本文档只是为了留档方便以后工作运维,或者给同事分享文档内容比较简陋命令也不是特别全,不适合小白观看,如有不懂可以私信,上班期间都是在得
1.基础配置
1.1 检查服务器版本
# 查看服务器系统版本以及内核版本
cat /etc/redhat-release
# 查看服务器内核版本
uname -r
# 一起看
hostnamectl status
PS:建议升级7.9版本
1.2 检查时区
# 检查系统时间
timedatectl
# 设置时区为北京时间
timedatectl set-timezone Asia/Shanghai
# 安装ntp服务(远程时间同步)
yum install -y ntp
# 修改配置文件
vi /etc/sysconfig/ntpd
SYNC_HWCLOCK=yes
OPTIONS="-g -x"
#启动npt
systemctl start ntpd
#设置开机自启
systemctl enable ntpd
#设置Linux系统时钟与远程NTP服务器同步
timedatectl set-ntp true
1.3网络配置
# ip换成自己服务器ip
cat >> /etc/hosts <<EOF
172.168.1.1 master
172.168.1.2 node-1
EOF
# 将SELinux禁用 (临时)
setenforce 0
# 将SELinux禁用 (永久)
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 关闭swap
swapoff -a
# 永久关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab
# etcd.yaml网络配置
vim /etc/kubernetes/manifests/etcd.yaml
找到以下内容吧公网ip换成127.0.0.1
–listen-client-urls=http://127.0.0.1:2379
–listen-peer-urls=http://127.0.0.1:2380
2.安装kubelet kubeadm kubectl
#配置镜像源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
#桥接IPV4流量传递到iptables 的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 下载
yum install -y kubelet-1.20.5
yum install -y kubeadm-1.20.5
yum install -y kubectl-1.20.5
# 启动klubelet
systemctl start kubelet
# 设置开机自启
systemctl enable --now kubelet
# 写入配置文件(防止吧镜像源抹掉还是手动追加写入),写入完记得重启docker
vim /etc/docker/daemon.json
{
{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://docker.registry.cyou",
"https://docker-cf.registry.cyou",
"https://dockercf.jsdelivr.fyi",
"https://docker.jsdelivr.fyi",
"https://dockertest.jsdelivr.fyi",
"https://mirror.aliyuncs.com",
"https://dockerproxy.com",
"https://mirror.baidubce.com",
"https://docker.m.daocloud.io",
"https://docker.nju.edu.cn",
"https://docker.mirrors.sjtug.sjtu.edu.cn",
"https://docker.mirrors.ustc.edu.cn",
"https://mirror.iscas.ac.cn",
"https://docker.rainbond.cc"
]
}
}
# 重新加载配置和重启docker
systemctl daemon-reload
systemctl restart docker
# 设置kubectl命令补全
kubectl completion bash >/etc/bash_completion.d/kubectl
# 设置kubeadm命令补全
kubeadm completion bash > /etc/bash_completion.d/kubeadm
3.配置集群
# 拉取镜像(阿里云源)
vim home/k8s/images.sh
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.5
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.5
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.5
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.5
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.5 k8s.gcr.io/kube-proxy:v1.20.5
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.5 k8s.gcr.io/kube-scheduler:v1.20.5
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.5 k8s.gcr.io/kube-apiserver:v1.20.5
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.5 k8s.gcr.io/kube-controller-manager:v1.20.5
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 k8s.gcr.io/etcd:3.4.13-0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0 k8s.gcr.io/coredns:1.7.0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.5
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.5
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.5
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.5
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0
# 初始化操作
kubeadm init \
--kubernetes-version=v1.20.5 \
--apiserver-advertise-address=101.43.92.244 \
--image-repository registry.aliyuncs.com/google_containers \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all \
--v=6 \
--skip-phases=etcd
–kubernetes-version:指定Kubernetes的版本
–apiserver-advertise-address 指定master节点发布的IP地址
–image-repository 镜像源
–pod-network-cidr (Flannel网络插件的默认为10.244.0.0/16,Calico插件的默认值为192.168.0.0/16)
–ignore-preflight-errors 检查告警状态登记
–skip-phases 跳过检查etcd
保存token(最后两行)
# token忘记
kubeadm token list
# 证书忘记
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2> /dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
# 拷贝配置文件到kubectl默认加载路径
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
4.安装网络组件
# 下载flannel
curl https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml>>kube-flannel.yml
# 赋权配置文件
hmod 777 kube-flannel.yml
#修改配置文件(如下图)
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
vim /etc/kubernetes/manifests/kube-scheduler.yaml
# 重启kubelet
systemctl restart kubelet.service
# 查看组件状态
kubectl get cs
#介绍kube-flannel.yml
以下改成docker镜像中得对应名称即可
正常来说文件是拉不下来得,网上那些傻逼教程挺多得自己分辨就好
自己翻墙去下载镜像然后导入docker镜像然后修改kube-flannel.yml使用本地镜像即可
flannel下载链接
cni-plugin下载链接
别给我评论不会翻墙得什么巴拉巴拉,都玩k8s了 基本操作应该都能看懂吧
#导入docker镜像
docker load --input flannel-flannel-cni-plugin-v1.5.1-flannel1-amd64.tar.gz
docker load --input xxxx 自己看自己下载得什么版本把flannel 和cni都导入
#查看docker镜像
docker images
#也可以导入k8s得镜像存储
ctr -n k8s.io images import flannel-flannel-cni-plugin-v1.4.1-flannel1-amd64.tar
ctr -n k8s.io images import xxxx 自己看自己下载得什么版本把flannel 和cni都导入
#查看k8s镜像
ctr -n k8s.io images list
#然后去更改kube-flannel.yml配置文件 改成本地已经导入得镜像名称和版本,不然又要去拉镜像,根本拉不到得hhh 除非你是天选之子
# Kubernetes 集群中应用 kube-flannel.yml 文件中的配置
kubectl apply -f kube-flannel.yml
# 等待一两分钟即可
# 查看状态 (如下图即成功)
kubectl get pod -A
kubectl get node
4.集群配置
# 查看调度策略
kubectl describe node|grep -E "Name:|Taints:"
# 更改master节点可被部署pod
kubectl taint nodes --all node-role.kubernetes.io/master-
#node节点运行之前存储得token(如下图)
#再次补充
# token忘记
kubeadm token list
# 证书忘记
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2> /dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
现在基本以及安装成功,进行一下测试
# master创建nginx
kubectl run --image=nginx nginx-test --port=80
# 查看状态以及端口
kubectl get pod,svc
访问地址:http://<任意Node的IP>:Port
5.安装可视化控制台
vim recommended.yaml
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30443
selector:
k8s-app: kubernetes-dashboard
type: NodePort
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.2.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.6
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}
# 安装拉取dashboard并制定配置文件
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard
# 创建用户
kubectl create serviceaccount xbbsyy -n kube-system
# 用户授权
kubectl create clusterrolebinding dxbbsyy --clusterrole=cluster-admin --serviceaccount=kube-system:xbbsyy
# 获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
访问地址:https://<任意Node的IP>:30443
token复制进去进行登录
如果点赞多,评论多会更新详细教程,待补充。
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
