Kubernetes+Dashboard安装部署

SmallTeena_2d0f · · 336 次点击 · · 开始浏览    
这是一个创建于 的文章,其中的信息可能已经有所发展或是发生改变。

部署安装:

1)原密码编译安装,golang编译环境

2)二进制安装 文档 全程手动,ansible版,saltstak版

3)kubeadm 安装 网络要求. 1.0~1.14

4)minikube 开发者学习

5)yum 安装 1.5.2

本文采用kubeadm 安装、

一、(在 master 节点和 node 节点都要执行)Docker安装;

1. 安装依赖包

yum install -y yum-utils device-mapper-persistent-data lvm2

2. 设置Docker源

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

3. 安装Docker

卸载旧版本

# 在 master 节点和 worker 节点都要执行

yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine

yum install docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io

4. 启动Docker

 systemctl enable docker

 systemctl start docker

二、(在 master 节点和 node 节点都要执行)k8s安装准备工作;

1. 配置K8S的yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64

enabled=1

gpgcheck=0

repo_gpgcheck=0

gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg

      http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

2. 关闭 防火墙、SeLinux、swap

systemctl stop firewalld

systemctl disable firewalld

setenforce 0

sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

swapoff -a

yes | cp /etc/fstab /etc/fstab_bak

cat /etc/fstab_bak |grep -v swap > /etc/fstab

3. 修改 /etc/sysctl.conf

向其中添加

net.ipv4.ip_forward = 1

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

#执行命令以应用

sysctl -p

三、(在 master 节点和 node 节点都要执行)k8s安装;

1. 安装kubelet、kubeadm和kubectl

安装三个包

#版本查看

yum list kubelet --showduplicates | sort -r

安装

yum -y install kubeadm-1.14.2 kubectl-1.14.2 kubelet-1.14.2 kubernetes-cni-0.7.5

2. kubelet命令补全

echo "source <(kubectl completion bash)" >> ~/.bash_profile

source ~/.bash_profile

3. 镜像脚本编写以及镜像下载

Kubernetes几乎所有的安装组件和Docker镜像都放在goolge自己的网站上,直接访问可能会有网络问题,这里的解决办法是从阿里云镜像仓库下载镜像,拉取到本地以后改回默认的镜像tag。

vim image.sh

#!/bin/bash

url=registry.cn-hangzhou.aliyuncs.com/google_containers

version=v1.14.2

images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)

for imagename in ${images[@]} ; do

  docker pull $url/$imagename

  docker tag $url/$imagename k8s.gcr.io/$imagename

  docker rmi -f $url/$imagename

done

#url为阿里云镜像仓库地址,version为安装的kubernetes版本。

镜像下载

运行脚本image.sh,下载指定版本的镜像,运行脚本前先赋权。

chmod u+x image.sh

./image.sh

docker images

四、Master-k8s初始化 

1.  初始化

 kubeadm init --apiserver-advertise-address 172.16.214.210 --pod-network-cidr=10.244.0.0/16               

apiserver-advertise-address指定master的interface,pod-network-cidr指定Pod网络的范围,这里使用flannel网络方案。

记录kubeadm join的输出,后面需要这个命令将各个节点加入集群中。

检查初始化操作

kubectl get nodes

2. 加载环境变量

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile

source .bash_profile

mkdir -p$HOME/.kube

cp -i /etc/kubernetes/admin.conf$HOME/.kube/config

chown $(id -u):$(id -g)$HOME/.kube/config

3. 安装pod网络

 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

五、Node节点-k8s

1. 在node节点上分别执行如下操作

kubeadm join 172.16.214.210:6443 --token 2rsan2.km04r9m1idhrk96s --discovery-token-ca-cert-hash sha256:0350d7a8d4b9acdfb0aa8054caa9a790f57a5335b8c32f810035c0fa4e2d0eaf

2. 如果对应的令牌失效,可以创建新的令牌

2.1 查看令牌

[root@master ~]# kubeadm token listTOKEN                    TTL        EXPIRES                    USAGES                  DESCRIPTION                                                EXTRA GROUPSj5eoyz.zu0x6su7wzh752b3    2019-06-04T17:40:41+08:00  authentication,signing  The default bootstrap token generated by'kubeadm init'.  system:bootstrappers:kubeadm:default-node-token

发现之前初始化时的令牌已过期

2.3. 生成新的令牌

[root@master ~]# kubeadm token create1zl3he.fxgz2pvxa3qkwxln

2.3. 生成新的加密串

[root@master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \openssl dgst -sha256 -hex | sed's/^.* //'

五、Dashboard安装

1、配置yaml

# ------------------- Dashboard Secret ------------------- #

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard-certs

  namespace: kube-system

type: Opaque

---

# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1

kind: ServiceAccount

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

rules:

  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.

