#### kubeadm 安装
master : 10.3.140.40
node1: 10.3.140.41
node2: 10.3.140.42
docker是运行容器的引擎,kubelet是运行pod化的容器的核心组件
--------------------------------master 、 node-----------------------------
# 关闭防火墙:
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux:
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
# 关闭swap:
$ swapoff -a $ 临时
$ vim /etc/fstab $ 永久
# 添加主机名与IP对应关系(记得设置主机名):
$ cat /etc/hosts
10.3.140.42 vm42
10.3.140.41 vm41
10.3.140.40 vm40
# 更改主机名
hostnamectl set-hostname vm40
# 将桥接的IPv4流量传递到iptables的链:
$ cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system
# 安装Docker
$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
$ yum -y install docker-ce-20.10.7-3.el7
$ systemctl enable docker && systemctl start docker
$ docker --version
Docker version 20.10.7, build f0df350
# 镜像加速
vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://02nggfw2.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
]
}
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
# 添加阿里云YUM软件源
$ cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装kubeadm,kubelet和kubectl
$ yum install -y kubelet-1.16.0 kubeadm-1.16.0 kubectl-1.16.0
$ systemctl enable kubelet
---------------------------------- master -----------------------------
部署Kubernetes Master
$ kubeadm init \
--apiserver-advertise-address=10.3.140.40 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.16.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
kubeadm join 10.3.140.40:6443 --token avzyzm.khml97r95trx8cqp \
--discovery-token-ca-cert-hash sha256:79043177389b201c4429aa8391a0ce5f4b6727e5200339f77d99926d14c50fe2
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# kubectl get pods -n kube-system
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml [1.16]
# 确保能够访问到quay.io这个registery。 master执行
kubectl get pods -n kube-system
------------------------------------ node 1.2-----------------------------
kubeadm join 10.3.140.40:6443 --token avzyzm.khml97r95trx8cqp \
--discovery-token-ca-cert-hash sha256:79043177389b201c4429aa8391a0ce5f4b6727e5200339f77d99926d14c50fe2
kubectl get po -n kube-system -o wide ----查看pods所在的运行节点
kubectl get nodes(no) ----查看节点信息
----------------------------- 测试kubernetes集群
$ kubectl create deployment nginx --image=nginx
$ kubectl expose deployment nginx --port=80 --type=NodePort
$ kubectl get pod,svc
$ kubectl get pod,svc -o wide
访问地址:http://节点IP:80
================================= kuboard 界面===============================
kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml
kubectl apply -f https://addons.kuboard.cn/metrics-server/0.3.7/metrics-server.yaml
-----
[如果metric安装后报如下错误]
Error from server (ServiceUnavailable): the server is currently unable to handle the request (get pods.metrics.k8s.io)
则执行下列命令解决
kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
--------
查看运行状态
kubectl get pods -l k8s.kuboard.cn/name=kuboard -n kube-system
输出结果如下所示:
NAME READY STATUS RESTARTS AGE
kuboard-54c9c4f6cb-6lf88 1/1 Running 0 45s
------------------------------------------------------------------------
获取访问token
拥有的权限
此Token拥有 ClusterAdmin 的权限,可以执行所有操作
echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
访问Kuboard
http://任意一个Worker节点的IP地址:32567/
输入前一步骤中获得的 token,可进入 Kuboard 集群概览页
-----------------------------------------------------------------
----------------------------------------------------------------
只读用户token
拥有的权限
view 可查看名称空间的内容
system:node 可查看节点信息
system:persistent-volume-provisioner 可查看存储类和存储卷声明的信息
适用场景
只读用户不能对集群的配置执行修改操作,非常适用于将开发环境中的 Kuboard 只读权限分发给开发者,以便开发者可以便捷地诊断问题
执行命令
执行如下命令可以获得 只读用户 的 Token
echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-viewer | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
http://任意一个Worker节点的IP地址:32567/
===========================下载失败
kubectl get pods -A -o wide #查看节点情况
kubectl describe po 下载失败名 -n kube-system #查看信息
docker pull 镜像 #手动下载镜像
kubectl delete po 下载失败名 -n kube-system #删除原镜像
```
####
kubeadm方式部署Kubernetes
最新推荐文章于 2022-11-24 14:06:11 发布