安装docker
yum install docker
sudo systemctl start dockersudo systemctl enable dockerdocker version
安装k8s集群
3.1 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
3.2 关闭selinux
setenforce 0 # 临时关闭
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 永久关闭
1.3.3 关闭swap
swapoff -a # 临时关闭;关闭swap主要是为了性能考虑
free # 可以通过这个命令查看swap是否关闭了
sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久关闭
3.4 添加主机名与IP对应的关系
$ vim <span class="token operator">/</span>etc<span class="token operator">/</span>hosts
添加如下内容:
192.168.190.128 k8s-master
192.168.190.129 k8s-node1
192.168.190.130 k8s-node2
3.5 将桥接的IPV4流量传递到iptables 的链
$ cat <span class="token operator">></span> <span class="token operator">/</span>etc<span class="token operator">/</span>sysctl<span class="token punctuation">.</span>d<span class="token operator">/</span>k8s<span class="token punctuation">.</span>conf <span class="token operator"><</span><span class="token operator"><</span> <span class="token constant">EOF</span>
net<span class="token punctuation">.</span>bridge<span class="token punctuation">.</span>bridge<span class="token operator">-</span>nf<span class="token operator">-</span>call<span class="token operator">-</span>ip6tables <span class="token operator">=</span> <span class="token number">1</span>
net<span class="token punctuation">.</span>bridge<span class="token punctuation">.</span>bridge<span class="token operator">-</span>nf<span class="token operator">-</span>call<span class="token operator">-</span>iptables <span class="token operator">=</span> <span class="token number">1</span>
<span class="token constant">EOF</span>3.6 添加阿里云YUM软件源
cat <span class="token operator">></span> <span class="token operator">/</span>etc<span class="token operator">/</span>yum<span class="token punctuation">.</span>repos<span class="token punctuation">.</span>d<span class="token operator">/</span>kubernetes<span class="token punctuation">.</span>repo <span class="token operator"><</span><span class="token operator"><</span> <span class="token constant">EOF</span>
<span class="token punctuation">[</span>k8s<span class="token punctuation">]</span>
name<span class="token operator">=</span>k8s
enabled<span class="token operator">=</span><span class="token number">1</span>
gpgcheck<span class="token operator">=</span><span class="token number">0</span>
baseurl<span class="token operator">=</span>https<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span>mirrors<span class="token punctuation">.</span>aliyun<span class="token punctuation">.</span>com<span class="token operator">/</span>kubernetes<span class="token operator">/</span>yum<span class="token operator">/</span>repos<span class="token regex">/kubernetes-el7-x86_64/</span>
<span class="token constant">EOF</span>3.7 安装kubeadm,kubelet和kubectl
kubelet # 运行在 Cluster 所有节点上,负责启动 Pod 和容器。
kubeadm # 用于初始化 Cluster。
kubectl # 是 Kubernetes 命令行工具。通过 kubectl 可以部署和管理应用,查看各种资源,创建、删除和更新各种组件。
在部署kubernetes时,要求master node和worker node上的版本保持一致,否则会出现版本不匹配导致奇怪的问题出现。本文将介绍如何在CentOS系统上,使用yum安装指定版本的Kubernetes。
我们需要安装指定版本的kubernetes。那么如何做呢?在进行yum安装时,可以使用下列的格式来进行安装:
yum install kubelet-1.19.6 kubeadm-1.19.6 kubectl-1.19.6 -y
设置自启动kubelet
此时,还不能启动kubelet,因为此时配置还不能,现在仅仅可以设置开机自启动
systemctl enable kubelet
3.9 部署Kubernetes Master
3.9.1 初始化kubeadm
kubeadm init --apiserver-advertise-address=192.168.3.129 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.19.6 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
# –image<span class="token operator">-</span>repository <span class="token builtin">string</span>: 这个用于指定从什么位置来拉取镜像(<span class="token number">1.13</span>版本才有的),默认值是k8s<span class="token punctuation">.</span>gcr<span class="token punctuation">.</span>io,我们将其指定为国内镜像地址:registry<span class="token punctuation">.</span>aliyuncs<span class="token punctuation">.</span>com<span class="token operator">/</span>google_containers
# –kubernetes<span class="token operator">-</span>version <span class="token builtin">string</span>: 指定kubenets版本号,默认值是stable<span class="token operator">-</span><span class="token number">1</span>,会导致从https<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span>dl<span class="token punctuation">.</span>k8s<span class="token punctuation">.</span>io<span class="token operator">/</span>release<span class="token operator">/</span>stable<span class="token operator">-</span><span class="token number">1.</span>txt下载最新的版本号,我们可以将其指定为固定版本(v1<span class="token punctuation">.</span><span class="token number">15.1</span>)来跳过网络请求。
# –apiserver<span class="token operator">-</span>advertise<span class="token operator">-</span>address 指明用 Master 的哪个 <span class="token keyword">interface</span> 与 Cluster 的其他节点通信。如果 Master 有多个 <span class="token keyword">interface</span>,建议明确指定,如果不指定,kubeadm 会自动选择有默认网关的 <span class="token keyword">interface</span>。
# –pod<span class="token operator">-</span>network<span class="token operator">-</span>cidr 指定 Pod 网络的范围。Kubernetes 支持多种网络方案,而且不同网络方案对 –pod<span class="token operator">-</span>network<span class="token operator">-</span>cidr有自己的要求,这里设置为<span class="token number">10.244</span><span class="token number">.0</span><span class="token number">.0</span><span class="token operator">/</span><span class="token number">16</span> 是因为我们将使用 flannel 网络方案,必须设置成这个 CIDR。
输出:
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.3.129:6443 --token afx2d4.ybpz8dsmq7jh1ic6 \
--discovery-token-ca-cert-hash sha256:86ef6e3fbe924f95873a4928858a4cac637566bab2d4996ec8b0a8a143c546ba
使用kubectl工具
复制如下命令直接执行(master)
mkdir <span class="token operator">-</span>p <span class="token variable">$HOME</span><span class="token operator">/</span><span class="token punctuation">.</span>kube
sudo cp <span class="token operator">-</span>i <span class="token operator">/</span>etc<span class="token operator">/</span>kubernetes<span class="token regex">/admin.conf $HOME/</span><span class="token punctuation">.</span>kube<span class="token operator">/</span>config
sudo chown $<span class="token punctuation">(</span>id <span class="token operator">-</span>u<span class="token punctuation">)</span><span class="token punctuation">:</span>$<span class="token punctuation">(</span>id <span class="token operator">-</span>g<span class="token punctuation">)</span> <span class="token variable">$HOME</span><span class="token operator">/</span><span class="token punctuation">.</span>kube<span class="token operator">/</span>config
下面就可以直接使用kubectl命令了(master)
3.9.3 安装Pod网络插件(CNI)(master)
kubectl apply <span class="token operator">-</span>f https<span class="token punctuation">:</span><span class="token operator">/</span><span class="token operator">/</span>raw<span class="token punctuation">.</span>githubusercontent<span class="token punctuation">.</span>com<span class="token operator">/</span>coreos<span class="token operator">/</span>flannel<span class="token operator">/</span>master<span class="token operator">/</span><span class="token constant">Documentation</span><span class="token operator">/</span>kube<span class="token operator">-</span>flannel<span class="token punctuation">.</span>yml
或者:
kubectl apply -f kube-flannel.yml
安装
Kubernetes-Dashboard
先下载配置文件(kubernetes/dashboard: General-purpose web UI for Kubernetes clusters (github.com))
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
修改配置文件:
我们需要通过NodePort模式来从浏览器访问到dashboard,所以需要对yaml文件网络配置进行修改(端口必须大于30000)
我这里改的端口是30000
修改后,重新应用:
最后登陆(记得用Https)
https://192.168.3.129:30000/#/login
通过上图可以知道,登录到dashboard有两种方式,一种是配置kubeconfig,另一种是使用token令牌,在这里我们创建一个admin用户并生成其token令牌进行登录
下面是创建admin用户的yml文件内容(在这里把文件命名为kube-user.yml)
- kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: admin
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kubernetes-dashboard
labels:
kubernetes.io/cluster-service: "true"
应用:
- kubectl apply -f kube-user.yml
查询admin用户的token,先查询token列表找到admin用户的token名称:
- kubectl get secret -n kubernetes-dashboard
获取密钥:
kubectl describe secret admin-token-xvn2c -n kubernetes-dashboard 返回:
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlhRMGJYNXJsUTZYaVNocTAtOHZwaXliUl9YZlRzUUtxZHFhdEM4blhTaFkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi14dm4yYyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjM3NjdjY2FkLTA0NGMtNDQ4Ny1hYmU2LWQzODgwYTZkMjM5MyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbiJ9.nQeGvT3gjrKf9nHiRwqz59kP6s-s4AbZP2J9qMF2A5kyi12YcTY88CwPs397kuUi_0ftxkqAR7-2yZ4YSyu-RoLVcxxR14cg3iBtfFZyQa6nk3AXpv1YjuiQqpu2BYk5o8luTonv5JCTml0-_SQ03Gl6pKbsx5NyQHLNYFsOoUkk20PqA3_dLY3szurgOSSe5zrikqqOh3RD3KZ13Gxg--afgDj00-l7z1EJwAF7HBdKqCtWpNid9Vg_t97vzQyvHTEqA3Yr-kXjDwo_mKGypqZ7NoQWGQiLvzj0xCv2maX5hcdsMNZsUdxtw2T3XTIRWFaXpnVtzwc0nHTN-onMzA
安装节点:
关于系统的设备请参考master设置。
安装节点:
yum install kubelet-1.19.6 kubeadm-1.19.6 kubectl-1.19.6 -y
先在主节点点获取master的token:
#查看token 在master上
kubeadm token list
#如果token过期,更新token 在master上
kubeadm token create
获取toke如下:
7xdtqs.0aaw886svdoxejjx
获取hash:
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
如下:
86ef6e3fbe924f95873a4928858a4cac637566bab2d4996ec8b0a8a143c546ba
加入子节点
kubeadm join {主节点IP}:6443 --token {token} --discovery-token-ca-cert-hash {hash}
即:
kubeadm join 192.168.3.129:6443 --token 7xdtqs.0aaw886svdoxejjx --discovery-token-ca-cert-hash sha256:86ef6e3fbe924f95873a4928858a4cac637566bab2d4996ec8b0a8a143c546ba
最后在主机上,kubectl get nodes查看节点状态:
成功!
创建Node2,复制虚拟机。登陆后,执行kubeadm reset,重置。再使用kubeadm join加入master。
============ 欢迎各位老板打赏~ ===========
与本文相关的文章
- · Linux安装NFS
- · k3s+kuboard快速搭建K8s生产环境集群
- · 部署docker+k3s+rancher2
- · 部署k3s+KubeSphere
- · es+filebeat+elastalert2实现异常邮件提醒
- · k8s之Service
- · k8s之PersistentVolume&PersistentVolumeClaim
- · k8s之ReplicationController
- · k8s deployment with persistentVolume
- · k8s之java-deployment
- · k8s之mongo-deployment
- · pe-deployment
