kubeadm快速部署一套K8S集群

1.kubeadm介绍

官网:https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/

kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具,这个工具能通过两条指令完成一个kubernetes集群的部署:

# 创建一个 Master 节点
$ kubeadm init

# 将一个 Node 节点加入到当前集群中
$ kubeadm join <Master节点的IP和端口 >

 

2. 环境部署要求

在开始之前,部署Kubernetes集群机器需要满足以下几个条件:

  • 一台或多台机器,操作系统 CentOS7.x-86_x64

  • 硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘30GB或更多

  • 集群中所有机器之间网络互通

  • 可以访问外网,需要拉取镜像

  • 禁止swap分区

 

3. Kubernetes集群环境部署

3.1 Kubernetes架构

 

3.2 环境规划

IP角色安装软件Docker版本k8s版本
10.3.104.51 k8s-master

kube-apiserver
kube-schduler
kube-controller-manager
docker
flannel
kubelet

docker-ce-19.03.11

v1.19.0
10.3.104.52 k8s-node01 kubelet 
kube-proxy 
docker 
flannel

 

docker-ce-19.03.11

 

v1.19.0
10.3.104.56 k8s-node01 kubelet 
kube-proxy 
docker 
flannel

 

docker-ce-19.03.11

 

v1.19.0

 

3.3 环境初始化(每个节点都执行)

1)关闭防火墙:
# systemctl stop firewalld
# systemctl disable firewalld

2)关闭selinux:
# setenforce 0  #临时
# sed -i 's/enforcing/disabled/' /etc/selinux/config  #永久


3)关闭swap:
# swapoff -a  #临时
# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab  #永久

4)设置主机名(hostname根据环境规划修改):
# hostnamectl set-hostname <hostname>

5)添加hosts:
# cat >> /etc/hosts << EOF
10.3.104.51 k8s-master
10.3.104.52 k8s-node1
10.3.104.56 k8s-node2
EOF

6)将桥接的IPv4流量传递到iptables的链:
# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# sysctl --system   #生效

7)时间同步:
# yum install ntpdate -y
# ntpdate time.windows.com

8)安装docker
# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
# yum -y install docker-ce-19.03.11
# systemctl enable docker && systemctl start docker


9)配置镜像下载加速器:
# cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
# systemctl restart docker

 
10)添加阿里云YUM软件源
# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
11)安装kubeadm,kubelet和kubectl工具
# yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0
# systemctl enable kubelet

注:安装好之后不要直接启动kubelet,因为还没有配置文件,kubeadm没有帮你生成其配置文件,只有kebeadm执行完成才有该配置文件,并且kubeadm会自动帮你拉起kubelet。所以这里只需要设置开机启动就行
所有节点都会有 kubelet kubeadm kubectl这三个工具,Kubectl(管理k8s集群工具)实际上在mater安装就行,只不过在node节点安装了不使用罢了 

 

 

 

3.4 部署Kubernetes Master(Master节点执行

1)kubeadm部署Master

[root@k8s-master ~]# kubeadm init \
  --apiserver-advertise-address=10.3.104.51 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.19.0 \
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=10.244.0.0/16 \
  --ignore-preflight-errors=all

  • --apiserver-advertise-address  #集群通告地址

  • --image-repository  #由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址

  • --kubernetes-version  #K8s版本,与上面安装的一致

  • --service-cidr  #service网段,集群内部虚拟网络,Pod统一访问入口

  • --pod-network-cidr  #pod网段,与下面部署的CNI网络组件yaml中保持一致

  •  --ignore-preflight-errors=all   #忽略检查的一些错误

 

 

2)操作完后有如下提示,先不要清屏建议把它复制到文本中保存

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.3.104.51:6443 --token span8l.3rp0qcjy4obwjis4 \
    --discovery-token-ca-cert-hash sha256:e0c81cd4d8c10e6a9acf3d1811353cf24cdcc23d7065437f329c57ae4e74c135

 

 

3)拷贝kubectl使用的连接k8s认证文件到默认路径

这一步是将连接集群的配置文件拷贝到默认路径下,好使用命令行工具去管理集群。也就是使用kubectl去管理集群了(如果不拷贝这个文件是无法使用kubectl这个命令管理集群)

[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@k8s-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 10m v1.19.0

 

 

3.5 加入Kubernetes Node(Node节点执行

向集群添加新节点,执行在kubeadm init输出的kubeadm join命令

[root@k8s-master ~]# kubeadm join 10.3.104.51:6443 --token span8l.3rp0qcjy4obwjis4 \
    --discovery-token-ca-cert-hash sha256:e0c81cd4d8c10e6a9acf3d1811353cf24cdcc23d7065437f329c57ae4e74c135

注:默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,操作如下:

直接命令快捷生成:kubeadm token create --print-join-command

 

