簡介
k8s 有很多種安裝方式
本文使用kubeadm安裝
軟體環境
- Centos: 7.3
- Docker: 18.06.1-ce
- Kubernetes: 1.16.2
實驗伺服器資訊
伺服器建議2核4G以上配置
- master: 192.168.5.90
- node01: 192.168.5.91
- node02: 192.168.5.92
環境準備
所有節點都執行
修改主機名
管理節點
hostnamectl set-hostname master
其他節點
hostnamectl set-hostname node01
hostnamectl set-hostname node02
...
添加hosts解析
cat <<EOF >>/etc/hosts
192.168.5.90 master
192.168.5.91 node1
192.168.5.92 node2
EOF
關閉防火牆、selinux和swap
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
配置核心參數,将流量轉到iptables鍊
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
配置yum源
yum install -y wget
mkdir /etc/yum.repos.d/bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
yum clean all && yum makecache
配置國内k8s源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
配置docker源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
軟體安裝
docker&&kubectl安裝
所有節點執行
安裝docker
yum install -y docker-ce-18.06.1.ce-3.el7
systemctl enable docker && systemctl start docker
docker version
安裝kubeadm、kubelet、kubectl
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet
部署master節點
在master節點執行
初始化k8s叢集
kubeadm init --kubernetes-version=1.16.2 \
--apiserver-advertise-address=192.168.5.90 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
定義POD的網段為: 10.244.0.0/16, api server位址就是master本機IP位址。
這一步很關鍵,由于kubeadm 預設從官網k8s.grc.io下載下傳所需鏡像,國内無法通路,是以需要通過–image-repository指定阿裡雲鏡像倉庫位址。
執行成功後會出現下面的資訊:
kubeadm join 192.168.5.90:6443 --token kekvgu.nw1ndasdaoncomj6 \
--discovery-token-ca-cert-hash sha256:1s3chdadqwop08ca62f2dou983h40jnafa4d50e6634acfaa8291f28582codaihsdoinci
配置kubectl工具
mkdir -p /root/.kube
cp /etc/kubernetes/admin.conf /root/.kube/config
kubectl get nodes
kubectl get cs
部署flannel網絡
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
部署node節點
在所有node節點上執行
加入k8s叢集
kubeadm join 192.168.5.90:6443 --token kekvgu.nw1ndasdaoncomj6 \
--discovery-token-ca-cert-hash sha256:1s3chdadqwop08ca62f2dou983h40jnafa4d50e6634acfaa8291f28582codaihsdoinci
此指令為叢集初始化時(kubeadm init)傳回結果中的内容。
叢集狀态檢測
在master節點上執行
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 3d5h v1.14.3
node1 Ready <none> 3d5h v1.14.3
node2 Ready <none> 3d5h v1.14.3
部署Dashboard
在master上操作
建立Dashboard的yaml檔案
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
編輯kubernetes-dashboard.yaml檔案
sed -i 's/k8s.gcr.io/registry.cn-hangzhou.aliyuncs.com\/kuberneters/g' kubernetes-dashboard.yaml
sed -i '/targetPort:/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' kubernetes-dashboard.yaml
部署Dashboard
kubectl create -f kubernetes-dashboard.yaml
檢視相關服務
kubectl get deployment kubernetes-dashboard -n kube-system
kubectl get pods -n kube-system -o wide
kubectl get services -n kube-system
netstat -ntlp|grep 30001
檢視通路Dashboard的認證令牌
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
傳回資訊
Name: dashboard-admin-token-xr4rq
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 6b103593-ee1f-11e9-93b4-001a4ae62b23
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4teHI0cnEiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNmIxMDM1OTMtZWUxZi0xMWU5LTkzYjQtMDAxYTRhZTYyYjIzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.WlETClsc1_AY5_b3stvMArjVCnZvt_pvIzd7bKjRQY14P7bWRciCCVk611Drcr7uPXl1oCvUUHvi6g3nwtec9sG7BRqWl5hPAMmzI9xZlr_N1FRkWL520mSIP0yHtXYBBVIkRheyXrOkz4VeGsHBCOv5jQLl9Mo-hHhIdMuTfKNSWmdmLv50xgi_tYdb9JokswIGjJ2oyzLyXqJ8nFvsMiKyfvwgQ8kixBeKusLx5oUroqJfRVVakYfxcqpxpD2ywe9qhoZC0xWlpx07YDogA5EB8cyClnJ-sgNE3emEMRNdxC_XyTxhJ1CnvpKo6_t16TFdGAz6QG-lgTLgZa5xGQ
浏覽器打開
https://192.168.5.90:30001
再輸入上面伺服器傳回的token