服务器 | IP地址 | 主要组件 |
---|---|---|
master01 | 192.168.3.11 | docker/kubeadm/kubelet/kubectl/flannel |
node01 | 192.168.3.12 | docker/kubeadm/kubelet/kubectl/flannel |
node02 | 192.168.3.13 | docker/kubeadm/kubelet/kubectl/flannel |
1、关闭防火墙,swap
systemctl stop firewalld && systemctl disable firewalld
setenforce 0
swapoff -a
2、修改主机名
hostnamectl set-hostname master01 && su
hostnamectl set-hostname node01 && su
hostnamectl set-hostname node02 && su
hostnamectl set-hostname harbor && su
3、添加hosts
cat >> /etc/hosts << EOF
192.168.3.11 master01
192.168.3.12 node01
192.168.3.13 node02
EOF
4、加载ip_v4
#将桥接的 IPV4 流量传递到 iptables 链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
5、时间同步
yum -y install ntpdate
ntpdate time.windows.com
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install epel-release && yum clean all && yum makecache #如果无法安装docker再执行
yum -y install docker-ce-18.06.1.ce-3.el7 #版本可自选,该版本比较稳定
systemctl start docker && systemctl enable docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://g39835el.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all && yum makecache
yum -y install kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0 --nogpgcheck
systemctl enable kubelet
kubeadm init \
--apiserver-advertise-address=192.168.3.11 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.18.0 \
--service-cidr=10.99.0.0/12 \
--pod-network-cidr=10.244.0.0/16
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.3.11:6443 --token wcdrcb.81ciedtnz0lci25r \
--discovery-token-ca-cert-hash sha256:24b1204f4886b34e846a7f532119145ff8778450bbad0b2d9f59995a0cc4ce79
要记得token
参数说明
kubeadm init \
--apiserver-advertise-address=10.0.0.116 \ #指定master监听的地址,修改为自己的master地址
--image-repository registry.aliyuncs.com/google_containers \ #指定为aliyun的下载源,最好用国内的
--kubernetes-version v1.18.0 \ #指定k8s版本,1.18.0版本比较稳定
--service-cidr=10.96.0.0/12 \ #设置集群内部的网络
--pod-network-cidr=10.244.0.0/16 #设置pod的网络
# service-cidr 和 pod-network-cidr 最好就用这个,不然需要修改后面的 kube-flannel.yaml 文件
#如果忘了token,可以执行下面的命令进行查看
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
node 节点加入集群需要生成的 token,token 有效期为 24 小时,过期需要重新创建,创建命令为 kubeadm token create --print-join-command
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
[root@node01 ~]# kubeadm join 192.168.3.11:6443 --token wcdrcb.81ciedtnz0lci25r \
--discovery-token-ca-cert-hash sha256:24b1204f4886b34e846a7f532119145ff8778450bbad0b2d9f59995a0cc4ce79
[root@master01 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 NotReady master 61m v1.18.0
node01 NotReady 97s v1.18.0
node02 NotReady 55s v1.18.0
#国外网站
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#国内网站
wget http://120.78.77.38/file/kube-flannel.yaml
#需要时间安装
kubectl apply -f kube-flannel.yaml
#查看安装进度,需要等一会儿
[root@master01 ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-7ff77c879f-bnnzv 1/1 Running 0 65m
coredns-7ff77c879f-fp6wj 1/1 Running 0 65m
etcd-master01 1/1 Running 0 65m
kube-apiserver-master01 1/1 Running 0 65m
kube-controller-manager-master01 1/1 Running 0 65m
kube-flannel-ds-amd64-4lgfg 1/1 Running 0 2m49s
kube-flannel-ds-amd64-lwj44 1/1 Running 0 2m49s
kube-flannel-ds-amd64-x85d7 1/1 Running 0 2m49s
kube-proxy-dkpd4 1/1 Running 0 6m33s
kube-proxy-nh6dx 1/1 Running 0 5m51s
kube-proxy-zv4q9 1/1 Running 0 65m
kube-scheduler-master01 1/1 Running 0 65m
[root@master01 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master01 Ready master 66m v1.18.0
node01 Ready 6m56s v1.18.0
node02 Ready 6m14s v1.18.0
#默认命名空间现在是没有pod的
[root@master01 ~]# kubectl get pod
No resources found in default namespace.
[root@master01 ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
#暴露端口供外网访问
[root@master01 ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@master01 ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-f89759699-lb6mg 1/1 Running 0 49s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 443/TCP 69m
service/nginx NodePort 10.97.121.90 80:31350/TCP 10s
# nginx 暴露了 31350 端口,http://nodeIP:port 访问,任意节点 IP 都可以
[root@master ~]# curl 192.168.3.12:31350
wget http://120.78.77.38/file/kubernetes-dashboard.yaml
修改 kubernetes-dashboard.yaml,增加一行 nodePort: 30001,如图所示,光标处为增加的行,端口自行选定,不冲突就行
[root@master01 ~]# ls
anaconda-ks.cfg kube-flannel.yaml 公共 视频 文档 音乐
initial-setup-ks.cfg kubernetes-dashboard.yaml 模板 图片 下载 桌面
[root@master01 ~]# vim kubernetes-dashboard.yaml
[root@master01 ~]# kubectl apply -f kubernetes-dashboard.yaml
[root@master01 ~]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-694557449d-b4w56 1/1 Running 0 66s
kubernetes-dashboard-9774cc786-w57x2 1/1 Running 0 66s
dashboard-metrics 所在节点采集监控指标,kubernetes-dashboard 所在节点为 web 管理页面
[root@master01 ~]# kubectl get pod -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-694557449d-b4w56 1/1 Running 0 2m13s 10.244.2.3 node02
kubernetes-dashboard-9774cc786-w57x2 1/1 Running 0 2m13s 10.244.1.4 node01
查看后发现在node01节点上,所以访问node01节点
访问:https://192.168.3.12:30001
推荐使用火狐浏览器,用其他浏览器可能无法访问,因为缺少信任证书,信任证书制作参考:
https://blog.csdn.net/shenyuanhaojie/article/details/121951326?spm=1001.2014.3001.5501
5、我们使用 token 令牌登录,在 master 节点生成令牌
[root@master01 ~]# kubectl create serviceaccount dashboard-admin -n kube-system
[root@master01 ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
[root@master01 ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret |awk '/dashboard-admin/{pirnt $1}')