使用kubeadm搭建K8S

准备工作:3个 centos7 虚拟机

     

 

 

 

1.网络互通 关闭防火墙 更改主机名等等准备工作

更改hostname

vi /etc/hostname

master

node1

node2



修改主机hosts

vi /etc/hosts

192.168.78.134 master
192.168.78.136 node1
192.168.78.137 node2



关闭防火墙等

systemctl stop firewalld && systemctl disable firewalld 

重置iptables 

iptables -F  && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT 

关闭交换 

swapoff -a 

永久关闭 

vi /etc/fstab 

注释关于swap的那一行  

关闭selinux 

setenforce 0 

vi /etc/sysconfig/selinux 

将里面的SELINUX配置为disabled    SELINUX=disabled 

同步时间 

安装ntpdate 

yum install ntpdate -y 

添加定时任务 crontab -e 

插入内容: 0-59/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP 

先手动同步一次 ntpdate us.pool.ntp.org

 

2.安装docker(我用的是20.10.12版本)

安装docker

卸载现有版本
yum remove -y docker* container-selinux

删除容器镜像:
sudo rm -rf /var/lib/docker

安装依赖包
sudo yum install -y yum-utils device-mapper-persistent-data lvm2 

设置阿里云镜像源
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 

安装 Docker-CE
sudo yum install docker-ce

开机自启
sudo systemctl enable docker 

启动docker服务  
sudo systemctl start docker

 

3.免密登录

免密登录

[root@master ~]# 

ssh-keygen -t rsa

 //生成密钥, 连续回车



复制密钥到其他主机

ssh-copy-id node1 

ssh-copy-id node2



scp /etc/hosts node1:/etc 

scp /etc/hosts node2:/etc

4.编辑kubernetes.conf文件

$ cat <<EOF > /etc/sysctl.d/kubernetes.conf 

vm.swappiness=0 

vm.overcommit_memory = 1 

vm.panic_on_oom=0 

net.ipv4.ip_forward = 1 

net.bridge.bridge-nf-call-ip6tables = 1 

net.bridge.bridge-nf-call-iptables = 1 

fs.inotify.max_user_watches=89100 

EOF  

#生效配置文件 

$ sysctl -p /etc/sysctl.d/kubernetes.conf

把路由转发和iptables桥接复制到其他主机

[root@master ~]# scp /etc/sysctl.d/kubernetes.conf node1:/etc/sysctl.d/

[root@master ~]# scp /etc/sysctl.d/kubernetes.conf node2:/etc/sysctl.d/

[root@master ~]# scp /etc/sysctl.conf node2:/etc/

[root@master ~]# scp /etc/sysctl.conf node1:/etc/

 

记得node01和node02也要执行以下命令

[root@master ~]# sysctl -p /etc/sysctl.d/kubernetes.conf

[root@master ~]# sysctl -p

 

 5.指定yum安装kubernetes的yum源

指定yum安装kubernetes的yum源(三台都要执行)

cat <<EOF > /etc/yum.repos.d/kubernetes.repo 

[kubernetes] 

name=Kubernetes 

baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ 

enabled=1 

gpgcheck=1 

repo_gpgcheck=1 

gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg 

EOF



[root@master ~]# yum repolist 

[root@master ~]# yum makecache fast



各节点安装所需安装包

master执行
[root@master ~]# yum -y install kubeadm-1.15.0-0 kubelet-1.15.0-0 kubectl-1.15.0-0

node执行
[root@node01 ~]# yum -y install kubeadm-1.15.0-0 kubelet-1.15.0-0



三台主机自启

systemctl enable kubelet


  所有机器


  mkdir -p /home/glory/working

  cd /home/glory/working/

 

 

6.生成kubeadm.conf 配置文件(.重要的环节)

kubeadm config print init-defaults ClusterConfiguration > kubeadm.conf

修改配置文件 imageRepository  kubernetesVersion 

vi kubeadm.conf 

修改 imageRepository: k8s.gcr.io 

改为 registry.cn-hangzhou.aliyuncs.com/google_containers 

imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers



修改kubernetes版本kubernetesVersion: v1.13.0  

改为kubernetesVersion: v1.15.0 

kubernetesVersion: v1.15.0 



修改 kubeadm.conf 中的API服务器地址,后面会频繁使用这个 地址。

就是后面serverapi的地址 

localAPIEndpoint: 

localAPIEndpoint: 

advertiseAddress: 192.168.0.100 

bindPort: 6443 

注意:  192.168.0.100 是master主机的ip地址 

配置子网网络 

networking: 

