为了更好学习K8S,建议自行搭建一套K8S的环境,目前比较流行的有两种搭建工具,一种是单机版的minkube,一种是集群版的kubeadm。minkube更多是用于实验环境,且单机版隐藏了很多细节,而kubeadm更贴近实际生产环境,且搭建也较简单,所以本案就选择kubeadm。
建议最小硬件配置2C2G20G,服务器能访问外网,需要拉取镜像。这里使用百度云的2台云服务器BCC,其配置规划如下:
服务器名称 | 节点类型 | 操作系统 | 硬件配置 | ip |
k8s-master | Master | CentOS Linux release 8.4.2105 (内核:4.18.0-348.7.1.el8_5.x86_64) |
2C4G80G | 192.168.16.4 |
k8s-node1 | Worker | CentOS Linux release 8.4.2105 (内核:4.18.0-348.7.1.el8_5.x86_64) |
2C4G80G | 10.0.0.4 |
一般情况下,这两台机器位于同一个ip段,但也不是强制要求,只有网络能通即可。
软件 | 版本 |
Docker | 20.10.21 |
Kubernetes | 1.23 |
按照规划的节点修改主机名,可以直接在百度云服务控制台上修改,也可以使用命令修改。
1)查看当前的主机名
[root@kubernetes01 ~]# hostname
kubernetes01
2)修改主机名
[root@kubernetes01 ~]# hostnamectl set-hostname k8s-master
[root@kubernetes01 ~]# hostname
k8s-master
3)修改/etc/hosts
[root@kubernetes01 ~]# vi /etc/hosts
修改如下信息并保存
192.168.16.4 k8s-master k8s-master
最终的结果如下:
[root@kubernetes01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.16.4 k8s-master k8s-master
firewalld会影响Docker的网络功能,要提前禁掉。
[root@k8s-master ~]# systemctl stop firewalld && systemctl disable firewalld
SELinux是2.6+版本的Linux内核中提供的强制访问控制系统,在很大程度上加强了Linux的安全性,但是它会影响Kubernetes的某些组件功能,所以我们需要在安装部署前将其禁用掉。
1)关闭selinux
关闭selinux有两种方式
#1、临时关闭
setenforce 0
#2、永久关闭
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
这里使用临时关闭
[root@k8s-master ~]# setenforce 0
setenforce: SELinux is disabled
2)修改后可以检查下状态
[root@k8s-master ~]# sestatus
SELinux status: disabled
为了提升性能,建议关闭swap分区
1)关闭分区
同样关闭分区也有两种方式
#临时关闭
swapoff -a
#永久关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab
这里使用临时关闭
[root@k8s-master ~]# swapoff -a
2)检查是否都已经关闭,swap一行都为0表示关闭。
[root@k8s-master ~]# free -m
total used free shared buff/cache available
Mem: 3920 276 3045 2 597 3421
Swap: 0 0 0
1)编辑kubernetes.conf
[root@k8s-master ~]# vim /etc/sysctl.d/kubernetes.conf
填写如下内容
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
--net.bridge.bridge-nf-call-iptables=1:开启ipv4的过滤规则。
--net.bridge.bridge-nf-call-ip6tables=1:开启iptables中ipv6的过滤规则。
--net.ipv4.ip_forward=1:开启服务器的路由转发功能。
--vm.swappiness=0:禁止使用swap 空间,只有当系统OOM 时才允许使用它。
2)加载所有配置项
[root@k8s-master ~]# sysctl --system
1)配置阿里云的docker源
[root@k8s-master ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
--2022-11-01 22:37:41-- https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 61.240.128.243, 61.240.128.240, 61.240.128.238, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|61.240.128.243|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2081 (2.0K) [application/octet-stream]
Saving to: 鈥etc/yum.repos.d/docker-ce.repo鈥
/etc/yum.repos.d/docker-ce.repo 100%[==================================================================================================>] 2.03K --.-KB/s in 0s
2022-11-01 22:37:41 (47.9 MB/s) - 鈥etc/yum.repos.d/docker-ce.repo鈥saved [2081/2081]
2)安装docker相关版本
可以按照指定版本,也可以不指定安装最新版本
#安装指定版本
yum install -y docker-ce-20.10.21 docker-ce-cli-20.10.21 containerd.io
#或者安装最新版本
yum install -y docker-ce docker-ce-cli containerd.io
这里我们安装最新版本
[root@k8s-master ~]# yum install -y docker-ce docker-ce-cli containerd.io
Docker CE Stable - x86_64 44 kB/s | 31 kB 00:00
Dependencies resolved.
....
...
Complete!
整个过程会持续1-2分钟。
3) 启动docker并设置docker开机自启
[root@k8s-master ~]# systemctl enable docker && systemctl start docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service 鈫/usr/lib/systemd/system/docker.service.
4)查看版本号
[root@k8s-master ~]# docker --version
Docker version 20.10.21, build baeda1f
5)配置daemon.json
编辑daemon.json
[root@k8s-master ~]# vim /etc/docker/daemon.json
填写以下内容
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://tl522tpb.mirror.aliyuncs.com"]
}
--exec-opts,运行时执行选项,docker驱动默认为cgroupfs,需要和k8s保持一致,修改为systemd
--registry-mirrors,阿里的容器加速地址,可以在阿里云->容器镜像服务->镜像加速器,找到属于自己账号的加速器,当然也可以使用本例提供的这个,目前是不收费的。获取教程可以参考:Docker入门到实践 (一) docker简介与安装_零碎de記憶的博客-CSDN博客
加载配置并重启服务
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart docker
1)配置阿里云的Kubernetes源
编辑kubernetes.repo文件
[root@k8s-master ~]# vim /etc/yum.repos.d/kubernetes.repo
填写以下内容
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
--enable=1:表示启用这个源
--gpgcheck=1:表示对这个源下载的rpm包进行校验
--repo_gpgcheck=0:某些安全性配置文件会在 /etc/yum.conf 内全面启用 repo_gpgcheck,以便能检验软件库中数据的加密签署,如果repo_gpgcheck设置为1,会进行校验。
2)安装指定版本
[root@k8s-master ~]# yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
....
Complete!
整个过程会持续1-2分钟。
3)检查版本安装是否正确
[root@k8s-master ~]# kubelet --version
Kubernetes v1.23.0
[root@k8s-master ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"ab69524f795c42094a6630298ff53f3c3ebab7f4", GitTreeState:"clean", BuildDate:"2021-12-07T18:16:20Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"linux/amd64"}
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@k8s-master ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"ab69524f795c42094a6630298ff53f3c3ebab7f4", GitTreeState:"clean", BuildDate:"2021-12-07T18:15:11Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"linux/amd64"}
4)将kubelet设置开机自启动
[root@k8s-master ~]# systemctl enable kubelet
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service 鈫/usr/lib/systemd/system/kubelet.service.
1)先看K8S Master节点需要的组件镜像和版本
[root@k8s-master ~]# kubeadm config images list --kubernetes-version=v1.23.0
k8s.gcr.io/kube-apiserver:v1.23.0
k8s.gcr.io/kube-controller-manager:v1.23.0
k8s.gcr.io/kube-scheduler:v1.23.0
k8s.gcr.io/kube-proxy:v1.23.0
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6
2)编辑下载镜像sh文件
[root@k8s-master ~]# vi k8s-image-download.sh
填入以下内容
#!/bin/bash
images=(kube-proxy:v1.23.0 kube-scheduler:1.23.0 kube-controller-manager:v1.23.0
kube-apiserver:v1.23.0 etcd:3.5.1-0 coredns/coredns:v1.8.6 pause:3.6)
for imageName in ${images[@]} ; do
docker pull registry.aliyuncs.com/google_containers/$imageName
docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
docker rmi registry.aliyuncs.com/google_containers/$imageName
done
设置可执行权限,并执行
[root@k8s-master ~]# chmod +x k8s-image-download.sh
[root@k8s-master ~]# ./k8s-image-download.sh
这个下载过程会持续5-10分钟,执行完毕后,检查下版本
[root@k8s-master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-apiserver v1.23.0 e6bf5ddd4098 11 months ago 135MB
k8s.gcr.io/kube-scheduler v1.23.0 56c5af1d00b5 11 months ago 53.5MB
k8s.gcr.io/kube-proxy v1.23.0 e03484a90585 11 months ago 112MB
k8s.gcr.io/kube-controller-manager v1.23.0 37c6aeb3663b 11 months ago 125MB
k8s.gcr.io/etcd 3.5.1-0 25f8c7f3da61 12 months ago 293MB
k8s.gcr.io/coredns v1.8.6 a4ca41631cc7 13 months ago 46.8MB
k8s.gcr.io/pause 3.6 6270bb605e12 14 months ago 683kB
可以看到coredns(coredns:v1.8.6)与所需要的镜像名称不一致(coredns/coredns:v1.8.6,这里修改下即可
