文章目录
1. 实验准备
三台服务器
192.168.8.12 master
192.168.8.13 node01
192.168.8.14 node02
#关闭防火墙,selinux,swap
systemctl stop firewalld && systemctl disable firewalld
setenforce 0
swapoff -a
#修改主机名,并写入三台服务器的 host 中
hostnamectl set-hostname master && su
hostnamectl set-hostname node01 && su
hostnamectl set-hostname node02 && su
cat >> /etc/hosts << EOF
192.168.8.12 master
192.168.8.13 node01
192.168.8.14 node02
EOF
#将桥接的 IPV4 流量传递到 iptables 链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
#时间同步
yum -y install ntpdate
ntpdate time.windows.com
2. 安装 docker
三台服务器上操作
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install epel-release && yum clean all && yum makecache #如果无法安装docker再执行
yum -y install docker-ce-18.06.1.ce-3.el7 #版本可自选,该版本比较稳定
systemctl start docker && systemctl enable docker
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
systemctl restart docker
3. 配置阿里云 K8S repo 源(三个节点)
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all && yum makecache
4. 安装 kubeadm,kubelet,kubectl(三个节点)
yum -y install kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0 --nogpgcheck
systemctl enable kubelet
5. 部署 kubernetes Master 节点(master 节点上执行)
初始化 kubeadm
kubeadm init \
--apiserver-advertise-address=192.168.8.12 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.18.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
参数说明
kubeadm init \
--apiserver-advertise-address=10.0.0.116 \ #指定master监听的地址,修改为自己的master地址
--image-repository registry.aliyuncs.com/google_containers \ #指定为aliyun的下载源,最好用国内的
--kubernetes-version v1.18.0 \ #指定k8s版本,1.18.0版本比较稳定
--service-cidr=10.96.0.0/12 \ #设置集群内部的网络
--pod-network-cidr=10.244.0.0/16 #设置pod的网络
# service-cidr 和 pod-network-cidr 最好就用这个,不然需要修改后面的 kube-flannel.yaml 文件
出现 Your Kubernetes control-plane has initialized successfully! 为初始化成功,初始化失败先排查原因
#如果忘了token,可以执行下面的命令进行查看
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
node 节点加入集群需要生成的 token,token 有效期为 24 小时,过期需要重新创建,创建命令为 kubeadm token create --print-join-command
执行以下命令可使用 kubectl 管理工具
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]#kubectl get node
NAME STATUS ROLES AGE VERSION
master NotReady master 106m v1.18.0
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-proxy v1.18.0 43940c34f24f 21 months ago 117MB
registry.aliyuncs.com/google_containers/kube-apiserver v1.18.0 74060cea7f70 21 months ago 173MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.18.0 d3e55153f52f 21 months ago 162MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.18.0 a31f78c7c8ce 21 months ago 95.3MB
registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 22 months ago 683kB
registry.aliyuncs.com/google_containers/coredns 1.6.7 67da37a9a360 22 months ago 43.8MB
registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 2 years ago 288MB
6. k8s-node 节点加入 master 节点(两个 node 执行)
node01
[root@node01 ~]# kubeadm join 192.168.8.12:6443 --token 5jep6n.lp3b2w8q76bxlhtq \
--discovery-token-ca-cert-hash sha256:074e01ef083b555a19ac0b093e11c5992bfb7a3ef448de7645ca81f05af52ff2
node02
[root@node02 ~]# kubeadm join 192.168.8.12:6443 --token 5jep6n.lp3b2w8q76bxlhtq \
--discovery-token-ca-cert-hash sha256:074e01ef083b555a19ac0b093e11c5992bfb7a3ef448de7645ca81f05af52ff2
