在centons7系统部署一套单master的k8s集群
架构图:
操作系统:CentOS Linux release 7.7.1908 (Core)
docker:docker-ce-20.10.14-3.el7.x86_64
kubernetes: 1.21
操作系统初始化配置
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 临时
# 关闭swap
swapoff -a # 临时
sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久
# 在master添加hosts
cat >> /etc/hosts << EOF
192.168.248.128 master
192.168.248.129 node1
192.168.248.130 node2
EOF
# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 生效
# 时间同步
yum install ntpdate -y
ntpdate time.windows.com
安装docker并设置开机自启
systemctl start docker
systemctl enable docker
systemctl status docker
添加阿里云YUM软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
安装kubeadm,kubelet和kubectl
由于版本更新频繁,这里指定版本号部署:
yum install -y kubelet-1.21.0 kubeadm-1.21.0 kubectl-1.21.0
systemctl enable kubelet
部署Kubernetes Master
在192.168.248.128(Master)执行。
kubeadm init \
--apiserver-advertise-address=192.168.248.128 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.21.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
- --apiserver-advertise-address 集群通告地址
- --image-repository 由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址
- --kubernetes-version K8s版本,与上面安装的一致
- --service-cidr 集群内部虚拟网络,Pod统一访问入口
- --pod-network-cidr Pod网络,,与下面部署的CNI网络组件yaml中保持一致
初始化完成后,最后会输出一个join命令,先记住,下面用。
拷贝kubectl使用的连接k8s认证文件到默认路径:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看工作节点:
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady control-plane,master 13m v1.21.0
注:由于网络插件还没有部署,还没有准备就绪 NotReady
加入Kubernetes Node
在192.168.248.129/130(Node)执行。
向集群添加新节点,执行在kubeadm init输出的kubeadm join命令:
kubeadm join 192.168.248.128:6443 --token sjnd0i.2m83rn0i9d90d51q \
--discovery-token-ca-cert-hash sha256:1275c9fbe8de5dfb0a64f231c2c2df1509b38adc77bac8644e889ace822aaf44
默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,可以直接使用命令快捷生成:
kubeadm token create --print-join-command
查看token有效期
[root@master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
sjnd0i.2m83rn0i9d90d51q 23h 2022-05-07T11:00:22+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
查看node是否加入集群
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady control-plane,master 32m v1.21.0
node1 NotReady <none> 10s v1.21.0
node2 NotReady <none> 8m17s v1.21.0
部署容器网络(CNI)
Calico是一个纯三层的数据中心网络方案,是目前Kubernetes主流的网络方案。
下载YAML:
wget https://docs.projectcalico.org/manifests/calico.yaml
下载完后还需要修改里面定义Pod网络(CALICO_IPV4POOL_CIDR),与前面kubeadm init的 --pod-network-cidr指定的一样。
修改完后文件后,部署:
kubectl apply -f calico.yaml
kubectl get pods -n kube-system
下载完后还需要修改里面定义Pod网络(CALICO_IPV4POOL_CIDR),与前面kubeadm init的 --pod-network-cidr指定的一样。
修改完后文件后,部署:
kubectl apply -f calico.yaml
kubectl get pods -n kube-system
等Calico Pod都Running,节点也会准备就绪。
CoreDNS问题处理
通过上面发现coredns这个镜像下载错误,需要我们在所有节点手动下载一下,并修改一下镜像的tag
docker pull registry.aliyuncs.com/google_containers/coredns:1.8.0
docker tag registry.aliyuncs.com/google_containers/coredns:1.8.0 registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0