docker tag k8s.gcr.io/coredns:v1.8.6 k8s.gcr.io/coredns/coredns:v1.8.6
3)初始化
执行初始化指令
[root@k8s-master ~]# kubeadm init \
--apiserver-advertise-address=192.168.16.4 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.23.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
--apiserver-advertise-address:指定用master节点的ip地址 与 Cluster的其他节点通信。
--image-repository:Kubenetes默认Registries地址是 k8s.gcr.io,一般在国内并不能访问 gcr.io,
可以将其指定为阿里云镜像地址:registry.aliyuncs.com/google_containers。
--kubernetes-version=v1.23.0:指定要安装kubernetes的版本号。
--service-cidr:指定Service网络的范围,即负载均衡VIP使用的IP地址段。
--pod-network-cidr:指定Pod网络的范围,即Pod的IP地址段。
注意:这里需要将apiserver-advertise-address的值修改的你的master节点ip(比如本例的192.168.16.4),其他的不需要修改。pod的CIDR地址端10.244.0.0/16要和后面的网络配置保持一致。
看到如下的提示界面,恭喜你,初始化成功。
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.16.4:6443 --token yjhjnc.sm8mq8r7uxs08336 \
--discovery-token-ca-cert-hash sha256:31ab3f93149786600583d2467722da47887bbbe76442416caf5888b9a186f728
注意:提示中的如下信息需要记录下来,后续node节点加入需要使用该指令。需要注意,其token的有效期为24小时。
kubeadm join 192.168.16.4:6443 --token yjhjnc.sm8mq8r7uxs08336 \
--discovery-token-ca-cert-hash sha256:31ab3f93149786600583d2467722da47887bbbe76442416caf5888b9a186f728
注意:初始化失败,需要回滚,执行命令,删除旧的文件
rm -rf /etc/kubernetes/manifests/kube-apiserver.yaml
rm -rf /etc/kubernetes/manifests/kube-controller-manager.yaml
rm -rf /etc/kubernetes/manifests/kube-scheduler.yaml
rm -rf /etc/kubernetes/manifests/etcd.yaml
rm -rf /var/lib/etcd/*
4)按照提示,需要执行以下的指令
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
5)健康检查
此时,我们master节点所需的组件已经安装完成了,检查是否正常的。
[root@k8s-master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true","reason":""}
接下来我们配置网络插件,K8S的网络有多种插件,比如flannel,weave,Calico等,这里我们使用Calico网络插件。
1)下载Calico插件的部署yaml文件
[root@k8s-master ~]# curl https://docs.projectcalico.org/manifests/calico.yaml -O
2)修改pod的cidr块
修改calico.yaml文件中的pod cidr地址端,需要和初始化中定义的保持一致,即10.244.0.0/16
[root@k8s-master ~]# vim calico.yaml
找到如下内容
#- name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
取消注释,并将value配置成10.244.0.0/16
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16"
3)部署插件
通过kubectl执行,执行yaml文件
[root@k8s-master ~]# kubectl apply -f calico.yaml
这个时间要持续2-3分钟,部署过程中,可以检查pod安装状态,成功后会显示running。
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-6b8c67b6b5-fsp65 1/1 Running 0 5m52s
calico-node-f976g 1/1 Running 0 5m52s
coredns-6d8c4cb4d-9n8jg 1/1 Running 0 11h
coredns-6d8c4cb4d-kmh4l 1/1 Running 0 11h
etcd-k8s-master 1/1 Running 0 11h
kube-apiserver-k8s-master 1/1 Running 0 11h
kube-controller-manager-k8s-master 1/1 Running 0 11h
kube-proxy-db9dm 1/1 Running 0 11h
kube-scheduler-k8s-master 1/1 Running 0 11h
再检查的master节点状态
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 11h v1.23.0
可以看到目前仅一个master节点,其状态已经Ready。至此,master节点已完成部署。
Master节点安装完成后,我们继续安装node节点。
这里不再逐步介绍,直接给出所有的指令集
#1、修改主机名
[root@kubernetes02 ~]# hostnamectl set-hostname k8s-node1
[root@kubernetes02 ~]# vi /etc/hosts
#修改后的内容
[root@kubernetes02 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.4 k8s-node1 k8s-node1
#2、关闭防火墙
[root@k8s-node1 ~]# systemctl stop firewalld && systemctl disable firewalld
#3、关闭selinux分区
[root@k8s-node1 ~]# setenforce 0
setenforce: SELinux is disabled
#4、关闭swap分区
[root@k8s-node1 ~]# swapoff -a
[root@k8s-node1 ~]# free -m
total used free shared buff/cache available
Mem: 3920 272 3269 2 378 3426
Swap: 0 0 0
#5、编辑kubernetes.conf
[root@k8s-node1 ~]# vim /etc/sysctl.d/kubernetes.conf
#编辑的内容
