K8S集群搭建
常用指令
# 创建资源,直接用指令创建
kubectl run k8s-demo-deployment --image=edisonsaonian/k8s-demo:latest --replicas=2 --namespace=aspnetcore
# 创建资源,通过YAML配置文件创建
kubectl apply -f k8s-demo-deployment.yaml
安装部署
- 部署三台虚拟机,分别分配2CPU,2G内存。
可以先部署一台,然后克隆两台,一台master,两台node。
三台都要做的一些配置操作如下
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
# 关闭swap => K8S中不支持swap分区,即编辑etc/fstab将swap那一行注释掉或者删除掉
vi /etc/fstab
#将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
- 三台都要安装的内容
# 获取docker软件源信息
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
# 更新yum
yum update
# 安装docker最新版
yum -y install docker-ce
# 设置开机启动和启动docker服务
systemctl enable docker && systemctl start docker
# 验证是否安装成功
docker version
#配置镜像加速器,重启docker
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://zmnwbg20.mirror.aliyuncs.com"]
}
EOF
# 重新加载和重新启动
systemctl daemon-reload
systemctl restart docker
# 添加k8s软件源信息
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#安装kubelet kubeadm kubectl,--nogpgcheck表示跳过公钥检查
yum install -y kubelet kubeadm kubectl --nogpgcheck
#设置开机启动
systemctl enable kubelet
- master初始化
#master初始化,注意要改成自己master的ip
kubeadm init --apiserver-advertise-address=192.168.43.128 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.19.3 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
初始化成功后会显示以下内容,后面会用到
# 根据成功后的提示执行以下命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 这是你就可以使用kubectl查看状态了
[root@192 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.43.128 NotReady master 3h16m v1.19.3
执行成功后可以查看下docker镜像是否已经拉取下来了
[root@192 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-proxy v1.19.3 cdef7632a242 2 weeks ago 118MB
registry.aliyuncs.com/google_containers/kube-apiserver v1.19.3 a301be0cd44b 2 weeks ago 119MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.19.3 9b60aca1d818 2 weeks ago 111MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.19.3 aaefbfa906bd 2 weeks ago 45.7MB
registry.aliyuncs.com/google_containers/etcd 3.4.13-0 0369cf4303ff 2 months ago 253MB
registry.aliyuncs.com/google_containers/coredns 1.7.0 bfe3a36ebd25 4 months ago 45.2MB
registry.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 8 months ago 683kB
master部署Pod网络插件(CNI)
[root@192 ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
#有可能会报错 信息如下:
The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port?
#报错原因:外网不可访问
#解决方法:在https://www.ipaddress.com/查询raw.githubusercontent.com的真实IP。然后在/etc/hosts中添加主机ip映射信息
sudo vim /etc/hosts
199.232.68.133 raw.githubusercontent.com
# 如果还是不行可以换个flannel连接
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 如果还是不行,可以直接用docker拉取,注意对应版本。
docker pull quay.io/coreos/flannel:v0.13.0
# 以下指令可以验证pod是否全部Running
kubectl get pods -n kube-system
# 如果其中有的Pod没有Running,可以通过以下命令查看具体错误原因,比如这里我想查看kube-flannel-ds-amd64-8bmbm这个pod的错误信息
kubectl describe pod kube-flannel-ds-amd64-8bmbm -n kube-system
# 最后如果pod全部是Running状态,则master节点的状态就会从NotReady变为Ready了。
[root@192 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.43.128 Ready master 3h16m v1.19.3
这时Master节点部署结束了。如果你只想要一个单节点的K8S,那么这里就完成了部署了。
- Node节点加入
在两台Node节点上执行join命令,就是master初始化成功后提示的指令:
kubeadm join 192.168.43.128:6443 --token fi6s5p.r7fp5pflmb2xv33t --discovery-token-ca-cert-hash sha256:4e3d596c6d3966dd4b01db5cec68affb2f0759f43822a396b1033a37db8e89b7
这时,我们在master节点上执行以下命令可以看到集群各个节点的状态了:
[root@192 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.43.128 Ready master 7h54m v1.19.3
192.168.43.130 Ready <none> 5h53m v1.19.3
192.168.43.132 Ready <none> 5h53m v1.19.3
测试Kubernetes集群
在Kubernetes集群中创建一个pod,验证是否可以正常运行:
# deployment的方式创建一个nginx的pod
[root@192 ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
# 检测是否创建成功
[root@192 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-sx4zr 1/1 Running 0 25s
# NodePort的方式对外暴露端口号
[root@192 ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
# 查看节点映射的端口号
[root@192 ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-sx4zr 1/1 Running 0 39s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 8h
service/nginx NodePort 10.1.88.114 <none> 80:30810/TCP 8s
最后在浏览器上打开{节点1/2的IP地址:端口号}
安装Dashboard
#查看github,用到的镜像有两个dashboard:v2.0.0-beta4、metrics-scraper:v1.0.1
docker pull kubernetesui/dashboard:v2.0.0-beta4
docker pull kubernetesui/metrics-scraper:v1.0.1
# 拉取yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
修改recommended.yaml文件,为了方便访问,修改kubernetes-dashboard的Service定义,指定Service的type类型为NodeType,指定nodePort端口
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort # 改成NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 31001 # 指定nodePort端口
selector:
k8s-app: kubernetes-dashboard
通过该yaml文件来创建dashboard
kubectl apply -f recommended.yaml
查看token,登录的时候会用到
kubectl describe secret/$(kubectl get secret -n kube-system |grep admin|awk '{print $1}') -n kube-system