部署 k8s dashboard
kubernetes 这个名字起源于古希腊,是舵手的意思,所以它的 Logo 既像一张渔网,又像一个罗盘。谷歌采用这个名字的深意就是:既然 Docker 把自己定位为驮着集装箱在大海上自在遨游的鲸鱼,那么谷歌就是要以 kubernetes 掌舵大航海时代的话语权,"捕获"和"指引"这条鲸鱼按照"主人"设定的路线巡游,确保谷歌倾力打造的新一代容器世界的宏伟蓝图实现。kubernetes 之所以叫 k8s,是因为 k 和 s 之间有8个字母。
k8s的部署环境如下:
系统:CentOS7.6
docker version:docker-ce-18.06.1
kubernetes version:v1.19.0
IP:master(192.168.121.201)、node1(192.168.121.202)、node2(192.168.121.203)
采用 kubeadm 部署方式以 master 节点为例:
# master 节点
# 1. 设置主机名
hostnamectl set-hostname master
# 2. 配置域名解析
echo '192.168.121.201 master' >>/etc/hosts
echo '192.168.121.202 node1' >>/etc/hosts
echo '192.168.121.203 node2' >>/etc/hosts
# 3. 配置 selinux
sed -i 's/SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0
# 4. 配置防火墙
systemctl stop firewalld && systemctl disable firewalld
# 5. 配置时钟同步
yum -y install chrony
sed -i 's/^server/#&/g' /etc/chrony.conf
sed -i '2a server time.windows.com iburst' /etc/chrony.conf
# 6. 永久关闭交换分区
sed -i 's/^[^#].*swap.*/#&/g' /etc/fstab
swapoff -a
# 7. 安装基础软件
yum -y install wget expect vim net-tools ntp bash-completion ipvsadm ipset jq iptables conntrack sysstat libseccomp
# 8. 安装 docker 的必备软件
yum -y install yum-utils device-mapper-persistent-data lvm2
# 9. 添加 docker 源,安装 docker-ce
yum-config-manager --add-repo=https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce-18.06.1.ce-3.el7
# 10. 设置 docker 启动和开机启动
systemctl start docker && systemctl enable docker
# 11. 配置 docker 镜像加速器
cat >/etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
}
EOF
# 12. 重新启动 docker 确保 docker 镜像加速器能正常工作
systemctl daemon-reload && systemctl restart docker
# 13. 加载 IPVS 模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
# 14. 内核参数优化
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp.keepaliv.probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp.max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp.max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.top_timestamps = 0
net.core.somaxconn = 16384
EOF
# 15. 内核参数生效
sysctl --system
# 16. 配置 k8s 源,安装 k8s
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.19.0-0 kubeadm-1.19.0-0 kubectl-1.19.0-0
# 17. 配置和启动 kubelet
cat >/etc/sysconfig/kubelet << EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
systemctl daemon-reload
systemctl restart kubelet && systemctl enable kubelet
# (node1 和 node2 执行到此处)
# 18. 节点初始化(仅 master 节点操作)
kubeadm init --kubernetes-version=1.19.0 --apiserver-advertise-address=192.168.121.201 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
上面命令执行成功后将 master 节点初始化后显示的命令在 node 节点执行,然后 master 节点执行 kube-flannel.yml 文件。
命令为:kubectl apply -f kube-flannel.yml
执行后等待数分钟 master 节点执行 kubectl get node 查看到如下所示:
接下来执行两个 yml 文件
kubectl create -f execute.yml
kubectl create -f kubernetes-dashboard.yml
删除旧证书创建新证书
kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard
kubectl create secret generic kubernetes-dashboard-certs --from-file=/etc/kubernetes/pki/apiserver.key --from-file=/etc/kubernetes/pki/apiserver.crt -n kubernetes-dashboard
然后在此处添加内容:
- --tls-key-file=apiserver.key
- --tls-cert-file=apiserver.crt
添加后执行此命令:kubectl apply -f kubernetes-dashboard.yml
最后执行:kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
上条命令执行后会生成一条长串的 token 值,将 token 值复制然后用浏览器访问 master 的 IP 加上端口号。登录选项选择 token 登录,然后将复制的 token 粘贴
注:配置文件里的端口号为 30001(该端口可修改)
登录后的界面如下所示:
文章涉及的yml文件如下: