Kubernetes搭建一主二从
1、环境准备规划
主机操作系统CentOS7.9
192.168.4.91 master01
192.168.4.92 work01
192.168.4.93 work02
2、设置主机名
[root@localhost ~]# hostnamectl set-hostname master01 [root@localhost ~]# hostnamectl set-hostname work01 [root@localhost ~]# hostnamectl set-hostname work02
3、设置hosts文件,原有的hosts文件不要删除
[root@localhost ~]# vi /etc/hosts 192.168.4.91 master01 192.168.4.92 work01 192.168.4.93 work02
4、设置yum源,安装相关软件包
设置yum源
[root@localhost ~]# cd /etc/yum.repos.d/ [root@localhost ~]# mkdir bak [root@localhost ~]# mv *.repo bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
安装软件包
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp
5、设置防火墙
关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
重置iptables
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
关闭swap
swapoff -a sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
关闭selinux
setenforce 0 systemctl disable firewalld vi /etc/selinux/config SELINUX=disabled
关闭dnsmasq
service dnsmasq stop systemctl disable dnsmasq
6、设置系统参数
cat > /etc/sysctl.d/kubernetes.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness = 0 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 EOF
文件生效
sysctl -p /etc/sysctl.d/kubernetes.conf
7、设置时间同步
yum install ntpdate -y
ntpdate time.windows.com
8、加载 br_netfilter模块
[root@localhost yum.repos.d]# modprobe br_netfilter [root@localhost yum.repos.d]# lsmod | grep br_netfilter br_netfilter 22256 0 bridge 151336 1 br_netfilter
9、安装docker
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install docker-ce
开机启动
systemctl enable docker && systemctl start docker
10、设置镜像加速器
配置镜像加速器 cat > /etc/docker/daemon.json << EOF { "registry-mirrors": ["https://j75wwuc0.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"] } EOF
11、安装kubeadm,kubectl、kubelet(所有节点)
配置yum
cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
安装软件包,高版本的不支持docker
yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0
开机启动
systemctl enable kubelet && systemctl start kubelet
12、初始化master节点,只是在master节点执行
kubeadm init --apiserver-advertise-address=192.168.4.91 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.19.0 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all
初始化完成后出现一下提示信息
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.4.91:6443 --token ghf97f.zl8vayhlgjaq5wqr \ --discovery-token-ca-cert-hash sha256:5344809968b7a3383a13fdd299c6267b46c57fc7bac53dd118f6361c711b835b
按照提醒,执行命令,master节点
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看节点一
kubectl get node NAME STATUS ROLES AGE VERSION master01 NotReady master 10m v1.19.0
13、加入node节点,在两个node节点执行
kubeadm join 192.168.4.91:6443 --token ghf97f.zl8vayhlgjaq5wqr \ --discovery-token-ca-cert-hash sha256:5344809968b7a3383a13fdd299c6267b46c57fc7bac53dd118f6361c711b835b
在主节点执行查看
[root@master01 ~]# kubectl get node NAME STATUS ROLES AGE VERSION master01 NotReady master 12m v1.19.0 work01 NotReady <none> 65s v1.19.0 work02 NotReady <none> 44s v1.19.0
生成的token只有24小时,过期以后得重新生成
kubeadm token create
kubeadm token list
14、部署容器网络
下载文件,下载对应版本的yaml文件,否则会报错
[root@master01 ~]#curl https://docs.projectcalico.org/v3.20/manifests/calico.yaml -O
修改文件
vi calico.yaml
修改这个地方,地址为初始化的时候,--pod-network-cidr=10.244.0.0/16
修改后
此处注意上下文要对齐不能有空格,否则报错!!!!!!!!!!!
执行命令安装
[root@master01 ~]# kubectl apply -f calico.yaml
安装成功
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org configured customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org configured customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org configured customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org configured customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org configured clusterrole.rbac.authorization.k8s.io/calico-kube-controllers unchanged clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers unchanged clusterrole.rbac.authorization.k8s.io/calico-node unchanged clusterrolebinding.rbac.authorization.k8s.io/calico-node unchanged daemonset.apps/calico-node created serviceaccount/calico-node unchanged deployment.apps/calico-kube-controllers created serviceaccount/calico-kube-controllers unchanged poddisruptionbudget.policy/calico-kube-controllers created
查看状态
[root@master01 ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-577f77cb5c-c82gr 1/1 Running 0 5m21s calico-node-5k47s 1/1 Running 0 5m21s calico-node-n9kvg 1/1 Running 0 5m21s calico-node-rbpkm 1/1 Running 0 5m21s coredns-6d56c8448f-dnmhj 1/1 Running 0 147m coredns-6d56c8448f-l49sd 1/1 Running 0 147m etcd-master01 1/1 Running 0 147m kube-apiserver-master01 1/1 Running 0 147m kube-controller-manager-master01 1/1 Running 0 147m kube-proxy-mlwjh 1/1 Running 0 136m kube-proxy-pzglf 1/1 Running 0 147m kube-proxy-xfb2l 1/1 Running 0 136m kube-scheduler-master01 1/1 Running 0 147m
