yum部署k8s,并安装dashboard控制台

已于 2022-09-26 14:59:54 修改
阅读量608 收藏
点赞数
分类专栏: k8s 文章标签: kubernetes docker 容器
于 2022-09-26 14:54:13 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/id_wxq/article/details/127053068
版权

1.Linux环境(所有节点都执行)

#关闭防火墙: 如果是云服务器,需要设置安全组策略放行端口

# https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#check-required-ports

systemctl stop firewalld

systemctl disable firewalld

#关闭 selinux:

sed -i 's/enforcing/disabled/' /etc/selinux/config

setenforce 0

#关闭 swap:

swapoff -a  

sed -ri 's/.*swap.*/#&/' /etc/fstab

#将桥接的 IPv4 流量传递到 iptables 的链:

# 修改 /etc/sysctl.conf

# 如果有配置,则修改

sed -i "s#^net.ipv4.ip_forward.*#net.ipv4.ip_forward=1#g"  /etc/sysctl.conf

sed -i "s#^net.bridge.bridge-nf-call-ip6tables.*#net.bridge.bridge-nf-call-ip6tables=1#g"  /etc/sysctl.conf

sed -i "s#^net.bridge.bridge-nf-call-iptables.*#net.bridge.bridge-nf-call-iptables=1#g"  /etc/sysctl.conf

sed -i "s#^net.ipv6.conf.all.disable_ipv6.*#net.ipv6.conf.all.disable_ipv6=1#g"  /etc/sysctl.conf

sed -i "s#^net.ipv6.conf.default.disable_ipv6.*#net.ipv6.conf.default.disable_ipv6=1#g"  /etc/sysctl.conf

sed -i "s#^net.ipv6.conf.lo.disable_ipv6.*#net.ipv6.conf.lo.disable_ipv6=1#g"  /etc/sysctl.conf

sed -i "s#^net.ipv6.conf.all.forwarding.*#net.ipv6.conf.all.forwarding=1#g"  /etc/sysctl.conf

# 可能没有,追加

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf

echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf

echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf

echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf

echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf

echo "net.ipv6.conf.all.forwarding = 1"  >> /etc/sysctl.conf

# 执行命令以应用

sysctl -p

2.安装docker(所有节点都执行)

sudo yum remove docker*

sudo yum install -y yum-utils

#配置docker yum 源

sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

#安装docker 19.03.9

yum install -y docker-ce-3:19.03.9-3.el7.x86_64  docker-ce-cli-19.03.9-3.el7.x86_64 containerd.io

#安装docker 19.03.9   docker-ce  19.03.9

yum install -y docker-ce-19.03.9-3  docker-ce-cli-19.03.9 containerd.io

#启动服务

systemctl start docker

systemctl enable docker

#配置加速

sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'

{

  "registry-mirrors": ["https://yeg8htoh.mirror.aliyuncs.com"]

}

EOF

sudo systemctl daemon-reload

sudo systemctl restart docker

3.安装k8s(所有节点都执行)

cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64

enabled=1

gpgcheck=0

repo_gpgcheck=0

gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg

       http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

# 卸载旧版本

yum remove -y kubelet kubeadm kubectl

# 查看可以安装的版本

yum list kubelet --showduplicates | sort -r

# 安装kubelet、kubeadm、kubectl 指定版本

yum install -y kubelet-1.21.0 kubeadm-1.21.0 kubectl-1.21.0

# 开机启动kubelet

systemctl enable kubelet && systemctl start kubelet

4.初始化master节点(master执行)

images=(

  kube-apiserver:v1.21.0

  kube-proxy:v1.21.0

  kube-controller-manager:v1.21.0

  kube-scheduler:v1.21.0

  coredns:v1.8.0

  etcd:3.4.13-0

  pause:3.4.1

)

for imageName in ${images[@]} ; do

    docker pull registry.cn-beijing.aliyuncs.com/wxq_k8s/$imageName

done

#重新打标签才能用

docker tag registry.cn-beijing.aliyuncs.com/wxq_k8s/coredns:v1.8.0 registry.cn-beijing.aliyuncs.com/wxq_k8s/coredns/coredns:v1.8.0

