Centos 7 安装 Kubernetes 1.18.0
前提条件
- 能够正常访问外网
- Docker 已提前安装可用,设置自启动
- 虚拟机处理器核心数需设置为 2 以上,否则会报错
- 安装了 wget 工具
安装步骤
1.关闭swap,注释swap分区 (以免重启虚拟机后 swap 重新开启)
swapoff -a # 临时关闭 swap 交换区
vim /etc/fstab 修改配置文件,使之重启默认关闭 swap 交换区
# 将配置文件中该行注释掉即可
# /dev/mapper/centos-swap swap swap defaults 0 0
2.配置内核参数,将桥接的 IPv4 流量传递到 iptables 的链上
[root@localhost ~]# cat > /etc/sysctl.d/k8s.conf <
> net.bridge.bridge-nf-call-ip6tables=1
> net.bridge.bridge-nf-call-iptables=1
> EOF
[root@localhost ~]# sysctl --system
3.添加阿里云的 kubernetes 源
[root@localhost ~]# cat < /etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
> enabled=1
> gpgcheck=1
> repo_gpgcheck=1
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
4.安装 kubectl、kubelet 和 kubeadm
yum install kubectl kubelet kubeadm -y
5.设置 kubelet 自启动
systemctl enable kubelet
6.初始化 kubernetes 集群 ( apiserver 地址为本机地址 ),由于 kubeadm 默认从官网 k8s.grc.io 下载所需镜像,国内无法访问,因此需要通过 --image-repository 参数指定阿里云镜像仓库地址,该操作需耗时数分钟
kubeadm init --kubernetes-version=1.18.0 \
--apiserver-advertise-address=192.168.56.122 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.10.0.0/16 \
--pod-network-cidr=10.122.0.0/16
7.记录生成的最后部分内容,此内容需要在其它节点加入 kubernetes 集群时执行。然后执行输出结果提示的命令创建 kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
8.查看节点和 pod 状态信息,此时可见 node 节点为 NotReady ,因为 corednspod 没有启动,缺少网络 pod
[root@localhost ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
localhost.localdomain NotReady master 6m56s v1.18.3
[root@localhost ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7ff77c879f-lkjjt 0/1 Pending 0 6m38s
kube-system coredns-7ff77c879f-vh5rr 0/1 Pending 0 6m38s
kube-system etcd-localhost.localdomain 1/1 Running 0 6m53s
kube-system kube-apiserver-localhost.localdomain 1/1 Running 0 6m53s
kube-system kube-controller-manager-localhost.localdomain 1/1 Running 0 6m53s
kube-system kube-proxy-jqvtx 1/1 Running 0 6m38s
kube-system kube-scheduler-localhost.localdomain 1/1 Running 0 6m53s
9.安装 calico 网络组件
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
10.重启虚拟机
reboot
11.待重启后等待几分钟,再次查看节点和 pod 状态信息,此时可见 node 节点为 Ready ,说明集群正常启动
[root@localhost ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
localhost.localdomain Ready master 58m v1.18.3
[root@localhost ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-789f6df884-z9qn7 1/1 Running 0 48m
kube-system calico-node-x88xg 1/1 Running 0 48m
kube-system coredns-7ff77c879f-lkjjt 1/1 Running 0 57m
kube-system coredns-7ff77c879f-vh5rr 1/1 Running 0 57m
kube-system etcd-localhost.localdomain 1/1 Running 1 58m
kube-system kube-apiserver-localhost.localdomain 1/1 Running 1 58m
kube-system kube-controller-manager-localhost.localdomain 1/1 Running 1 58m
kube-system kube-proxy-jqvtx 1/1 Running 1 57m
kube-system kube-scheduler-localhost.localdomain 1/1 Running 1 58m
12.安装 web-ui 界面组件 kubernetes-dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml 在线拉取官方配置文件
如图修改该配置文件
vim recommended.yaml
修改一(官方部署 dashboard 的服务没使用 nodeport ,在 service 里添加 nodeport ):
修改二 (更改 RoleBinding 修改为 ClusterRoleBinding ,并且修改 roleRef 中的 kind 和 name ,用 cluster-admin 这个非常牛逼的 CusterRole(超级使用户权限,其拥有访问kube-apiserver的所有权限),若不配置,则无法在 ui 界面中获取资源访问权限),该方法有缺陷,待改进:
13.应用配置文件
kubectl create -f recommended.yaml
14.查看 pod 和 service 状态信息
[root@localhost ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-789f6df884-z9qn7 1/1 Running 0 77m
kube-system calico-node-x88xg 1/1 Running 0 77m
kube-system coredns-7ff77c879f-lkjjt 1/1 Running 0 86m
kube-system coredns-7ff77c879f-vh5rr 1/1 Running 0 86m
kube-system etcd-localhost.localdomain 1/1 Running 1 86m
kube-system kube-apiserver-localhost.localdomain 1/1 Running 1 86m
kube-system kube-controller-manager-localhost.localdomain 1/1 Running 1 86m
kube-system kube-proxy-jqvtx 1/1 Running 1 86m
kube-system kube-scheduler-localhost.localdomain 1/1 Running 1 86m
kubernetes-dashboard dashboard-metrics-scraper-dc6947fbf-qgbx5 1/1 Running 0 3m19s
kubernetes-dashboard kubernetes-dashboard-5d4dc8b976-sw58m 1/1 Running 0 3m20s
[root@localhost ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.10.114.151 <none> 8000/TCP 3m24s
kubernetes-dashboard NodePort 10.10.247.220 <none> 443:30000/TCP 3m24s
15.执行以下命令。获取 kubernetes-dashboard 登录所需的 token
[root@localhost ~]# kubectl describe secrets -n kubernetes-dashboard kubernetes-dashboard-token | grep token | awk 'NR==3{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6IjZEb2lYNGFGRm92SHBDRnRZbUYwZVA0WHBMZG9EQ1hKRmlxcE9velhaRkEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1rdzU5ZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImZlYzNlMGI0LWExYTYtNDlmOC1hODRkLWUwZTE3M2IzMGZkMCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.VCF5oI3m05Kyr2GayzSpfQTkDqeua_lSMit__TWMLSgcqj04MFoRP4qb9UJTPr03Ys4ItY6gJRt0-WEdzxYx43lI7OLY8sFBcaiCbXYEFvj4wGN7GAXApH3WYPAn1NprGfRyiQec8vEturRPGU1ST76VaEKvqeUtoZGLOBJ07plxGhDRDbHvXjavaRm5wf7ZRcMieycxDHnVhYOeHfs0J9SZEG3kXDQWt9RIgNY1COHrM_qdYkqKg7DsC3jo3sTnB0YdlVAWsTxNKTj0IUSXOFCrqiEQqwzKe4CyQe2tsmwV2eq2Ur3xe0waTjRjvnMx-gmAvw2wiazPYpHjcmVM-w
16.复制刚才获取的 token ,打开浏览器访问地址 https://主机IP:30000,进行授权登录
17.登录验证成功后,即可查看集群资源信息
至此,基于 Centos 7 安装 Kubernetes 1.18.0 成功。