再次检查一下,发现网卡有问题
需要修改calico.yml文件
# Auto-detect the BGP IP address.
- name: IP
value: "autodetect"
- name: IP_AUTODETECTION_METHOD
value: "interface=ens33"
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
value: "Always"
重新部署calico插件:
[root@master ~]# kubectl apply -f calico.yaml
再次检查发现变成
[root@master ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-65898446b5-qtcgv 1/1 Running 0 61s
calico-node-7wcsl 1/1 Running 0 62s
calico-node-8sjcz 1/1 Running 0 62s
calico-node-f84fw 1/1 Running 0 62s
coredns-545d6fc579-w5rj2 1/1 Running 0 62m
coredns-545d6fc579-xr62w 1/1 Running 0 62m
etcd-master 1/1 Running 0 62m
kube-apiserver-master 1/1 Running 0 62m
kube-controller-manager-master 1/1 Running 0 62m
kube-proxy-2qx8x 1/1 Running 0 62m
kube-proxy-6khnn 1/1 Running 0 58m
kube-proxy-znv97 1/1 Running 0 56m
kube-scheduler-master 1/1 Running 0 62m
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 66m v1.21.0
node1 Ready <none> 62m v1.21.0
node2 Ready <none> 59m v1.21.0
测试kubernetes集群
在Kubernetes集群中创建一个pod,验证是否正常运行:
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
[root@master ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-648cn 1/1 Running 0 20m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 89m
service/nginx NodePort 10.99.33.161 <none> 80:32213/TCP 20m
浏览器访问一下,服务是正常运行的
部署 Dashboard
Dashboard是官方提供的一个UI,可用于基本管理K8s资源。
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部:
默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部:
vi recommended.yaml
...
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
type: NodePort
...
[root@master ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created [root@master ~]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-5594697f48-s8nql 1/1 Running 0 47m
kubernetes-dashboard-5c785c8bcf-j8w8h 1/1 Running 0 47m
访问地址:https://192.168.248.130:30001
获取token
# 创建用户
[root@master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
# 用户授权
[root@master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
# 获取用户Token
[root@master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name: dashboard-admin-token-xrsjd
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 41162dc7-f1e6-4281-9cbd-645de6173c7f
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InRWZnJkN3AwV09wV0FDQ3FWSXdfOHZFVmM2ZlNhb3FmMldNYWlVTXhGVEEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4teHJzamQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNDExNjJkYzctZjFlNi00MjgxLTljYmQtNjQ1ZGU2MTczYzdmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.cYit0Q3XozLeEaGuSQpzyKcV-S5LynQdqvgpuKrKU01edzyGjU-30sJ3ta83i8ihcDCEzDu4Kn0eIytzy7ez3GbHtMQaHy3h7TC0H7CeRM2QeFhdPAYC5TcfVN_hcAosXeyoCbA2-YeS_GejYWy5Gsk7v5e5_ZhJKQ3JL6qLi5ePpQzzcWz2dzH6xNVAdum8PmKlRo4zcuwu_Ba58h2ePfZqq-txpb0WEpdRdpNwGvQ9tUSCHSCMsCoS3_n5VFfHihz1FpD42JV42DSLVsdTphP6cq5sacbkyWdz_ot2c-o90zuz4qvNz7iYvPoVyLjheNtyQLdDd0C_paeoqlQxpw
ca.crt: 1066 bytes
namespace: 11 bytes
输入token登录界面
最新文章
- 转摘: CSDN linxianliang5201314 的 blog ------sql解释执行顺序
- zepto源码注解
- 文件夹IsShow字段为空
- XgCalendar日历插件动态添加参数
- Python -- 大小写转换
- App Store不能下载一直等待中的两种解决办法
- OpenCV在矩阵上的卷积
- 轻松搭建Windows8云平台开发环境
- 【Spring】web开发 javaConfig方式 图解
- 深入理解Java内存(图解堆栈)
- mobile_竖向滑屏
- OC的反射机制
- 洛谷P3952 时间复杂度
- 红帽7中firewall常用指令
- java 生成随机数字
- Xtreme8.0 - Magic Square 水题
- springmvc 数据验证 hibernate-validator --->对象验证
- 理解webpack4.splitChunks之chunks
- php里单引和双引的用法区别和连接符(.)
- 使用docker国内镜像解决方案