Kubernetes+Dashboard安装部署

SmallTeena_2d0f · · 350 次点击 · · 开始浏览    
这是一个创建于 的文章,其中的信息可能已经有所发展或是发生改变。

部署安装:

1)原密码编译安装,golang编译环境
2)二进制安装 文档 全程手动,ansible版,saltstak版
3)kubeadm 安装 网络要求. 1.0~1.14
4)minikube 开发者学习
5)yum 安装 1.5.2
本文采用kubeadm 安装、

一、(在 master 节点和 node 节点都要执行)Docker安装;**

1. 安装依赖包**

yum install -y yum-utils device-mapper-persistent-data lvm2

2. 设置Docker源**

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

3. 安装Docker**

卸载旧版本
# 在 master 节点和 worker 节点都要执行
yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
#安装新的版本
yum install docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io

4. 启动Docker**

 systemctl enable docker
 systemctl start docker

二、(在 master 节点和 node 节点都要执行)k8s安装准备工作;**

1. 配置K8S的yum源**

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2. 关闭 防火墙、SeLinux、swap**

systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
swapoff -a
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak |grep -v swap > /etc/fstab

3. ****修改 /etc/sysctl.conf**

向其中添加
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#执行命令以应用
sysctl -p

三、(在 master 节点和 node 节点都要执行)k8s安装;**

1. ****安装kubelet、kubeadm和kubectl**

安装三个包
#版本查看
yum list kubelet --showduplicates | sort -r
安装
yum -y install kubeadm-1.14.2 kubectl-1.14.2 kubelet-1.14.2 kubernetes-cni-0.7.5

2. ****kubelet命令补全**

echo "source <(kubectl completion bash)" >> ~/.bash_profile
source ~/.bash_profile

3. ****镜像脚本编写以及镜像下载**

Kubernetes几乎所有的安装组件和Docker镜像都放在goolge自己的网站上,直接访问可能会有网络问题,这里的解决办法是从阿里云镜像仓库下载镜像,拉取到本地以后改回默认的镜像tag。

vim image.sh

#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.14.2
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
  docker pull $url/$imagename
  docker tag $url/$imagename k8s.gcr.io/$imagename
  docker rmi -f $url/$imagename
done

url为阿里云镜像仓库地址,version为安装的kubernetes版本。
镜像下载
运行脚本image.sh,下载指定版本的镜像,运行脚本前先赋权。
chmod u+x image.sh
./image.sh
docker images


image

四、Master-k8s初始化 **

1. **** 初始化**

 kubeadm init --apiserver-advertise-address 172.16.214.210 --pod-network-cidr=10.244.0.0/16               
#(apiserver-advertise-address指定master的interface,pod-network-cidr指定Pod网络的范围,这里使用flannel网络方案。)
#记录kubeadm join的输出,后面需要这个命令将各个节点加入集群中。
#检查初始化操作
kubectl get nodes

2. ****加载环境变量**

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source .bash_profile
mkdir -p$HOME/.kube
cp -i /etc/kubernetes/admin.conf$HOME/.kube/config
chown $(id -u):$(id -g)$HOME/.kube/config

3. ****安装pod网络**

 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

五、Node节点-k8s**

1. ****在node节点上分别执行如下操作**

kubeadm join 172.16.214.210:6443 --token 2rsan2.km04r9m1idhrk96s --discovery-token-ca-cert-hash sha256:0350d7a8d4b9acdfb0aa8054caa9a790f57a5335b8c32f810035c0fa4e2d0eaf

2. 如果对应的令牌失效,可以创建新的令牌**

2.1 查看令牌**

[root@master ~]# kubeadm token list
发现之前初始化时的令牌已过期

2.3. 生成新的令牌**

[root@master ~]# kubeadm token create1zl3he.fxgz2pvxa3qkwxln

2.3. 生成新的加密串**

[root@master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \openssl dgst -sha256 -hex | sed's/^.* //'

六、Dashboard安装**

1、配置yaml**


# ------------------- Dashboard Secret ------------------- #

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque

---
# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system

---
# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
rules:
  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create"]
  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["create"]
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
- apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

---
# ------------------- Dashboard Deployment ------------------- #

kind: Deployment
apiVersion: apps/v1beta2
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
      - name: kubernetes-dashboard
        image: 172.16.214.210:5000/zhangxl/dashboard:v1.8.3
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
          - --apiserver-host=https://172.16.214.210:6443
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
          # Create on-disk volume to store exec logs
        - mountPath: /tmp
          name: tmp-volume
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - nodePort: 30030
      port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
---
# ------------------- dashboard-admin ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin

说明
  #  1、image: k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 (换成自己的images)
  #  2、这里我们使用NotePort暴露dashboard服务在主机的30030端口上

2、新增管理员帐号**

cat >> kubernetes-dashboard.yaml << EOF
# ------------------- dashboard-admin ------------------- #
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
EOF

说明
#创建超级管理员的账号用于登录Dashboard

3、部署访问**

3.1 部署Dashboard**

kubectl create-f kubernetes-dashboard.yaml

3.2 状态查看**

[root@master ~]# kubectl get deployment kubernetes-dashboard -n kube-system
[root@master ~]# kubectl get pods -n kube-system -o wide
[root@master ~]# kubectl get services -n kube-system

3.3 令牌查看**

kubectl describe secrets -n kube-system dashboard-admin

#令牌是
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4ta200N3QiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZTQ2ZGIwY2QtZmNiMy0xMWVhLTlmOTctMDA1MDU2MmE5MzUyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.QURorWGAqPYn4LnPby8XiN5DhkgtfrY3e4imw2T_lKoVZ6xyXSZEUqW3wPvQTHw0Kaz9Jvz2Y9qX1pHH7SucAGnMzZ3VWtNz2TB7zr1vpQz4JL7nScXCmRyWeaQZIpc5qF_SPnM5CyHzeXBlH8tJCzsMN5F88q3dr1mXsZpk4oKSvqsOqUUa4Z-NBarmgOmWtiNmPndvnwmwNMjoprRMKU_pWg2WE4-GyqHGqMWwSnRWo0hEY0WuRLACYXGcuTG7a-JAceJlBee30UOkR0YjzwBrVcS7NHVOYMmkyDr_eii45YNsxIe2R4sB6ywWOkWF-8S1CvM472WWg7GrwlQoBA
image.png

3.4 访问**

https://172.16.214.210:30030

image.png

image.png


有疑问加站长微信联系(非本文作者)

本文来自:简书

感谢作者:SmallTeena_2d0f

查看原文:Kubernetes+Dashboard安装部署

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

350 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传