安装Docker Engine
#删除老版本
sudo apt-get remove docker docker-engine docker.io containerd runc
#安装必要工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
#安装GPG证书&写入软件源信息
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
#安装docker
sudo apt-get -y update & sudo apt-get -y install docker-ce docker-ce-cli containerd.io
#测试
docker info
配置docker国内加速& 修改 Cgroup Driver 【Kubernetes 推荐使用 systemd 来代替 cgroupfs】
vim /etc/docker/daemon.json
内容如下:(获取加速地址参见:官方镜像加速 (aliyun.com))
{
"registry-mirrors" : ["https://xxxxxx.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
重启docker
systemctl daemon-reload
systemctl restart docker
docker info
安装kubelet、kubeadm、kubectl
安装kubelet、kubeadm、kubectl 并配置kubelet开机启动
#1.更新 apt 包索引,并安装使用 Kubernetes apt 仓库所需要的包:
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
#2.下载 Google Cloud 公开签名秘钥:【替换为aliyun镜像地址】
#sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg
#3.添加 Kubernetes apt 仓库:【替换为aliyun镜像地址】
#echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
#4.更新 apt 包索引,使之包含新的仓库并安装 kubectl:
sudo apt-get update
sudo apt-get install -y kubectl kubelet kubeadm
# 配置开机启动
systemctl daemon-reload
systemctl enable kubelet
#6.查看版本
root@master:~# kubelet --version
Kubernetes v1.23.1
root@master:~# kubectl version --client
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.1", GitCommit:"86ec240af8cbd1b60bcc4c03c20da9b98005b92e", GitTreeState:"clean", BuildDate:"2021-12-16T11:41:01Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}
root@master:~# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.1", GitCommit:"86ec240af8cbd1b60bcc4c03c20da9b98005b92e", GitTreeState:"clean", BuildDate:"2021-12-16T11:39:51Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}
root@master:~#
如kubelet启动有错误可查看日志排除
journalctl -u kubelet --no-pager
通过journalctl -u kubelet.service命令来查看kubelet服务的日志
禁用 swapoff
sudo swapoff -a
sudo sed -i '/ swap / s/^/#/' /etc/fstab
#永久关闭 vim /etc/fstab 注释掉最后一行的swap
通过kubeadm初始化集群
执行如下命令:
kubeadm init --apiserver-advertise-address=$(hostname -i) \
--apiserver-cert-extra-sans=127.0.0.1 \
--pod-network-cidr=10.244.0.0/16 \
--image-repository=registry.aliyuncs.com/google_containers
注意:这里有一个巨大的坑, 如果使用Flannel网络 【建议使用 --pod-network-cidr=10.244.0.0/16 或者后期修改Flannel ConfigMap 】,【部署Dashboard ,nfs-subdir-external-provisioner时】失败报错如下:Error getting server version: Get "https://10.96.0.1:443/version?timeout=32s: dial tcp 10.96.0.1:443: i/o timeout.
修改Flannel ConfigMap 如下:
kubectl edit cm -n kube-system kube-flannel-cfg
# edit the configuration by changing network from 10.244.0.0/16 to 10.10.0.0/16
kubectl delete pod -n kube-system -l app=flannel
kubectl delete po -n kube-system -l k8s-app=kubernetes-dashboard
部署成功如下图:
按照提示执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
配置其他节点使用kubectl
scp -r /etc/kubernetes/admin.conf ${node1}:/etc/kubernetes/admin.conf
#配置环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
#立即生效
source ~/.bash_profile
添加集群节点[kubeadm join]
从上文初始化集群成功提示中复制【kubeadm join】在要添加的节点中执行
kubeadm join ${masterhost}:${port} --token xxxxx \
--discovery-token-ca-cert-hash sha256:xxxxxxxxxxx
添加完成如下图:
root@master:~# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master.vfox.top NotReady control-plane,master 10m v1.23.1 172.31.201.18 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12
node01.vfox.top NotReady <none> 14s v1.23.1 172.22.88.110 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12
node02.vfox.top NotReady <none> 10s v1.23.1 172.22.88.111 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12
所以节点的status是NotReady ,这是因为没有安装网络插件
安装网络插件 flannel
root@master:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
root@master:~# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master.vfox.top Ready control-plane,master 27m v1.23.1 172.31.201.18 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12
node01.vfox.top Ready <none> 16m v1.23.1 172.22.88.110 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12
node02.vfox.top Ready <none> 16m v1.23.1 172.22.88.111 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12
root@master:~#
配置dashboard
参考地址:GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
vim ./recommended.ya
dashboard安装后service 默认是 ClusterIP 运行 修改成 NodePort
安装dashboard命令:kubectl apply -f recommended.yaml
root@master:~/app/k8s# kubectl apply -f ./recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
通过 https://hostname:31443 就可以访问 Kubernetes Dashboard 了, 如下图
创建Kubernetes Dashboard 的登陆Token
创建一个ServiceAccount :dashboard-admin
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
将dashboard-admin 绑定到集群管理角色
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
查看dashboard-admin的登陆Token
kubectl get secret -n kubernetes-dashboard
kubectl describe secret dashboard-admin-token-5pglz -n kubernetes-dashboard
root@master:~/app/k8s# kubectl get secret -n kubernetes-dashboard
NAME TYPE DATA AGE
dashboard-admin-token-5pglz kubernetes.io/service-account-token 3 6m26s
default-token-95htf kubernetes.io/service-account-token 3 12m
kubernetes-dashboard-certs Opaque 0 12m
kubernetes-dashboard-csrf Opaque 1 12m
kubernetes-dashboard-key-holder Opaque 2 12m
kubernetes-dashboard-token-7xxbl kubernetes.io/service-account-token 3 12m
root@master:~/app/k8s# kubectl describe secret dashboard-admin-token-5pglz -n kubernetes-dashboard
Name: dashboard-admin-token-5pglz
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 4b4029cb-6eb2-49f3-a15c-42c9b7ac8d60
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlExNUJWbDZXWWpsTFhuWGxqNmRzNkFvMXBOTkc0aERlNzR1UGpIblFnc2MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNXBnbHoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNGI0MDI5Y2ItNmViMi00OWYzLWExNWMtNDJjOWI3YWM4ZDYwIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.jcpagiw7jhORVxhsbMH4HpB9Fi_bS2crTYcXTXTtJY1JBcyazoahE3UOm6ZPL9NRX9U-Ut7nds7WrIYugi0LzjJIHQIj9sEhZhTdVTxTdrlUXzMGuEBW_RaWZzbxw6-S2NPFCVnAS3P0jY8GVFjD8rhtNU_ZtMFDJOLe6J3Cz_OQL9-Zz2lxWnklxoEmh8qmz3neczBR95bVOAznJ9mwyivsTpvgRYauAi7yrdanCCiJgORr21S0O4TYPhbZHdIq_4
拿到token就可以登陆dashboard 了,如图