使用kubeadm手动安装Kubernetes(附带Dashboard)
一、环境准备
此处说明:由于初衷是为搭建kubernetes之后再深入学习各组件,所以没有采用高可用集群的方式。
在VMware workstations或者virtualbox上新建两台vm,过程省略,信息如下:
| 主机IP | 主机名 | 配置 | 系统及版本 |
|---|---|---|---|
| 192.168.56.101 | k8s-master | 2C2G | CentOS 7.5 |
| 192.168.56.102 | k8s-node01 | 2C2G | CentOS 7.5 |
二、初始化(master和node节点)
1.修改主机名:
echo k8s-master > /etc/hostname
hostname k8s-master
echo k8s-node01 > /etc/hostname
hostname k8s-node01
2.互相解析:
cat >> /etc/hosts << EOF
192.168.56.101 k8s-master
192.168.56.102 k8s-node01
EOF
3.关闭firewalld和selinux服务并禁止自启动:
systemctl stop firewalld && systemctl disable firewalld
yum -y install wget vim net-tools ntpdate
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
查看是否生效:
getenforce
systemctl stop NetworkManager
systemctl disable NetworkManager
4.时间同步:
ntpdate ntp.api.bz
5.关闭交换分区:
swapoff -a
验证:
free -m
注释swap那行
vim /etc/fstab
/dev/mapper/centos-root / xfs defaults 0 0
UUID=1a8d8bb7-ec38-4eb5-aa30-82fdaa372cb8 /boot xfs defaults 0 0
#/dev/mapper/centos-swap swap swap defaults 0 0
6.修改内核参数
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
二、搭建kubernetes(master+node节点)
1.配置阿里yum源
配置阿里docker源:
cat >> /etc/yum.repos.d/docker.repo <<EOF
[docker-repo]
name=Docker Repository
baseurl=http://mirrors.aliyun.com/docker-engine/yum/repo/main/centos/7
enabled=1
gpgcheck=0
EOF
配置阿里kubernetes源:
cat >> /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
可以清理yum缓存并重制:
yum clean all && yum makecache
2.安装kubeadm并相关工具
yum install -y docker --disableexcludes=docker-repo
systemctl enable docker && systemctl start docker
检查docker服务是否正常开启:
systemctl status docker
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet
检查kubelet服务是否正常开启(正常情况下是没有启动的):
systemctl status kubelet
3.初始化kubeadm集群环(master节点上执行)
获取真实版本:
kubectl version
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.18.0
注意:--kubernetes-version 使用机器上安装的真实版本
安装完成后记录一下,总之看到successfully表示ok了
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.0.2.11:6443 --token 2y8c3v.97pxftrwzva9kui1 \
--discovery-token-ca-cert-hash sha256:5bd046ec3aa9c04b5f73cdcf4ca5b6e6e76e7c5a2de9306755159ff95ee87961
配置kube的环境变量:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
获取节点状态
kubectl get nodes
AME STATUS ROLES AGE VERSION
k8s-master NotReady master 110m v1.18.0
#状态是Notready,在等待网络的加入
kubectl get pod -n kube-system #看到有2个pod处于pending
NAME READY STATUS RESTARTS AGE
coredns-7ff77c879f-5rtkq 0/1 Pending 0 110m
coredns-7ff77c879f-p8xls 0/1 Pending 0 110m
etcd-k8s-master 1/1 Running 0 111m
kube-apiserver-k8s-master 1/1 Running 0 111m
kube-controller-manager-k8s-master 1/1 Running 0 111m
kube-proxy-zblcv 1/1 Running 0 110m
kube-scheduler-k8s-master 1/1 Running 0 111m
4.在master节点安装flannel网络
网络能FQ:
kubectl apply -f https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml
反之则:
wget https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
执行成功:
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
kubectl get pod -n kube-system
#看到所有的pod都处于running状态,可能因为机器配置不同,有快有慢。
NAME READY STATUS RESTARTS AGE
coredns-7ff77c879f-5rtkq 1/1 Running 0 3h2m
coredns-7ff77c879f-p8xls 1/1 Running 0 3h2m
etcd-k8s-master 1/1 Running 0 3h2m
kube-apiserver-k8s-master 1/1 Running 0 3h2m
kube-controller-manager-k8s-master 1/1 Running 0 3h2m
kube-flannel-ds-amd64-vsbjl 1/1 Running 0 3m13s
kube-proxy-zblcv 1/1 Running 0 3h2m
kube-scheduler-k8s-master 1/1 Running 0 3h2m
5.将node节点加入到集群
kubeadm join 172.0.2.11:6443 --token 2y8c3v.97pxftrwzva9kui1 --discovery-token-ca-cert-hash sha256:\
5bd046ec3aa9c04b5f73cdcf4ca5b6e6e76e7c5a2de9306755159ff95ee87961
加入成功的提示:
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
三、安装Dashboard(master节点)
1.下载Dashboard并安装
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml
执行结果:
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/kubernetes-metrics-scraper created
kubectl get pods --namespace=kubernetes-dashboard #查看创建的namespace
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-84b6b4578b-bljwt 1/1 Running 0 64s
kubernetes-metrics-scraper-86f6785867-pkc9k 1/1 Running 0 64s
kubectl get service --namespace=kubernetes-dashboard #查看端口映射关系
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.1.82.253 <none> 8000/TCP 68s
kubernetes-dashboard ClusterIP 10.1.203.153 <none> 443/TCP 68s
2.修改service配置文件
kubectl edit service kubernetes-dashboard --namespace=kubernetes-dashboard
spec:
clusterIP: 10.1.203.153
externalTrafficPolicy: Cluster
ports:
- nodePort: 32591
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
重点注意:
- 添加 type: nodePort
- 修改 nodePort: 32591(你想映射的端口)
3.在master节点上创建dashboard admin-token
创建配置文件:
cat >/root/admin-token.yaml<<EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: admin
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
EOF
创建admin-token用户:
kubectl apply -f admin-token.yaml
结果提示:
clusterrolebinding.rbac.authorization.k8s.io/admin created
serviceaccount/admin created
3.获取token字符串
kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system
记录下:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Im9NX2dSMDFIOWVFMXpnZ0FMNGVpMmYtclFmNlBZd2RCUTZFa1l0dG5mZWcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1ubGtrNSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjcwM2RiMDhiLTRiNWQtNDFmOS1hZjI4LTMzYjI2M2ZhYTE5OSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.rh_9-Oj4fxGdSDbpNSgHJBXW54UGGunaa3FED43wV4ozL67xwUes_r1W6wPzz4LEqwm5aK4gpj5gQU8gb_NMamQ0Ft7c0mWZvitx6KwFboQeeEbKGjPT_1rMNvB3gt2_dCoISriCNAgi9bVu3S_wQJIavjvBM4MDRuz3CfTNkj-Ce0AOUeBFxBAwB5oKnfcxbzd6qzckMkG_lx7BdDHxcwfImwsYLE4Bw5BFiTFwogvMIb9uM4mu46fRS3K5QHSOiVYk21aX_blIxta5DZNSrEUrE5iothF0Jn2_NQ5J5Nih02l0gSCAgerFxGo7Spvp743NIgb4NvRpcG6yuRFafA
4.登陆dashboard并使用token方式
注意:最后一坑,由于Google chrome安全认证问题,所以首次只能用firefox并添加例外
效果图:
