Centos7部署k8s集群 v1.18.2

一、部署环境

 

主机名 centos版本 ip docker version

flannel

主机配置 k8s版本
master centos7 192.168.1.12 19.03.9 v0.11.0 2G v1.18.2
node1 centos7 192.168.1.13 19.03.9 v0.11.0 2G v1.18.2
node2 centos7 192.168.1.14 19.03.9 v0.11.0 2G v1.18.2

二、安装准备工作

1. 配置阿里源:

阿里源链接:http://mirrors.aliyun.com/repo/

1.1 下载阿里云的repo

yum -y install wget

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

1.2 清除缓存并生成新的缓存

yum clean all && yum makecache

1.3  安装net-tools工具,运行ifconfig命令

yum install net-tools -y

2. 关闭防火墙

firewall-cmd --state        #查看防火墙状态
systemctl stop firewalld.service        #停止firewall
systemctl disable firewalld.service     #禁止firewall开机启动

3. 关闭selinux

getenforce  #查看selinux状态
setenforce 0    #临时关闭selinux
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config  #永久关闭(需重启系统)

四、环境配置

1. 配置主机名

1.1 修改主机名

[root@centos7 ~]# hostnamectl set-hostname master01
[root@centos7 ~]# more /etc/hostname             
master01

退出重新登陆即可显示新设置的主机名master01

1.2 修改hosts文件

[root@master ~]# cat >> /etc/hosts << EOF
192.168.1.12   master
192.168.1.13   node1
492.168.1.14   node2
EOF

2. 验证mac地址uuid

[root@master01 ~]# cat /sys/class/net/ens160/address
[root@master01 ~]# cat /sys/class/dmi/id/product_uuid

保证各节点mac和uuid唯一

3. 禁用swap

3.1 临时禁用

[root@master ~]# swapoff -a

3.2 永久禁用

若需要重启后也生效,在禁用swap后还需修改配置文件/etc/fstab,注释swap

[root@master ~]# sed -i.bak '/swap/s/^/#/' /etc/fstab

4. 内核参数修改

本文的k8s网络使用flannel,该网络需要设置内核参数bridge-nf-call-iptables=1,修改这个参数需要系统有br_netfilter模块。

4.1 br_netfilter模块加载

查看br_netfilter模块:

[root@master01 ~]# lsmod |grep br_netfilter

如果系统没有br_netfilter模块则执行下面的新增命令,如有则忽略

临时新增br_netfilter模块:

[root@master01 ~]# modprobe br_netfilter

该方式重启后会失效

永久新增br_netfilter模块:

[root@master01 ~]# cat > /etc/rc.sysinit << EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
[root@master01 ~]# cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter
EOF
[root@master01 ~]# chmod 755 /etc/sysconfig/modules/br_netfilter.modules

4.2 内核参数临时修改

[root@master01 ~]# sysctl net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-iptables = 1
[root@master01 ~]# sysctl net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-ip6tables = 1

4.3 内核参数永久修改

[root@master01 ~]# cat <  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[root@master01 ~]# sysctl -p /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

5. 设置kubernetes源

[root@master01 ~]# cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

5.2 更新缓存

[root@master01 ~]# yum clean all
[root@master01 ~]# yum -y makecache

6. 免密登录

配置master到node1、node2免密登录,本步骤只在master上执行

6.1 创建秘钥

[root@master01 ~]# ssh-keygen -t rsa

6.2 将秘钥同步至node2/node3

[root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
[root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]

6.3 免密登陆测试

[root@master ~]# ssh 192.168.1.13
[root@master ~]# ssh node2

五、Docker安装

1. 安装依赖包

[root@master ~]# yum install -y yum-utils   device-mapper-persistent-data   lvm2

2. 设置Docker源

[root@master ~]# yum-config-manager --add-repo   https://download.docker.com/linux/centos/docker-ce.repo

