利用kubeadm安装kubernetes1.21.2单节点集群

最新推荐文章于 2022-10-20 17:04:31 发布
最新推荐文章于 2022-10-20 17:04:31 发布
阅读量875 收藏 1
点赞数
文章标签: linux 容器
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_45103583/article/details/118538957
版权

利用kubeadm安装kubernetes集群

环境:

1、关闭防火墙,

2、配置好/etc/hosts

k8s-master:192.168.248.128

k8s-node01: 192.168.248.129

k8s-node02:192.168.248.130

3、时间同步;yum -y install ntpdate &&ntpdate ntp1.aliyun.com

安装步骤:

1、etcd cluster ,仅master节点;

2、flannel,集群的所以节点;

3、配置k8s的master;仅master节点:

kubernetes-master

        启动的服务:

        kube-apiserver,kube-scheduler,kube-controller-manager

4、配置k8s的node节点:

kubernetes-node

        先启动docker服务;

       启动k8s的服务:kube-proxy,kubelet

使用kubeadm之前需要如下操作

  1、master,nodes:安装docker,kubelet,kubeadm

  2、master:kubeadm init

  3、nodes:kubeadm join

没有特殊说明的以下操作所有节点均执行:

安装docker

#卸载旧版本
yum remove docker  \
dockerclinet  \
docker-client-latest  \
docker-common  \
docker-latest  \
docker-latest-logrotate  \
docker-logrotate  \   
docker-engine

配置docker.repo源,使用阿里云源

yum-config-manager --add-repo  http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

刷新yum源

yum makecache fast

安装docker依赖包

yum -y install yum-utils device-mapper-persistent-data lvm2  gcc  gcc-c++

安装docker软件

yum -y install docker-ce docker-ce-cli containerd.io

启动docker,设置开机自启

systemctl start docker 
systemctl enable docker

docker镜像国内加速:

阿里云镜像加速地址:https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors

sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://mktue9qa.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#registry-mirrors 阿里云加速镜像源。
#exec-opts:此行为扩加项,docker文件驱动默认为cgroup,需要修改为systemd,因为kubelet使用的是systemd,两者需要保持一致。
sudo systemctl daemon-reload       #重新加载daemon
sudo systemctl restart docker      #重新启动docker

关闭swap分区:

k8s用不到swap分区,安装时也会提示错误

swapoff  -a  #临时关闭
#永久关闭
vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Tue Jun 15 09:22:39 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=b95b6fb4-4ec8-4f74-8f24-384c53303a2f /boot                   xfs     defaults        0 0
#/dev/mapper/centos-swap swap                    swap    defaults        0 0         #注释掉此行

内核参数修改

br_netfilter 模块用于将桥接流量转发至iptables链,br_netfilter内核参数需要开启转发。

[root@k8s-master ~]#yum -y install ipvsamd
[root@k8s-master ~]# modprobe br_netfilter       #加载模块
[root@k8s-master ~]# lsmod |grep br_netfilter    #查看是否加载
br_netfilter           22209  0 
bridge                136173  1 br_netfilter
[root@k8s-master ~]#echo "modprobe br_netfilter" >> /etc/profile      #加入到开启加载

添加网络配置文件

k8s.conf,或者追加到/etc/sysctl.conf中

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
#加载生效
sysctl -p /etc/sysctl.d/k8s.conf

制作kubadm.repo源:使用阿里云源

vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc

将阿里云里的验证gpg包下载下来

[root@k8s-master ~]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@k8s-master ~]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
#导入下载下来的gpg包:
[root@k8s-master ~]# rpm --import rpm-package-key.gpg 
[root@k8s-master ~]# rpm --import yum-key.gpg

验证配置的repo源是否生效,加载到包

[root@k8s-master docker]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
repo id                       repo name                                            status
base/7/x86_64                 CentOS-7 - Base - mirrors.aliyun.com                 10,072
docker-ce-stable/7/x86_64     Docker CE Stable - x86_64                               117
extras/7/x86_64               CentOS-7 - Extras - mirrors.aliyun.com                  498
kubernetes                    Kubernetes Repo                                         678
updates/7/x86_64              CentOS-7 - Updates - mirrors.aliyun.com               2,458
repolist: 13,823

安装kubeadm软件

[root@k8s-master docker]# yum -y install kubelet kubeadm kubectl

设置kubelet开机自启

kubelet现在无法启动没有服务(加入自启动就可)

[root@k8s-master ~]# systemctl enable kubelet
[root@k8s-master ~]# systemctl start kubelet

