k8s单节点master部署步骤
一、各个节点初始化
1、配置IP
vi /etc/sysconfig/network-scripts/ifcfg-eth0
#克隆的机器需注释掉UUID的配置
systemctl restart network
2、设置主机名
hostnamectl set-hostname k8s-master1
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2
3、设置sshd禁止DNS解析,以提高ssh连接速度
sed -i '/#UseDNS yes/aUseDNS no' /etc/ssh/sshd_config
systemctl restart sshd
4、更新操作系统,升级内核和软件版本
yum update -y
5、关闭firewalld,selinux
systemctl stop firewalld
systemctl disable firewalld
sed -i '/^SELINUX=/s/^.*$/SELINUX=disabled/' /etc/selinux/config
setenforce 0
6、关闭swap分区
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
7、根据规划设置主机名,并配置hosts文件
192.168.137.51 k8s-master1
192.168.137.61 k8s-node1
192.168.137.62 k8s-node2
EOF
8、将桥接的流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
9、时间同步
yum install chrony -y
systemctl start chronyd
systemctl enable chronyd
# 查看时间同步源状态:
chronyc sourcestats
10、安装辅助软件
yum -y install vim net-tools wget lrzsz
二、安装并配置docker
1、安装docker
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
systemctl enable docker && systemctl start docker
2、配置镜像下载加速
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl restart docker
通过docker info查看镜像加速配置生效
三、安装配置kubeadm、kubelet、kubectl
1、添加阿里云YUM软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2、安装kubeadm、kubelet、kubectl
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
#所有节点设置kubelet开机自启
systemctl enable kubelet
3、部署Kubernetes Master,在master节点上执行
kubeadm init \
--apiserver-advertise-address=192.168.137.51 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
| 配置项 | 说明 |
|---|---|
| –apiserver-advertise-address | 集群通告地址 |
| –image-repository | 由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址 |
| –kubernetes-version | K8s版本,与上面安装的一致 |
| –service-cidr | 集群内部虚拟网络,Pod统一访问入口 |
| –pod-network-cidr | Pod网络,与下面部署的CNI网络组件yaml中保持一致 |
4、在node上执行步骤3生产的join命令,使node加入k8s集群
kubeadm join 192.168.137.51:6443 --token he1795.4n9sxzw9klajssym \
--discovery-token-ca-cert-hash \
sha256:56fbfcc3a7a8afc72237939281d7d23b53b8a446f2a0b02c747e1ab54cb958e4
#默认token有效期为24小时,当过期之后该token就不可用了。这时就需要重新创建token,可以直接使用命令快捷生成:
kubeadm token create --print-join-command
5、在master上查看节点信息
[root@k8s-master1 ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-master1 NotReady control-plane,master 12m v1.23.0 192.168.137.51 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.12
k8s-node1 NotReady <none> 88s v1.23.0 192.168.137.61 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.12
k8s-node2 NotReady <none> 83s v1.23.0 192.168.137.62 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.12
6、设置命令补全
yum -y install bash-completion
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc
四、部署CNI插件
1、下载calico.yaml文件
wget https://docs.projectcalico.org/manifests/calico.yaml
2、修改配置pod网络与前面kubeadm init的 --pod-network-cidr指定的一样,注意yaml缩进格式
搜索CALICO_IPV4POOL_CIDR
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16"
3、部署calico
kubectl apply -f calico.yaml
4、查看CNI组件的pod状态,时间较长
[root@k8s-master1 tmp]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-566dc76669-4j24m 1/1 Running 1 (10m ago) 32m
calico-node-bh2df 1/1 Running 1 (10m ago) 26m
calico-node-hmcgl 1/1 Running 1 (10m ago) 26m
calico-node-p8kpz 1/1 Running 1 (10m ago) 26m
coredns-6d8c4cb4d-fl5t7 1/1 Running 1 (9m56s ago) 60m
coredns-6d8c4cb4d-jvsfd 1/1 Running 1 (9m56s ago) 60m
etcd-k8s-master1 1/1 Running 1 (10m ago) 61m
kube-apiserver-k8s-master1 1/1 Running 1 (9m51s ago) 61m
kube-controller-manager-k8s-master1 1/1 Running 1 (10m ago) 61m
kube-proxy-5f8gx 1/1 Running 1 (10m ago) 60m
kube-proxy-96gbd 1/1 Running 1 (10m ago) 50m
kube-proxy-flrgp 1/1 Running 1 (10m ago) 50m
kube-scheduler-k8s-master1 1/1 Running 1 (9m56s ago) 61m
五、部署dashboard
Dashboard是官方提供的一个UI,可用于基本管理K8s资源。
1、YAML下载地址:
https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
课件中文件名是:kubernetes-dashboard.yaml
默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部:
vi recommended.yaml
...
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
type: NodePort
...
2、部署应用
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard
访问地址:https://NodeIP:30001
3、创建service account并绑定默认cluster-admin管理员集群角色:
创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
用户授权
kubectl create clusterrolebinding dashboard-admin \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:dashboard-admin
获取用户Token
kubectl describe secrets -n kube-system \
$(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
使用输出的token登录Dashboard
访问Dashboard,https://192.168.137.51:30001/
1944
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
