1. 安装Docker和依赖
docker安装好之后,exec-opts是修改文件驱动
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://bzm5i30c.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
配置Kubernetes源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all && yum makecache
2. 安装k8s
yum -y install kubelet kubeadm kubectl
Kubelet --是负责与其他节点集群通信,并进行本节点Pod和容器生命周期的管理。
Kubeadm --是Kubernetes的自动化部署工具,降低了部署难度,提高效率。
Kubectl --是Kubernetes集群管理工具
3. 镜像下载
列出所需版本
kubeadm config images list
4. 修改kubelet的cgroup-driver
vim /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf (加上这个:--cgroup-driver=systemd )
5. 启动
启动+开机自启docker+开机自启kubelet
systemctl daemon-reload && systemctl enable docker.service && systemctl start docker
systemctl daemon-reload && systemctl enable kubelet && systemctl start kubelet
(如没启动,他会不断重启,要kubeadm init之后才真正启动)
6. master集群初始化
【master】进行Kubernetes集群初始化
kubeadm init \
--kubernetes-version=1.20.4 \
--apiserver-advertise-address=192.168.100.231 \
--image-repository=registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
说明
–kubernetes-version: 用于指定k8s版本(kubeadm config images list查看的)
–apiserver-advertise-address:用于指定kube-apiserver监听的ip地址,就是master本机IP地址
–pod-network-cidr:用于指定Pod的网络范围:10.244.0.0/16
–service-cidr:用于指定SVC的网络范围
–image-repository: 指定阿里云镜像仓库地址
7. 配置kubectl工具
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
8. 部署flannel网络,要翻q才能下载…
cd ~
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml -O kube-flannel.yml --no-check-certificate
kubectl apply -f kube-flannel.yml
9. 伪集群状态检测,查看节点nodes(要多等一会)
kubectl get nodes
10. 创建Pod以验证集群是否正常
#会去初始化指定的镜像仓库拉取nginx镜像
kubectl create deployment nginx --image=nginx
#声明内部通信端口为80,外部以节点IP加端口访问
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pods,svc -o wide
11. 删除测试的pod
kubectl delete pod nginx
kubectl delete svc nginx
13. 部署Dashboard(仪表盘)
部署方式之一:下载这个recommended.yaml文件(注意版本号)
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
vim recommended.yaml 需要修改的内容如下
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30000 #设置端口
type: NodePort #添加
selector:
k8s-app: kubernetes-dashboard
---
#自动生成的证书很多浏览器无法使用,注释掉kubernetes-dashboard-certs对象声明,我们自己创建证书,注释掉这些
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
---
创建证书
1. 创建命名空间
kubectl create namespace kubernetes-dashboard
2. 创建证书
mkdir dashboard-certs
cd dashboard-certs/
openssl genrsa -out dashboard.key 2048
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
3. 使用证书创建kubernetes-dashboard-certs对象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
4. 安装dashboard(可忽略错误信息)
docker pull kubernetesui/dashboard:v2.2.0
docker pull kubernetesui/metrics-scraper:v1.0.6
kubectl apply -f ~/recommended.yaml
5. 查看安装结果
kubectl get pods -A -o wide
显示Running才安装成功:
kubernetes-dashboard dashboard-metrics-scraper-79c5968bdc-krg62 1/1 Running 0 5s 10.244.0.4 test01.cn <none> <none>
kubernetes-dashboard kubernetes-dashboard-9f9799597-xbqqm 0/1 ContainerCreating 0 5s <none> test01.cn <none> <none>
创建dashboard管理员
vim ~/dashboard-admin.yaml 内容如下
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
为用户分配权限:vim ~/dashboard-admin-bind-cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
保存退出执行如下命令创建管理员和分配权限
kubectl create -f ~/dashboard-admin.yaml
kubectl create -f ~/dashboard-admin-bind-cluster-role.yaml
查看并复制Token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
访问,用刚刚的token登录
https://192.168.100.231:30000
14. 另一台linux当做Node节点
【master】
1. 查看flannel镜像版本
docker images
2. 打包当前镜像
docker save quay.io/coreos/flannel:v0.13.1-rc2 > flannel.tar
3. 拷贝到node节点
scp flannel.tar k8s-node1:./flannel.tar
scp flannel.tar k8s-node2:./flannel.tar
【Node节点】
导入flannel镜像
docker load -i flannel.tar
【master节点查看token和哈希】
查看token:kubeadm token list
计算sha值:openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -pubkey | openssl rsa -pubin -outform DER 2>/dev/null | sha256sum | cut -d' ' -f1
【node】加入集群:192.168.100.231是master的ip,【node-name k8s-node1】是节点的名称
kubeadm reset
kubeadm join 192.168.100.231:6443 --token jjsa9l.xe8c1ro0ddzuxdvm --discovery-token-ca-cert-hash sha256:7ec3cf910ac1b27a2825373662d7750ce723e638803813cf8af2d718d01c156d --node-name k8s-node1
其他命令
master删除node节点
kubectl delete node k8s-nodexxxxxxxxx
删除pod
kubectl delete pod kubernetes-dashboard-59f548c4c7-6b9nj -n kube-system --force --grace-period=0
添加host
vim /etc/hosts
192.168.100.231 k8s-master
192.168.100.232 k8s-node1
192.168.100.233 k8s-node2