k8s集群部署

三台服务器,操作系统为CentOS7

关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

关闭selinux

sed -i 's/enforcing/disabled/' /etc/selinux/config

关闭swap

swapoff -a

添加主机名与IP对应关系(记得设置主机名)

192.168.157.141 k8s-master
192.168.157.143 k8s-node1
192.168.157.144 k8s-node2

将桥接的IPv4流量传递到iptables的链

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

所有节点安装docker/kubeadm/kubelet

安装docker

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
注意:需先安装container-selinux
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install epel-release
yum install container-selinux
yum -y install docker-ce-18.06.1.ce-3.el7
systemctl enable docker && systemctl start docker
docker --version
添加阿里云yum软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装kubeadm、kubelet、kubectl==》所有节点

安装依赖包

yum install conntrack socat

安装kube

yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
systemctl enable kubelet

部署Kubernetes Master==》cpu至少2个

kubeadm init
--apiserver-advertise-address=192.168.0.3
--image-repository registry.aliyuncs.com/google_containers
--kubernetes-version v1.18.0
--service-cidr=10.1.0.0/16
--pod-network-cidr=10.244.0.0/16
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u)😒(id -g) $HOME/.kube/config
kubectl get nodes
报错1
[root@k8s-master ~]# kubectl get nodes
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
注意:如果你在执行 kubeadm reset命令后没有删除创建的 $HOME/.kube目录,重新创建集群就会出现这个问题!
解决:
rm -fr $HOME/.kube
再执行kubectl get nodes
报错2
kubelet.service: main process exited, code=exited, status=255/n/a
原因,swap没有关闭
解决:
执行swapoff -a命令即可
安装Pod网络插件(CNI)》所有节点执行
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
私有镜像仓库:lizhenliang/flannel:v0.11.0-amd64
加入Kubernetes Node》node节点执行

获取master的join token

kubeadm token create --print-join-command

向集群添加新节点,执行在kubeadm init输出的kubeadm join命令

kubeadm join 192.168.0.3:6443 --token kvzky5.xwnelw9e1m1s01ek
--discovery-token-ca-cert-hash sha256:3676d146b015ff4b6f6f49aaf1a45aca6cdfe09a3bab95387840cac5c00f2039

测试kubernetes集群==》master执行

在Kubernetes集群中创建一个pod,验证是否正常运行:
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc

访问地址:http://NodeIP:Port

一个应用可以扩容多个副本

kubectl scale deployment nginx --replicas=3
并发自然上升三倍,三个副本在提供服务,对于用户来说,只访问一个入口,无需考虑有多少个pod

部署 Dashboard==》node节点执行

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
默认镜像国内无法访问,修改镜像地址为: lizhenliang/kubernetes-dashboard-amd64:v1.10.1
默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:

  • port: 443
    targetPort: 8443
    nodePort: 30001
    selector:
    k8s-app: kubernetes-dashboard
    $ kubectl apply -f kubernetes-dashboard.yaml
    访问地址:http://NodeIP:30001
    创建service account并绑定默认cluster-admin管理员集群角色:
    kubectl create serviceaccount dashboard-admin -n kube-system
    kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
    kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') ==》获取token即令牌
    kubectl get pod,svc -n kube-system
    token:eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHN0cmIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjkwZmQxOTgtZmRkMy00ODY5LTg2OWEtNmJkMmI5YmVhNGYyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.CPLVXwjr95OoCG8AFVMjUEXAhKXt3x41z4azZfTt8wU3ynsBonY52sKxfOFq9o5VlqNEWXlO8Ula8VzeB93O9E7KC1ZlVARCOpFRjILY6xbwXOx0Ts3LhHWa2uaFmPFrBlYAeFQWv0KR13lCLCRmSCu8N2bHgfQmpWEOtR3U8MhnL-qJ8_ivar5qYYlKPDPzwvsGsirzvz0blzgTisVWvZCGGyP1EQ2YP33zJxKmfvFJFUo80bu6GcG6-nf_rF0Jcn7pxjNKg-lGb9zF7YKkoYbOwQ-GpWuhdQQ_usr2C7rckqtDVVI9E0Tx-ESlZgM5rUfK0TkfbHmvpDcsoVqloQ
posted @ 2021-02-20 11:45  霸都运维  阅读(353)  评论(0编辑  收藏  举报