Jiaming Zhang's Blog
0%

k8s-安装kube-admin

发表于 更新于 分类于

环境

机器名 系统 ip 资源 hostname
master Centos7 192.168.174.100 内存=4G master
node1 Centos7 192.168.174.101 内存=4G node1
node2 Centos7 192.168.174.102 内存=4G node2

执行脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 时区 与 主机名
timedatectl set-timezone Asia/Shanghai
hostnamectl set-hostname master
hostnamectl set-hostname node1   
hostnamectl set-hostname node2    
# hosts网络主机配置
echo "192.168.174.100 master" >> /etc/hosts
echo "192.168.174.101 node1" >> /etc/hosts
echo "192.168.174.102 node2" >> /etc/hosts
# 关闭防火墙
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl disable firewalld
systemctl stop firewalld

安装Docker

准备

启动docker

1
systemctl enable docker && systemctl start docker

关闭swap

1
2
3
swapoff -a
vim /etc/fstab
注释最后一行

配置内核转发参数

1
2
3
4
5
6
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
EOF
modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

配置安装源

1
2
3
4
5
6
7
8
9
cat > /etc/yum.repos.d/kubernetes.repo << E0F
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
EOF
yum check-update

安装kube-admin

master节点

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 安装kubeadm
yum -y install kubectl-1.20.6 kubelet-1.20.6 kubeadm-1.20.6
systemctl enable kubelet && systemctl start kubelet
# 主节点初始化
kubeadm init --kubernetes-version=1.20.6 \
--apiserver-advertise-address=192.168.174.100 \
--image-repository=registry.aliyuncs.com/google_containers \
--service-cidr=192.168.31.0/24 \
--pod-network-cidr=172.31.0.0/16

# 上面指令执行后,会生成计算节点加入集群的命令,复制到文件
# kubeadm join 192.168.174.100:6443 --token onrw0v.fbr49ehr2i5yb3dk \
#  --discovery-token-ca-cert-hash sha256:5587d91e7c33e597f2a199d7f7ec27dc4d6a586e37d7b28dbde33c8f698812ba

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

注:apiserver-advertise-address 为主节点ip地址

image-20220312094835198

计算节点

1
2
3
4
5
6
# 安装 kubelet, kubeadm
yum -y install kubelet-1.20.6 kubeadm-1.20.6
systemctl enable kubelet && systemctl start kubelet
# 将计算节点添加到k8s集群中
kubeadm join 192.168.174.100:6443 --token onrw0v.fbr49ehr2i5yb3dk \
    --discovery-token-ca-cert-hash sha256:5587d91e7c33e597f2a199d7f7ec27dc4d6a586e37d7b28dbde33c8f698812ba

部署calico网络插件

作用:容器跨宿主机通讯

主节点:

1
2
3
mkdir -p $HOME/app/kube/yaml && cd $HOME/app/kube/yaml
wget https://docs.projectcalico.org/manifests/calico.yaml
kubectl create -f calico.yaml

部署dashboard

下载dashboard安装yaml文件

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

修改yaml文件,令以NodePort方式访问dashboard,指定dashboard安装在master节点上

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# 修改 recommended.yaml 
# 第40行-44行
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000
      
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      
      # 设置在master节点启动
      nodeName: master
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.1.0

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
      annotations:
        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
    spec:
      # 设置在master节点启动
      nodeName: master
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.6

创建dashboard应用

kubectl apply -f recommended.yaml

创建admin账号

dashboard默认的账号无权限管理其他namespace下的资源,故为集群创建admin账号

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

生成token

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

访问dashboard

https://master:30000 粘贴上面生成的token

遇到问题

无法访问dashboard地址master:30000

原因:master节点eth0网卡未转发虚拟网卡的数据包

1
2
3
4
5
6
cat > /etc/sysctl.d/99-ipv4_forward.conf <<EOF
net.ipv4.ip_forward=1
EOF

sysctl --load=/etc/sysctl.d/99-ipv4_forward.conf
# 或重启网络服务:systemctl restart network

dashboard日志报错

部署metrics-server应用

References