#kubelet : 运行在集群所有的节点上,用于启动Pod和容器等对象的工具。
#kubeadm: 用于初始化集群,启动集群的命令工具。
#kubectl: 用于和集群通信的命令行,通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件。

配置安装kubernetes代理地址

(选作,可以在初始化时指定镜像,建议指定镜像,不改动)

(安装好以后改回,依旧使用阿里云的镜像源)

修改过以后重新启动docker服务

vim /usr/lib/systemd/system/docker.service

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
Environment="HTTPS_PROXY=http://www.ik8s.io:10080"     #添加的代理镜像地址
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target

设置kubelet参数

–swap空间已经关闭可以忽略此步骤。

vim /etc/sysconfig/kubelet 
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
#如果没有关闭swap空间,在初始化集群是会包swap错误,可以修改此配置文件,并且在安装是添加忽略swap空间的参数。

拉取搭建的额外的两个镜像插件。一个网络,一个监控
docker pull quay.io/coreos/flannel:v0.14.0 #配置网络用到的插件,后面需要用到网络配置,重要操作
docker pull registry.cn-hangzhou.aliyuncs.com/kubeapps/k8s-gcr-kubernetes-dashboard-amd64:v1.8.3 #dashboard暂时用不到可以先跳过。

使用kubeadm初始化kubernetes集群

在开始初始化之前可以将需要用到的镜像提前导入加快部署。

导入时注意镜像标签要和下面初始的时候所需的标签一致,否则会继续拉取新的镜像(部分镜像需要翻墙)

#初始化
kubeadm init --kubernetes-version=1.21.2 \
--apiserver-advertise-address=192.168.248.128 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
#--image-repository       设置阿里云镜像加速。kubeadm默认从k8ss.grc.io拉取镜像需要翻墙,拉取可能失败
#--apiserver-advertise-address    指定master节点ip
#--service-cidr                   server运行的网络,默认地址10.96.0.0/12
#--pod-network-cidr               指定pod运行的ip,falnnel默认地址10.244.0.0/16
[root@k8s-master ~]# kubeadm init --kubernetes-version=1.21.2 \
> --apiserver-advertise-address=192.168.248.128 \
> --image-repository registry.aliyuncs.com/google_containers \
> --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.21.2
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.248.12
8][certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.248.128 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.248.128 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 42.005766 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.21" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s-master as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/ex
clude-from-external-load-balancers][mark-control-plane] Marking the node k8s-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 7lz2zr.tuvtc9sv8rrjna54
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.248.128:6443 --token 7lz2zr.tuvtc9sv8rrjna54 \
	--discovery-token-ca-cert-hash sha256:d63e9c11783ebf919b6e6e9f36d8bd927cc44279815ffcd4890e34f079d7fadc
#按照提示创建下面目录和文件
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
################################################################################################
kubeadm join 192.168.248.128:6443 --token 7lz2zr.tuvtc9sv8rrjna54 \
	--discovery-token-ca-cert-hash sha256:d63e9c11783ebf919b6e6e9f36d8bd927cc44279815ffcd4890e34f079d7fadc  #后期加入node节点用的token和hash值记得保留。
################################################################################################
#查看启动的所有容器id。
[root@k8s-master ~]# docker ps -qa
8a85962e7f0a
cbd90dfb587d
4cf3470fda6c
3cead2502816
d90eac928b7a
44574d80769b
f2b8820035e3
a9804dc37853
d6f997bda702
626e0b7ccd2a
#一共运行10个容器

下载配置网络插件falnnel

方式1:yum -y install git && git clone https://github.com/blackmed/kubernetes-kubeadm.git
下载过以后会克隆一个文件到本地,进到文件里修改kube-flannel.yml里的关于images的版本号,与前面使用的flannel镜像版本保持一致。
方式2:直接去githup官网下载。
官网地址:https://github.com/flannel-io/flannel
找到下图中的地址下载下来,(此处需要翻墙)
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

此操作在主节点执行

#安装falnnel插件
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml 
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created

将node节点加入到集群(所有node节点都执行加入)

[root@k8s-node01 ~]# kubeadm join 192.168.248.128:6443 --token 6drffj.rkw2gb19rv2pxs8p \
--discovery-token-ca-cert-hash sha256:70f6b916ff7cbb8a5c3854af09826322ac8bcd4b64330e6b6533f0194d265e21
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
[root@k8s-node01 ~]# 
[root@k8s-node02 ~]#  kubeadm join 192.168.248.128:6443 --token 6drffj.rkw2gb19rv2pxs8p --discovery-token-ca-cert-hash sha256:70f6b916ff7cbb8a5c3854af09826322ac8bcd4b64330e6b6533f0194d265e21
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
[root@k8s-node02 ~]#