查看节点状态
[root@master01 ~]# kubectl get node NAME STATUS ROLES AGE VERSION master01 Ready master 149m v1.19.0 work01 Ready <none> 137m v1.19.0 work02 Ready <none> 137m v1.19.0
15、安装Dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
修改配置文件
vi recommended.yaml
修改这个地方
spec: ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
加一行,type: NodePort
spec: ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard type: NodePort
执行(master节点)
[root@master01 ~]# kubectl apply -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
查看容器是否启动
[root@master01 ~]# kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-7b59f7d4df-6jfhh 1/1 Running 0 87s kubernetes-dashboard-5dbf55bd9d-5bqxs 1/1 Running 0 88s
查看端口
[root@master01 ~]# kubectl get pods,svc -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE pod/dashboard-metrics-scraper-7b59f7d4df-6jfhh 1/1 Running 0 5h11m pod/kubernetes-dashboard-5dbf55bd9d-5bqxs 1/1 Running 0 5h11m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/dashboard-metrics-scraper ClusterIP 10.1.254.52 <none> 8000/TCP 5h11m service/kubernetes-dashboard NodePort 10.1.133.155 <none> 443:30587/TCP 5h11m
浏览器登陆,用火狐浏览器
创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
授权
[root@master01 ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
执行结果:
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
获取token
[root@master01 ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') Name: dashboard-admin-token-v2dfj Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: e9f37bba-48b2-424c-8877-d02425596fb0 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1066 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ik8wemtVcU5MYXhKc2pDSENfMkx4NEl1dm9sc0psMHpMLVltX1VaelpCNVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdjJkZmoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZTlmMzdiYmEtNDhiMi00MjRjLTg4NzctZDAyNDI1NTk2ZmIwIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.E71Cb3PGywcvF1xCF280TGz3bYrg8aAv7IF8dHAFbw7XOOGSGD9XAs5jKc419wg_f2awkLV2BuNpFvuFlN3ioD3EyZNycnzlpARlV8urbl52unoEbtdLhhHJ9Xi1cf7_vTjELnHrR-W8OXNJJo0eYlNyi8gribFQ3GM86erJ-UDlurCcWSlMpCi0Vrp9v68dGighHDzdsE9MkMe424AfLTjLJz_I4f3iu3SL5bJ0iiw9DKQQUXYgVhYcW-bEeE6nLY2O4mHHSmmT6D-nrXcZElI_CwQAg_Up9NoVEoNhsvvmXoMx9zUBDpYKxJnwoz54qP7pSnNxy1TtcMARXuIsXw
复制token到浏览器,点击登陆
登陆后如下:
16、创建一个pod
使用Deployment控制器部署镜像:
[root@master01 ~]# kubectl create deployment web --image=nginx --replicas=3 deployment.apps/web created
查看创建的pod
[root@master01 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
web-96d5df5c8-lfbgg 1/1 Running 0 2m38s
web-96d5df5c8-nf9tz 1/1 Running 0 2m38s
web-96d5df5c8-tnzt4 1/1 Running 0 2m38s
使用Service将Pod暴露出去
[root@master01 ~]# kubectl expose deployment web --port=80 --target-port=80 --type=NodePort service/web exposed
查看Service
[root@master01 ~]# kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 21h web NodePort 10.1.152.103 <none> 80:32009/TCP 106s
访问测试
17、Yaml文件创建pod
kubectl create 创建新的pod
kubectl apply 创建新的、更新
编写一个yaml文件,创建pod
apiVersion: apps/v1 kind: Deployment metadata: name: web2 spec: replicas: 3 selector: matchLabels: app: nginx2 template: metadata: labels: app: nginx2 spec: containers: - name: nginx image: nginx
apiVersion : API版本,可以通过kubectl api-resource | grep deployment
[root@master01 ~]# kubectl api-resources | grep deployment deployments deploy apps true Deployment
kind : 资源类型
使用yaml创建镜像:
[root@master01 ~]# kubectl apply -f deployment.yaml
deployment.apps/web2 created
查看刚才创建的pod
[root@master01 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE web-96d5df5c8-lfbgg 1/1 Running 2 45h web-96d5df5c8-nf9tz 1/1 Running 2 45h web-96d5df5c8-tnzt4 1/1 Running 2 45h web2-5fc4444698-8h68t 1/1 Running 0 113s web2-5fc4444698-f99kz 1/1 Running 0 113s web2-5fc4444698-jlsp2 1/1 Running 0 113s
18、yaml文件创建service
apiVersion: v1 kind: Service metadata: name: web2 spec: selector: app: nginx2 ports: - protocol: TCP port: 80 targetPort: 80 type: NodePort
selector: nginx2 这个地方是关联的pod的selector
创建service
[root@master01 ~]# kubectl apply -f service.yaml
service/web2 created
查看服务:
[root@master01 ~]# kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 6d20h web NodePort 10.1.156.192 <none> 80:31614/TCP 5d21h web2 NodePort 10.1.136.188 <none> 80:30321/TCP 3d18h
查看service关联的pod
[root@master01 ~]# kubectl get endpoints NAME ENDPOINTS AGE kubernetes 192.168.4.91:6443 6d21h web 10.244.205.205:80,10.244.75.79:80,10.244.75.80:80 5d21h web2 10.244.205.206:80,10.244.205.207:80,10.244.75.78:80 11m
如果要删除service,采用命令
[root@master01 ~]# kubectl delete service web2 service "web2" deleted
