gitlab+jenkins+harbor+k8s安装操作流程之K8S
安装K8S
kubeadm安装k8s 前期环境准备
###所有节点,关闭防火墙规则,关闭selinux,关闭swap交换
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/enforcing/disabled/' /etc/selinux/config
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
#交换分区必须要关闭
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
#永久关闭swap分区,&符号在sed命令中代表上次匹配的结果
#调整内核参数
cat > /etc/sysctl.d/k8s.conf << EOF
#开启网桥模式,可将网桥的流量传递给iptables链
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#关闭ipv6协议
net.ipv6.conf.all.disable_ipv6=1
net.ipv4.ip_forward=1
EOF
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv6.conf.all.disable_ipv6=1
net.ipv4.ip_forward=1
EOF
sysctl --system
所有节点安装docker
###安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io
systemctl start docker.service
systemctl enable docker.service
##修改配置文件和镜像加速
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://ysmprsek.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "500m", "max-file": "3"
}
}
EOF
systemctl daemon-reload
systemctl restart docker
所有节点
###定义kubernetes源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.20.15 kubeadm-1.20.15 kubectl-1.20.15
###开机自启kubelet
systemctl enable kubelet.service
#K8S通过kubeadm安装出来以后都是以Pod方式存在,即底层是以容器方式运行,所以kubelet必须设置开机自启
###查看相关软件的版本
yum list kubeadm-1.20*
##### 命令行初始化,仅需master执行 apiserver masterIP
kubeadm init \
--apiserver-advertise-address=192.168.242.72 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.20.15 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=10.244.0.0/16 \
--token-ttl=0
根据输出提示操作:
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
加入Kubernetes Node
在两个 Node 节点执行
使用kubeadm join 注册Node节点到Matser
kubeadm join 的内容,在上面kubeadm init 已经生成好了
安装网络插件flannel
###安装 CNI网络插件 master节点
##上传 flannel-v0.21.5.zip 到 /opt/k8s
unzip flannel-v0.21.5.zip
docker load -i flannel.tar
docker load -i flannel-cni-plugin.tar
##移动系统创建的cni目录,并手动创建
cd /opt/
mv cni/ cni_bak
mkdir -p /opt/cni/bin
##解压配置文件
tar xf /opt/k8s/cni-plugins-linux-amd64-v1.3.0.tgz -C /opt/cni/bin/
##安装插件
cd /opt/k8s
kubectl apply -f kube-flannel.yml
node节点 把master上的flannel的两个镜像 scp过去
###先导入 flannel的两个镜像
scp flannel.tar flannel-cni-plugin.tar 192.168.242.73:/opt/
scp flannel.tar flannel-cni-plugin.tar 192.168.242.74:/opt/
docker load -i flannel.tar
docker load -i flannel-cni-plugin.tar
然再执行kubeadm init 看看结果
部署dashboard
##master01节点
###上传 配置文件 recommended.yaml
##安装 kubectl apply -f recommended.yaml
配置文件修改如下
修改镜像文件:
kubernetesui/dashboard:v2.7.0 --> registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.7.0
kubernetesui/metrics-scraper:v1.0.8 --> registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.8
修改service配置如下图, 添加type和nodeport 属性
kubectl apply -f k8s-dashborad.yml
##创建service account并绑定默认cluster-admin管理员集群角色
kubectl create serviceaccount dashboard-admin -n kube-system
##查看创建的用户
kubectl get sa -n kube-system
###给账户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
##获取用户的 token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
#使用输出的token登录Dashboard
https://masterIP:31622
浙公网安备 33010602011771号