3. 安装Docker CE

3.1 docker安装版本查看

[root@master ~]# yum list docker-ce --showduplicates | sort -r

Centos7部署k8s集群 v1.18.2_第1张图片

3.2 安装docker

[root@master01 ~]# yum install docker-ce docker-ce-cli containerd.io -y

4. 启动Docker

[root@master ~]# systemctl start docker
[root@master ~]# systemctl enable docker

5. 命令补全

5.1 安装bash-completion

[root@master ~]# yum -y install bash-completion

5.2 加载bash-completion

[root@master ~]# source /etc/profile.d/bash_completion.sh

6. 镜像加速

由于Docker Hub的服务器在国外,下载镜像会比较慢,可以配置镜像加速器。主要的加速器有:Docker官方提供的中国registry mirror、阿里云加速器、DaoCloud 加速器,本文以阿里加速器配置为例

6.1 登陆阿里云

登陆地址为:https://cr.console.aliyun.com ,未注册的可以先注册阿里云账户容器模块

Centos7部署k8s集群 v1.18.2_第2张图片

6.2 配置镜像加速器

配置daemon.json文件

[root@master ~]# mkdir -p /etc/docker
[root@master ~]# tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"]
}
EOF

重启服务

[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker

7. 验证

[root@master ~]# docker --version
[root@master ~]# docker run hello-world

8. 修改Cgroup Driver

8.1 修改daemon.json

修改daemon.json,新增‘”exec-opts”: [“native.cgroupdriver=systemd”’

[root@master ~]# more /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}

8.2 重新加载docker

[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker

六、k8s安装

1. 版本查看

[root@master ~]# yum list kubelet --showduplicates | sort -r

2. 安装kubelet、kubeadm和kubectl

2.1 安装三个包

[root@master ~]# yum install -y kubelet kubeadm kubectl

2.2 安装包说明

  • kubelet 运行在集群所有节点上,用于启动Pod和容器等对象的工具
  • kubeadm 用于初始化集群,启动集群的命令工具
  • kubectl 用于和集群通信的命令行,通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件

2.3 启动kubelet

启动kubelet并设置开机启动

[root@master ~]# systemctl enable kubelet && systemctl start kubelet

启动失败不影响后期部署

2.4 kubectl命令补全

[root@master ~]# echo "source <(kubectl completion bash)" >> ~/.bash_profile
[root@master ~]# source .bash_profile 

3. 下载镜像

3.1 镜像下载的脚本

Kubernetes几乎所有的安装组件和Docker镜像都放在goolge自己的网站上,直接访问可能会有网络问题,这里的解决办法是从阿里云镜像仓库下载镜像,拉取到本地以后改回默认的镜像tag。本文通过运行image.sh脚本方式拉取镜像。

[root@master01 ~]# more image.sh 
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.18.2
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
  docker pull $url/$imagename
  docker tag $url/$imagename k8s.gcr.io/$imagename
  docker rmi -f $url/$imagename
done

url为阿里云镜像仓库地址,version为安装的kubernetes版本。

3.2 下载镜像

运行脚本image.sh,下载指定版本的镜像

[root@master ~]# ./image.sh
[root@master ~]# docker images

七、初始化Master

1、初始化Master

kubeadm init \
  --apiserver-advertise-address=192.168.1.12 \
  --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \
  --kubernetes-version v1.18.2 \
  --service-cidr=10.1.0.0/16 \
  --pod-network-cidr=10.244.0.0/16

初始化失败:

如果初始化失败,可执行kubeadm reset后重新初始化

[root@master ~]# kubeadm reset
[root@master ~]# rm -rf $HOME/.kube/config

加载环境变量

[root@master ~]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
[root@master ~]# source .bash_profile

本文所有操作都在root用户下执行,若为非root用户,则执行如下操作:

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

2. 安装flannel网络

在master01上新建flannel网络

[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml

由于网络原因,可能会安装失败,可以在文末直接下载kube-flannel.yml文件,然后再执行apply

3、node节点加入集群

kubeadm join 172.27.34.130:6443 --token qbwt6v.rr4hsh73gv8vrcij \
    --discovery-token-ca-cert-hash sha256:e306ffc7a126eb1f2c0cab297bbbed04f5bb464a04c05f1b0171192acbbae966 \
    --control-plane

4. 集群节点查看

[root@master ~]# kubectl get nodes
[root@master ~]# kubectl get po -o wide -n kube-system 