查看加入的node的状态

kubectl命令只可以在主节点运行

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS   ROLES                  AGE    VERSION
k8s-master   Ready    control-plane,master   103m   v1.21.2
k8s-node01   Ready    <none>                 9m     v1.21.2
k8s-node02   Ready    <none>                 97s    v1.21.2

查看cs状态

[root@k8s-master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                STATUS                      MESSAGE          ERROR
scheduler           Unhealthy                   Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection                             refused   
controller-manager  Unhealthy                   Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection                             refused   
etcd-0              Healthy                     {"health":"true"}   
scheduler、controller-manager状态是Unhealthy的,出现这种情况,是/etc/kubernetes/manifests/下的kube-controller-manager.yaml和kube-scheduler.yaml设置的默认端口是0导致的,解决方式是注释掉对应的port即可,操作如下:
kube-controller-manager.yaml文件修改:注释掉27行,#- --port=0
kube-scheduler.yaml配置修改:注释掉19行,#- --port=0
然后在master节点上重启kubelet,systemctl restart kubelet.service,然后重新查看就正常了
[root@k8s-master manifests]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE             ERROR
scheduler            Healthy   ok                  
controller-manager   Healthy   ok                  
etcd-0               Healthy   {"health":"true"} 
#参考解决链接:https://www.cnblogs.com/Crazy-Liu/p/14653849.html    感谢此博主

查看默认域的状态

[root@k8s-master ~]# kubectl get pods -A           #也可以写kubectl get pods -n kube-system
NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   coredns-59d64cd4d4-5mqq5             1/1     Running   0          12m
kube-system   coredns-59d64cd4d4-jzsgv             1/1     Running   0          12m
kube-system   etcd-k8s-master                      1/1     Running   0          12m
kube-system   kube-apiserver-k8s-master            1/1     Running   0          12m
kube-system   kube-controller-manager-k8s-master   1/1     Running   0          4m54s
kube-system   kube-flannel-ds-9r7gq                1/1     Running   0          8m17s
kube-system   kube-flannel-ds-dlrfn                1/1     Running   1          6m53s
kube-system   kube-flannel-ds-tdjvv                1/1     Running   1          7m5s
kube-system   kube-proxy-mcqn9                     1/1     Running   0          12m
kube-system   kube-proxy-nplcd                     1/1     Running   0          6m53s
kube-system   kube-proxy-vpknp                     1/1     Running   0          7m5s
kube-system   kube-scheduler-k8s-master            1/1     Running   0          4m34s

kube-proxy开启ipvs(主节点执行)

[root@k8s-master ~]#kubectl get configmap kube-proxy -n  kube-system  -o yaml  > kube-proxy-configmapyaml
[root@k8s-master ~]#sed -i 's/mode: ""/mode: "ipvs"/' kube-proxy-configmapyaml
[root@k8s-master ~]#kubectl apply -f kube-proxy-configmap.yaml
[root@k8s-master ~]#rm -f kube-proxy-configmap.yaml
[root@k8s-master ~]# kubectl get pod -n kube-system |grep kube-proxy |awk '{system ("kubectl delete pod"$1" -n kube-system")}'        #貌似删除以后直接运行新的pod,后续研究。

安装Dashboard(dashboard主节点操作)

[root@k8s-master ~]# docker pull registry.aliyuncs.com/google_containers/dashboard:v2.3.0
[root@k8s-master ~]# docker pull  registry.aliyuncs.com/google_containers/metrics-scraper:v1.0.6
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.0/aio/deploy/recommended.yaml
#下载好的镜像注意修改tag,需要与recommended.yaml文件中的使用的images保持一致。
[root@k8s-master ~]# docker tag registry.aliyuncs.com/google_containers/dashboard:v2.3.0 kubernetesui/dashboard:v2.3.0
[root@k8s-master ~]# docker tag registry.aliyuncs.com/google_containers/metrics-scraper:v1.0.6  kubernetesui/metrics-scraper:v1.0.6