dnsDomain: cluster.local 

podSubnet: 10.244.0.0/16 

serviceSubnet: 10.96.0.0/12 

scheduler: {} 

这里的 10.244.0.0/16 和  10.96.0.0/12 

分别是k8s内部pods和services的子网网络,最好使用这个地址,后续flannel网络需要用到。

可能没有pod,就添加一行yaml文件格式要求很严格,空格别少了或者多了。


查看一下都需要哪些镜像文件需要拉取

kubeadm config images list --config kubeadm.conf  

$ kubeadm config images list --config kubeadm.conf 

registry.cn-beijing.aliyuncs.com/imcto/kube- apiserver:v1.15.0 

registry.cn-beijing.aliyuncs.com/imcto/kube- controller-manager:v1.13.1 

registry.cn-beijing.aliyuncs.com/imcto/kube- scheduler:v1.13.1 

registry.cn-beijing.aliyuncs.com/imcto/kube- proxy:v1.13.1 

registry.cn-beijing.aliyuncs.com/imcto/pause:3.1 

registry.cn-beijing.aliyuncs.com/imcto/etcd:3.2.24 

registry.cn-beijing.aliyuncs.com/imcto/coredns:1.2.6

 

7.拉取镜像初始化并且启动

拉取镜像

kubeadm config images pull --config ./kubeadm.conf

  初始化并且启动(从这往下都是在主节点master 上执行的 ,先配置好主节点 ,子节点之后 再加入)

  初始化 sudo kubeadm init --config ./kubeadm.conf

  若报错根据报错信息对应修改 [error]比如什么cpu个数,swap未关闭,bridge-nf-call-iptables 这个参数,需要设置为 1: 改好重新执行 #iptable设置为一的方法 echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables modprobe br_netfilter

  成功后记下最后的token,这个很重要,很重要,很重要。要复制出来。

 

  k8s启动成功输出内容较多,但是记住末尾的内容

  末尾token命令复制出来,这种样子的

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.78.134:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:cc4d47976f8ed28a7669399ca8d11b015bd6e26ff200c69dd6acdc11bab7c3cd

 

按照官方提示:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

 

启动kubelet 设置为开机⾃自启动

$ sudo systemctl enable kubelet

启动k8s服务程序

$ sudo systemctl start kubelet

 

查看节点信息

kubectl get nodes

NAME STATUS ROLES AGE VERSION

master NotReady master 12m v1.13.1

 

$ kubectl get cs

NAME STATUS MESSAGE ERROR

scheduler Healthy ok

controller-manager Healthy ok

etcd-0 Healthy {"health": "true"}

至此 主节点master 配置成功

 

 

 

8.安装kube-flanne网络通讯插件,并加入子节点

cd  /home/glory/working
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

下载不了 直接自己创建

vi kube-flannel.txt

mv kube-flannel.txt kube-flannel.yml
配一份我下载好的文件
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: psp.flannel.unprivileged
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
  privileged: false
  volumes:
  - configMap
  - secret
  - emptyDir
  - hostPath
  allowedHostPaths:
  - pathPrefix: "/etc/cni/net.d"
  - pathPrefix: "/etc/kube-flannel"
  - pathPrefix: "/run/flannel"
  readOnlyRootFilesystem: false
  # Users and groups
  runAsUser:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  # Privilege Escalation
  allowPrivilegeEscalation: false
  defaultAllowPrivilegeEscalation: false
  # Capabilities
  allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
  defaultAddCapabilities: []
  requiredDropCapabilities: []
  # Host namespaces
  hostPID: false
  hostIPC: false
  hostNetwork: true
  hostPorts:
  - min: 0
    max: 65535
  # SELinux
  seLinux:
    # SELinux is unused in CaaSP
    rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: flannel
rules:
- apiGroups: ['extensions']
  resources: ['podsecuritypolicies']
  verbs: ['use']
  resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes/status
  verbs:
  - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: flannel
  namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-system
  labels:
    tier: node
    app: flannel
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "Backend": {
        "Type": "vxlan"
      }
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
      hostNetwork: true
      priorityClassName: system-node-critical
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni-plugin
        image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0
        command:
        - cp
        args:
        - -f
        - /flannel
        - /opt/cni/bin/flannel
        volumeMounts:
        - name: cni-plugin
          mountPath: /opt/cni/bin
      - name: install-cni
        image: rancher/mirrored-flannelcni-flannel:v0.16.1
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: rancher/mirrored-flannelcni-flannel:v0.16.1
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
            add: ["NET_ADMIN", "NET_RAW"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
      - name: run
        hostPath:
          path: /run/flannel
      - name: cni-plugin
        hostPath:
          path: /opt/cni/bin
      - name: cni
        hostPath:
          path: /etc/cni/net.d
      - name: flannel-cfg
        configMap:
          name: kube-flannel-cfg
配置文件

