1.脚本部署
#/bin/bash
hostnamectl set-hostname k8s-master1
echo "172.19.16.10 k8s-master1" >> /etc/hosts
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
swapoff -a
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter
lsmod | grep br_netfilter
cd /etc/yum.repos.d
mv CentOS-Base.repo CentOS-Base.repo.bak
curl -o CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/CentOS-Base.repo
curl -o docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all
yum makecache
yum repolist
yum list docker-ce --showduplicates | sort -r
yum install docker-ce-19.03.9 docker-ce-cli-19.03.9 containerd.io -y
systemctl start docker
systemctl enable docker
tee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors":["https://reg-mirror.qiniu.com/"]}
EOF
systemctl daemon-reload
systemctl restart docker
#安装kubeadm、kubelet和kubectl(根据需求 指定版本号 如果不指定 默认拉取最新的版本)
yum -y install kubelet-1.20.5 kubeadm-1.20.5 kubectl-1.20.5
systemctl enable kubelet
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
#address=172.19.16.10需要填写服务器内网,用公网无法启动
kubeadm init \
--apiserver-advertise-address=172.19.16.10 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.20.5 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16\
--ignore-preflight-errors=NumCPU
#安装calico网络插件
wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
#value改成第4步中的pod-network-cidr的IP:10.244.0.0/16
sed -i "s/192.168/10.244/g" calico.yaml
kubectl apply -f calico.yaml
默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,可以直接使用命令快捷生成:
kubeadm token create --print-join-command
2.部署dashboard
Dashboard是官方提供的一个UI,可用于基本管理K8s资源。
1、YAML下载地址:
https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
课件中文件名是:kubernetes-dashboard.yaml
默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部:
# 默认 dashboad 只能集群内部访问,修改 service 为 nodeport 类型,暴露到外部
wgethttps://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
vi recommended.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
type: NodePort
# 安装dashboard
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard
创建 service account 并绑定默认 cluster-admin 管理员集群角色:
# 创建用户
$ kubectl create serviceaccount dashboard-admin -n kube-system
# 用户授权
$ kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# 获取用户Token
$ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
访问地址:https://nodeip:30001,使用输出的 token 登录 dashboard
当创建单机版的 k8s 时,这个时候 master 节点是默认不允许调度 pod 。
kubectl taint nodes --all node-role.kubernetes.io/master-
将 master 标记为可调度即可
设置污点
NoSchedule: 一定不能被调度
PreferNoSchedule: 尽量不要调度
NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod
kubectl taint nodes node1 key1=value1:NoSchedule
kubectl taint nodes node1 key1=value1:NoExecute
kubectl taint nodes node1 key2=value2:NoSchedule
删除污点
kubectl taint node node1 key1:NoSchedule- # 这里的key可以不用指定value
kubectl taint node node1 key1:NoExecute-
kubectl taint node node1 key1- # 删除指定key所有的effect
kubectl taint node node1 key2:NoSchedule-
3…错误总结
问题:第3第4步版本拉取不一致导致出现
this version of kubeadm only supports deploying clusters with the control plane version >= 1.27.0. Current version: v1.20.5 To see the stack trace of this error execute with --v=5 or higher
解决方法:移除后指定对应版本
yum remove -y kubelet kubeadm kubectl
yum -y install kubelet-1.20.5 kubeadm-1.20.5 kubectl-1.20.5
问题:因为第4步环境变量设置的是临时的,重启或其他一些行为就会导致这个问题
The connection to the server localhost:8080 was refused - did you specify the right host or port?
解决方法:设置永久环境变量
vim /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
source /etc/profile
#安装Calico网络插件
wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml #如果下载不了就用浏览器访问,复制源码粘贴。记得在calico.yaml文件里的625行处把192.168.0.0/16修改为10.244.0.0/16。