- apiGroups: [""]

  resources: ["secrets"]

  verbs: ["create"]

  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  verbs: ["create"]

  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.

- apiGroups: [""]

  resources: ["secrets"]

  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]

  verbs: ["get", "update", "delete"]

  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  resourceNames: ["kubernetes-dashboard-settings"]

  verbs: ["get", "update"]

  # Allow Dashboard to get metrics from heapster.

- apiGroups: [""]

  resources: ["services"]

  resourceNames: ["heapster"]

  verbs: ["proxy"]

- apiGroups: [""]

  resources: ["services/proxy"]

  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]

  verbs: ["get"]

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: Role

  name: kubernetes-dashboard-minimal

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Deployment ------------------- #

kind: Deployment

apiVersion: apps/v1beta2

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  replicas: 1

  revisionHistoryLimit: 10

  selector:

    matchLabels:

      k8s-app: kubernetes-dashboard

  template:

    metadata:

      labels:

        k8s-app: kubernetes-dashboard

    spec:

      containers:

      - name: kubernetes-dashboard

        image: 172.16.214.210:5000/zhangxl/dashboard:v1.8.3

        ports:

        - containerPort: 8443

          protocol: TCP

        args:

          - --auto-generate-certificates

          #- --apiserver-host=https://172.16.214.210:6443

        volumeMounts:

        - name: kubernetes-dashboard-certs

          mountPath: /certs

          # Create on-disk volume to store exec logs

        - mountPath: /tmp

          name: tmp-volume

        livenessProbe:

          httpGet:

            scheme: HTTPS

            path: /

            port: 8443

          initialDelaySeconds: 30

          timeoutSeconds: 30

      volumes:

      - name: kubernetes-dashboard-certs

        secret:

          secretName: kubernetes-dashboard-certs

      - name: tmp-volume

        emptyDir: {}

      serviceAccountName: kubernetes-dashboard

      # Comment the following tolerations if Dashboard must not be deployed on master

      tolerations:

      - key: node-role.kubernetes.io/master

        effect: NoSchedule

---

kind: Service

apiVersion: v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  type: NodePort

  ports:

    - nodePort: 30030

      port: 443

      targetPort: 8443

  selector:

    k8s-app: kubernetes-dashboard

###  1、image: k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 (换成自己的images)

###  2、这里我们使用NotePort暴露dashboard服务在主机的30030端口上,、

2、新增管理员帐号

cat >> kubernetes-dashboard.yaml << EOF

---

# ------------------- dashboard-admin ------------------- #

apiVersion: v1

kind: ServiceAccount

metadata:

  name: dashboard-admin

  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  name: dashboard-admin

subjects:

- kind: ServiceAccount

  name: dashboard-admin

  namespace: kube-system

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

EOF

#创建超级管理员的账号用于登录Dashboard

3、部署访问

3.1 部署Dashboard

kubectl create-f kubernetes-dashboard.yaml

3.2 状态查看 

[root@master ~]# kubectl get deployment kubernetes-dashboard -n kube-system

[root@master ~]# kubectl get pods -n kube-system -o wide

[root@master ~]# kubectl get services -n kube-system

3.3  令牌查看

kubectl describe secrets -n kube-system dashboard-admin

令牌为:token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4ta200N3QiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZTQ2ZGIwY2QtZmNiMy0xMWVhLTlmOTctMDA1MDU2MmE5MzUyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.QURorWGAqPYn4LnPby8XiN5DhkgtfrY3e4imw2T_lKoVZ6xyXSZEUqW3wPvQTHw0Kaz9Jvz2Y9qX1pHH7SucAGnMzZ3VWtNz2TB7zr1vpQz4JL7nScXCmRyWeaQZIpc5qF_SPnM5CyHzeXBlH8tJCzsMN5F88q3dr1mXsZpk4oKSvqsOqUUa4Z-NBarmgOmWtiNmPndvnwmwNMjoprRMKU_pWg2WE4-GyqHGqMWwSnRWo0hEY0WuRLACYXGcuTG7a-JAceJlBee30UOkR0YjzwBrVcS7NHVOYMmkyDr_eii45YNsxIe2R4sB6ywWOkWF-8S1CvM472WWg7GrwlQoBA

3.4 访问

https://172.16.214.210:30030



有疑问加站长微信联系(非本文作者)

本文来自:简书

感谢作者:SmallTeena_2d0f

查看原文:Kubernetes+Dashboard安装部署

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

336 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传