一、系统配置(所有节点都需要执行)
1. 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
2. 禁用SELinux
setenforce 0
# 编辑文件/etc/selinux/config,将SELINUX修改为disabled,如下:
SELINUX=disabled
3. 关闭系统Swap
swapoff -a
vim /etc/fstab #注释掉swap相关行即可
# step 1: 安装必要的一些系统工具 sudo yum install -y yum-utils device-mapper-persistent-data lvm2 # Step 2: 添加软件源信息 sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # Step 3: 更新并安装Docker-CE sudo yum makecache fast sudo yum -y install docker-ce-18.06 # Step 4: 开启Docker服务 systemctl enable docker && systemctl docker start
由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # yum install -y kubelet-1.13.3 kubeadm-1.13.3 kubectl-1.13.3 # systemctl enable kubelet && systemctl start kubelet
# cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 EOF # sysctl --system
5. 部署Kubernetes Master
# kubeadm init \ --apiserver-advertise-address=192.168.31.62 \ #api组件监听的ip地址,一般是内网的ip地址 --image-repository registry.aliyuncs.com/google_containers \ #指定镜像仓库,这里是阿里云的地址 --kubernetes-version v1.13.3 \ #k8s的版本 --service-cidr=10.1.0.0/16\ #指定service网络的ip地址段 --pod-network-cidr=10.244.0.0/16 #pod网络,容器使用的ip地址
证书文件路径 /etc/kubernetes/pki
配置文件路径 /etc/kubernetes
静态pod
CoreDNS k8s内部dns解析
kube-proxy 容器之间提供服务发现
使用kubectl工具(默认配置文件读取路径在家目录下.kube文件夹里):
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config # kubectl get nodes
6. 安装Pod网络插件(CNI)
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
确保能够访问到quay.io这个registery。
7. 加入Kubernetes Node
向集群添加新节点,执行在kubeadm init输出的kubeadm join命令:
kubeadm join 192.168.31.64:6443 --token l79g5t.6ov4jkddwqki1dxe --discovery-token-ca-cert-hash sha256:4f07f9068c543130461c9db368d62b4aabc22105451057f887defa35f47fa076
8. 测试kubernetes集群
在Kubernetes集群中创建一个pod,验证是否正常运行:
# kubectl create deployment nginx --image=nginx # kubectl expose deployment nginx --port=80 --type=NodePort # kubectl get pod,svc
9. 部署 Dashboard
# kubectl apply -f
https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
默认镜像国内无法访问,修改镜像地址为: lizhenliang/kubernetes-dashboard-amd64:v1.10.1
默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部:
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30001 selector: k8s-app: kubernetes-dashboard
# kubectl apply -f kubernetes-dashboard.yaml
访问地址:http://NodeIP:30001
创建service account并绑定默认cluster-admin管理员集群角色:
$ kubectl create serviceaccount dashboard-admin -n kube-system $ kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin $ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')