#init

kubeadm init \

--apiserver-advertise-address=本机IP \

--image-repository registry.cn-beijing.aliyuncs.com/wxq_k8s \

--kubernetes-version v1.21.0 \

--service-cidr=192.168.100.0/24 \

--pod-network-cidr=192.168.200.0/24

#初始化后执行

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

export KUBECONFIG=/etc/kubernetes/admin.conf

#安装网络组件

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

5.初始化worker节点(worker执行)

## 用master生成的命令即可

kubeadm join 192.168.111.241:6443 --token e0au41.170pl5gq76s2y2yu \
    --discovery-token-ca-cert-hash sha256:f1578fb75992d41a18433359deec5ddeb494064a505aeb33e40ff6ef5c98d500

##过期怎么办

kubeadm token create --print-join-command

kubeadm token create --ttl 0 --print-join-command

6.验证集群

在master上执行

kubectl get nodes

可以看到集群中的机器是否准备就绪

7.安装dashboard控制台

编辑dashboard.yaml文件

此处设置为NodePort类型端口30000,nodePort: 30000。并修改了token的超时时间(默认10分钟后自动超时退出),token-ttl=99999999(单位为秒)。可以根据字符串定位位置修改。

# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000
  selector:
    k8s-app: kubernetes-dashboard

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: ""

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque

---

kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kubernetes-dashboard

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # Allow Dashboard to get metrics.
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    verbs: ["get"]

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  # Allow Metrics Scraper to get metrics from the Metrics server
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.3.1
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            - --token-ttl=99999999
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.6
          ports:
            - containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}

安装dashboard

kubectl apply -f dashboard.yaml

看部署是否完成

kubectl get pods -A | grep dashboard

部署成功后修改权限

创建role.yaml文件

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-head
  namespace: kubernetes-dashboard-head
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard-head
    namespace: kubernetes-dashboard-head

kubectl apply -f role.yaml

#如果如下报错,表示已经创建了角色,此时需要删除下再添加

The ClusterRoleBinding "kubernetes-dashboard" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"cluster-admin"}: cannot change roleRef

kubectl delete -f role.yaml

kubectl apply -f role.yaml

8.登录网页控制页验证dashboard

https://ip:30000(必须使用https登录)

token认证需要去服务器中执行命令查询token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

最后一部分就是token,非常长的一串

登陆进去之后,左上角命名空间默认是default,改成全部命名空间就可以看到所有了。

设置里可以改成中文和黑底色模式(设置只是修改在本地浏览器中,其他地方登录还需要重新修改)