下载的recommend.yaml文件默认没有pod节点,需要修改

 [root@k8s-master ~]# vim recommended.yaml 
 30 ---
 31 
 32 kind: Service
 33 apiVersion: v1
 34 metadata:
 35   labels:
 36     k8s-app: kubernetes-dashboard
 37   name: kubernetes-dashboard
 38   namespace: kubernetes-dashboard
 39 spec:
 40   ports:
 41     - port: 443
 42       targetPort: 8443
 43       nodePort: 30000   #新增nodePort,访问dashboard仪表盘的端口
 44   type: NodePort        #新增
:set nu

创建证书

[root@k8s-master]# mkdir dashboard-certs
[root@k8s-master]# cd dashboard-certs
#创建命名空间
[root@k8s-master dashboard-certs]# kubectl create namespace kubernetes-dashboard
#创建私钥key文件
[root@k8s-master dashboard-certs]# openssl genrsa -out dashboard.key 2048
#证书请求
[root@k8s-master dashboard-certs]# openssl req -days 36500 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
#自签证书
[root@k8s-master dashboard-certs]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#创建kubernetes-dashboard-certs对象
[root@k8s-master dashboard-certs]# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

添加dashboard管理员用户凭证:

#创建账户
[root@k8s-master ~]# vim dashboard-admin.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namespace: kubernetes-dashboard
  
 #安装
[root@k8s-master ~]# kubectl apply -f dashboard-admin.yaml
#为用户分配权限
[root@k8s-master ~]# vim dashboard-admin-bind-cluster-role.yaml
---
apiVersion: rbac.authorization.k8s.io/v1     #注意下面的警告
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-bind-cluster-role
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard
  
#安装
[root@k8s-master ~]# kubectl apply -f dashboard-admin-bind-cluster-role.yaml
#警告:v1.17+中不推荐使用rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding,v1.22+中不可用;使用rbac.authorization.k8s.io/v1 ClusterRoleBinding

配置dashboard

#安装
[root@k8s-master ~]# kubectl apply -f recommended.yaml 
[root@k8s-master ~]# kubectl get pod -A|grep 'dashboard'          #查看启动的dashboard服务
NAMESPACE                              NAME                        READY  STATUS   RESTARTS  AGE
kubernetes-dashboard   dashboard-metrics-scraper-856586f554-mljjf    1/1  Running     0      87s
kubernetes-dashboard   kubernetes-dashboard-5579987b5f-j6vfd         1/1  Running     0      87s
#获取登陆dashboard的登陆令牌
[root@k8s-master ~]# kubectl describe secrets -n 命名空间   用户名
[root@k8s-master ~]# kubectl describe secrets -n kubernetes-dashboard dashboard-admin  #获取登陆dashboard的登陆令牌
Name:         dashboard-admin-token-9wvhh
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: ecf9cf55-0415-444d-90fe-704246b18907

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImxLN2NydDEwTVFLb29UZ2pqTE9XTXNfcmtzV1YtbkZ1aktlV3Y3ZEZpZWcifQ.eyJpc3MiOiJrdWJ
lcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOXd2aGgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZWNmOWNmNTUtMDQxNS00NDRkLTkwZmUtNzA0MjQ2YjE4OTA3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.hkNjZEvVhDQZZRed-RZGS9uOJQro1Vpe7-pbx_SyJuJbTr3RJq7X0981B_m4VUBhZs0Y648dloy52oXLp1GFSo2cW_FY9SpJ8cTcUbr5B_zrwSuDQSrUzB5FHCowuzXX_ltk0XuJAd_76xjwO36Y0skQlmOvpbSRJZwXmC3nlbHnl69n0j5K5oDyWqAQ0yrQ6w935WW-aKqnT9H180A3zApAtpulgd1tM-M0b9oG6YfdMQtHzWMJWYyPPsWl00nZZzIzZ3RUDNL6LO43n1rrDHqvhk7806y1rkiwtWMTSkev6D0uxIzZtJKpovSQ2ob5Z8NDtHbypv0YIea67VTfNw
#token是登陆dashboard的tohken。
登陆时复制token时候需要从"token:"后开始复制,防止踩坑!!!,一定要注意复制token:   eyJhb....之间的空格。
登陆dashboard:https://ip:port   
              https://192.168.248.128:30000
#登陆以后如果提示为匿名用户无法查看资源可以使用下面的方式临时解决,生产环境禁用
[root@k8s-master ~]# kubectl create clusterrolebinding  test:anonymous  --clusterrole=cluster-admin --user=system:anonymous

清理和后续步骤(不需要时可以删除)

删除管理员ServiceAccount和ClusterRoleBinding.

