参考:https://www.cnblogs.com/caoxb/p/11243472.html
部署需要的脚本下载
git clone https://gitee.com/liuyueming/k8s-kubeadm.git
部署虚拟机规划
192.168.1.11 k8s-master 192.168.1.12 k8s-node1 192.168.1.13 k8s-node2
备注:第1步~第8步,所有的节点都要操作,第9、10步Master节点操作,第11步Node节点操作。
如果第9、10、11步操作失败,可以通过 kubeadm reset 命令来清理环境重新安装。
1,关闭防火墙
systemctl stop firewalld systemctl disable firewalld
2,关闭selinux
setenforce 0
修改
/etc/selinux/config
修改
SELINUX=disabled
3,关闭swapoff
swapoff -a
查看是否关闭
free
4,设置主机名和hosts
修改主机名并修改/etc/hosts
192.168.1.11 k8s-master 192.168.1.12 k8s-node1 192.168.1.13 k8s-node2
5,将桥接的IPV4流量传递到iptables的链
#cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF #sysctl --system
6,安装docker
设置国内源并且安装
# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O/etc/yum.repos.d/docker-ce.repo #yum -y install docker-ce-18.06.1.ce-3.el7
启动
#systemctl enable docker #systemctl start docker
查看版本
docker info
7,添加阿里云YUM软件源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
8,安装kubeadm,kubelet和kubectl
在部署kubernetes时,要求master node和worker node上的版本保持一致,否则会出现版本不匹配导致奇怪的问题出现。本文将介绍如何在CentOS系统上,使用yum安装指定版本的Kubernetes。
本次指定安装1.15.0版本
yum -y install kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
9,部署kubernetes master
初始化kubeadm
kubeadm init --apiserver-advertise-address=192.168.1.11 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.15.0 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
PS:--apiserver-advertise-address参数指定master主机ip
--image-repository指定源为阿里云
--kubernetes-version指定版本号
--service-cidr#指定proxy的网段
--pod-network-cidr指定pod的网段
出现以下提示表示初始化正确
建议至少2 cpu ,2G
查看镜像
docker images
使用kubectl工具,按照提示执行以下命令
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
设置自启动
systemctl status kubelet systemctl start kubelet
PS:kubeadm不是需要开机启动kubelet否则集群不启动
下面可以使用kubectl命令了
kubectl get node
是没有准备状态
10,安装Pod网络插件
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
如提示无法无法连接设置host
151.101.72.133 raw.githubusercontent.com
查看部署是否成功
kubectl get pods -n kube-system
如果下载镜像或者其他原因导致没有正常running可以删除在试一次
kubectl delete -f kube-flannel.yml
等一会再查看
master处于准备好状态
如果安装失败了重新清理环境再次安装
kubeadm reset
需要输入y确定
11,node加入集群
在node节点输入
kubeadm join 192.168.1.11:6443 --token xzkdip.74o642dhjuuw68ud
--discovery-token-ca-cert-hash sha256:d695ea721c93c54c38579f69ac8f4e2adec3c7b457f75bc6689e806ad39d1b81
通过master节点查看node发现已经加入集群
如果没有显示Ready状态可以在master查看
两个node节点的flannel需要显示Running状态如果是其他错误状态可能是网络原因导致镜像未下载,需要在node节点重置一下再运行加入集群命令
kubeadm reset
12,测试kubernetes集群
在master上面创建运行
#创建一个deployment名称为nginx使用镜像未nginx kubectl create deployment nginx --image=nginx #创建一个service对应的deloyment为nginx 集群内部端口为80对外使用NodePort暴露端口 kubectl expose deployment nginx --port=80 --type=NodePort #查看pod和svc kubectl get pod,svc
如果pod无法启动可以使用以下命令查看日志判断原因,最后参数为pod名称
kubectl describe pod nginx-554b9c67f9-9kv6x
通过web页面访问
http://192.168.1.11:30130/
13,安装dashboard
下载dashboard.yaml
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
修改
修改后的文档内容
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ------------------- Dashboard Secret ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
#image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
image: lizhenliang/kubernetes-dashboard-amd64:v1.10.1
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
修改以后安装
kubectl apply -f kubernetes-dashboard.yaml
查看是否运行
kubectl get pods -n kube-system
启动了30001端口
需要使用https访问
https://192.168.1.12:30001/
页面不信任
使用令牌登录,下面创建用户和生成令牌
创建面向应用的用户
kubectl create serviceaccount dashboard-admin -n kube-system
集群角色绑定,设置最高的管理员权限
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
获取登录的token令牌
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
