基于kubeadm安装k8s 1.12.2和dashboard(国内网络环境)
安装环境VMware,Centos 7.5
1. 分别设置hostname
[root@localhost ~]# hostnamectl set-hostname k8s-master
[root@localhost ~]# hostnamectl set-hostname k8s-node1
[root@localhost ~]# hostnamectl set-hostname k8s-node2
2. 修改/etc/hosts文件
[root@k8s-master ~]# echo "192.168.242.138 k8s-master
192.168.242.139 k8s-node1
192.168.242.140 k8s-node2" >> /etc/hosts
[root@k8s-master ~]# cat /etc/hosts
设置静态IP地址
[root@k8s-master ~]# ip addr
[root@k8s-master ~]# ip route
[root@k8s-master ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO="static"
IPADDR=192.168.242.138
GATEWAY=192.168.242.2
NETMASK=255.255.255.0
设置DNS
[root@k8s-master ~]# vi /etc/resolv.conf
nameserver 192.168.242.2
重启网络
[root@k8s-master ~]# service network restart
测试
[root@k8s-master ~]# ping www.baidu.com
3. 关闭并禁用防火墙
[root@k8s-master ~]# systemctl stop firewalld
[root@k8s-master ~]# systemctl disable firewalld
4. 关闭SeLinux
[root@k8s-master ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config
[root@k8s-master ~]# cat /etc/selinux/config
5. 禁用swap
用#注释swap
[root@k8s-master ~]# vi /etc/fstab
重新启动
[root@k8s-master ~]# reboot
查看swap
[root@k8s-master ~]# free -h
查看selinux状态
[root@k8s-master ~]# getenforce
Disabled
6. 配置Docker的yum安装源,并安装docker-ce
配置docker安装源
[root@k8s-master ~]# yum -y install yum-utils
[root@k8s-master ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
查看可用的版本
[root@k8s-master ~]# yum list docker-ce --showduplicates|grep "^doc"|sort -r
安装
[root@k8s-master ~]# yum -y install docker-ce-18.06.1.ce-3.el7
启动
[root@k8s-master ~]# systemctl start docker
[root@k8s-master ~]# systemctl enable docker
7. 配置kubernetes阿里云yum镜像
[root@k8s-master ~]# echo "[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
pgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg" > /etc/yum.repos.d/kubernetes.repo
8. 安装kubeadm,kubelet,kubectl
[root@k8s-master ~]# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
[root@k8s-master ~]# systemctl enable kubelet && systemctl start kubelet
前面的命令要在master和每个node上分别执行一遍
9. 安装master
从阿里获取安装所需的容器镜像
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.12.2
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.12.2
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.12.2
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.12.2
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.2
修改tag
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.12.2 k8s.gcr.io/kube-apiserver:v1.12.2
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.12.2 k8s.gcr.io/kube-controller-manager:v1.12.2
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.12.2 k8s.gcr.io/kube-scheduler:v1.12.2
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.12.2 k8s.gcr.io/kube-proxy:v1.12.2
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.2 k8s.gcr.io/coredns:1.2.2
[root@k8s-master ~]# docker images
网络配置
[root@k8s-master ~]# echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
[root@k8s-master ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
安装master
[root@k8s-master ~]# kubeadm init --kubernetes-version=1.12.2 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.242.138
保存下面的语句,用于后面安装node
kubeadm join 192.168.242.138:6443 --token qnjnj8.4iv2kjrvio3ukq5k --discovery-token-ca-cert-hash sha256:7d4a245bd5ae181b1128b1a072369b2ec840113518fb3eff804814ce1e851bbb
按安装提示运行以下命令
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
检查kubelet配置
[root@k8s-master ~]# cat /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS=--cgroup-driver=cgroupfs --network-plugin=cni
安装flannel
[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@k8s-master ~]# systemctl restart docker
[root@k8s-master ~]# kubectl get nodes
~这里需要等一小会儿,多试几次
如果安装失败可以选择重置
[root@k8s-master ~]# kubeadm reset
10. 安装node
从阿里获取安装所需的容器镜像
[root@k8s-node1 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.12.2
[root@k8s-node1 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
修改tag
[root@k8s-node1 ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.12.2 k8s.gcr.io/kube-proxy:v1.12.2
[root@k8s-node1 ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
网络配置
[root@k8s-node1 ~]# echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
[root@k8s-node1 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
用前面保存的语句安装node
[root@k8s-node1 ~]# kubeadm join 192.168.242.138:6443 --token qnjnj8.4iv2kjrvio3ukq5k --discovery-token-ca-cert-hash sha256:7d4a245bd5ae181b1128b1a072369b2ec840113518fb3eff804814ce1e851bbb
如果忘记可以用以下语句获取
kubeadm token create --print-join-command
11. 安装dashboard
获取dashboard的yaml
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
检查版本
[root@k8s-master ~]# grep image kubernetes-dashboard.yaml
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
从阿里获取镜像
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
[root@k8s-master ~]# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
安装dashboard
[root@k8s-master ~]# kubectl create -f kubernetes-dashboard.yaml
解决访问安全问题
[root@k8s-master ~]# echo "admin,admin,1" > /etc/kubernetes/pki/basic_auth.csv
[root@k8s-master ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml
--anonymous-auth=false
--basic-auth-file=/etc/kubernetes/pki/basic_auth.csv
[root@k8s-master ~]# kubectl create clusterrolebinding admin --clusterrole=cluster-admin --user=admin
[root@k8s-master ~]# kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
解决由于anonymous-auth=false导致apiserver频繁重启问题
[root@k8s-master ~]# vi /etc/kubernetes/manifests/kube-apiserver.yaml
- --insecure-bind-address=127.0.0.1
- --insecure-port=8080
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: kube-apiserver
以如下地址访问dashboard,用admin/admin登录,选择kubeconfig时点跳过
https://192.168.242.138:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
阿里云容器镜像服务地址
https://dev.aliyun.com/search.html
安装wget
yum install wget -y
安装JSON支持
yum install epel-release -y
yum install jq -y
常用命令
kubectl get node
kubectl get pod --all-namespaces -o wide
kubectl describe pod kube-apiserver-k8s-master --namespace=kube-system
kubectl get service --namespace=kube-system
kubectl get service --all-namespaces
kubectl get apiservice
kubectl get apiservice v2beta1.autoscaling -o yaml
kubectl get --raw=/apis/autoscaling/v2beta1 | jq
扫一扫
669
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