 


docker pull registry.cn
-hangzhou.aliyuncs.com/mygcrio/flannel:v0.11.0-amd64 docker tag registry.cn-hangzhou.aliyuncs.com/mygcrio/flannel:v0.11.0-amd64 quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64


kubectl apply -f kube-flannel.yml 过程比较久需要下镜像 等等就好



  notready变为ready就好了

  root@master01:/home/itcast/working# kubectl get nodes

  NAME STATUS ROLES AGE VERSION

  master1 Ready master 6m58s v1.13.1

 

   此时主节点配置完成 开始加入子节点

  sudo systemctl enable kubelet

  sudo systemctl start kubelet

 

  #将admin.conf传递给node1

  sudo scp /etc/kubernetes/admin.conf root@192.168.78.136:/home/glory/

  #将admin.conf传递给node2

  sudo scp /etc/kubernetes/admin.conf root@192.168.78.137:/home/glory/

  各个子节点执行

  mkdir -p $HOME/.kube

  sudo cp -i admin.conf $HOME/.kube/config

  sudo chown $(id -u):$(id -g) $HOME/.kube/config

 

   之前主节点初始化成功后的拷贝信息,两个节点都要执行 

  kubeadm join 192.168.78.134:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:cc4d47976f8ed28a7669399ca8d11b015bd6e26ff200c69dd6acdc11bab7c3cd

 

  将kube-flannel.yml传递给node1

  sudo scp kube-flannel.yml root@192.168.78.136:/home/glory/

 

  将kube-flannel.yml传递给node2

  sudo scp kube-flannel.yml root@192.168.78.137:/home/glory/

  分别启动 flannel ⽹网络

  root@node1:~$ kubectl apply -f kube-flannel.yml

  root@node2:~$ kubectl apply -f kube-flannel.yml


这里需要等一段时间去下载资源
直到三个节点都是Ready 至此 集群搭建结束

 

 


  查看镜像下载情况 (下面两个命令超级重要 经常用,下载报错不要急 会重新自动下载)

  kubectl get pods --all-namespaces -o wide (查看当前下载状况)

  kubectl get pods -n kube-system (查看当前节点pod状态)

  kubectl get nodes (获取所有节点信息)

  删除一个指定的pod 之后会自动重新创建一个

  kubectl delete pods kube-flannel-ds-sqcl8 -n kube-system

 

9.演示使用

  创建一个deployment 控制器使用nginx web服务

  kubectl create deployment nginx --image=nginx

  创建一个service 暴漏应用 让web访问

  kubectl expose deployment nginx --port=80 --type=NodePort

    kubectl get pods 查看pods

   kubectl get pods,svc 查看端口详细信息

   kubectl get pods,svc -o wide 查看详细信息

   NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES

   pod/nginx-554b9c67f9-98n27 1/1 Running 0 9m57s 10.244.1.2 node1 <none> <none>

   NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR

   service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 16h <none>

    service/nginx NodePort 10.111.66.112 <none> 80:30848/TCP 47s app=nginx

 

   NodePort 类型 直接nodeip 加端口就可以访问

   http://192.168.78.134:30848/

   http://192.168.78.136:30848/

   http://192.168.78.137:30848/

   都可以访问成功

 

10.部署dashboard

部署dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

修改配置文件

一个是 Deployment 镜像地址

一个是Service 节点类型

# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# ------------------- Dashboard Secret ------------------- #

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque

---
# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system

---
# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
rules:
  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create"]
  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["create"]
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
- apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

---
# ------------------- Dashboard Deployment ------------------- #

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
      - name: kubernetes-dashboard
        image: lizhenliang/kubernetes-dashboard-amd64:v1.10.1
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
          # Uncomment the following line to manually specify Kubernetes API server Host
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
          # Create on-disk volume to store exec logs
        - mountPath: /tmp
          name: tmp-volume
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule

---
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
配置文件

 

拉取镜像

  docker pull lizhenliang/kubernetes-dashboard-amd64:v1.10.1


  创建


  kubectl apply -f kubernetes-dashboard.yaml

  执行结果如下:

 

secret/kubernetes-dashboard-certs created 

serviceaccount/kubernetes-dashboard created

role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created

rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created

deployment.apps/kubernetes-dashboard created

service/kubernetes-dashboard created


查看状态


kubectl get pods -n kube-system


默认放在kube-system 空间下


[root@master working]# kubectl get pods -n kube-system

NAME READY STATUS RESTARTS AGE

coredns-6967fb4995-qw8tl 1/1 Running 0 18h

coredns-6967fb4995-sk2b9 1/1 Running 0 18h

etcd-master 1/1 Running 0 18h

kube-apiserver-master 1/1 Running 0 18h

kube-controller-manager-master 1/1 Running 0 18h

kube-flannel-ds-8vvbz 1/1 Running 0 170m

kube-flannel-ds-sqcl8 1/1 Running 0 152m

kube-flannel-ds-stl89 1/1 Running 0 152m

kube-proxy-ddctw 1/1 Running 0 18h

kube-proxy-mp76x 1/1 Running 0 152m

kube-proxy-w9ljh 1/1 Running 0 152m

kube-scheduler-master 1/1 Running 0 18h

kubernetes-dashboard-79ddd5-27jzh 0/1 ImagePullBackOff 0 50s

 

访问页面


[root@master working]# kubectl get pods,svc -n kube-system

NAME READY STATUS RESTARTS AGE

pod/coredns-6967fb4995-qw8tl 1/1 Running 0 18h

pod/coredns-6967fb4995-sk2b9 1/1 Running 0 18h

pod/etcd-master 1/1 Running 0 18h

pod/kube-apiserver-master 1/1 Running 0 18h

pod/kube-controller-manager-master 1/1 Running 0 18h

pod/kube-flannel-ds-8vvbz 1/1 Running 0 172m

pod/kube-flannel-ds-sqcl8 1/1 Running 0 155m

pod/kube-flannel-ds-stl89 1/1 Running 0 155m

pod/kube-proxy-ddctw 1/1 Running 0 18h

pod/kube-proxy-mp76x 1/1 Running 0 155m

pod/kube-proxy-w9ljh 1/1 Running 0 155m

pod/kube-scheduler-master 1/1 Running 0 18h

pod/kubernetes-dashboard-79ddd5-27jzh 1/1 Running 0 3m29s


NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 18h

service/kubernetes-dashboard NodePort 10.109.12.48 <none> 443:32124/TCP 3m29s


节点ip+32124端口访问即可 需要添加网站信任


打开后选则令牌认证

 

 

11.创建dashboard的用户

创建用户 (默认角色cluster-admin 可访问k8s 所有权限)

kubectl create serviceaccount dashboard-admin -n kube-system

kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin 


查找tocken

kubectl get secret -n kube-system NAME TYPE DATA AGE

attachdetach-controller-token-6lzls kubernetes.io/service-account-token 3 19h

bootstrap-signer-token-bhgmn kubernetes.io/service-account-token 3 19h

bootstrap-token-abcdef bootstrap.kubernetes.io/token 6 19h

certificate-controller-token-92z4t kubernetes.io/service-account-token 3 19h

clusterrole-aggregation-controller-token-psghh kubernetes.io/service-account-token 3 19h

