K8S二、集群
目录
环境说明
操作系统:centos7.9
软件版本:
kubelet-1.26.0
kubeadm-1.26.0
kubectl-1.26.0
准备工作
部署前准备
hostnamectl set-hostname es80
vi /etc/hosts
1.1.1.80 es80
1.1.1.90 es90
1.1.1.100 es100
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 永久关闭SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
**Kubernetes 1.8+要求禁用Swap以保证稳定性。**
# 永久关闭Swap(注释swap行)
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 永久加载模块
sudo tee /etc/modules-load.d/k8s.conf <<EOF
br_netfilter
EOF
# 设置内核参数
sudo tee /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用sysctl配置
sudo sysctl --system
# 验证参数是否生效
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
sysctl net.ipv4.ip_forward
# 验证模块是否加载成功
lsmod | grep br_netfilter
配置NTP
Kubernetes证书依赖时间一致性
# 安装NTP服务
yum install -y ntp
# 启动并同步时间
systemctl start ntpd
systemctl enable ntpd
ntpdate time.windows.com
部署k8s
安装containerd
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install containerd.io-1.6.22 -y
https://www.cnblogs.com/hyhLearn/p/18965918 >> /etc/containerd/config.toml
systemctl enable containerd --now
yum install docker-ce -y
systemctl start docker
systemctl enable docker
安装k8s组件
master和node都要安装
yum install -y kubelet-1.26.0 kubeadm-1.26.0 kubectl-1.26.0
如果没有包,则
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.26/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.26/rpm/repodata/repomd.xml.key
EOF
https://www.cnblogs.com/hyhLearn/p/18965933 >> kubeadm.yaml
- 修改kubelet.service
vi /usr/lib/systemd/system/kubelet.service
ExecStart=/usr/bin/kubelet --container-runtime-endpoint=unix:///run/containerd/containerd.sock
systemctl daemon-reload
初始化集群
仅master
kubeadm init --config kubeadm.yaml --ignore-preflight-errors=SystemVerification
如果报错,直接执行
yum remove kubelet kubeadm kubectl
yum install -y kubelet-1.26.0 kubeadm-1.26.0 kubectl-1.26.0
然后
kubeadm reset
kubeadm init --config kubeadm.yaml --ignore-preflight-errors=SystemVerification
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
部署calico
仅master
https://www.cnblogs.com/hyhLearn/p/18965819
kubectl apply -f calico.yaml
kubectl get pod -A
加入集群
kubeadm token create --print-join-command # master上执行
kubeadm join 1.1.1.100:6443 --token q8dahf.oxtygv454hb6309o --discovery-token-ca-cert-hash sha256:b7ff1ae9e4e3546b97e17948445a49aff6b5fef70bf3d2572f91f7a1e9f7b69f # node上执行
scp ./config 1.1.1.100:/root/.kube/config # 由于worker节点没有config文件,执行kubectl会报错
优化
命令行管理
- 配置别名
alias k=kubectl
alias kgn='kubectl get nodes'
alias kg='kubectl_grep() {kubectl get pod -A -owide | grep $1;}; kubectl_grep' # kg nginx等于kubectl get pod -A -owide | grep nginx
alias kgs='kubectl_grepsvc() {kubectl get svc -A | grep $1;}; kubectl_grepsvc'
- 自动补全
yum install bash-completion -y
echo 'source <(kubectl completion bash)' >> ~/.bashrc
source ~/.bashrc
配置node使用kubectl
- 拷贝master的/etc/kubernetes/admin.conf到node上
scp /etc/kubernetes/admin.conf 1.1.1.100:/etc/kubernetes/admin.conf - node上配置环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile # 使环境变量生效
Dashboard可视化
部署Dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
将 type: ClusterIP 改为 type: NodePort 并保存
kubectl get svc -n kubernetes-dashboard
通过浏览器访问 https://<NodeIP>:<NodePort>
创建Token
cat > admin-user-secret.yaml <<EOF
apiVersion: v1
kind: Secret
metadata:
name: admin-user-token-manual
namespace: kube-system
annotations:
kubernetes.io/service-account.name: admin-user # 关联到 admin-user
type: kubernetes.io/service-account-token
EOF
kubectl apply -f admin-user-secret.yaml
kubectl get secret admin-user-token-manual -n kube-system -o jsonpath='{.data.token}' | base64 -d
访问页面
kubectl get pod,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-6d9cd57f74-h8ddt 1/1 Running 2 (15h ago) 16h
pod/kubernetes-dashboard-c4fcf7477-txjf9 1/1 Running 0 16h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.101.198.150 <none> 8000/TCP 16h
service/kubernetes-dashboard NodePort 10.100.248.72 <none> 443:31420/TCP 16h
浏览器访问 https://1.1.1.100:31420 # 1.1.1.100换成你的任意一个node的IP都可以
如果出现类似上述图片的信息
解决方案:
在当前页面用键盘输入 thisisunsafe 不是在地址栏输入,就直接输入,然后回车就行了,页面即会自动刷新进入网页。 原因: 因为Chrome不信任这些自签名ssl证书,为了安全起见,直接禁止访问了,thisisunsafe 这个命令,说明你已经了解并确认这是个不安全的网站,你仍要访问就给你访问了
AI去水印了,有点糊
浙公网安备 33010602011771号