主机名 | centos版本 | ip | docker version | flannel |
主机配置 | k8s版本 |
master | centos7 | 192.168.1.12 | 19.03.9 | v0.11.0 | 2G | v1.18.2 |
node1 | centos7 | 192.168.1.13 | 19.03.9 | v0.11.0 | 2G | v1.18.2 |
node2 | centos7 | 192.168.1.14 | 19.03.9 | v0.11.0 | 2G | v1.18.2 |
阿里源链接:http://mirrors.aliyun.com/repo/
yum -y install wget
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all && yum makecache
yum install net-tools -y
firewall-cmd --state #查看防火墙状态
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
getenforce #查看selinux状态
setenforce 0 #临时关闭selinux
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config #永久关闭(需重启系统)
1.1 修改主机名
[root@centos7 ~]# hostnamectl set-hostname master01
[root@centos7 ~]# more /etc/hostname
master01
退出重新登陆即可显示新设置的主机名master01
[root@master ~]# cat >> /etc/hosts << EOF
192.168.1.12 master
192.168.1.13 node1
492.168.1.14 node2
EOF
[root@master01 ~]# cat /sys/class/net/ens160/address
[root@master01 ~]# cat /sys/class/dmi/id/product_uuid
保证各节点mac和uuid唯一
[root@master ~]# swapoff -a
若需要重启后也生效,在禁用swap后还需修改配置文件/etc/fstab,注释swap
[root@master ~]# sed -i.bak '/swap/s/^/#/' /etc/fstab
本文的k8s网络使用flannel,该网络需要设置内核参数bridge-nf-call-iptables=1,修改这个参数需要系统有br_netfilter模块。
查看br_netfilter模块:
[root@master01 ~]# lsmod |grep br_netfilter
如果系统没有br_netfilter模块则执行下面的新增命令,如有则忽略
临时新增br_netfilter模块:
[root@master01 ~]# modprobe br_netfilter
该方式重启后会失效
永久新增br_netfilter模块:
[root@master01 ~]# cat > /etc/rc.sysinit << EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
[root@master01 ~]# cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter
EOF
[root@master01 ~]# chmod 755 /etc/sysconfig/modules/br_netfilter.modules
[root@master01 ~]# sysctl net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-iptables = 1
[root@master01 ~]# sysctl net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-ip6tables = 1
[root@master01 ~]# cat < /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[root@master01 ~]# sysctl -p /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@master01 ~]# cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
[root@master01 ~]# yum clean all
[root@master01 ~]# yum -y makecache
配置master到node1、node2免密登录,本步骤只在master上执行
[root@master01 ~]# ssh-keygen -t rsa
[root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
[root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
[root@master ~]# ssh 192.168.1.13
[root@master ~]# ssh node2
[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@master ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
[root@master ~]# yum list docker-ce --showduplicates | sort -r
3.2 安装docker
[root@master01 ~]# yum install docker-ce docker-ce-cli containerd.io -y
[root@master ~]# systemctl start docker
[root@master ~]# systemctl enable docker
[root@master ~]# yum -y install bash-completion
[root@master ~]# source /etc/profile.d/bash_completion.sh
由于Docker Hub的服务器在国外,下载镜像会比较慢,可以配置镜像加速器。主要的加速器有:Docker官方提供的中国registry mirror、阿里云加速器、DaoCloud 加速器,本文以阿里加速器配置为例
登陆地址为:https://cr.console.aliyun.com ,未注册的可以先注册阿里云账户容器模块
配置daemon.json文件
[root@master ~]# mkdir -p /etc/docker
[root@master ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"]
}
EOF
重启服务
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
[root@master ~]# docker --version
[root@master ~]# docker run hello-world
修改daemon.json,新增‘”exec-opts”: [“native.cgroupdriver=systemd”’
[root@master ~]# more /etc/docker/daemon.json
{
"registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
[root@master ~]# yum list kubelet --showduplicates | sort -r
[root@master ~]# yum install -y kubelet kubeadm kubectl
启动kubelet并设置开机启动
[root@master ~]# systemctl enable kubelet && systemctl start kubelet
启动失败不影响后期部署
[root@master ~]# echo "source <(kubectl completion bash)" >> ~/.bash_profile
[root@master ~]# source .bash_profile
Kubernetes几乎所有的安装组件和Docker镜像都放在goolge自己的网站上,直接访问可能会有网络问题,这里的解决办法是从阿里云镜像仓库下载镜像,拉取到本地以后改回默认的镜像tag。本文通过运行image.sh脚本方式拉取镜像。
