使用kubectl部署kubernetes

kubernetes 安装

修改网卡配置（所有节点）

• 配置master节点

• 配置静态IP

  vi /etc/sysconfig/network-scripts/ifcfg-ens*
  # 修改BOOTPROTO="dhcp"  为BOOTPROTO="static"
  # 追加后保存
  BROADCAST=10.168.1.255 #广播地址
  IPADDR=10.168.1.99 # ip
  NETMASK=255.255.255.0 # 子网掩码
  GATEWAY=10.168.1.1# 网关
  DNS1=114.114.114.114
  DNS2=8.8.8.8
  # 重启网络服务
  service network restart
  

  

• slave01

  BROADCAST=10.168.1.255 #广播地址
  IPADDR=10.168.1.100 # ip
  NETMASK=255.255.255.0 # 子网掩码
  GATEWAY=10.168.1.1# 网关
  DNS1=114.114.114.114
  DNS2=8.8.8.8
  

• 尝试网络是否能正常访问

  ping www.baidu.com
  

基础环境配置（所有节点）

# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

#各个机器设置自己的域名
hostnamectl set-hostname xxxx

# 将 SELinux 设置为 permissive 模式（相当于将其禁用）
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

#关闭swap
swapoff -a  
sed -ri 's/.*swap.*/#&/' /etc/fstab

#允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

安装docker

1. 配置镜像源

   sudo yum install -y yum-utils
   sudo yum-config-manager \
   --add-repo \
   http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
   

2. 安装docker

   yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7  containerd.io-1.4.6
   

3. 启动

   systemctl enable docker --now
   

安装kubelet、kubeadm、kubectl（所有节点）

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
   http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF

sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes

sudo systemctl enable --now kubelet

使用kubeadm引导集群（master）

1. 下载需要的镜像(所有节点)

   sudo tee ./images.sh <<-'EOF'
   #!/bin/bash
   images=(
   kube-apiserver:v1.20.9
   kube-proxy:v1.20.9
   kube-controller-manager:v1.20.9
   kube-scheduler:v1.20.9
   coredns:1.7.0
   etcd:3.4.13-0
   pause:3.2
   )
   for imageName in ${images[@]} ; do
   docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
   done
   EOF
      
   

   chmod +x ./images.sh && ./images.sh
   

2. 初始化主节点（master）

   #所有机器添加master域名映射，以下需要修改为自己的
   echo "10.168.1.99  master" >> /etc/hosts
   echo "10.168.1.100  slave01" >> /etc/hosts
   
   
   
   #主节点初始化  10.96.0.0/16 表示可使用ip为 2^16个 10.96.*.* -> 10.96.*.*
   kubeadm init \
   --apiserver-advertise-address=10.168.1.99 \
   --control-plane-endpoint=master \
   --image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
   --kubernetes-version v1.20.9 \
   --service-cidr=10.96.0.0/16 \
   --pod-network-cidr=172.16.0.0/16
   
   #所有网络范围不重叠
   

3. 主节点初始化完成输出 (根据输出文件执行命令)

   
   Your Kubernetes control-plane has initialized successfully!
   
   To start using your cluster, you need to run the following as a regular user:
   # master执行
     mkdir -p $HOME/.kube
     sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
     sudo chown $(id -u):$(id -g) $HOME/.kube/config
   
   Alternatively, if you are the root user, you can run:
   
     export KUBECONFIG=/etc/kubernetes/admin.conf
   # 部署网络插件
   You should now deploy a pod network to the cluster.
   Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
     https://kubernetes.io/docs/concepts/cluster-administration/addons/
   
   You can now join any number of control-plane nodes by copying certificate authorities
   and service account keys on each node and then running the following as root:
   # 加入主节点
     kubeadm join master:6443 --token u7s0u0.gxg45dv7xsacvuav \
       --discovery-token-ca-cert-hash sha256:477e378d8bc58037442045eee5195996e94a4a7c65b307874e3ec722d7be39ec \
       --control-plane 
   
   Then you can join any number of worker nodes by running the following on each as root:
   # 加入工作节点 （24小时有效 刷新查看 第7点）
   kubeadm join master:6443 --token u7s0u0.gxg45dv7xsacvuav \
       --discovery-token-ca-cert-hash sha256:477e378d8bc58037442045eee5195996e94a4a7c65b307874e3ec722d7be39ec
   

4. master执行(master)

     mkdir -p $HOME/.kube
     sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
     sudo chown $(id -u):$(id -g) $HOME/.kube/config
   

5. 安装网络插件(master)

   curl https://docs.projectcalico.org/v3.20/manifests/calico.yaml -O
   
   #如果修改了--pod-network-cidr=172.16.0.0/16 则需要修改calico文件  默认为192.168.0.0/16
   kubectl apply -f calico.yaml
   

   

6. 查看网络插件是否安装成功

   • 使用kubectl get pod -A 查看 running即为成功

     

7. 添加工作节点

   kubeadm join master:6443 --token u7s0u0.gxg45dv7xsacvuav \
       --discovery-token-ca-cert-hash sha256:477e378d8bc58037442045eee5195996e94a4a7c65b307874e3ec722d7be39ec
   

   

8. 查看当前节点(master为主节点 slave01为工作节点)

   kubectl get nodes
   

   

9. 创建新令牌（master）

   kubeadm token create --print-join-command
   

使用官方可视化(dashboard)

1. 部署

   kubernetes官方提供的可视化界面 https://github.com/kubernetes/dashboard

2. 设置访问端口

   修改kubernetes-dashboard文件 将type: ClusterIP 改为 type: NodePort

   kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

3. kubectl get svc -A |grep kubernetes-dashboard

   找到端口，在安全组放行

4. 获取登录令牌

   1. 创建yml文件

      #创建访问账号，准备一个yaml文件； vi dash.yaml
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: admin-user
        namespace: kubernetes-dashboard
      ---
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRoleBinding
      metadata:
        name: admin-user
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: cluster-admin
      subjects:
      - kind: ServiceAccount
        name: admin-user
        namespace: kubernetes-dashboard
      

   2. kubectl apply -f dash.yaml

   3. 获取访问令牌

      kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
      

      eyJhbGciOiJSUzI1NiIsImtpZCI6Ijl4cG56YXNtY1Q5QkVGeXpmUHA4cjFDTnB5TVktS0oxNzhuSEZIdVpXcEkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXZsa3Q3Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmMTEwYTk5MC01MzJhLTQxMzgtYmU4My00NjRhZGUxODhmNTgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.lVqfZ14Wtdm68_ffk3s8Cg9u7L6q6dTz5OG36dnO651IS-NXoFhsoKnGaJyx1YzsILNXmL23IKIGn8O_j6p_IkA0dqPri7Gk4CA2lvQM5NcSY6mBEWx2VT7Gl2XktWq34KXmvHYOAp8qNpmhkzJ-bxFNmLIwDtD2LTeBmIFtRLkP7JjVhI7vrqpNaWCS_rdC2u4H-d4iTkn_wjCAWKC8EIelaq1GbgKbQdn7365OBSxFo4jycOx8YJ8BjvNvyk6hRDIhWGml4SWEf7NVKRLkqh9pUTMCG4odfdNDOFgqbgNkdDeVvSMp8-pvJHZVazK39L7hfXjjVKpvdq6r1tJa_A