使用kubeadm在Centos8上部署kubernetes1.19
Master节点部署:
#查看系统版本
[root@k8s-master ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
#关闭防火墙,swap分区,selinux
systemctl stop firewalld
systemctl disable firewalld
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat
iptables -P FORWARD ACCEPT
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
#配置yum源,安装常用包
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
yum install -y expect wget vim bash-completion net-tools gcc
#配置内核参数
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
2、使用ailiyun安装docker-ce
wget https://download.docker.com/linux/centos/7/x86_64/edge/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
yum install -y containerd.io-1.2.6-3.3.el7.x86_64.rpm
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce
#添加aliyundocker仓库加速器
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://acfoeo46.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
3、安装kubectl、kubelet、kubeadm
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubectl kubelet kubeadm
systemctl enable kubelet
4、初始化k8s集群
#POD的网段为: 10.122.0.0/16, api server地址就是master本机IP。 #这一步很关键,由于kubeadm 默认从官网k8s.grc.io下载所需镜像,国内无法访问,因此需要通过–image-repository指定阿里云镜像仓库地址。
kubeadm init --kubernetes-version=1.19.3 \
--apiserver-advertise-address=10.0.0.19 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16
#根据提示创建kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
source <(kubectl completion bash)
#查看节点,pod
[root@k8s-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 4m1s v1.19.2
[root@k8s-master ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6d56c8448f-5n4c2 1/1 Running 0 3m54s
kube-system coredns-6d56c8448f-t2ll7 1/1 Running 0 3m54s
kube-system etcd-k8s-master 1/1 Running 0 4m12s
kube-system kube-apiserver-k8s-master 1/1 Running 0 4m12s
kube-system kube-controller-manager-k8s-master 1/1 Running 0 4m12s
kube-system kube-proxy-dhnfz 1/1 Running 0 3m54s
kube-system kube-scheduler-k8s-master 1/1 Running 0 4m12s
5、安装calico网络
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
#查看节点,pod
[root@k8s-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 7m26s v1.19.2
[root@k8s-master ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-c9784d67d-xqcrq 0/1 ContainerCreating 0 42s
kube-system calico-node-mddxk 0/1 Init:0/3 0 42s
kube-system coredns-6d56c8448f-5n4c2 1/1 Running 0 7m6s
kube-system coredns-6d56c8448f-t2ll7 1/1 Running 0 7m6s
kube-system etcd-k8s-master 1/1 Running 0 7m24s
kube-system kube-apiserver-k8s-master 1/1 Running 0 7m24s
kube-system kube-controller-manager-k8s-master 1/1 Running 0 7m24s
kube-system kube-proxy-dhnfz 1/1 Running 0 7m6s
kube-system kube-scheduler-k8s-master 1/1 Running 0 7m24s
6、安装kubernetes-dashboard
#官方部署dashboard的服务没使用nodeport,将yaml文件下载到本地,在service里添加nodeport
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml
[root@master01 ~]# vim recommended.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
-port: 443
targetPort: 8443
nodePort: 30000
selector:
k8s-app: kubernetes-dashboard
#生成dashboard的容器
kubectl create -f recommended.yaml
#创建dashboard账户
kubectl create clusterrolebinding serviceaccount-cluster-admin --clusterrole=cluster-admin --user=system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
#通过页面访问
#使用token进行登录,执行下面命令获取token
kubectl describe secrets -n kubernetes-dashboard|tail -1|awk '{print $2}'
#查看dashboard
Node节点部署:
7、添加node节点
同上master的1、2、3步
#master和node添加hosts
cat >>/etc/hosts<<EOF
10.0.0.19 k8s-master
10.0.0.100 k8s-node1
EOF
#初始化node节点
kubeadm join 10.0.0.21:6443 --token jlglyn.txqytt20547qpmxk \
--discovery-token-ca-cert-hash sha256:91005c1479334955b7d3e03ae6909761e5096c660f7c17bddcc1a866f4096a9a
echo "export KUBECONFIG=/etc/kubernetes/kubelet.conf" >> ~/.bash_profile
source ~/.bash_profile
8、测试k8s集群:
#在k8s机器中创建一个pod,验证是否运行正常:
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pods kubectl get svc
附录知识点:
kubeadm init引导过程: 1、检查系统环境是否满足,例如swap是否关闭,配置是否满足 2、下载所需镜像kubeadm config images pull 3、为kubelet创建配置文件并启动 4、为apiserver、etcd生成https证书 5、生成连接apiserver的kubeconfig文件 6、容器启动master组件 7、将涉及的配置文件存储到configmap中 8、设置master节点不可调度 9、启用bootstrap自动颁发证书 10、安装插件:coredns、kube-proxy 最后一步,提示你拷贝连接k8s集群的配置文件
k8s日志:会放入系统日志/var/log/messages
安装目录:/etc/kubernetes/
证书目录:/etc/kubernetes/pki/
默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,操作如下:
方法一:
kubeadm create
kubeadm token list
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
然后用获取的值拼接命令:
kubeadm join 10.0.0.21:6443 --token jlglyn.txqytt20547qpmxk --discovery-token-ca-cert-hash sha256:91005c1479334955b7d3e03ae6909761e5096c660f7c17bddcc1a866f4096a9a
方法二:在msater节点输入下面命令,获得node节点加入集群的命令
浙公网安备 33010602011771号