[root@k8s-master ~]# kubectl -n 命名空间 delete serviceaccount 用户名 
[root@k8s-master ~]# kubectl -n 命名空间 delete clusterrolebinding 用户名
[root@k8s-master ~]# kubectl -n kubernetes-dashboard delete serviceaccount dashboard-admin 
[root@k8s-master ~]# kubectl -n kubernetes-dashboard delete clusterrolebinding dashboard-admin
weixin_45103583
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
jczjbbs.com app.html,app.zhiboo168.com
weixin_28235889的博客
06-23 3万+
监测点ISP省份解析IP解析IP所在地Http状态总时间解析时间连接时间下载时间下载大小文件大小下载速度Http Head操作共184个点9个共40个共5个独立IP共3个独立节点有非200状态1.267s0.24s0.573s0.156s文件不一致文件不一致10.215MB/s国外菲律宾*连接失败*0.069s*****联通福建泛播Cloudflare20010.002s0.02s0.24s8.9...
使用 Kubeadm 搭建节点集群(已上云)(含 harbor)
Xucf1
06-07 653
文章目录前言集群部署①环境准备(VMware)②内核优化(可选项)③一键脚本④检查⑤master(初始化)⑥flannel(master)⑦node 节点加入群集⑧测试 pod 资源创建harbor 前言 分享人:徐成飞 前几天在公司使用Kubeadm布了一套节点K8S集群,先是在VMware上测试整理出了一键脚本,然后上华为云服务器直接刷也没问题。现归纳总结如下,给小伙伴们分享一下: 集群部署 ①环境准备(VMware) VMware® Workstation 16 Pro:16.1.2 bui
kubernetes Helm-dashboard搭建
北海牧野
07-01 1399
kubernetes  dashboardHelm 安装部署 dashboard一、下载 dashborad - helm 到本地二、node节点下载 阿里云的 dashboard 镜像三、自定义 dashboard.yaml 文件替代 values.yaml四、执行 dashboard - Helm五、访问 web-UIdashboard 权限不够一、创建 ServiceAccount(SA)二、将 SA(dashboard-admin)绑定给 dashboard-cluster-admin用户
http://mail.163.com/help/help_spam_16.htm?ip=118.186.207.7&hostid=smtp5&time=1358341921
热门推荐
云计算?
01-16 66万+
0INRMumLsiQwT0xVgvYVmNCBWS7mV8LzSeLOZGHzflL3ziBSx+iej3G1syAeYvPZxqagQ0P7mgdX /qgnEWWuIcv4cTR6ZI5QNmqULAGtRkCtCNsphAD7cLBiV7UpV7yvURpKw6H8jHyDDZc8zP5P8QF9 abbRoeoTcPcDs/Ij0+JSX9fkdkqCvmUFYzy/GBb+hMWJ...
kubeadm部署一套完整的kubernetes1.18.x节点集群
一切有为法,如梦亦如幻,如露亦如电,应作如是观。
02-24 1461
集群必须安装网络插件以实现Pod间通信,在Master节点上操作calico.yml文件,其他Node节点会自动创建相关Pod;放在后边初始化master节点时将执行网络创建,这里暂时跳过。以下基础属性需要在kubernetes的master和node节点器上进行配置。登录worker节点机器,执行命令获取添加节点的证书数据。以下操作无论是master节点和worker节点均执行。以下操作无论是master节点和worker节点均执行。创建网络时,只需在master上操作一次即可。
kubeadm_v1.21.2镜像包
02-18
下载即用,不用修改tag
Kubernetes 1.14.2手动安装所需要的文件资源
11-24
在这个版本中,手动安装Kubernetes涉及多个组件,包括Docker、etcd和flannel,这些都是构建一个完整Kubernetes集群所必需的。 首先,Docker是容器化应用的基础,它提供了一个可移植的运行环境,使得应用可以在任何...
kubernetes-k8s v1.21.2版本镜像包
11-01
IT运维、k8s、kubernetes搭建(包含kube-apiserver-v1.21.2、kube-controller-manager-v1.21.2、kube-scheduler-v1.21.2、coredns、pause、etcd、calico。。。。)
Soloop 即录_1.21.2.rar
07-11
在文件列表中,"Soloop 即录_1.21.2.apk"是应用的安装包文件,这表明用户可以通过安装这个文件来获取最新版的Soloop 即录。APK是Android应用的通用格式,它包含了应用程序的所有组件,包括代码、资源和配置文件等。...
Docker Compose 在Linux上的安装方法
01-07
安装了Docker-ce 3. 下载最新版安装 下载Docker Compose二进制文件 sudo curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-...
