centos7 k8s搭建
程序员文章站
2022-03-01 13:01:32
...
集群机器:
master:10.160.92.104
worker:10.100.217.250
1.docker安装
阿里云https://developer.aliyun.com/article/110806
使用这个命令,自动安装
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun也可以手动安装.但是大可不必
# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新并安装 Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce
# Step 4: 开启Docker服务
sudo service docker start2.安装k8s
2.1 关闭防火墙
systemctl stop firewalld & systemctl disable firewalld2.2 关闭Swap
目的在于防止内存交换影响性能以及稳定性
- swapoff -a可临时关闭,系统重启后恢复
- 编辑/etc/fstab注释包含swap一行重启之后可永久关闭
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab2.3 关闭SeLinux
目的在于允许容器访问宿主机的文件系统
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config2.4 配置k8s国内yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF2.5 修改docker引擎
修改docker cgroup驱动,与k8s一致,防止因为引擎不一致而导致的启动错误
vi /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com"]
}
重启
systemctl daemon-reload
systemctl restart docker2.6 安装k8s组件
# 下载相关组件
yum install -y kubelet-1.15.1 kubeadm-1.15.1 kubectl-1.15.1
# 设置开机启动 kubelet
systemctl enable --now kubelet2.7.设置路由
yum install -y bridge-utils.x86_64
# 加载br_netfilter模块,使用lsmod查看开启的模块
modprobe br_netfilter
# 修改配置文件
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# 重新加载配置文件
sysctl --system2.8 创建集群
1.拉取集群所需镜像
master服务器:
docker pull mirrorgooglecontainers/kube-apiserver:v1.15.1
docker pull mirrorgooglecontainers/kube-controller-manager:v1.15.1
docker pull mirrorgooglecontainers/kube-scheduler:v1.15.1
docker pull mirrorgooglecontainers/kube-proxy:v1.15.1
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.3.10
docker pull coredns/coredns:1.3.1 node服务器:
docker pull mirrorgooglecontainers/kube-proxy:v1.15.1
docker pull mirrorgooglecontainers/pause:3.12.将镜像tag名称修改为k8s官方一致
master服务器:
docker tag mirrorgooglecontainers/kube-apiserver:v1.15.1 k8s.gcr.io/kube-apiserver:v1.15.1
docker tag mirrorgooglecontainers/kube-controller-manager:v1.15.1 k8s.gcr.io/kube-controller-manager:v1.15.1
docker tag mirrorgooglecontainers/kube-scheduler:v1.15.1 k8s.gcr.io/kube-scheduler:v1.15.1
docker tag mirrorgooglecontainers/kube-proxy:v1.15.1 k8s.gcr.io/kube-proxy:v1.15.1
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1node服务器:
docker tag mirrorgooglecontainers/kube-proxy:v1.15.1 k8s.gcr.io/kube-proxy:v1.15.1
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.13.删除原来的镜像
master服务器
docker rmi mirrorgooglecontainers/kube-apiserver:v1.15.1
docker rmi mirrorgooglecontainers/kube-controller-manager:v1.15.1
docker rmi mirrorgooglecontainers/kube-scheduler:v1.15.1
docker rmi mirrorgooglecontainers/kube-proxy:v1.15.1
docker rmi mirrorgooglecontainers/pause:3.1
docker rmi mirrorgooglecontainers/etcd:3.3.10
docker rmi coredns/coredns:1.3.1node服务器:
docker rmi mirrorgooglecontainers/kube-proxy:v1.15.1
docker rmi mirrorgooglecontainers/pause:3.14.master机器创建集群
修改master机器hostname为master
hostname master
- 创建集群
kubeadm init --apiserver-advertise-address 10.160.92.104 --kubernetes-version 1.15.1 --service-cidr 10.1.0.0/16 --pod-network-cidr 10.244.0.0/16
# --apiserver-advertise-address 本机ip
# --kubernetes-version 指定镜像版本
# --service-cidr 服务使用IP地址的替代范围
# --pod-network-cidr 指定Pod网络的IP地址范围。如果设置,控制平面将自动为每个节点分配CIDR- 看到显示下列信息代表集群启动成功
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.160.92.104:6443 --token q9uk3f.bg752y2i3l4a9fgi \
--discovery-token-ca-cert-hash sha256:4d5d58734887eb33dde2b87aef9fa1000833e62343ff1b3ea411658440eb3d90
拷贝下面这个命令,node需要使用这个命令
加入集群命令
kubeadm join 10.160.92.104:6443 --token c8fd6k.cyrqj97oh75f8j56 \
--discovery-token-ca-cert-hash sha256:7b3fd5c3debebb952228f4713a491377f2135f132c69da545a33fb2e9e80c351
部署成功!!!快使用吧.???? ???? !!
这里例举一些常用命令!! https://zhuanlan.zhihu.com/p/85810571
kubectl get pod.额 然后就报错了.
- 报什么localhost:8080连接不上,原因是高版本由于安全原因,做了限制
https://blog.csdn.net/RivenDong/article/details/107566148
vim /etc/kubernetes/manifests/kube-apiserver.yaml
--insecure-port=8080- 查看机器状态 kubectl get node 发现并没有成功 NotReady
kubectl apply -f https://git.io/weave-kube-1.65.node节点加入集群
执行我们拷贝的命令
kubeadm join 10.160.92.104:6443 --token q9uk3f.bg752y2i3l4a9fgi \
--discovery-token-ca-cert-hash sha256:4d5d58734887eb33dde2b87aef9fa1000833e62343ff1b3ea411658440eb3d90
6.部署可视化插件
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc6/aio/deploy/recommended.yaml
本来操作都挺简单的,变复杂的是网络.各种被墙卡断腿.
如果dashboard没有安装成功,那么老实的改源吧
- 下载配置文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml- 修改配置文件
修改两个地方
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard- image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
+ image: cuiyf/kubernetes-dashboard-amd64:v1.10.1
- 启动
kubectl create -f kubernetes-dashboard.yaml- 访问
https://10.160.92.104:30001/#!/overview?namespace=default
- 使用token
account.yaml配置如下
# Create Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
# Create ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
创建用户
kubectl create -f account.yaml获取tocken
[[email protected] ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-p7p6p
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: aef9512e-b1e6-11e9-ac67-0800273a2eb7
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXA3cDZwIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZWY5NTEyZS1iMWU2LTExZTktYWM2Ny0wODAwMjczYTJlYjciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Z5VD5NBGUWTxteQoKsKSJNyQDBMNT5MlEB_WI60qjvltK2lggyxiN5pJdo0Rz7C9RP_HFMN4Vkni2X7zHvEIGuAKda74V4JQXg8wzQoQR-kX70f3YZWNEw5wkSZjKCNcWnxcptWAdDAHnsk_gMhR5nWqTKOkk3CZMKFZbJQ-fdkuw9GnyAfBJTSmg2ajXi4FSaRiQlhAr9fH9954Ed5iht5TZipVvb7T4LN-3Ba5rPBqFqKnyp92pntN-UTpesvo7oAffrauSyIjIU10zu4OEvrvQysAa5lT9beyMOQsWJ82_Owqqk4fYUyfsmc-KGVaa8XeR808DiPypwGvGy2oGg
登录的时候,输入token即可