环境:
操作系统:centos 7 x86_64 minal
节点规划:
k8s-master 192.168.47.128
k8s-node-1 192.168.47.129
k8s-node-2 192.168.47.130
基础配置:
1.关闭selinux和防火墙
vim /etc/selinux/config
SELINUX=disabled
systemctl stop firewalld
systemctl disable firewalld
2.关闭swap
swapoff -a #临时关闭
vim /etc/fstab #永久关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab
3.配置ip hostname映射关系
vim /etc/hosts
192.168.47.128 k8s-master
192.168.47.129 k8s-node-1
192.168.47.130 k8s-node-2
4.配置转发参数(将桥接的IPV4流量传递到iptables 的链)
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
5.添加docker-ce源(阿里云)并安装docker-ce
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum makecache fast
yum install docker-ce -y / yum -y install docker-ce-18.06.1.ce-3.el7
systemctl start|enable docker
docker --version
6.添加k8s的yum源(阿里云)
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum makecache fast
7.安装k8s组件
yum install -y kubelet-<version> kubectl-<version> kubeadm-<version> #安装指定版本
eg: yum install -y kubelet-1.13.3 kubectl-1.13.3 kubeadm-1.13.3 kubernetes-cni-1.13.3
#安装最新版
yum install -y kubelet kubeadm kubectl
使用 yum install xxx.rpm --nogpgcheck 命令格式跳过公钥检查
参考链接:https://www.cnblogs.com/caoxb/p/11243472.html
systemctl enable kubelet
8.验证
kubelet --version
#查看需要拉取的镜像
kubeadm config images list --kubernetes-version=v1.21.2
#镜像拉取的脚本pull_docker_images_k8s.sh
#!/bin/bash
KUBE_VERSION=v1.21.2
KUBE_PAUSE_VERSION=3.4.1
ETCD_VERSION=3.4.13-0
DNS_VERSION=1.8.0
username=registry.cn-hangzhou.aliyuncs.com/google_containers
images=(kube-proxy-amd64:${KUBE_VERSION}
kube-scheduler-amd64:${KUBE_VERSION}
kube-controller-manager-amd64:${KUBE_VERSION}
kube-apiserver-amd64:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd-amd64:${ETCD_VERSION}
coredns:${DNS_VERSION}
)
for image in ${images[@]}
do
docker pull ${username}/${image}
docker tag ${username}/${image} k8s.gcr.io/${image}
#docker tag ${username}/${image} gcr.io/google_containers/${image}
docker rmi ${username}/${image}
done
##此处若有未能拉取到的镜像需要手动处理
##从节点上需要的组件:kube-proxy pause
9.k8s-master上操作
#初始化kubeadm
kubeadm init \
--apiserver-advertise-address=192.168.47.128 \
--kubernetes-version=v1.21.2 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#安装pod网络插件
eg: kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
#查看node状态
kubectl get nodes
kubectl get pods --all-namespaces
kubectl get pods -n kube-system
kubectl describe node
##清理重新安装
kubeadm reset
#查看token
kubeadmin token list
#重新生成
kubeadm token create
#获取ca证书sha256编码hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
10.node加入集群(node-1,node-2上操作)
kubeadm join 192.168.47.128:6443 \
--token=xfbgde.8hx355bgj2m85zcv \
--discovery-token-ca-cert-hash sha256:17abe6306e103856b54187a1469741eb691b11487650902e6545d784ab23960d
##docker报错
vim /etc/docker/daemon.json
{
"exec-opts":["native.cgroupdriver=systemd"]
}
或者
更改docker的启动参数
$ vim /usr/lib/systemd/system/docker.service
#ExecStart=/usr/bin/dockerd
ExecStart=/usr/bin/dockerd --exec-opt native.cgroupdriver=systemd
systemctl daemon-reload && systemctl restart docker
##删除node
---k8s-master上执行
kubectl drain k8s-node-1 --delete-local-data --force --ignore-daemonsets
kubectl delete node k8s-node-1
---node上执行
kubeadm reset
####node notready问题排查思路
--master上查看节点日志
kubectl describe node k8s-node-2
--master上查看pod
kubectl get pods --all-namespaces
--查看具存在问题的pod
kubectl --namespace=kube-system describe pod <pods_name>
根据具体的问题解决
--node上查看日志
journalctl -f -u kubelet
11.安装dashborad
#下载文件
curl -o kubernetes-dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml
修改配置:
Service:
type: NodePort
nodePort:30001
kubectl -n kube-system get service kubernetes-dashboard
https://192.168.47.128:30001
#token方式登录
##创建一个dashboard的管理用户
kubectl create serviceaccount dashboard-admin -n kube-system
##将创建的dashboard用户绑定为管理用户
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
##获取刚刚创建的用户对应的token名称
kubectl get secrets -n kube-system | grep dashboard
##查看token详细信息
kubectl describe secrets -n kube-system dashboard-admin-token-xx
使用查看的token登录,将查看的token复制在浏览器粘贴登录
---------------------------Kubeconfig方式登录(基于token)
#查看token
kubectl get secrets -n kube-system | grep dashboard
#toeken详细信息
kubectl describe secrets -n kube-system dashboard-admin-token-xx
#token信息保存为变量
DASH_TOKEN=$(kubectl get secrets -n kube-system dashboard-admin-token-xx -o jsonpath={.data.token} | base64 -d)
#将k8s集群信息保存为文件
kubectl config set-cluster kubernets --server=192.168.47.128:6443 --kubeconfig=/root/.dashboard-admin.conf
#将token信息也写入文件
kubectl config set-credentials dashboard-admin --token=${DASH_TOKEN} --kubeconfig=/root/.dashboard-admin.conf
#将用户信息也写入文件
kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=/root/.dashboard-admin.conf
#将上下文配置信息也写入文件
kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/root/.dashboard-admin.conf
#将文件保存到客户端本地
sz /root/.dashboard-admin.conf
12.测试应用
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
kubectl get pod,svc -o wide
http://192.168.47.128:31329
后续将记录到下一篇
K8S 笔记(成功实验)——筑梦之路
最新推荐文章于 2024-08-12 11:25:34 发布