master 查看
[root@master ~]#kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady master 4m54s v1.18.0
node01 NotReady <none> 2m17s v1.18.0
node02 NotReady <none> 75s v1.18.0
可以看到节点显示 NotReady 状态,需要安装网络插件
7. 安装 Pod 网络插件(CNI 插件,master 节点)
下载插件 yaml 文件
#国外网站
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#国内网站
wget http://120.78.77.38/file/kube-flannel.yaml
执行安装
#需要时间安装
kubectl apply -f kube-flannel.yaml
执行 kubectl get pods -n kube-system
查看出错是因为 quay.io 网站目前国内无法访问,资源下载不成功,解决方案参考:https://blog.csdn.net/K_520_W/article/details/116566733
这里提供一个方便的解决方法
#修改 flannel 插件文件
sed -i -r "s#quay.io/coreos/flannel:.*-amd64#lizhenliang/flannel:v0.12.0-amd64#g" kube-flannel.yaml
kubectl apply -f kube-flannel.yaml
kubectl get pods -n kube-system
kubectl get node #部署好网络插件,node 准备就绪
查看
[root@master ~]#kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7ff77c879f-j52kj 0/1 Pending 0 6m40s
coredns-7ff77c879f-sm7t4 0/1 Pending 0 6m40s
etcd-master 1/1 Running 0 6m50s
kube-apiserver-master 1/1 Running 0 6m50s
kube-controller-manager-master 1/1 Running 0 6m50s
kube-flannel-ds-amd64-2z7sl 0/1 Init:0/1 0 16s
kube-flannel-ds-amd64-65n5x 0/1 Init:0/1 0 16s
kube-flannel-ds-amd64-s5kf5 0/1 Init:0/1 0 16s
kube-proxy-dvkff 1/1 Running 0 3m20s
kube-proxy-jl84d 1/1 Running 0 4m22s
kube-proxy-kvktr 1/1 Running 0 6m40s
kube-scheduler-master 1/1 Running 0 6m50s
[root@master ~]#kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 8m21s v1.18.0
node01 Ready <none> 5m44s v1.18.0
node02 Ready <none> 4m42s v1.18.0
测试 k8s 集群,在集群中创建一个 pod,验证是否能正常运行
[root@master ~]# kubectl get pod #默认命名空间现在是没有 pod 的
No resources found in default namespace.
[root@master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort #暴露端口供外网访问
service/nginx exposed
[root@master ~]#kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-f89759699-g76rt 1/1 Running 0 6m8s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 15m
service/nginx NodePort 10.104.42.45 <none> 80:30547/TCP 6m
# nginx 暴露了 32141 端口,http://nodeIP:port 访问,任意节点 IP 都可以
[root@master ~]# curl 192.168.8.12:30547
8. master 节点安装可视化管理界面 dashboard
下载插件文件
wget http://120.78.77.38/file/kubernetes-dashboard.yaml
修改文件内容
修改 kubernetes-dashboard.yaml,增加一行 nodePort: 30001,如图所示,光标处为增加的行,端口自行选定,不冲突就行
执行安装
[root@master ~]# kubectl apply -f kubernetes-dashboard.yaml
[root@master ~]# kubectl get pods -n kubernetes-dashboard
查看 pod 在哪个节点,访问 web 界面
dashboard-metrics 所在节点采集监控指标,kubernetes-dashboard 所在节点为 web 管理页面
[root@master ~]#kubectl get pod -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-694557449d-gzjrv 1/1 Running 0 110s 10.244.1.3 node01 <none> <none>
kubernetes-dashboard-9774cc786-68vnj 1/1 Running 0 110s 10.244.2.3 node02 <none> <none>
访问:https://192.168.8.14:30001
推荐使用火狐浏览器,用其他浏览器可能无法访问,因为缺少信任证书,信任证书制作参考:
https://blog.csdn.net/shenyuanhaojie/article/details/121951326?spm=1001.2014.3001.5501
我们使用 token 令牌登录,在 master 节点生成令牌
[root@master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
[root@master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
[root@master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret |awk '/dashboard-admin/{pirnt $1}')
选择一个令牌并在网页上输入