Linux CentOS7安装k8s+Dashboard(安装master和node节点)

1. 安装Docker和依赖

docker安装好之后,exec-opts是修改文件驱动
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://bzm5i30c.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

配置Kubernetes源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum clean all && yum makecache

2. 安装k8s

yum -y install kubelet kubeadm kubectl

Kubelet	 --是负责与其他节点集群通信,并进行本节点Pod和容器生命周期的管理。
Kubeadm  --是Kubernetes的自动化部署工具,降低了部署难度,提高效率。
Kubectl	 --是Kubernetes集群管理工具

3. 镜像下载

列出所需版本
kubeadm config images list

4. 修改kubelet的cgroup-driver

vim /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf	(加上这个:--cgroup-driver=systemd )

在这里插入图片描述

5. 启动

启动+开机自启docker+开机自启kubelet
systemctl daemon-reload && systemctl enable docker.service && systemctl start docker
systemctl daemon-reload && systemctl enable kubelet && systemctl start kubelet
(如没启动,他会不断重启,要kubeadm init之后才真正启动)

6. master集群初始化

【master】进行Kubernetes集群初始化
kubeadm init \
--kubernetes-version=1.20.4 \
--apiserver-advertise-address=192.168.100.231 \
--image-repository=registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16

说明
–kubernetes-version: 用于指定k8s版本(kubeadm config images list查看的)
–apiserver-advertise-address:用于指定kube-apiserver监听的ip地址,就是master本机IP地址
–pod-network-cidr:用于指定Pod的网络范围:10.244.0.0/16
–service-cidr:用于指定SVC的网络范围
–image-repository: 指定阿里云镜像仓库地址

7. 配置kubectl工具

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

8. 部署flannel网络,要翻q才能下载…

cd ~
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml -O kube-flannel.yml --no-check-certificate
kubectl apply -f kube-flannel.yml

9. 伪集群状态检测,查看节点nodes(要多等一会)

kubectl get nodes

10. 创建Pod以验证集群是否正常

#会去初始化指定的镜像仓库拉取nginx镜像
kubectl create deployment nginx --image=nginx

#声明内部通信端口为80,外部以节点IP加端口访问
kubectl expose deployment nginx --port=80 --type=NodePort

kubectl get pods,svc -o wide

11. 删除测试的pod

kubectl delete pod nginx
kubectl delete svc nginx

13. 部署Dashboard(仪表盘)

部署方式之一:下载这个recommended.yaml文件(注意版本号)

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

vim recommended.yaml 需要修改的内容如下

---
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000   #设置端口
  type: NodePort       #添加
  selector:
    k8s-app: kubernetes-dashboard
    
---
#自动生成的证书很多浏览器无法使用,注释掉kubernetes-dashboard-certs对象声明,我们自己创建证书,注释掉这些
#apiVersion: v1
#kind: Secret
#metadata:
#  labels:
#    k8s-app: kubernetes-dashboard
#  name: kubernetes-dashboard-certs
#  namespace: kubernetes-dashboard
#type: Opaque
---

创建证书

1. 创建命名空间
kubectl create namespace kubernetes-dashboard

2. 创建证书
mkdir dashboard-certs
cd dashboard-certs/
openssl genrsa -out dashboard.key 2048
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt

3. 使用证书创建kubernetes-dashboard-certs对象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

4. 安装dashboard(可忽略错误信息)
docker pull kubernetesui/dashboard:v2.2.0
docker pull kubernetesui/metrics-scraper:v1.0.6
kubectl apply -f ~/recommended.yaml

5. 查看安装结果
kubectl get pods -A  -o wide
显示Running才安装成功:
	kubernetes-dashboard   dashboard-metrics-scraper-79c5968bdc-krg62   1/1     Running             0          5s    10.244.0.4        test01.cn   <none>           <none>
	kubernetes-dashboard   kubernetes-dashboard-9f9799597-xbqqm         0/1     ContainerCreating   0          5s    <none>            test01.cn   <none>           <none>

创建dashboard管理员
vim ~/dashboard-admin.yaml 内容如下

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namespace: kubernetes-dashboard


为用户分配权限:vim ~/dashboard-admin-bind-cluster-role.yaml 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-bind-cluster-role
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard

保存退出执行如下命令创建管理员和分配权限

kubectl create -f ~/dashboard-admin.yaml
kubectl create -f ~/dashboard-admin-bind-cluster-role.yaml

查看并复制Token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')

访问,用刚刚的token登录

https://192.168.100.231:30000

14. 另一台linux当做Node节点

【master】
1. 查看flannel镜像版本
docker images

2. 打包当前镜像
docker save quay.io/coreos/flannel:v0.13.1-rc2 > flannel.tar

3. 拷贝到node节点
scp flannel.tar k8s-node1:./flannel.tar
scp flannel.tar k8s-node2:./flannel.tar

【Node节点】
导入flannel镜像
docker load -i flannel.tar

【master节点查看token和哈希】
查看token:kubeadm token list
计算sha值:openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1

【node】加入集群:192.168.100.231是master的ip,【node-name k8s-node1】是节点的名称
kubeadm reset
kubeadm join 192.168.100.231:6443 --token jjsa9l.xe8c1ro0ddzuxdvm --discovery-token-ca-cert-hash sha256:7ec3cf910ac1b27a2825373662d7750ce723e638803813cf8af2d718d01c156d --node-name k8s-node1

其他命令

master删除node节点
kubectl delete node k8s-nodexxxxxxxxx
删除pod
kubectl delete pod kubernetes-dashboard-59f548c4c7-6b9nj -n kube-system --force --grace-period=0

添加host
vim /etc/hosts
192.168.100.231          k8s-master
192.168.100.232          k8s-node1
192.168.100.233          k8s-node2
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值