分类

链接

2022 年 2 月
 123456
78910111213
14151617181920
21222324252627
28  

近期文章

热门标签

新人福利,免费薅羊毛

现在位置:    首页 > k8s > 正文
共享办公室出租
centos7安装k8s集群(2022版)
k8s 暂无评论 阅读(545)

安装docker

yum install docker

sudo systemctl start docker
sudo systemctl enable docker
docker version

安装k8s集群

3.1 关闭防火墙

 

systemctl stop firewalld

systemctl disable firewalld

3.2 关闭selinux

 

setenforce 0  # 临时关闭

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 永久关闭

1.3.3 关闭swap

 

swapoff -a    # 临时关闭;关闭swap主要是为了性能考虑

free            # 可以通过这个命令查看swap是否关闭了

sed -ri 's/.*swap.*/#&/' /etc/fstab  # 永久关闭

3.4 添加主机名与IP对应的关系

 

$ vim <span class="token operator">/</span>etc<span class="token operator">/</span>hosts

添加如下内容:

 

192.168.190.128 k8s-master

192.168.190.129 k8s-node1

192.168.190.130 k8s-node2

3.5 将桥接的IPV4流量传递到iptables 的链

 

$ cat <span class="token operator">&gt;</span> <span class="token operator">/</span>etc<span class="token operator">/</span>sysctl<span class="token punctuation">.</span>d<span class="token operator">/</span>k8s<span class="token punctuation">.</span>conf <span class="token operator">&lt;</span><span class="token operator">&lt;</span> <span class="token constant">EOF</span>

net<span class="token punctuation">.</span>bridge<span class="token punctuation">.</span>bridge<span class="token operator">-</span>nf<span class="token operator">-</span>call<span class="token operator">-</span>ip6tables <span class="token operator">=</span> <span class="token number">1</span>

net<span class="token punctuation">.</span>bridge<span class="token punctuation">.</span>bridge<span class="token operator">-</span>nf<span class="token operator">-</span>call<span class="token operator">-</span>iptables <span class="token operator">=</span> <span class="token number">1</span>

<span class="token constant">EOF</span>

3.6 添加阿里云YUM软件源

 

cat <span class="token operator">&gt;</span> <span class="token operator">/</span>etc<span class="token operator">/</span>yum<span class="token punctuation">.</span>repos<span class="token punctuation">.</span>d<span class="token operator">/</span>kubernetes<span class="token punctuation">.</span>repo <span class="token operator">&lt;</span><span class="token operator">&lt;</span> <span class="token constant">EOF</span>

<span class="token punctuation">[</span>k8s<span class="token punctuation">]</span>

name<span class="token operator">=</span>k8s

enabled<span class="token operator">=</span><span class="token number">1</span>

gpgcheck<span class="token operator">=</span><span class="token number">0</span>

baseurl<span class="token operator">=</span>https<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span>mirrors<span class="token punctuation">.</span>aliyun<span class="token punctuation">.</span>com<span class="token operator">/</span>kubernetes<span class="token operator">/</span>yum<span class="token operator">/</span>repos<span class="token regex">/kubernetes-el7-x86_64/</span>

<span class="token constant">EOF</span>

3.7 安装kubeadm,kubelet和kubectl

kubelet # 运行在 Cluster 所有节点上,负责启动 Pod 和容器。

kubeadm # 用于初始化 Cluster。

kubectl # 是 Kubernetes 命令行工具。通过 kubectl 可以部署和管理应用,查看各种资源,创建、删除和更新各种组件。

在部署kubernetes时,要求master node和worker node上的版本保持一致,否则会出现版本不匹配导致奇怪的问题出现。本文将介绍如何在CentOS系统上,使用yum安装指定版本的Kubernetes。

