1.前期工作
关闭swap
# 临时
swapoff -a
# 永久
swapoff -a && sysctl -w vm.swappiness=0 # 关闭swap
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab # 取消开机挂载swap
如果需要可以更改hostname 和hosts
本地服务器:
192.168.2.191 k8s-master
192.168.2.192 k8s-slave1
192.168.2.193 k8s-slave2
2.安装docker
# step 1: 安装必要的一些系统工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装 Docker-CE
sudo apt-get -y update
# Step 5: 查看支持安装的Docker版本
apt-cache madison docker-ce
# Step 6: 安装指定版本的docker-ce
sudo apt-get -y install docker-ce=5:19.03.13~3-0~ubuntu-bionic
更改docker 的cgroup
#修改daemon.json
vi /etc/docker/daemon.json
#添加如下属性
"exec-opts": [
"native.cgroupdriver=systemd"
]
重启docker
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
3.安装k8s
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
4.初始化master
允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
kubeadm init --kubernetes-version=v1.22.2 --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=192.168.31.150/24
保存好返回给你的kubeadm join命令
初始化完成,将需要执行的命令执行一下
接下来配置flannel网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
5. node节点加入集群
直接在Node节点上执行刚才保存的kubeadm join命令即可:
kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>
查看discovery-token-ca-cert
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'`
查看token
kubeadm token list`
生成token
kubeadm token create`
重置
kubeadm reset
rm -rf /etc/kubernetes/
rm -rf $HOME/.kube/config
rm -rf /etc/cni/net.d
移除
sudo kubeadm reset -f
sudo rm -rvf $HOME/.kube
sudo rm -rvf ~/.kube/
sudo rm -rvf /etc/kubernetes/
sudo rm -rvf /etc/systemd/system/kubelet.service.d
sudo rm -rvf /etc/systemd/system/kubelet.service
sudo rm -rvf /usr/bin/kube*
sudo rm -rvf /etc/cni
sudo rm -rvf /opt/cni
sudo rm -rvf /var/lib/etcd
sudo rm -rvf /var/etcd
sudo apt-get remove kube*
6.Kubernetes Dashboard
官方参考文档:
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
github项目地址:
https://github.com/kubernetes/dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
查看
kubectl -n kubernetes-dashboard get pods
kubectl -n kubernetes-dashboard get svc
访问
使用nodeport方式将dashboard服务暴露在集群外,指定使用30443端口,可自定义:
kubectl patch svc kubernetes-dashboard -n kubernetes-dashboard -p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30443}]}}'
查看暴露的service,已修改为nodeport类型:
kubectl -n kubernetes-dashboard get svc
浏览器访问dashboard:
https://<node_ip>:30443
Dashboard 支持 Kubeconfig 和 Token 两种认证方式,我们这里选择Token认证方式登录。
官方参考文档:https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
查看token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')