目录
kubernetes 安装
修改网卡配置(所有节点)
-
配置master节点
-
配置静态IP
vi /etc/sysconfig/network-scripts/ifcfg-ens* # 修改BOOTPROTO="dhcp" 为BOOTPROTO="static" # 追加后保存 BROADCAST=10.168.1.255 #广播地址 IPADDR=10.168.1.99 # ip NETMASK=255.255.255.0 # 子网掩码 GATEWAY=10.168.1.1# 网关 DNS1=114.114.114.114 DNS2=8.8.8.8 # 重启网络服务 service network restart
-
slave01
BROADCAST=10.168.1.255 #广播地址 IPADDR=10.168.1.100 # ip NETMASK=255.255.255.0 # 子网掩码 GATEWAY=10.168.1.1# 网关 DNS1=114.114.114.114 DNS2=8.8.8.8
-
尝试网络是否能正常访问
ping www.baidu.com
基础环境配置(所有节点)
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
#各个机器设置自己的域名
hostnamectl set-hostname xxxx
# 将 SELinux 设置为 permissive 模式(相当于将其禁用)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
#关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
#允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
安装docker
-
配置镜像源
sudo yum install -y yum-utils sudo yum-config-manager \ --add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
-
安装docker
yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io-1.4.6
-
启动
systemctl enable docker --now
安装kubelet、kubeadm、kubectl(所有节点)
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
使用kubeadm引导集群(master)
-
下载需要的镜像(所有节点)
sudo tee ./images.sh <<-'EOF' #!/bin/bash images=( kube-apiserver:v1.20.9 kube-proxy:v1.20.9 kube-controller-manager:v1.20.9 kube-scheduler:v1.20.9 coredns:1.7.0 etcd:3.4.13-0 pause:3.2 ) for imageName in ${images[@]} ; do docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName done EOF
chmod +x ./images.sh && ./images.sh
-
初始化主节点(master)
#所有机器添加master域名映射,以下需要修改为自己的 echo "10.168.1.99 master" >> /etc/hosts echo "10.168.1.100 slave01" >> /etc/hosts #主节点初始化 10.96.0.0/16 表示可使用ip为 2^16个 10.96.*.* -> 10.96.*.* kubeadm init \ --apiserver-advertise-address=10.168.1.99 \ --control-plane-endpoint=master \ --image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \ --kubernetes-version v1.20.9 \ --service-cidr=10.96.0.0/16 \ --pod-network-cidr=172.16.0.0/16 #所有网络范围不重叠
-
主节点初始化完成输出 (根据输出文件执行命令)
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: # master执行 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf # 部署网络插件 You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of control-plane nodes by copying certificate authorities and service account keys on each node and then running the following as root: # 加入主节点 kubeadm join master:6443 --token u7s0u0.gxg45dv7xsacvuav \ --discovery-token-ca-cert-hash sha256:477e378d8bc58037442045eee5195996e94a4a7c65b307874e3ec722d7be39ec \ --control-plane Then you can join any number of worker nodes by running the following on each as root: # 加入工作节点 (24小时有效 刷新查看 第7点) kubeadm join master:6443 --token u7s0u0.gxg45dv7xsacvuav \ --discovery-token-ca-cert-hash sha256:477e378d8bc58037442045eee5195996e94a4a7c65b307874e3ec722d7be39ec
-
master执行(master)
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
-
安装网络插件(master)
curl https://docs.projectcalico.org/v3.20/manifests/calico.yaml -O #如果修改了--pod-network-cidr=172.16.0.0/16 则需要修改calico文件 默认为192.168.0.0/16 kubectl apply -f calico.yaml
-
查看网络插件是否安装成功
-
使用kubectl get pod -A 查看 running即为成功
-
-
添加工作节点
kubeadm join master:6443 --token u7s0u0.gxg45dv7xsacvuav \ --discovery-token-ca-cert-hash sha256:477e378d8bc58037442045eee5195996e94a4a7c65b307874e3ec722d7be39ec
-
查看当前节点(master为主节点 slave01为工作节点)
kubectl get nodes
-
创建新令牌(master)
kubeadm token create --print-join-command
使用官方可视化(dashboard)
-
部署
kubernetes官方提供的可视化界面 https://github.com/kubernetes/dashboard
-
设置访问端口
修改kubernetes-dashboard文件 将type: ClusterIP 改为 type: NodePort
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
-
kubectl get svc -A |grep kubernetes-dashboard
找到端口,在安全组放行
-
获取登录令牌
-
创建yml文件
#创建访问账号,准备一个yaml文件; vi dash.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
-
kubectl apply -f dash.yaml
-
获取访问令牌
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
eyJhbGciOiJSUzI1NiIsImtpZCI6Ijl4cG56YXNtY1Q5QkVGeXpmUHA4cjFDTnB5TVktS0oxNzhuSEZIdVpXcEkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXZsa3Q3Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmMTEwYTk5MC01MzJhLTQxMzgtYmU4My00NjRhZGUxODhmNTgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.lVqfZ14Wtdm68_ffk3s8Cg9u7L6q6dTz5OG36dnO651IS-NXoFhsoKnGaJyx1YzsILNXmL23IKIGn8O_j6p_IkA0dqPri7Gk4CA2lvQM5NcSY6mBEWx2VT7Gl2XktWq34KXmvHYOAp8qNpmhkzJ-bxFNmLIwDtD2LTeBmIFtRLkP7JjVhI7vrqpNaWCS_rdC2u4H-d4iTkn_wjCAWKC8EIelaq1GbgKbQdn7365OBSxFo4jycOx8YJ8BjvNvyk6hRDIhWGml4SWEf7NVKRLkqh9pUTMCG4odfdNDOFgqbgNkdDeVvSMp8-pvJHZVazK39L7hfXjjVKpvdq6r1tJa_A
-