id_wxq
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
云原生之使用minikube快速部署本地k8s集群
jks212454的博客
04-29 1192
云原生之使用minikube快速部署本地k8s集群
k8s集群管理工具篇】在kubernetes集群下部署Rainbond容器管理平台
jks212454的博客
07-27 982
k8s集群管理工具篇】在kubernetes集群下部署Rainbond容器管理平台
k8s-debugger:Kubernetes控制台调试工具
03-06
k8s调试器 Kubernetes控制台调试工具 特征 当前功能 批量删除资源 合并的多吊舱日志 日志流 轻松的上下文和名称空间选择 吊舱状态视图 计划功能 创建/编辑Cron作业 手动执行Cron作业 检索有关cron作业的详细信息 Redis事件监听关键日志 资源状态报告 入口资源支持 实时重装 安装 yarn global add @adriftdev/k8s-debugger 用法 只需运行 k8s-debugger
K8S DashBoard控制台
李大能
03-11 902
【代码】(六)K8S DashBoard控制台
k8s-kubernetes常用命令,服务部署,可视化控制台安装及token的生成
你是我的天晴
06-12 1162
上一篇文章介绍了怎么,现在我们来学习下kubernetes的常用命令我们直接通过部署可视化控制台kubernetes-dashboard来顺便学习下kubernetes的常用命令及服务的部署
k8s篇之五、安装ui 控制台 dashboard
ws - 兮的博客空间
09-22 1620
根据结果可以看到dashboard在node1的节点上,对外的端口为:31080,这个是配置文件固定好的。使用谷歌浏览器访问会提示受限, 点击高级选择继续前往即可进入页面,页面如下。如果下载失败,可以使用下面的链接下载,然后上传到服务器中。登陆的话是选择令牌的方式,我们接下来先获取令牌。粘贴token 到登录页的第二项令牌处。根据节点和端口进行访问。点击登录,就进入管理页面了。
k8s学习yum部署k8s
mingzirenyichang的博客
04-19 791
一。Kubernetes集群里有三种IP地址,分别如下: Node IP:Node节点的IP地址,即物理网卡的IP地址。 Pod IP:Pod的IP地址,即docker容器的IP地址,此为虚拟IP地址。 Cluster IP:Service的IP地址,此为虚拟IP地址。 二。k8s-集群搭建的三种方式,目前主流的搭建k8s集群的方式有kubeadm、minikube,二进制包。 三。学习kubeadm部署 四。虚拟机上搭建分布式基础环境 (1) 安装准备 Windows10 64位,vmware works
K8S控制器
L2111533547的博客
07-27 1783
被控制对象的定义,则来自于一个"模板".比如,Deployment里的template字段.可以看到,Deployment这个template字段里的内容,跟一个标准的Pod对象的API定义,丝毫不差.而所有被这个Deployment管理的Pod实例,其实都是根据这个template字段的内容创建出来的.控制器是个好东西,要学会选择适合的控制器,以达到生产需求httpshttpshttpshttpshttps。...
K8s部署Dashboard
萝卜头
04-17 2241
K8s部署Dashboard 上一篇文章讲述了自己如果使用 Kubeadm 安装k8s部署应用还是需要一个前端页面,这样便于操作。 0. 序言 0.1 本文的目录 0.2 阅读本文可以给你带来什么 简单了解在社区k8s部署Dashboard。 1. 部署Dashboard 1.1 官网推荐部署 官网 其实也就是简单的2步 kubectl apply -f https://raw.gith...
鲲鹏ARM+麒麟V10离线部署K8s和Rainbond平台
最新发布
xdpcxq的专栏
08-17 1043
本篇文章将详细介绍如何在国产化信创环境下部署 Kubernetes 以及 Rainbond,希望能够为用户提供实用的指导,减少在部署过程中的困扰。
K8S 应用部署
github_35735591的博客
07-01 1178
在上篇文章中,我们安装K8S的基础组件,并按照网页的Dashboard控制台,接下来我们尝试使用K8S部署我们自己的应用
K8S & Dashboard安装文档
11-14
本文档指导使用kubeadm安装Kubernetes以及K8S Dashboard,并最终通过Firefox浏览器成功登入控制台界面的过程指导及问题解决方案
kubeadm部署k8s
Y_S_J_112的博客
12-21 493
Harbor节点 192.168.44.50 dockerdocker-compose、harbor-offline-v1.2.2。
k8s最简单的搭建方式,使用yum搭建k8s集群
玩火的稻草人的博客
04-22 2004
1、环境准备 基于CentOS-7-x86_64-Minimal-2009.iso,使用VMware构建3个linux环境 master: 10.1.14.11 node1: 10.1.14.15 node2: 10.1.14.16 三台机器前期工作准备 关闭防火墙服务: systemctl stop firewalld systemctl disable firewalld 关闭selinux: vi /etc/selinux/config SELINUX=disabled #修改 Kuber
20,Pod控制器,ReplicaSet
weixin_43292547的博客
10-14 385
Pod控制器介绍 Pod是kubernetes的最小管理单元,在kubernetes中,按照pod的创建方式可以将其分为两类: 自主式pod:kubernetes直接创建出来的Pod,这种pod删除后就没有了,也不会重建 控制器创建的pod:kubernetes通过控制器创建的pod,这种pod删除了之后还会自动重建 什么是Pod控制器 Pod控制器是管理pod的中间层,使用Pod控制器之后,只需要告诉Pod控制器,想要多少个什么样的Pod就可以了,它会创建出满足条件的Pod并确保每一个Pod资源处于用
K8S集群搭建及控制面板安装
weixin_38405770的博客
01-17 2610
环境准备 三台虚拟机 主机名 配置 IP地址 master 4G 4C 192.168.0.200 node1 2G 4C 192.168.0.201 node2 2G 4C 192.168.0.202 停止防火墙 systemctl disable firewalld systemctl stop firewalld 禁用SELinux # 永久 关闭 sed -i 's/enforcing/disabled/' /etc/selinux/config # 重启 reboot
配置K8S web ui控制台
学亮编程手记
05-16 3721
kubernetes1.16 K8S部署dashboard控制面板
运维Carl的博客
12-05 2197
获取dashboard.yaml文件 [root@master-1 ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta6/aio/deploy/recommended.yaml [root@master-1 ~]# kubectl create serviceaccount...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值