参考地址:
https://www.cnblogs.com/wml3030/p/15510747.html
官方文档:
https://kubernetes.io/docs/reference/setup-tools/kubueadm/kubeadm
https://kubernetes.io/docs/setup/independet/install-kubeadm
### 1-基础环境
服务器 linux-centos 7.6
master节点 192.168.198.111 (k111)
slaver节点 192.168.198.112 (k112)
slaver节点 192.168.198.113 (k113)
### 1-基础环境
#### >关闭防火墙 selinux
```
setenforce 0
iptables -F
systemctl stop firewalld
systemctl disable firewalld
systemctl stop NetworkManager
systemctl disable NetworkManager
sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config
```
#### >部署主机并绑定hosts
```
hostnamectl set-hostname k111
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.198.111 k111
192.168.198.112 k112
192.168.198.113 k113
```
#### >阿里云的yum源
```
1. 备份一下
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
2.下载Centos7-阿里yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
3.配置k8s地址
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
4.重新加载yum
yum clean all && yum makecache
```
#### >主机配置初识化
```
yum -y install vim wget net-tools lrzsz
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
cat <<EOF>> /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter
sysctl -p
```
#### >所有主机部署docker环境
```
参考菜鸟教程
```
#### >所有主机配置阿里云镜像加速
```
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://h9icw8m9.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
```
### 2-部署kubernetes集群
#### 架构图
#### 组件介绍
```
kubeadm:安装工具,使所有的组件都会以容器的方式运行
kubectl:客户端连接k8s api 工具
kubelet:运行在node节点,用来启动容器的工具
```
#### A.所有主机安装kubelet kubeadm kubectl
```
yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0
或者
yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0
[root@k8s-master ~]# systemctl enable kubelet.service
#kubelet刚安装后是无法启动的,需要加入节点或者初始化为master后才可以启动
```
#### B.在master主机上配置
* 配置init-config.yaml
```
#在master主机上配置
#打印初始化相关的配置到config.yaml文件中
mkdir -pv /usr/local/k8s
cd /usr/local/k8s
kubeadm config print init-defaults > init-config.yaml
```
init-config.yaml
```
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.198.111 #master的ip
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k111
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd #容器挂载到本地的目录
#imageRepository: k8s.gcr.io
imageRepository: registry.aliyuncs.com/google_containers #切换国内的镜像地址
kind: ClusterConfiguration
kubernetesVersion: v1.17.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16 #新增pod网段
scheduler: {}
```
```
kubeadm config view #查看当前集群中的配置值
kubeadm config print join-defaults #输出kubeadm join 默认参数文件内容
```
#### C.安装master节点
kubeadm config images list --config init-config.yaml #查看配置文件关联的镜像(下载)
kubeadm config images pull --config init-config.yaml #查看配置文件关联的镜像(下载)
kubeadm init --config=init-config.yaml #初始化安装k8s
```
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.198.111:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:f933c7e48512f1d8f1815fa940d27bca5ef3d3bf0da975f63b8932e7674a8c2b
```
#### D.安装node节点
```
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.198.111:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:f933c7e48512f1d8f1815fa940d27bca5ef3d3bf0da975f63b8932e7674a8c2b
```
```
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
```
#### E.安装flannel
master节点notready 的原因就是没有网络插件。
获取 kube-flannel.yml
参考: https://blog.csdn.net/qq_22409661/article/details/113371921
```
执行命令
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml #master运行
或者
kubectl apply -f kube-flannel.yml #master运行
```
kubectl get nodes #再次查看节点
#### F.所有主机部署Dashboard
参考: https://www.cnblogs.com/bigberg/p/13469736.html
- A 创建pod容器
```
获取配置文件 recommended.yaml
https://github.com/kubernetes/dashboard/blob/v2.0.1/aio/deploy/recommended.yaml
###修改配置
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort # 新增
ports:
- port: 443
targetPort: 8443
nodePort: 32443 # 新增
selector:
k8s-app: kubernetes-dashboard
apply -f recommended.yaml #部署文件
get pods -n kubernetes-dashboard #查看
```
- B 设置用户
https://github.com/kubernetes/dashboard/blob/v2.0.1/docs/user/access-control/creating-sample-user.md
kubectl apply -f dashboard-adminuser.yaml
```
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
```
- C K8S-dashboard访问地址:
https://192.168.198.111:32443/#/login
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
token:
eyJhbGciOiJSUzI1NiIsImtpZCI6IlEybWJHVmFfQkR5a0lfOElFaHM2NWJNbnR6dGhDYm56c3hqa3dzTjZQMkUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWtmMnJkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjNzRkNjE5YS01ZTg2LTQzZDYtYmJhOS0xNzY1ZmQ0NzBiMjgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.kaziX37i4d9Y55WHCQcX8HfW2KAaNMD-sP1gIzt7fginzKYqxXuIpXBKPFcl1eZLzx1mF5Qtm6HSW4u4VWlCCfSvDqF2r5ibrJr_jUyPP2G6O5NbxwBmWHFeh4hsUVjvhe-ajNa1mCQ6FsBdsp1IVxflYfZB1qgR9SBzBIASsxJ4QNof_-ZlTE0ER7LTRAYbIdSEN2zpJ85a9YT2_Rj5OEg2EDz1AmvOQWlGj8LlILGTnyPNdg7mWZNDv3ndPOsrbVSBxzou8JKModJqMFC-xN-L5t3a2VNZh0b-2wwwG2D7bXpOpqHU_jbNwlE1ofMdduCQD7wBPZo6PQkWOFPqVA