[root@master01 ~]# more image.sh
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.18.2
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
url为阿里云镜像仓库地址,version为安装的kubernetes版本。
运行脚本image.sh,下载指定版本的镜像
[root@master ~]# ./image.sh
[root@master ~]# docker images
kubeadm init \
--apiserver-advertise-address=192.168.1.12 \
--image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version v1.18.2 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
初始化失败:
如果初始化失败,可执行kubeadm reset后重新初始化
[root@master ~]# kubeadm reset
[root@master ~]# rm -rf $HOME/.kube/config
加载环境变量
[root@master ~]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
[root@master ~]# source .bash_profile
本文所有操作都在root用户下执行,若为非root用户,则执行如下操作:
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
在master01上新建flannel网络
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
由于网络原因,可能会安装失败,可以在文末直接下载kube-flannel.yml文件,然后再执行apply
kubeadm join 172.27.34.130:6443 --token qbwt6v.rr4hsh73gv8vrcij \
--discovery-token-ca-cert-hash sha256:e306ffc7a126eb1f2c0cab297bbbed04f5bb464a04c05f1b0171192acbbae966 \
--control-plane
[root@master ~]# kubectl get nodes
[root@master ~]# kubectl get po -o wide -n kube-system
[root@master Deload]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 28h v1.18.2
node1 Ready 26h v1.18.2
node2 Ready 26h v1.18.2
[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
如果连接超时,可以多试几次。recommended.yaml已上传,也可以在文末下载。
[root@master ~]# sed -i 's/kubernetesui/registry.cn-hangzhou.aliyuncs.com/google_containers' recommended.yaml
由于默认的镜像仓库网络访问不通,故改成阿里镜像
[root@master ~]# sed -i '/targetPort: 8443/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' recommended.yaml
配置NodePort,外部通过https://NodeIp:NodePort 访问Dashboard,此时端口为30001
[root@client ~]# cat >> recommended.yaml << EOF
---
# ------------------- dashboard-admin ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
EOF
创建超级管理员的账号用于登录Dashboard
[root@master ~]# kubectl apply -f recommended.yaml
[root@master ~]# kubectl get all -n kubernetes-dashboard
[root@master Deload]# kubectl get all -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-bb46cc778-lnbxt 1/1 Running 0 25h
pod/kubernetes-dashboard-655f9dd789-fk2jw 1/1 Running 0 25h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.1.182.0 8000/TCP 25h
service/kubernetes-dashboard NodePort 10.1.255.0 443:30001/TCP 25h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dashboard-metrics-scraper 1/1 1 1 25h
deployment.apps/kubernetes-dashboard 1/1 1 1 25h
NAME DESIRED CURRENT READY AGE
replicaset.apps/dashboard-metrics-scraper-bb46cc778 1 1 1 25h
replicaset.apps/kubernetes-dashboard-655f9dd789 1 1 1 25h
[root@master ~]# kubectl describe secrets -n kubernetes-dashboard dashboard-admin
[root@master Deload]# kubectl describe secrets -n kubernetes-dashboard dashboard-admin
Name: dashboard-admin-token-sx9fl
Namespace: kubernetes-dashboard
Labels:
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 003bf92a-7eb7-46ca-b324-1e8431c5323f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjBuU1Zld2VGVnRvY3NobzNMRzB2eHg2NHhINzRXZDN1UkduN3Q1OWJkUjAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tc3g5ZmwiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMDAzYmY5MmEtN2ViNy00NmNhLWIzMjQtMWU4NDMxYzUzMjNmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.lKm22xDO6xDFLWFr-BjjGWJyxRkpRERnGgH1HS6uXXqHzNA6XAqfeRYb8W1HSH_G6UF_gOvf7tddsfsp1axpEs75fyQQJvRhKAbwugHOCFwPd-JB58T5L5aIPjkdJKp5ugPe8erMTOirskVmutrDUdKaAz8hvcrWyQaAtYcPF5SZyQ3jiHMcMIR3oteKi-W_5KFCM8Tb-Fs1d2Gkv4YIXkA5mizES5hTmAtkomL4jY0Fdtm1_mPMAaP4uBM9vWOPmRRXdN0ze2vE_PIdIy6WvEqeOzvjjbWPzypP8ZjKnYgjFBLBubsIoP-5lM4VL1nnC4Tx1MI_WtVXIku8aqltLQ
请使用火狐浏览器访问:https://192.168.1.12:30001
通过令牌方式登录
用户授权:
kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous
kubectl create clusterrolebinding test:kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
参考博文:https://www.kubernetes.org.cn/6632.html