[root@k8s-node1 ~]# cat /etc/sysctl.d/kubernetes.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
加载配置项
[root@k8s-node1 ~]# sysctl --system
#6、配置阿里云的docker源
[root@k8s-node1 ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#7、安装docker的最新版本
[root@k8s-node1 ~]# yum install -y docker-ce docker-ce-cli containerd.io
#8、设置docker开机启动
[root@k8s-node1 ~]# systemctl enable docker && systemctl start docker
#检查版本
[root@k8s-node1 ~]# docker --version
Docker version 20.10.21, build baeda1f
#9、配置daemon.json
[root@k8s-node1 ~]# vim /etc/docker/daemon.json
#配置后的内容
[root@k8s-node1 ~]# cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://tl522tpb.mirror.aliyuncs.com"]
}
#加载配置并重启服务
[root@k8s-node1 ~]# systemctl daemon-reload
[root@k8s-node1 ~]# systemctl restart docker
#10、#配置阿里云的Kubernetes源
#编辑kubernetes.repo文件
[root@k8s-node1 ~]# vim /etc/yum.repos.d/kubernetes.repo
#填下如下内容
[root@k8s-node1 ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
#11、安装kubelet kubeadm kubectl
[root@k8s-node1 ~]# yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
#检查安装版本
[root@k8s-node1 ~]# kubelet --version
Kubernetes v1.23.0
[root@k8s-node1 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"ab69524f795c42094a6630298ff53f3c3ebab7f4", GitTreeState:"clean", BuildDate:"2021-12-07T18:16:20Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"linux/amd64"}
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@k8s-node1 ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.0", GitCommit:"ab69524f795c42094a6630298ff53f3c3ebab7f4", GitTreeState:"clean", BuildDate:"2021-12-07T18:15:11Z", GoVersion:"go1.17.3", Compiler:"gc", Platform:"linux/amd64"}
#设置开机启动
[root@k8s-node1 ~]# systemctl enable kubelet
执行Maser节点给出的kubeadm join指令
[root@k8s-node1 ~]# kubeadm join 192.168.16.4:6443 --token yjhjnc.sm8mq8r7uxs08336 \
--discovery-token-ca-cert-hash sha256:31ab3f93149786600583d2467722da47887bbbe76442416caf5888b9a186f728
执行成功后,显示:
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
我们再到master节点执行获取node信息指令
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 15h v1.23.0
k8s-node1 Ready 3m23s v1.23.0
可以看到K8S集群中添加了k8s-node1节点,状态是Ready。
注意:如果在安装master节点时,没有记录下kubadm join那段指令,怎么办?可以重新组装,操作步骤如下:
#1、查看之前的token或者生成新的临时token
#查看之前的token指令
[root@k8s-master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
yjhjnc.sm8mq8r7uxs08336 8h 2022-11-05T15:44:15Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
#或者生成新的token
[root@k8s-master ~]# kubeadm token create
vbjmbg.n72o83uxorvwskts
#2、获取ca证书的sha256编码hash值
[root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
31ab3f93149786600583d2467722da47887bbbe76442416caf5888b9a186f728
#3、组装新的join指令
[root@k8s-master ~]# kubeadm join 192.168.16.4:6443 --token vbjmbg.n72o83uxorvwskts \
--discovery-token-ca-cert-hash sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
通过以上步骤,我们的K8S的集群搭建完成,下面我们运行一个pod验证下。
创建nginx-test-pod.yaml文件
[root@k8s-master ~]# vi nginx-test-pod.yaml
其内容如下:
apiVersion: v1
kind: Pod
metadata:
name: nginx-test-pod
spec:
containers:
- name: nginx
image: nginx:1.8
[root@k8s-master ~]# kubectl apply -f nginx-test-pod.yaml
pod/nginx-test-pod created
待创建完成后,可以查看pod信息
[root@k8s-master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-test-pod 1/1 Running 0 82s 10.244.36.65 k8s-node1
此时名为nginx-test-pod的pod已经处于running状态,pod的ip地址为10.244.36.65,运行在k8s-node1节点上。访问下该nginx网址
[root@k8s-master ~]# curl http://10.244.36.65
Welcome to nginx!
