1. ## 安装
安装docker
```
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
# kubeadm v1.17.3 依赖docker-ce-24.0.4-1.el7 docker-ce-cli-24.0.4-1.el7版本
yum -y install docker-ce-24.0.4-1.el7 docker-ce-cli-24.0.4-1.el7 containerd.io
# yum -y install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl enable docker
```
关闭防火墙
```
systemctl stop firewalld
systemctl disable firewalld
```
永久关闭selinux
```
sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
```
永久关闭swap
```
sed -ri 's/.*swap.*/#&/' /etc/fstab (永久关闭需要重新启动机器)
swapoff -a (临时关闭)
```
设置主机名称
```
master节点:hostnamectl set-hostname k8s-master
node1节点:hostnamectl set-hostname k8s-node1
node2节点:hostnamectl set-hostname k8s-node2
```
修改hosts
```
10.0.20.8 k8s-master (ip为自己本机IP)
10.0.20.2 k8s-node1 (ip为自己本机IP)
10.0.20.14 k8s-node2 (ip为自己本机IP)
```
将桥接的IPv4流量传递到iptables的链
```
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 刷新生效
```
时间同步
```
yum install ntpdate -y
ntpdate time.windows.com
```
安装kubeadm、kubelet、kubectl(所有节点全部执行)
```
添加阿里云yum软件源
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
添加Kubenetes yum 源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
安装 kubeadm, kubelet 和 kubectl
yum install -y kubelet-1.17.3 kubectl-1.17.3 kubeadm-1.17.3
systemctl enable kubelet
```
启动k8s
初始化master节点
```
kubeadm init \
--apiserver-advertise-address=10.0.20.8 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.17.3 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
说明:--apiserver-advertise-address=10.0.20.8 需要修改为自己机器的ip
解决报错
error:detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd".
解决:修改/etc/docker/daemon.json文件
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts":["native.cgroupdriver=systemd"]
}
重启docker
systemctl restart docker
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
解决:
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
```
kubeadm init执行完成后 需要执行完成后配置
```
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
(执行完成后配置)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
(添加节点)
kubeadm join 192.168.67.132:6443 --token j3rcph.a7nnjty3g9onfcrw \
--discovery-token-ca-cert-hash sha256:4f89afeddb3ba286b94d4b08a3e35e9c6c27133a0423763d6e907e6b786d26d6
```
查看master运行状态
```
kubectl get nodes
NAME STATUS ROLES AGE VERSION
second-k8s NotReady master 57s v1.17.3
发现status处于NotReady状态
需要安装网络:
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看pod状态
kubectl get pods -A
[root@192 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-44tbj 1/1 Running 0 119s
kube-system coredns-9d85f5447-p2zfh 0/1 Running 0 16m
kube-system coredns-9d85f5447-vgh9z 1/1 Running 0 16m
kube-system etcd-k8s1 1/1 Running 0 16m
kube-system kube-apiserver-k8s1 1/1 Running 0 16m
kube-system kube-controller-manager-k8s1 1/1 Running 0 16m
kube-system kube-proxy-h5dlv 1/1 Running 0 16m
kube-system kube-scheduler-k8s1 1/1 Running 0 16m
再次查看master运行状态
kubectl get nodes
NAME STATUS ROLES AGE VERSION
second-k8s Ready master 46s v1.17.3
kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-9d85f5447-46svj 1/1 Running 0 2m45s
coredns-9d85f5447-jqqh6 1/1 Running 0 2m45s
etcd-second-k8s 1/1 Running 0 3m1s
kube-apiserver-second-k8s 1/1 Running 0 3m1s
kube-controller-manager-second-k8s 1/1 Running 0 3m1s
kube-proxy-dc6g4 1/1 Running 0 2m45s
kube-scheduler-second-k8s 1/1 Running 0 3m1s
```
> kubeadm init 参数说明
> --apiserver-advertise-address string 设置 apiserver 绑定的 IP.
> --apiserver-bind-port int32 设置apiserver 监听的端口. (默认 6443)
> --apiserver-cert-extra-sans strings api证书中指定额外的Subject Alternative Names (SANs) 可以是IP 也可以是DNS名称。 证书是和SAN绑定的。
> --cert-dir string 证书存放的目录 (默认 "/etc/kubernetes/pki")
> --certificate-key string kubeadm-cert secret 中 用于加密 control-plane 证书的key
> --config string kubeadm 配置文件的路径.
> --cri-socket string CRI socket 文件路径,如果为空 kubeadm 将自动发现相关的socket文件; 只有当机器中存在多个 CRI socket 或者 存在非标准 CRI socket 时才指定.
> --dry-run 测试,并不真正执行;输出运行后的结果.
> --feature-gates string 指定启用哪些额外的feature 使用 key=value 对的形式。
> -h, --help 帮助文档
> --ignore-preflight-errors strings 忽略前置检查错误,被忽略的错误将被显示为警告. 例子: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.
> --image-repository string 选择拉取 control plane images 的镜像repo (default "k8s.gcr.io")
> --kubernetes-version string 选择K8S版本. (default "stable-1")
> --node-name string 指定node的名称,默认使用 node 的 hostname.
