kubeadm搭建k8s集群

一、k8s架构

---

二、环境准备

---

1. 关闭防火墙

[root@master ~]# systemctl stop firewalld
[root@master ~]# systemctl disable firewalld

2. 关闭selinux

[root@master ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config

3. 关闭swap

第一步 关闭swap分区:
swapoff -a

第二步修改配置文件 - /etc/fstab
删除swap相关行 /mnt/swap swap swap defaults 0 0 这一行或者注释掉这一行

4. 添加hosts

[root@master ~]# cat >> /etc/hosts << EOF
> 192.168.2.60 master
> 192.168.2.61 slave-1
> 192.168.2.62 slave-2
> EOF

5. 将桥接的IPv4流量传递到iptables的链

[root@master ~]# cat > /etc/sysctl.d/k8s.conf << EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@master ~]# sysctl --system

6. 时间同步

[root@master ~]# yum install ntpdate -y
[root@master ~]# ntpdate time.windows.com

三、安装docker

$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
$ yum -y install docker-ce
$ systemctl enable docker && systemctl start docker

配置镜像加速器

$ cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://****.mirror.aliyuncs.com"]
}
EOF
$ systemctl restart docker
$ docker info

四、master安装kubeadm，kubelet和kubectl

1. 添加yum源

[root@master ~]# vi /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

2. 安装

[root@master ~]# yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0
[root@master ~]# systemctl enable kubelet

五 、部署master（master主机分配2G内存）

1. master上执行

[root@master ~]# kubeadm init \
>   --apiserver-advertise-address=192.168.2.60 \
>   --image-repository registry.aliyuncs.com/google_containers \
>   --kubernetes-version v1.19.0 \
>   --service-cidr=10.96.0.0/12 \
>   --pod-network-cidr=10.244.0.0/16 \
>   --ignore-preflight-errors=all

2. 拷贝kubectl连接k8s使用的认证文件到默认路径

[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config

六、节点机加入集群

1. slave节点上执行在kubeadm init输出的kubeadm join命令

kubeadm join 192.168.2.60:6443 --token yp4g4m.vsba5w6gfcoao1gy \
    --discovery-token-ca-cert-hash sha256:b096de23e5ba4a163f73fcea163c93292f7b956ddaee54d296996fe5758e971e

1、此时在主节点查看状态是NotReady
[root@master ~]# kubectl get nodes
NAME      STATUS     ROLES    AGE     VERSION
master    NotReady   master   11m     v1.19.0
slave-1   NotReady   <none>   7m47s   v1.19.0
slave-2   NotReady   <none>   7m21s   v1.19.0
2、通过查看kubelet日志发现cni网络未安装
 [root@master ~]# journalctl -u kubelet > a
 
 ontainer runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized

七、部署容器网络（cni）

1. 下载calico.yaml

[root@master ~]# wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate

2. 更新字段

将calico.yaml的CALICO_IPV4POOL_CIDR字段修改为10.244.0.0/16（init中pod-network-cidr指定的ip）

3. 应用calico.yaml

[root@master ~]# kubectl apply -f calico.yaml
[root@master ~]# kubectl get pods -n kube-system
[root@master ~]# kubectl get nodes
NAME      STATUS   ROLES    AGE   VERSION
master    Ready    master   25m   v1.19.0
slave-1   Ready    <none>   22m   v1.19.0
slave-2   Ready    <none>   21m   v1.19.0

八、测试k8s集群

[root@master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@master ~]# kubectl get pod,svc
NAME                         READY   STATUS              RESTARTS   AGE
pod/nginx-6799fc88d8-9vfhv   0/1     ContainerCreating   0          13s

NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        27m
service/nginx        NodePort    10.104.229.57   <none>        80:32175/TCP   6s

浏览器http://192.168.2.60:32175

九、部署dashboard

1. 下载yaml

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

2. 应用yaml

1、修改Service为NodePort类型，暴露到外部
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort
 
2、apply yaml
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard

3. 创建service account并绑定默认cluster-admin管理员集群角色

[root@master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
--获取token
[root@master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

4. 使用token登录https://192.168.2.60:30001