Centos7部署k8s集群 v1.18.2_第3张图片

5、 集群节点查看

[root@master Deload]# kubectl get nodes
NAME     STATUS   ROLES    AGE   VERSION
master   Ready    master   28h   v1.18.2
node1    Ready       26h   v1.18.2
node2    Ready       26h   v1.18.2

八、Dashboard搭建

1. 下载yaml

[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

如果连接超时,可以多试几次。recommended.yaml已上传,也可以在文末下载。

2. 配置yaml

2.1 修改镜像地址

[root@master ~]# sed -i 's/kubernetesui/registry.cn-hangzhou.aliyuncs.com/google_containers' recommended.yaml

由于默认的镜像仓库网络访问不通,故改成阿里镜像

2.2 外网访问

[root@master ~]# sed -i '/targetPort: 8443/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' recommended.yaml

配置NodePort,外部通过https://NodeIp:NodePort 访问Dashboard,此时端口为30001

2.3 新增管理员帐号

[root@client ~]# cat >> recommended.yaml << EOF
---
# ------------------- dashboard-admin ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
EOF

创建超级管理员的账号用于登录Dashboard

3. 部署访问

3.1 部署Dashboard

[root@master ~]# kubectl apply -f recommended.yaml

3.2 状态查看

[root@master ~]# kubectl get all -n kubernetes-dashboard 
[root@master Deload]# kubectl get all -n kubernetes-dashboard 
NAME                                            READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-bb46cc778-lnbxt   1/1     Running   0          25h
pod/kubernetes-dashboard-655f9dd789-fk2jw       1/1     Running   0          25h

NAME                                TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
service/dashboard-metrics-scraper   ClusterIP   10.1.182.0           8000/TCP        25h
service/kubernetes-dashboard        NodePort    10.1.255.0           443:30001/TCP   25h

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/dashboard-metrics-scraper   1/1     1            1           25h
deployment.apps/kubernetes-dashboard        1/1     1            1           25h

NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/dashboard-metrics-scraper-bb46cc778   1         1         1       25h
replicaset.apps/kubernetes-dashboard-655f9dd789       1         1         1       25h

3.3 令牌查看

[root@master ~]# kubectl describe secrets -n kubernetes-dashboard dashboard-admin
[root@master Deload]# kubectl describe secrets -n kubernetes-dashboard dashboard-admin
Name:         dashboard-admin-token-sx9fl
Namespace:    kubernetes-dashboard
Labels:       
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 003bf92a-7eb7-46ca-b324-1e8431c5323f

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjBuU1Zld2VGVnRvY3NobzNMRzB2eHg2NHhINzRXZDN1UkduN3Q1OWJkUjAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tc3g5ZmwiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMDAzYmY5MmEtN2ViNy00NmNhLWIzMjQtMWU4NDMxYzUzMjNmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.lKm22xDO6xDFLWFr-BjjGWJyxRkpRERnGgH1HS6uXXqHzNA6XAqfeRYb8W1HSH_G6UF_gOvf7tddsfsp1axpEs75fyQQJvRhKAbwugHOCFwPd-JB58T5L5aIPjkdJKp5ugPe8erMTOirskVmutrDUdKaAz8hvcrWyQaAtYcPF5SZyQ3jiHMcMIR3oteKi-W_5KFCM8Tb-Fs1d2Gkv4YIXkA5mizES5hTmAtkomL4jY0Fdtm1_mPMAaP4uBM9vWOPmRRXdN0ze2vE_PIdIy6WvEqeOzvjjbWPzypP8ZjKnYgjFBLBubsIoP-5lM4VL1nnC4Tx1MI_WtVXIku8aqltLQ

3.4 访问

请使用火狐浏览器访问:https://192.168.1.12:30001

通过令牌方式登录

Centos7部署k8s集群 v1.18.2_第4张图片

用户授权:

kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous


kubectl create clusterrolebinding test:kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

Centos7部署k8s集群 v1.18.2_第5张图片

参考博文:https://www.kubernetes.org.cn/6632.html

你可能感兴趣的:(liunx,Docker系列,docker,kubernetes,linux)