kubernetes--k8s--web管理界面使用--dashboardv1.8.3版本安装详细步骤
直到世界的尽头
04-27 7044
安装dashboard监控界面 (仅主节点运行) dashboard官网参考 使用命令 kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml 输出如下: [root@k8s kubernetes...
kubernetes-dashboard部署
weixin_34175509的博客
05-31 457
背景      前面介绍了kubernetes集群部署,如果想更直观地管理和监控k8s集群状况,kubernets-dashboard是一个比较大众的方式。dashboard提供了一个UI界面,使我们可以在页面上查看kubernetes集群状态以及对集群进行相关的操作,大大便利了我们管理k8s集群。      这里就介绍一下dashboard的部署。部署      1:nodes节点上从阿里云的...
最完整的-Kubernetes集群安装步骤-文档
weixin_34067359的博客
02-10 1641
k8s文档 用于自动部署、扩展和管理容器化应用程序的开源系统 中文官网: https://kubernetes.io/zh/ 中文社区:https://www.kubernetes.org.cn/ 官方文档:https://kubernetes.io/zh/docs/home/ 社区文档:http://docs.kubernetes.org.cn/ k8s集群安装 1.kubeadm kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具 这个工具能通过两条指令完成一个kubernet
k8s.3-kubeadm部署Master节点kubernetes集群 1.21
飘然渡沧海的博客
10-20 750
Kubeadm是为创建Kubernetes集群提供最佳实践并能够“快速路径”构建kubernetes集群的工具。它能够帮助我们执行必要的操作,以获得最小可行的、安全的集群,并以用户友好的方式运行。
安装istio的Bookinfo,在kubeadm安装kubernetes节点集群
老专家的博客
09-18 580
安装集群看这个 使用kubeadm安装节点kubernetes集群,在vmware虚拟机centos7 下载istio curl -L https://git.io/getLatestIstio | sh - cd istio-1.0.2 把当前目录下bin,加入path , centos .bashrc export PATH="$PATH:/root/istio-1.0.2/bin"...
Kubernetes的2种部署方式:Minikube开发环境+Kubeadm节点集群环境
图特摩斯科技-博客
11-26 9497
本人环境:Ubuntu18.04      ---(CSDN格式显示有问题,如遇到第一个字显示不全,先下拉到文章中部,在拉回来就好了)    基于 Minikube 的部署方式( Kubernetes 的本地实验环境) 基于Web 的环境易于访问,但不是持久性的。如果您想继续在可以回归和改变的工作空间中探索Kubernetes ,Minikube是一个不错的选择,其安装方便快捷。 Mini...
kubeadm快速搭建k8s集群master节点
weixin_43757027的博客
04-12 2924
kubeadm快速搭建k8s集群master节点) 一、集群部署前规划 主机 操作系统 IP docker版本 k8s版本 k8s-master1 Centos7.9 192.168.15.139 20.10.12 1.23.4-0 k8s-node1 Centos7.9 192.168.8.135 20.10.12 1.23.4-0 k8s-node2 Centos7.9 192.168.8.136 20.10.12 1.23.4-0 二、主要步骤 节点准备工作(所有节点
(二)K8s学习笔记——使用Kubeadm搭建K8s集群master节点
mbytes的博客
05-24 395
文章目录一、准备工作1.准备服务器2.所有服务器初始化二、开始搭建K8s集群1.在所有机器上安装Docker、KubeadmKubelet、Kubectl1.1 安装Docker1.2 安装Kubelet、Kubeadmkubectl2. K8s master节点初始化3.向集群中添加node节点4.使用nginx测试k8s集群 一、准备工作 1.准备服务器 搭建K8s集群最好准备多台配置稍高点的机器,我这里使用谷歌云创建了三台2核4G的服务器用于实验,当然,也可以使用虚拟机进行试验。 服务器中所使用
使用kubeadm安装节点kubernetes集群,在vmware虚拟机centos7
老专家的博客
09-18 1659
关闭防火墙 systemctl stop firewalld &amp;amp;&amp;amp; sudo systemctl disable firewalld 安装docker-ce 17.06 yum remove docker \ docker-client \ docker-client-latest \ ...
numpy1.21.2库安装
最新发布
08-07
numpy是Python科学计算的基础库之一,用于处理大型多维...总结:安装numpy1.21.2库的步骤包括检查Python解释器是否已安装,使用pip工具安装指定版本的numpy库,验证安装是否成功,以及定期更新numpy库以使用最新版本。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值