> --pod-network-cidr string 指定 pod 的网络, control plane 会自动将 网络发布到其他节点的node,让其上启动的容器使用此网络
> --service-cidr string 指定service 的IP 范围. (default "10.96.0.0/12")
> --service-dns-domain string 指定 service 的 dns 后缀, e.g. "myorg.internal". (default "cluster.local")
> --skip-certificate-key-print 不打印 control-plane 用于加密证书的key.
> --skip-phases strings 跳过指定的阶段(phase)
> --skip-token-print 不打印 kubeadm init 生成的 default bootstrap token
> --token string 指定 node 和control plane 之间,简历双向认证的token ,格式为 [a-z0-9]{6}\.[a-z0-9]{16} - e.g. abcdef.0123456789abcdef
> --token-ttl duration token 自动删除的时间间隔。 (e.g. 1s, 2m, 3h). 如果设置为 '0', token 永不过期 (default 24h0m0s)
> --upload-certs 上传 control-plane 证书到 kubeadm-certs Secret.
2. ## 节点添加
master 节点生成token
```
kubeadm token generate
```
根据token输出添加命令,create后带刚生成的token
```
kubeadm token create ins9ct.n3vpfy86dsjglmxy --print-join-command --ttl=0
[root@first-k8s ~]# kubeadm token create bo486h.xcey54eimv22bnvy --print-join-command --ttl=0
kubeadm join 192.168.67.131:6443 --token bo486h.xcey54eimv22bnvy --discovery-token-ca-cert-hash sha256:8772c805f0dec079848d65200cf805ee1f80a0f8368a37b7cff1aa6c04264820
```
sleave 节点执行添加操作
```
kubeadm join 192.168.67.131:6443 --token bo486h.xcey54eimv22bnvy --discovery-token-ca-cert-hash sha256:8772c805f0dec079848d65200cf805ee1f80a0f8368a37b7cff1aa6c04264820
```
master 查看节点是否添加成功
```
[root@first-k8s ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
first-k8s Ready master 18h v1.17.3
second-k8s Ready <none> 13s v1.17.3
```
3. ## 安装dashboard
1、下载安装配置文件 recommended.yaml
注意在https://github.com/kubernetes/dashboard/releases查看Kubernetes 和 Kubernetes Dashboard 的版本对应关系。
# 执行下载
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
2、修改配置信息
在 service 下添加 type: NodePort
vim recommended.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 31443
selector:
k8s-app: kubernetes-dashboard
3、执行安装部署命令
kubectl apply -f recommended.yaml
[root@first-k8s kube]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
4、查看并等待容器运行状态为 running 状态
[root@first-k8s kube]# kubectl get pod,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-894c58c65-m9vl6 1/1 Running 0 35m
pod/kubernetes-dashboard-fc4fc66cc-hb94q 1/1 Running 0 35m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.104.148.13 <none> 8000/TCP 35m
service/kubernetes-dashboard NodePort 10.102.14.94 <none> 443:32294/TCP 35m
5、创建访问 Kubernetes Dashboard 的账号
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
kubectl create clusterrolebinding dashboard-admin-rb --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
6、查询访问 Kubernetes Dashboard 的 token
[root@master ~]# kubectl get secrets -n kubernetes-dashboard | grep dashboard-admin
dashboard-admin-token-84gg6 kubernetes.io/service-account-token 3 64s
[root@master ~]# kubectl describe secrets dashboard-admin-token-84gg6 -n kubernetes-dashboard
Name: dashboard-admin-token-84gg6
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 2d93a589-6b0b-4ed6-adc3-9a2eeb5d1311
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImRmbVVfRy15QzdfUUF4ZmFuREZMc3dvd0IxQ3ItZm5SdHVZRVhXV3JpZGcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tODRnZzYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMmQ5M2E1ODktNmIwYi00ZWQ2LWFkYzMtOWEyZWViNWQxMzExIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.xsDBLeZdn7IO0Btpb4LlCD1RQ2VYsXXPa-bir91VXIqRrL1BewYAyFfZtxU-8peU8KebaJiRIaUeF813x6WbGG9QKynL1fTARN5XoH-arkBTVlcjHQ5GBziLDE-KU255veVqORF7J5XtB38Ke2n2pi8tnnUUS_bIJpMTF1s-hV0aLlqUzt3PauPmDshtoerz4iafWK0u9oWBASQDPPoE8IWYU1KmSkUNtoGzf0c9vpdlUw4j0UZE4-zSoMF_XkrfQDLD32LrG56Wgpr6E8SeipKRfgXvx7ExD54b8Lq9DyAltr_nQVvRicIEiQGdbeCu9dwzGyhg-cDucULTx7TUgA
7、在页面访问 Kubernetes Dashboard
注意一定要使用 https,https://node的ip:31443 ,提示“您的连接不是私密连接”,点击空白处输入“thisisunsafe”,输入 token 登录成功后就进入了后台管理界面,原先命令行的操作就可以在管理界面进操作了
```