部署安装:
1)原密码编译安装,golang编译环境
2)二进制安装 文档 全程手动,ansible版,saltstak版
3)kubeadm 安装 网络要求. 1.0~1.14
4)minikube 开发者学习
5)yum 安装 1.5.2
本文采用kubeadm 安装、
一、(在 master 节点和 node 节点都要执行)Docker安装;**
1. 安装依赖包**
yum install -y yum-utils device-mapper-persistent-data lvm2
2. 设置Docker源**
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
3. 安装Docker**
卸载旧版本
# 在 master 节点和 worker 节点都要执行
yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
#安装新的版本
yum install docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io
4. 启动Docker**
systemctl enable docker
systemctl start docker
二、(在 master 节点和 node 节点都要执行)k8s安装准备工作;**
1. 配置K8S的yum源**
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2. 关闭 防火墙、SeLinux、swap**
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
swapoff -a
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak |grep -v swap > /etc/fstab
3. ****修改 /etc/sysctl.conf**
向其中添加
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#执行命令以应用
sysctl -p
三、(在 master 节点和 node 节点都要执行)k8s安装;**
1. ****安装kubelet、kubeadm和kubectl**
安装三个包
#版本查看
yum list kubelet --showduplicates | sort -r
安装
yum -y install kubeadm-1.14.2 kubectl-1.14.2 kubelet-1.14.2 kubernetes-cni-0.7.5
2. ****kubelet命令补全**
echo "source <(kubectl completion bash)" >> ~/.bash_profile
source ~/.bash_profile
3. ****镜像脚本编写以及镜像下载**
Kubernetes几乎所有的安装组件和Docker镜像都放在goolge自己的网站上,直接访问可能会有网络问题,这里的解决办法是从阿里云镜像仓库下载镜像,拉取到本地以后改回默认的镜像tag。
vim image.sh
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.14.2
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
url为阿里云镜像仓库地址,version为安装的kubernetes版本。
镜像下载
运行脚本image.sh,下载指定版本的镜像,运行脚本前先赋权。
chmod u+x image.sh
./image.sh
docker images
image
四、Master-k8s初始化 **
1. **** 初始化**
kubeadm init --apiserver-advertise-address 172.16.214.210 --pod-network-cidr=10.244.0.0/16
#(apiserver-advertise-address指定master的interface,pod-network-cidr指定Pod网络的范围,这里使用flannel网络方案。)
#记录kubeadm join的输出,后面需要这个命令将各个节点加入集群中。
#检查初始化操作
kubectl get nodes
2. ****加载环境变量**
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source .bash_profile
mkdir -p$HOME/.kube
cp -i /etc/kubernetes/admin.conf$HOME/.kube/config
chown $(id -u):$(id -g)$HOME/.kube/config
3. ****安装pod网络**
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
五、Node节点-k8s**
1. ****在node节点上分别执行如下操作**
kubeadm join 172.16.214.210:6443 --token 2rsan2.km04r9m1idhrk96s --discovery-token-ca-cert-hash sha256:0350d7a8d4b9acdfb0aa8054caa9a790f57a5335b8c32f810035c0fa4e2d0eaf
2. 如果对应的令牌失效,可以创建新的令牌**
2.1 查看令牌**
[root@master ~]# kubeadm token list
发现之前初始化时的令牌已过期
2.3. 生成新的令牌**
[root@master ~]# kubeadm token create1zl3he.fxgz2pvxa3qkwxln
2.3. 生成新的加密串**
[root@master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \openssl dgst -sha256 -hex | sed's/^.* //'
六、Dashboard安装**
1、配置yaml**
# ------------------- Dashboard Secret ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: 172.16.214.210:5000/zhangxl/dashboard:v1.8.3
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --apiserver-host=https://172.16.214.210:6443
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- nodePort: 30030
port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
---
# ------------------- dashboard-admin ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
说明
# 1、image: k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 (换成自己的images)
# 2、这里我们使用NotePort暴露dashboard服务在主机的30030端口上
2、新增管理员帐号**
cat >> kubernetes-dashboard.yaml << EOF
# ------------------- dashboard-admin ------------------- #
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
EOF
说明
#创建超级管理员的账号用于登录Dashboard
3、部署访问**
3.1 部署Dashboard**
kubectl create-f kubernetes-dashboard.yaml
3.2 状态查看**
[root@master ~]# kubectl get deployment kubernetes-dashboard -n kube-system
[root@master ~]# kubectl get pods -n kube-system -o wide
[root@master ~]# kubectl get services -n kube-system
3.3 令牌查看**
kubectl describe secrets -n kube-system dashboard-admin
#令牌是
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4ta200N3QiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZTQ2ZGIwY2QtZmNiMy0xMWVhLTlmOTctMDA1MDU2MmE5MzUyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.QURorWGAqPYn4LnPby8XiN5DhkgtfrY3e4imw2T_lKoVZ6xyXSZEUqW3wPvQTHw0Kaz9Jvz2Y9qX1pHH7SucAGnMzZ3VWtNz2TB7zr1vpQz4JL7nScXCmRyWeaQZIpc5qF_SPnM5CyHzeXBlH8tJCzsMN5F88q3dr1mXsZpk4oKSvqsOqUUa4Z-NBarmgOmWtiNmPndvnwmwNMjoprRMKU_pWg2WE4-GyqHGqMWwSnRWo0hEY0WuRLACYXGcuTG7a-JAceJlBee30UOkR0YjzwBrVcS7NHVOYMmkyDr_eii45YNsxIe2R4sB6ywWOkWF-8S1CvM472WWg7GrwlQoBA
image.png
3.4 访问**
https://172.16.214.210:30030
image.png
image.png
有疑问加站长微信联系(非本文作者)