我们需要安装指定版本的kubernetes。那么如何做呢?在进行yum安装时,可以使用下列的格式来进行安装:

yum install kubelet-1.19.6 kubeadm-1.19.6 kubectl-1.19.6 -y

设置自启动kubelet

此时,还不能启动kubelet,因为此时配置还不能,现在仅仅可以设置开机自启动

 

systemctl enable kubelet

3.9 部署Kubernetes Master

3.9.1 初始化kubeadm

 

kubeadm init --apiserver-advertise-address=192.168.3.129 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.19.6 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16

 

# –image<span class="token operator">-</span>repository <span class="token builtin">string</span>:    这个用于指定从什么位置来拉取镜像(<span class="token number">1.13</span>版本才有的),默认值是k8s<span class="token punctuation">.</span>gcr<span class="token punctuation">.</span>io,我们将其指定为国内镜像地址:registry<span class="token punctuation">.</span>aliyuncs<span class="token punctuation">.</span>com<span class="token operator">/</span>google_containers

# –kubernetes<span class="token operator">-</span>version <span class="token builtin">string</span>:  指定kubenets版本号,默认值是stable<span class="token operator">-</span><span class="token number">1</span>,会导致从https<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span>dl<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>release<span class="token operator">/</span>stable<span class="token operator">-</span><span class="token number">1.</span>txt下载最新的版本号,我们可以将其指定为固定版本(v1<span class="token punctuation">.</span><span class="token number">15.1</span>)来跳过网络请求。

# –apiserver<span class="token operator">-</span>advertise<span class="token operator">-</span>address  指明用 Master 的哪个 <span class="token keyword">interface</span> 与 Cluster 的其他节点通信。如果 Master 有多个 <span class="token keyword">interface</span>,建议明确指定,如果不指定,kubeadm 会自动选择有默认网关的 <span class="token keyword">interface</span>。

# –pod<span class="token operator">-</span>network<span class="token operator">-</span>cidr            指定 Pod 网络的范围。Kubernetes 支持多种网络方案,而且不同网络方案对  –pod<span class="token operator">-</span>network<span class="token operator">-</span>cidr有自己的要求,这里设置为<span class="token number">10.244</span><span class="token number">.0</span><span class="token number">.0</span><span class="token operator">/</span><span class="token number">16</span> 是因为我们将使用 flannel 网络方案,必须设置成这个 CIDR。

 

输出:

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.3.129:6443 --token afx2d4.ybpz8dsmq7jh1ic6 \
--discovery-token-ca-cert-hash sha256:86ef6e3fbe924f95873a4928858a4cac637566bab2d4996ec8b0a8a143c546ba

使用kubectl工具

复制如下命令直接执行(master)

mkdir <span class="token operator">-</span>p <span class="token variable">$HOME</span><span class="token operator">/</span><span class="token punctuation">.</span>kube

sudo cp <span class="token operator">-</span>i <span class="token operator">/</span>etc<span class="token operator">/</span>kubernetes<span class="token regex">/admin.conf $HOME/</span><span class="token punctuation">.</span>kube<span class="token operator">/</span>config

sudo chown $<span class="token punctuation">(</span>id <span class="token operator">-</span>u<span class="token punctuation">)</span><span class="token punctuation">:</span>$<span class="token punctuation">(</span>id <span class="token operator">-</span>g<span class="token punctuation">)</span> <span class="token variable">$HOME</span><span class="token operator">/</span><span class="token punctuation">.</span>kube<span class="token operator">/</span>config

下面就可以直接使用kubectl命令了(master)

3.9.3 安装Pod网络插件(CNI)(master)

kubectl apply <span class="token operator">-</span>f https<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span>raw<span class="token punctuation">.</span>githubusercontent<span class="token punctuation">.</span>com<span class="token operator">/</span>coreos<span class="token operator">/</span>flannel<span class="token operator">/</span>master<span class="token operator">/</span><span class="token constant">Documentation</span><span class="token operator">/</span>kube<span class="token operator">-</span>flannel<span class="token punctuation">.</span>yml