nginx可以正确访问了。
注意:如果创建pod出错,可以通过查询pod的详细信息
[root@k8s-master ~]# kubectl describe pods nginx-test-pod
在Master节点上可以通过kubectl指令进行操作,但是命令行不直观,可以装个dashboard插件。
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
[root@k8s-master ~]# vi recommended.yaml
增加如下两行:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #添加
ports:
- nodePort: 30009 #添加
port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
注意:yaml文件编写,冒号与后面字符之间有个空格,type:空格NodePort
[root@k8s-master ~]# kubectl apply -f recommended.yaml
执行完成后,检查pod和service是否安装完成。
[root@k8s-master ~]# kubectl get pod,svc -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-6f669b9c9b-2z2wt 1/1 Running 0 25m 10.244.36.67 k8s-node1
pod/kubernetes-dashboard-54c5fb4776-vkftv 1/1 Running 0 25m 10.244.36.66 k8s-node1
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 10.97.13.233 8000/TCP 25m k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard NodePort 10.103.33.69 443:30009/TCP 25m k8s-app=kubernetes-dashboard
[root@k8s-master ~]# kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token
Name: namespace-controller-token-k5b79
Type: kubernetes.io/service-account-token
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImpoSnJkVU9wSU15YUwzUnZKQUtWei0wbzB4MzQ5Z2VBcVVDX3pHcG1xOFUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlci10b2tlbi1rNWI3OSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjFiNzdmNWQxLTFiMWQtNDgwOS05MzdkLTRiYzBlYWNlNmQ2NSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuYW1lc3BhY2UtY29udHJvbGxlciJ9.MibDU31N76cgnjOwQ18xt0TQ3EI-qbR4VoORkzIqWpi3JIU_dbGJ94CMD_HjVQyQD8DUwS5H2IYth8lZRiGLWzbKs-AC212jatGLo6Ltigj5gdSBdJmUFr_E0shP-P4vNJ776DFhGjD4ymaWpQE_cP1NljtJL9M8nI2juzLYHt4fUHYdB4w0JNDDi7PfCr05QgYVIfrAjTA0r-V95W-XX4sF8Ztf0nqKzcBnNFxqT2ygfNQrIoyBIJAqEmif1IKEdhl5N62NIFlpD9ARsYTSZQLojN7f4Del3hZu-JjLLh0ESF1btDM-aEZYdmUtbH22jPX6_sU1i7_2D1VrsEeEtg
访问如下地址https://192.168.16.4:30009
填写token值,进入控制台界面,可以查看K8S集群的相关信息。
基于kubeadm的安装过程相对比较简单,执行过程中如果有问题,网上的资料也比较多,建议多摸索,多试验几次。
K8S初级入门系列之一-概述
K8S初级入门系列之二-集群搭建
K8S初级入门系列之三-Pod的基本概念和操作
K8S初级入门系列之四-Namespace/ConfigMap/Secret
K8S初级入门系列之五-Pod的高级特性
K8S初级入门系列之六-控制器(RC/RS/Deployment)
K8S初级入门系列之七-控制器(Job/CronJob/Daemonset)
K8S初级入门系列之八-网络
K8S初级入门系列之九-共享存储
K8S初级入门系列之十-控制器(StatefulSet)
K8S初级入门系列之十一-安全
K8S初级入门系列之十二-计算资源管理