K8S练习环境搭建

一、环境准备

规划：

机器角色	IP地址	操作系统
master01	192.168.10.1	Centos 7
node01	192.168.10.2	Centos 7
node02	192.168.10.3	Centos 7

#域名解析
cat <<EOF>> /etc/hosts
192.168.10.1 master01
192.168.10.2 node01
192.168.10.3 node02
EOF
#关闭防火墙
systemctl stop firewalld
#关闭防火墙开机启动
systemctl disable firewalld
#禁用SELinux
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
#禁用虚拟内存
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
#网桥模块加载
lsmod | grep br_netfilter #确认是否有加载此模块
sudo modprobe br_netfilter  #没有的话可以先加载
#将桥接的IPv4流量传递到iptables的链
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
#让流量传递生效
sudo sysctl --system

二、安装docker

sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo   https://download.docker.com/linux/centos/docker-ce.repo

yum install -y docker-ce-cli-19.03.15 docker-ce-19.03.15
sudo mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
  "registry-mirrors": ["https://kcniy8yf.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl enable docker

三、配置kubernetes源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
               http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all  
yum makecache  
yum repolist

四、安装kubeadm、kubelet、kubectl

yum install -y kubeadm-1.20.0 kubelet-1.20.0 kubectl-1.20.0
#开机启动kubelet
systemctl enable kubelet

五、初始化master（只在master上执行）

kubeadm init --pod-network-cidr=172.16.0.0/16 --image-repository registry.aliyuncs.com/google_containers

添加kubectl命令的变量
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#将master的config复制到node上

要先在node上创建目录：mkdir -p $HOME/.kube（node上执行）
scp ~/.kube/config node01:~/.kube/

六、安装网络插件

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

无法下载时，从下面链接获取：

链接：https://pan.baidu.com/s/18jy3zVEQzr43pzzFRiZ6tA 
提取码：cpca

七、初始化node（两台node上执行）

#将node节点添加到集群，这里只是做一个比方，需使用初始化master返回的命令；token在24小时后就会失效，需要重新生成
kubeadm join 192.168.88.128:6443 --token oul15r.kcl5ux4frlibgt46 \
    --discovery-token-ca-cert-hash sha256:2cfa90b32e031a28d0cc0019af51597a98258be101cd23e9bc399139e4965877

八、其它

#重新生成token
kubeadm token create --print-join-command

#给node增加roles
kubectl label nodes node01 node-role.kubernetes.io/node01=                  第一个node01为要增加node的name，第二个node01为roles

九、dashboard安装

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard     把负载均衡类型从ClusterIP修改为NodePort，方便直接访问。

kubectl get svc -n kubernetes-dashboard     查看登录方式Node ip+暴露的端口，如https://192.168.10.1:30910/

创建账号：

cat dashboard-admin.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

kubectl apply -f dashboard-admin.yaml

查看token令牌：

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

使用https://192.168.10.1:30910/进行登录，选择token，然后填入上述获取到的token即可成功登录。