kubeadm搭建K8s集群
准备工作
-
系统配置
- 版本:CentOS 7
- Docker:17.06.2-ce
- Kubernetes:1.14.2
-
系统资源
| ip | 角色 |
|---|---|
| 10.0.0.62 | master |
| 10.0.0.48 | slave |
搭建步骤
- 注意,以下操作需要在root用户下进行
1、安装kubeadm、kubectl、kubelete
- 准备国内repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
- 安装
## 注意需要版本一致
yum install -y kubelet-1.14.2 kubeadm-1.14.2 kubectl-1.14.2
2、安装docker
- 安装
wget https://download.docker.com/linux/static/stable/x86_64/docker-17.06.2-ce.tgz
tar -zxvf docker-17.06.2-ce.tgz
mv docker/* /usr/bin/
## 配置开机自启并启动docker
systemctl enable docker && systemctl start docker
## 检查是否安装成功
docker version
- 配置镜像源
## 编辑/etc/docker/daemon.json文件,输入镜像源地址
vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://1nj0zren.mirror.aliyuncs.com",
"https://docker.mirrors.ustc.edu.cn",
"http://f1361db2.m.daocloud.io",
"https://registry.docker-cn.com"
]
}
3、准备镜像文件
- 查看镜像文件
## 可以查看该版本下的kubeadm需要哪些kubenetes镜像
kubeadm config images list
- 镜像列表
| 镜像版本 | 国内版本 | 概述 |
|---|---|---|
| k8s.gcr.io/kube-apiserver:v1.14.10 | mirrorgooglecontainers/kube-apiserver:v1.14.2 | |
| k8s.gcr.io/kube-controller-manager:v1.14.10 | mirrorgooglecontainers/kube-controller-manager:v1.14.2 | |
| k8s.gcr.io/kube-scheduler:v1.14.10 | mirrorgooglecontainers/kube-scheduler:v1.14.2 | |
| k8s.gcr.io/kube-proxy:v1.14.10 | mirrorgooglecontainers/kube-proxy:v1.14.2 | |
| k8s.gcr.io/pause:3.1 | mirrorgooglecontainers/pause:3.1 | |
| k8s.gcr.io/etcd:3.3.10 | mirrorgooglecontainers/etcd:3.3.10 | |
| k8s.gcr.io/coredns:1.3.1 | coredns/coredns:1.3.1 | |
| quay.io/coreos/flannel:v0.10.0-amd64 | registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64 |
- 拉取镜像并且修改tag
## 选择对应的国内可用镜像,修改tag
docker pull mirrorgooglecontainers/kube-apiserver:v1.14.2
docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.2
docker pull mirrorgooglecontainers/kube-scheduler:v1.14.2
docker pull mirrorgooglecontainers/kube-proxy:v1.14.2
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.3.10
docker pull coredns/coredns:1.3.1
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
docker tag mirrorgooglecontainers/kube-apiserver:v1.14.2 k8s.gcr.io/kube-apiserver:v1.14.2
docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.2 k8s.gcr.io/kube-controller-manager:v1.14.2
docker tag mirrorgooglecontainers/kube-scheduler:v1.14.2 k8s.gcr.io/kube-scheduler:v1.14.2
docker tag mirrorgooglecontainers/kube-proxy:v1.14.2 k8s.gcr.io/kube-proxy:v1.14.2
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64
docker rmi mirrorgooglecontainers/kube-apiserver:v1.14.2
docker rmi mirrorgooglecontainers/kube-controller-manager:v1.14.2
docker rmi mirrorgooglecontainers/kube-scheduler:v1.14.2
docker rmi mirrorgooglecontainers/kube-proxy:v1.14.2
docker rmi mirrorgooglecontainers/pause:3.1
docker rmi mirrorgooglecontainers/etcd:3.3.10
docker rmi coredns/coredns:1.3.1
docker rmi registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
4、master节点启动
- 启动
kubeadm init --kubernetes-version=v1.14.2 --pod-network-cidr=10.244.0.0/16
-
注:如果启动成功,最后一句
“kubeadm join 10.0.0.62:6443 --token xx
–discovery-token-ca-cert-hash xxx”
需要保存下来 -
配置访问路径
export KUBECONFIG=/etc/kubernetes/admin.conf
systemctl restart kubelet
sysctl net.bridge.bridge-nf-call-iptables=1
- 启动flannel
kubectl apply -f kube-flannel.yaml
- 查看状态
## 查看主节点master是否Ready
kubectl get nodes --all-namespaces -o wide
## 查看所有需要运行的pod在READY一列是否1/1
kubectl get pod --all-namespaces -o wide
5、slave节点加入
## 在安装了kubeadm、kubectl、kubelet之后,输入master节点启动成功的最后一句话即可
kubeadm join 10.0.0.62:6443 --token xx \
--discovery-token-ca-cert-hash xxx
6、安装dashboard
- 拉取镜像,启动容器
## 拉取镜像,修改tag
docker pull mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
docker tag mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
docker rmi mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
## 启动容器
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
- 生成证书,设置密码
# 生成crt文件
grep 'client-certificate-data' /etc/kubernetes/admin.conf | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
# 生成key文件
grep 'client-key-data' /etc/kubernetes/admin.conf | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
# 生成p12证书文件,同时设置生成证书密码
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
- 给浏览器添加证书
- 选择chrome右上角三个点,点击“设置”;
- 选择左栏“隐私设置和安全性”;
- 滑动选择“管理证书”,点击跳转;
- 钥匙串选择“系统”,种类选择“证书”,点击“+”上传kubecfg.p12文件,输入密码;
- 确认本机使用用户与密码;
- 访问地址
https://10.0.0.62:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
- 创建用户
# 创建爱你dashboard用户
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
# 创建ClusterRoleBinding
cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
# 获取用户的token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
- 选择token,输入即可