3.6 Master节点检查集群状态

[root@k8s-master ~]# kubectl get node
NAME         STATUS     ROLES    AGE     VERSION
k8s-master   NotReady   master   21m     v1.19.0
k8s-node1    NotReady   <none>   7m41s   v1.19.0
k8s-node2    NotReady   <none>   6s      v1.19.0

注:集群Status为NotReady,需要安装网络插件

 

 

3.7 部署容器网络(Master节点操作)

网络插件calico和flannel均可(二选一),flannel.yaml地址:https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

1)下载calico.yml

[root@k8s-master ~]# wget https://docs.projectcalico.org/manifests/calico.yaml

 

2)修改CALICO_IPV4POOL_CIDR为自定义地址

该地址与kubeadm init指定pod-network-cidr一致

 

 

3)安装calico网络插件

[root@k8s-master ~]# kubectl apply -f calico.yaml
[root@k8s-master ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE   VERSION
k8s-master   Ready    master   52m   v1.19.0
k8s-node1    Ready    <none>   39m   v1.19.0
k8s-node2    Ready    <none>   31m   v1.19.0
[root@k8s-master ~]# kubectl get pod -n kube-system
NAME                                      READY   STATUS    RESTARTS   AGE
calico-kube-controllers-97769f7c7-2pxvz   1/1     Running   0          2m28s
calico-node-5fgr2                         1/1     Running   0          2m28s
calico-node-9kvrq                         1/1     Running   0          2m28s
calico-node-wsljm                         1/1     Running   0          2m28s
coredns-6d56c8448f-7cdt9                  1/1     Running   0          52m
coredns-6d56c8448f-gzx9n                  1/1     Running   0          52m
etcd-k8s-master                           1/1     Running   0          52m
kube-apiserver-k8s-master                 1/1     Running   0          52m
kube-controller-manager-k8s-master        1/1     Running   0          52m
kube-proxy-j4hrv                          1/1     Running   0          39m
kube-proxy-rxzzn                          1/1     Running   0          31m
kube-proxy-wcj49                          1/1     Running   0          52m
kube-scheduler-k8s-master                 1/1     Running   0          52m

 注:如果失败,请执行:kubectl delete -f calico.yaml回滚

 

4. 测试kubernetes集群

1)k8s中创建Nginx并暴露端口

[root@k8s-master ~]# kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
[root@k8s-master ~]# kubectl expose deployment nginx --port=80 --type=NodePort
service/nginx exposed
[root@k8s-master ~]# kubectl get pods,svc
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-6799fc88d8-4zcgk   1/1     Running   0          39s

NAME                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.96.0.1     <none>        443/TCP        57m
service/nginx        NodePort    10.98.80.78   <none>        80:30099/TCP   10s

 

2)访问地址:http://NodeIP:Port

 

5. 部署 Dashboard

 1)安装dashboard

yaml文件链接:https://pan.baidu.com/s/1mm4J50q5SsCFWziE9iKt0w
提取码:zldn

[root@k8s-master ~]# kubectl apply -f kubernertes-dashboard.yaml
[root@k8s-master ~]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-7b59f7d4df-xkgc2 1/1 Running 0 46s
kubernetes-dashboard-5dbf55bd9d-8gkx9 1/1 Running 0 46s
[root@k8s-master ~]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.105.206.181   <none>        8000/TCP        91s
kubernetes-dashboard        NodePort    10.100.59.174    <none>        443:30001/TCP   91s

 

 

2)访问地址:https://NodeIP:30001

 

 

 

3)创建service account并绑定默认cluster-admin管理员集群角色

[root@k8s-master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@k8s-master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@k8s-master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name:         dashboard-admin-token-hzj8v
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 2074c25a-5453-4bbe-821a-16008cc4b7be

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlUxMGhQcmJ2eThSS2JXbzRNVlBRRmJ3NmdQcnZaQl85U2l0V09RQ0tJZWsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4taHpqOHYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjA3NGMyNWEtNTQ1My00YmJlLTgyMWEtMTYwMDhjYzRiN2JlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.g51Ip2uYMK_Oet1Y7ehM5M4QMqI1aPqMyRoMNFZzK6qVL8cA_PVjGdH5YN-4BaMQMHm0un-VwkbLzEYuG6erDd8yoaRw5q-HRwqg-AzMiAeMF-P9y3ccfKVXkWtN9eY_ZWWE9po7yzS14SElIQQRPddUR0s-_yCUrNcgzTfNenMaxwyBbg_UUVnUL2ae1AiyUYHZpUhdAgrXT34fHBuhsYm14hSKVRg9vAdvXKVnBUBrxgNUR9sdOZ9lg3FkzrOLdLYb8M77wSCP39IBs-flOL0OHSjXopbm0q06axdHrvAxDD9NM2tf3gwI-6tMcQsWYdR07eMPS8_-glKrLS7jhw
ca.crt:     1066 bytes
namespace:  11 bytes

 

 

4)使用输出的token登录Dashboard

 

 

 

 

posted @ 2021-08-29 15:40  杰宏唯一  阅读(410)  评论(0)    收藏  举报