k8s 环境搭建

k8s 安装指南

介绍

• kubectl用于运行Kubernetes集群命令的管理工具。
• kubelet是主要的节点代理，它会监视已分配给节点的pod，具体功能：
• kubeadm Kubeadm 是一个工具

本次安装版本为：

• Kubernetes v1.19.2
• Docker

环境准备

• 操作系统

• 集群配置

  IP	角色	cpu	内存
  192.168.31.121	k8smaster	1	4G
  192.168.31.131	k8snode1	1	4G
  192.168.31.132	k8snode2	1	4G

192.168.31.121 k8smaster
192.168.31.131 k8snode1
192.168.31.132 k8snode2

系统配置

• 禁用selinux
• 禁用swap
• 设置rpm镜像源

安装docker

• 设置containerd.io源

   wget https://download.docker.com/linux/centos/7/x86_64/edge/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
   yum install containerd.io-1.2.6-3.3.el7.x86_64.rpm
  

• 安装docker

  curl -sSL https://get.daocloud.io/docker | sh
  

• 设置阿里云加速器并设置docker以systemd驱动启动

  sudo mkdir -p /etc/docker
  sudo tee /etc/docker/daemon.json <<-'EOF'
  {
  "exec-opts":["native.cgroupdriver=systemd"],   
  "log-driver": "json-file",
      "log-opts": {
      "max-size": "100m"
   },
  "storage-driver": "overlay2",
  "storage-opts": [
      "overlay2.override_kernel_check=true"
  ], 
  "registry-mirrors": ["https://xxx.mirror.aliyuncs.com"]
  }
  EOF
  sudo systemctl daemon-reload
  sudo systemctl restart docker
  

• 启动容器

  sudo systemctl restart docker
  

添加阿里kubernetes源

所有电脑

# cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

k8s master 安装

yum install kubectl kubelet kubeadm
systemctl enable kubelet

初始化集群

kubeadm init --kubernetes-version=1.19.2  \
--apiserver-advertise-address=192.168.31.121   \
--image-repository registry.aliyuncs.com/google_containers  \
--service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16

参数说明：

• apiserver-advertise-address: k8smaster ip地址
• image-repository 用来拉取 k8s 的镜像仓库地址
• service-cidr 指明用 Master 的哪个 interface 与 Cluster 的其他节点通信。
• pod-network-cidr Pod 网络的范围

初始化完毕返回如下信息表示成功：

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.31.121:6443 --token 8gkv2e.futyk4tc5ekh9p1g \
    --discovery-token-ca-cert-hash sha256:55931b102e704c98ce1acc63a0052789579ddbc9c2dcfccbc8fb7f9bb8f51573 

查看状态

kubectl get node
kubectl get pod --all-namespaces

node节点为NotReady，因为corednspod没有启动，缺少网络pod

安装网络

这里选择calico网络

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

安装完网络后，等待片刻查看状态发现都启动成功了。

[root@k8smaster .kube]# kubectl get pod --all-namespaces
NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-c9784d67d-8p2qd   1/1     Running   0          2m59s
kube-system   calico-node-drm2r                         1/1     Running   0          2m59s
kube-system   coredns-6d56c8448f-gp4n9                  1/1     Running   0          14m
kube-system   coredns-6d56c8448f-hsmkm                  1/1     Running   0          14m
kube-system   etcd-k8smaster                            1/1     Running   0          14m
kube-system   kube-apiserver-k8smaster                  1/1     Running   0          14m
kube-system   kube-controller-manager-k8smaster         1/1     Running   0          14m
kube-system   kube-proxy-n2vzn                          1/1     Running   0          14m
kube-system   kube-scheduler-k8smaster                  1/1     Running   0          14m
[root@k8smaster .kube]# kubectl get node
NAME        STATUS   ROLES    AGE   VERSION
k8smaster   Ready    master   15m   v1.19.2

安装dashborad

• 安装

  wget  https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml
  kubectl apply -f recommended.yaml
  

• 自定义token生成

  mkdir dashboard-certs
  cd dashboard-certs/
  #创建命名空间
  kubectl create namespace kubernetes-dashboard
  # 创建key文件
  openssl genrsa -out dashboard.key 2048
  #证书请求
  openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
  #自签证书
  openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
  #创建kubernetes-dashboard-certs对象
  kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
  

• 设置管理员

#创建账号：
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namespace: kubernetes-dashboard

---
#为用户分配权限：
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-bind-cluster-role
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard

使管理员生效

kubectl apply dashboard-admin.yaml

• 查看dashboard-admin账户的登录 token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')

工作站点接入

1. 将主节点中的【/etc/kubernetes/admin.conf】文件拷贝到从节点相同目录下
2. 执行脚本

   mkdir -p $HOME/.kube
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
   sudo chown $(id -u):$(id -g) $HOME/.kube/config
   

参考文档

• 使用kubeadm在Centos8上部署kubernetes1.18
• Kubernetes 1.8.x 全手动安装教程