暗中观察

CentOS 安装kubernetes集群(kubeadm)
1. Kubeadm 介绍及文档1.1文档官方: https://kubernetes.io/zh/docs...
扫描右侧二维码阅读全文
22
2019/01

CentOS 安装kubernetes集群(kubeadm)

1. Kubeadm 介绍及文档

1.1文档

官方:
https://kubernetes.io/zh/docs/
https://kubernetes.io/docs/setup/independent/install-kubeadm/
https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/

1.2架构图和基础环境

kubeadm.png

kubeadm-env.png

2. Kubeadm 安装必备条件 (三个节点)

2.1 设置主机名

修改完成后重新登录:

在192.168.2.173 master节点上执行

# sudo hostnamectl set-hostname k8-master01

在192.168.2.175 node01节点上执行

# sudo hostnamectl set-hostname k8-node01

在192.168.2.176 node02节点上执行

# sudo hostnamectl set-hostname k8-node02

2.2 设置hosts

修改hosts文件,加入以下内容:

# vi /etc/hosts
192.168.2.173 k8-master01
192.168.2.175 k8-node01
192.168.2.176 k8-node02

2.3 关闭防火墙

# systemctl stop firewalld && systemctl disable firewalld
# iptables -F && sudo iptables -X && sudo iptables -F -t nat && sudo iptables -X -t nat
# iptables -P FORWARD ACCEPT

2.4 同步系统时间

# yum install ntpdate -y
# ntpdate cn.pool.ntp.org

2.5 关闭swap分区

# swapoff -a
# sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

2.6 关闭selinux

# sed -i 's/enforcing/disabled/' /etc/selinux/config
# setenforce 0

2.7 安装docker

略! 修改以下:

# mkdir /etc/docker
# cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ],
  "registry-mirrors": ["https://w10kf8g4.mirror.aliyuncs.com"]
}
EOF
# mkdir -p /etc/systemd/system/docker.service.d
# systemctl daemon-reload
# systemctl restart docker

2.8 安装kubeadm , kubectl , kubelet

# cat << EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

# systemctl enable kubelet && systemctl start kubectl

# cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# sysctl --system

# systemctl daemon-reload
# systemctl restart kubelet

3. Kubeadm 安装master

3.1 拉取镜像

因为kubeadm需要拉取必要的镜像,这些镜像需要“科学上网”;所以可以先在docker hub或其他镜像仓库拉取kube-proxy、kube-scheduler、kube-apiserver、kube-controller-manager、etcd、pause镜像;并加上 --ignore-preflight-errors=all 忽略所有报错即可

使用kubeadm config images list 查看版本并定义

# K8S_VERSION=v1.13.2
# ETCD_VERSION=3.2.24
# DASHBOARD_VERSION=v1.10.1
# FLANNEL_VERSION=v0.10.0-amd64
# DNS_VERSION=1.2.6
# PAUSE_VERSION=3.1
# 基本组件
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:$K8S_VERSION
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:$K8S_VERSION
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:$K8S_VERSION
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:$K8S_VERSION
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:$ETCD_VERSION
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION
# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$DNS_VERSION
# 网络组件
# docker pull quay.io/coreos/flannel:$FLANNEL_VERSION
# 修改tag
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:$K8S_VERSION k8s.gcr.io/kube-apiserver:$K8S_VERSION
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:$K8S_VERSION k8s.gcr.io/kube-controller-manager:$K8S_VERSION
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:$K8S_VERSION k8s.gcr.io/kube-scheduler:$K8S_VERSION
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:$K8S_VERSION k8s.gcr.io/kube-proxy:$K8S_VERSION
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:$ETCD_VERSION k8s.gcr.io/etcd:$ETCD_VERSION
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION k8s.gcr.io/pause:$PAUSE_VERSION
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$DNS_VERSION k8s.gcr.io/coredns:$DNS_VERSION

3.2 初始化master

# kubeadm init --kubernetes-version=1.13.2  --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.2.173 --ignore-preflight-errors=all

参数说明:
 --kubernetes-version 指定kubeadm版本
--pod-network-cidr 指定pod所属网络
--service-cid 指定service网段
--ignore-preflight-errors=all 忽略所有 报错

3.3 创建kube目录

# mkdir -p $HOME/.kube
# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# sudo chown $(id -u):$(id -g) $HOME/.kube/config

3.4 安装flannel插件

# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

4. Kubeadm 安装node

4.1 拉取镜像

操作同3.1 (略)

4.2 加入集群

执行master节点安装完成后的kubeadm join 语句!
可以在master节点执行以下命令查看:

# kubeadm token create --print-join-command

kubeadm-node-join.png

然后在两个node节点上执行:

# kubeadm join 192.168.2.173:6443 --token 2qq9k0.n14cthyqbia3wf76 --discovery-token-ca-cert-hash sha256:b6a9427a8e45abd9df46ce47712bbdf07c5ea6514bf906d8aea395e950c9d40c

4.3 验证集群状态

在master节点上执行:

# kubectl get cs,nodes,pods -n kube-system -o wide

kubeadm-status.png

5. Kubeadm 测试安装(master节点)

5.1 安装nginx

# kubectl run nginx --image=nginx --replicas=3

5.2 访问nginx

# kubectl expose deployment nginx --port=88 --target-port=80 --type=NodePort
# kubectl get svc,nodes,pods -o wide

kubeadm-nginx.png

访问:
方式一: curl http://10.98.165.5:88 (任意node节点上)
方式二: curl http://192.168.2.175:31532 或者 curl http://192.168.2.176:31532

6. Kubeadm 安装dashboard

6.1 获取并修改yaml文件

# wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
# sed -i 's/k8s.gcr.io\/kubernetes-dashboard-amd64:v1.10.1/registry.cn-shanghai.aliyuncs.com\/qubit\/kubernetes-dashboard-amd64:v1.10.1/g' ./kubernetes-dashboard.yaml
# sed -i "157a  \  type: NodePort" ./kubernetes-dashboard.yaml

6.2 安装

# kubectl apply -f ./kubernetes-dashboard.yaml

6.3 创建登录令牌

# cat << EOF > ./kubernetes-dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
EOF

# kubectl apply -f ./kubernetes-dashboard-admin.yaml

6.4 登录dashboard

查看登录token:

# kubectl get secret -n kube-system

kubeadm-dashboard-token.png

# kubectl describe secret kubernetes-dashboard-token-xxx -n kube-system

kubeadm-dashboard-token-desc.png

获取访问地址:

# kubectl get svc,nodes,pods -o wide -n kube-system

kubeadm-dashboard-svc.png

访问界面(火狐浏览器):
https://192.168.2.175:32670
https://192.168.2.176:32670

kubeadm-dashboard-login.png

最后修改:2019 年 04 月 04 日 01 : 35 AM
如果觉得我的文章对你有用,请随意赞赏

发表评论