或者:

kubectl apply -f kube-flannel.yml

安装

Kubernetes-Dashboard

先下载配置文件(kubernetes/dashboard: General-purpose web UI for Kubernetes clusters (github.com)

wget  https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

修改配置文件:

我们需要通过NodePort模式来从浏览器访问到dashboard,所以需要对yaml文件网络配置进行修改(端口必须大于30000)

我这里改的端口是30000

修改后,重新应用:

最后登陆(记得用Https)

https://192.168.3.129:30000/#/login

 

通过上图可以知道,登录到dashboard有两种方式,一种是配置kubeconfig,另一种是使用token令牌,在这里我们创建一个admin用户并生成其token令牌进行登录

下面是创建admin用户的yml文件内容(在这里把文件命名为kube-user.yml)

  1. kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
    name: admin
    annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
    roleRef:
    kind: ClusterRole
    name: cluster-admin
    apiGroup: rbac.authorization.k8s.io
    subjects:
    - kind: ServiceAccount
    name: admin
    namespace: kubernetes-dashboard
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: admin
    namespace: kubernetes-dashboard
    labels:
    kubernetes.io/cluster-service: "true"

应用:

  1. kubectl apply -f kube-user.yml

查询admin用户的token,先查询token列表找到admin用户的token名称:

  1. kubectl get secret -n kubernetes-dashboard

获取密钥:

kubectl describe secret admin-token-xvn2c -n kubernetes-dashboard
返回:

Type: kubernetes.io/service-account-token

Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlhRMGJYNXJsUTZYaVNocTAtOHZwaXliUl9YZlRzUUtxZHFhdEM4blhTaFkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi14dm4yYyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjM3NjdjY2FkLTA0NGMtNDQ4Ny1hYmU2LWQzODgwYTZkMjM5MyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbiJ9.nQeGvT3gjrKf9nHiRwqz59kP6s-s4AbZP2J9qMF2A5kyi12YcTY88CwPs397kuUi_0ftxkqAR7-2yZ4YSyu-RoLVcxxR14cg3iBtfFZyQa6nk3AXpv1YjuiQqpu2BYk5o8luTonv5JCTml0-_SQ03Gl6pKbsx5NyQHLNYFsOoUkk20PqA3_dLY3szurgOSSe5zrikqqOh3RD3KZ13Gxg--afgDj00-l7z1EJwAF7HBdKqCtWpNid9Vg_t97vzQyvHTEqA3Yr-kXjDwo_mKGypqZ7NoQWGQiLvzj0xCv2maX5hcdsMNZsUdxtw2T3XTIRWFaXpnVtzwc0nHTN-onMzA

 

 

安装节点:

关于系统的设备请参考master设置。

安装节点:

yum install kubelet-1.19.6 kubeadm-1.19.6 kubectl-1.19.6 -y

 

先在主节点点获取master的token:

#查看token 在master上

kubeadm token list

#如果token过期,更新token 在master上

kubeadm token create

获取toke如下:

7xdtqs.0aaw886svdoxejjx

获取hash:

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

如下:

86ef6e3fbe924f95873a4928858a4cac637566bab2d4996ec8b0a8a143c546ba

 

加入子节点

kubeadm join {主节点IP}:6443 --token {token} --discovery-token-ca-cert-hash {hash}

即:

kubeadm join 192.168.3.129:6443 --token 7xdtqs.0aaw886svdoxejjx --discovery-token-ca-cert-hash sha256:86ef6e3fbe924f95873a4928858a4cac637566bab2d4996ec8b0a8a143c546ba

 

最后在主机上,kubectl get nodes查看节点状态:

 

成功!

 

创建Node2,复制虚拟机。登陆后,执行kubeadm reset,重置。再使用kubeadm join加入master。

============ 欢迎各位老板打赏~ ===========

本文版权归Bruce's Blog所有,转载引用请完整注明以下信息:
本文作者:Bruce
本文地址:centos7安装k8s集群(2022版) | Bruce's Blog

发表评论

留言无头像?