环境
master |
Centos7 |
192.168.174.100 |
内存=4G |
master |
node1 |
Centos7 |
192.168.174.101 |
内存=4G |
node1 |
node2 |
Centos7 |
192.168.174.102 |
内存=4G |
node2 |
执行脚本
1 2 3 4 5 6 7 8 9 10 11 12 13 14
| # 时区 与 主机名 timedatectl set-timezone Asia/Shanghai hostnamectl set-hostname master hostnamectl set-hostname node1 hostnamectl set-hostname node2 # hosts网络主机配置 echo "192.168.174.100 master" >> /etc/hosts echo "192.168.174.101 node1" >> /etc/hosts echo "192.168.174.102 node2" >> /etc/hosts # 关闭防火墙 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 systemctl disable firewalld systemctl stop firewalld
|
安装Docker
准备
启动docker
1
| systemctl enable docker && systemctl start docker
|
关闭swap
1 2 3
| swapoff -a vim /etc/fstab 注释最后一行
|
配置内核转发参数
1 2 3 4 5 6
| cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 EOF modprobe br_netfilter echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
|
配置安装源
1 2 3 4 5 6 7 8 9
| cat > /etc/yum.repos.d/kubernetes.repo << E0F [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 EOF yum check-update
|
安装kube-admin
master节点
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
| # 安装kubeadm yum -y install kubectl-1.20.6 kubelet-1.20.6 kubeadm-1.20.6 systemctl enable kubelet && systemctl start kubelet # 主节点初始化 kubeadm init --kubernetes-version=1.20.6 \ --apiserver-advertise-address=192.168.174.100 \ --image-repository=registry.aliyuncs.com/google_containers \ --service-cidr=192.168.31.0/24 \ --pod-network-cidr=172.31.0.0/16
# 上面指令执行后,会生成计算节点加入集群的命令,复制到文件 # kubeadm join 192.168.174.100:6443 --token onrw0v.fbr49ehr2i5yb3dk \
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
|
注:apiserver-advertise-address 为主节点ip地址
计算节点
1 2 3 4 5 6
| # 安装 kubelet, kubeadm yum -y install kubelet-1.20.6 kubeadm-1.20.6 systemctl enable kubelet && systemctl start kubelet # 将计算节点添加到k8s集群中 kubeadm join 192.168.174.100:6443 --token onrw0v.fbr49ehr2i5yb3dk \ --discovery-token-ca-cert-hash sha256:5587d91e7c33e597f2a199d7f7ec27dc4d6a586e37d7b28dbde33c8f698812ba
|
部署calico网络插件
作用:容器跨宿主机通讯
主节点:
1 2 3
| mkdir -p $HOME/app/kube/yaml && cd $HOME/app/kube/yaml wget https://docs.projectcalico.org/manifests/calico.yaml kubectl create -f calico.yaml
|
部署dashboard
下载dashboard安装yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
修改yaml文件,令以NodePort方式访问dashboard,指定dashboard安装在master节点上
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
|
spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30000 spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: nodeName: master containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.1.0
kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper annotations: seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' spec: nodeName: master containers: - name: dashboard-metrics-scraper image: kubernetesui/metrics-scraper:v1.0.6
|
创建dashboard应用
kubectl apply -f recommended.yaml
创建admin账号
dashboard默认的账号无权限管理其他namespace下的资源,故为集群创建admin账号
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
| apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
|
生成token
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
访问dashboard
https://master:30000 粘贴上面生成的token
遇到问题
无法访问dashboard地址master:30000
原因:master节点eth0网卡未转发虚拟网卡的数据包
1 2 3 4 5 6
| cat > /etc/sysctl.d/99-ipv4_forward.conf <<EOF net.ipv4.ip_forward=1 EOF
sysctl --load=/etc/sysctl.d/99-ipv4_forward.conf # 或重启网络服务:systemctl restart network
|
dashboard日志报错
部署metrics-server应用
References