coredns-token-cflwj kubernetes.io/service-account-token 3 19h

cronjob-controller-token-24vk8 kubernetes.io/service-account-token 3 19h

daemon-set-controller-token-xjpl6 kubernetes.io/service-account-token 3 19h

dashboard-admin-token-smp5m kubernetes.io/service-account-token 3 2m53s

default-token-9fzh8 kubernetes.io/service-account-token 3 19h

deployment-controller-token-2l5ns kubernetes.io/service-account-token 3 19h

disruption-controller-token-pf75p kubernetes.io/service-account-token 3 19h

endpoint-controller-token-g65g6 kubernetes.io/service-account-token 3 19h

expand-controller-token-qd94d kubernetes.io/service-account-token 3 19h

flannel-token-8z26h kubernetes.io/service-account-token 3 3h9m

generic-garbage-collector-token-c2j6t kubernetes.io/service-account-token 3 19h

horizontal-pod-autoscaler-token-784rw kubernetes.io/service-account-token 3 19h

job-controller-token-ghzhm kubernetes.io/service-account-token 3 19h

kube-proxy-token-zrktf kubernetes.io/service-account-token 3 19h

kubernetes-dashboard-certs Opaque 0 20m

kubernetes-dashboard-key-holder Opaque 2 18m

kubernetes-dashboard-token-nxbpv kubernetes.io/service-account-token 3 20m

namespace-controller-token-rs6mj kubernetes.io/service-account-token 3 19h

node-controller-token-c5hvr kubernetes.io/service-account-token 3 19h

persistent-volume-binder-token-vccz6 kubernetes.io/service-account-token 3 19h

pod-garbage-collector-token-lfsgv kubernetes.io/service-account-token 3 19h

pv-protection-controller-token-hxlpt kubernetes.io/service-account-token 3 19h

pvc-protection-controller-token-kbtbd kubernetes.io/service-account-token 3 19h

replicaset-controller-token-xz9f2 kubernetes.io/service-account-token 3 19h

replication-controller-token-nn5ql kubernetes.io/service-account-token 3 19h

resourcequota-controller-token-qqzd9 kubernetes.io/service-account-token 3 19h

service-account-controller-token-jzd2l kubernetes.io/service-account-token 3 19h

service-controller-token-6d5x7 kubernetes.io/service-account-token 3 19h

statefulset-controller-token-t5wlw kubernetes.io/service-account-token 3 19h

token-cleaner-token-pmk5h kubernetes.io/service-account-token 3 19h

ttl-controller-token-4tdh2 kubernetes.io/service-account-token 3 19h

 

找dashboard-admin-token 开头的

使用 kubectl describe secret dashboard-admin-token-smp5m -n kube-system (命名空间必须加)

获得到token信息

 

[root@master working]# kubectl describe secret dashboard-admin-token-smp5m -n kube-system
Name: dashboard-admin-token-smp5m
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 5d364c5a-3053-4c68-97d7-ea41910fc7c3

Type: kubernetes.io/service-account-token

Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tc21wNW0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNWQzNjRjNWEtMzA1My00YzY4LTk3ZDctZWE0MTkxMGZjN2MzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ZwH9bvSJXATQXoteoPqp40C39l24-Qvjq7YPGVmRMCBNU9S34ycBnlv5rjjAfEqnop8vXk8QqYrcF1zRqOf2BcrYaPG-LJoifiqixRIWuqXpIlFvWxw7ZlQeRE3uOlV5UJh5nHPWtQL-oAizDH9w1AGd93E7NyVix0cbMC_SIHnxcTeollrG1YZ9apYUks0V8ElBpjT7LfGqrBkjFGYgcGQ0zGh866oR6WrUAEcHusrRGIjhAyYpz6WZfk-rMzUrmyLaMaA_pNaaOW1VvIGIIccuNjDwEe8tcKIHRyKV4CmBx2QQ2eqbPL3ZsbR_2mO-gXzYzyfOJPPExTFAqfdrKA
ca.crt: 1025 bytes
namespace: 11 bytes

 

复制token 输入到页面 点击登录即可成功

 

 

12.其他

重置配置,查看日志

 rm -rf /etc/kubernetes/*
 rm -rf ~/.kube/*
 rm -rf /var/lib/etcd/*
 
lsof -i :6443|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :10251|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :10252|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :10250|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :2379|grep -v "PID"|awk '{print "kill -9",$2}'|sh
lsof -i :2380|grep -v "PID"|awk '{print "kill -9",$2}'|sh

kubeadm reset


启动报错 查看日志

journalctl -u kubelet

journalctl -u kubelet |tail



看系统日志

cat /var/log/messages


用kubectl 查看日志
# 注意:使用Kubelet describe 查看日志,一定要带上 命名空间,否则会报如下错误[root@node2 ~]# kubectl describe pod coredns-6c65fc5cbb-8ntpvError from server (NotFound): pods "coredns-6c65fc5cbb-8ntpv" not found

kubectl describe pod kubernetes-dashboard-849cd79b75-s2snt --namespace kube-system

kubectl logs -f pods/monitoring-influxdb-fc8f8d5cd-dbs7d -n kube-system

kubectl logs --tail 200 -f kube-apiserver -n kube-system |more

kubectl logs --tail 200 -f podname -n jenkins



用journalctl查看日志非常管用

journalctl -u kube-scheduler

journalctl -xefu kubelet

journalctl -u kube-apiserver


journalctl -u kubelet |tail

journalctl -xe


用docker查看日志

docker logs c36c56e4cfa3  (容器id)


  ImagePullBackOff 错误处理


  kubectl describe pod nginx-554b9c67f9-98n27(pod名)

 
docker 镜像源配置

 

 

 

 

posted @ 2022-01-18 14:49  D·Felix  阅读(332)  评论(0编辑  收藏  举报