetes.io/cluster-service: "true"
     addonmanager.kubernetes.io/mode: Reconcile
 EOF

 #创建用户
 [root@master01 ~]# kubectl create -f admin-token.yaml
 clusterrolebinding.rbac.authorization.k8s.io/admin created
 serviceaccount/admin created

 #获取token
 root@master01 ~]# kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system
 Name:         admin-token-lzkfl
 Namespace:    kube-system
 Labels:       <none>
 Annotations:  kubernetes.io/service-account.name: admin
          kubernetes.io/service-account.uid: 6f194e13-2f09-4800-887d-99a183b3d04d

 Type:  kubernetes.io/service-account-token

 Data
 ====
 ca.crt:     1025 bytes
 namespace:  11 bytes
 token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1semtmbCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjZmMTk0ZTEzLTJmMDktNDgwMC04ODdkLTk5YTE4M2IzZDA0ZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.vlSVy45l42tzpm2ppSJIBMSKm_OcL_f-miwOV6M37R3b3nda48FNvMQ1oTWFKRM4VZugJcrkSMg7OVBQqyZ7CVV94xaMiiV49eaDFfd9dKGmihHVAfQuywvwcA4wYnspf0TVQYmkQPOagPzPxQGzNZvulsB9LeCCvVUSnKXeW3O0U8rSL13WplBwwcjC2J91vZpljgNaBMiuemafR1kqRmdZ7CLGuaLNCLw5LGLeTi0OQKZhI15Wjhs2juIqP7ZI6qtgDsSeYe8Y3tUxD4Htqa5VtYxhZKll-5jFWgNXWE3xnzdUVCW8t4iLMoFbxrs5ar-vQOIL8C11zBAmeWdJeQ
 [root@master01 ~]# 

9.登录dashboard https://192.168.187.141:30520/#/overview?namespace=default

 选择token登录。

原文链接:https://blog.csdn.net/mtldswz...


smilesnake
298 声望4 粉丝

引用和评论

0 条评论