一、各相关组件及机器环境 (以下步骤每台master和node都需要操作)
OS:CentOS 7.5 x86_64
Container runtime:Docker 18.06.ce
Kubernetes:1.14.3
| IP地址 | 主机名 | 角色 | CPU | Memory |
| 192.168.100.150 | master.ilinux.io | master | >=2c | >=2G |
| 192.168.100.156 | node01.ilinux.io | node | >=2c | >=2G |
| 192.168.100.157 | node02.ilinux.io | node | >=2c | >=2G |
1、编辑Master和各node的/etc/hosts,解析如下
192.168.100.150 master.ilinux.io master 192.168.100.156 node01.ilinux.io node01 192.168.100.157 node02.ilinux.io node02
2、主机时间同步(这里同步互联网时间)
[root@master ~]# systemctl enable chronyd.service [root@master ~]# systemctl status chronyd.service
3、关闭防火墙和Selinux服务
[root@node03 ~]# systemctl stop firewalld && systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@master ~]# setenforce 0 [root@master ~]# vim /etc/selinux/config SELINUX=disabled
4、禁用Swap设备(可选操作)
[root@master ~]# swapoff -a [root@master ~]# sed -i 's/.*swap.*/#&/' /etc/fstab
二、部署kubernetes集群
5、在Master及各Node安装Docker、kubelet及kubeadm,并以守护进程的方式启动Docker和Kuberlet
Docker的安装参照之前博客 https://www.cnblogs.com/liangyuntao-ts/p/10657009.html
1、配置内核参数,将桥接的IPv4流量传递到iptables的链 (每台master和node都需要操作) [root@master ~]# cat > /etc/sysctl.d/k8s.conf <<EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF [root@master ~]# sysctl --system 2、配置国内kuberneetes的yum源,由于网络原因,中国无法直接连接到google的网络,需要配置阿里云的yum源(每台master和node都需要操作) [root@master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 3、[root@master ~]# yum install -y kubelet kubeadm kubectl [root@node01 ~]# yum install -y kubelet kubeadm Kubelet负责与其他节点集群通信,并进行本节点Pod和容器生命周期的管理。Kubeadm是Kubernetes的自动化部署工具,降低了部署难度,提高效率。Kubectl是Kubernetes集群管理工具 温馨提示:如果yum安装提示找不到镜像之类的,请yum makecache更新下yum源 4、[root@master ~]# systemctl daemon-reload 5、[root@master ~]# systemctl start kubelet && systemctl enable kubelet //master和node节点都要启动kubelet
6、初始化集群,在master上执行kubeadm init
[root@master ~]# kubeadm init --kubernetes-version=1.14.3 --apiserver-advertise-address=192.168.100.150 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 //以下是执行完毕后输出的部分信息 Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.100.150:6443 --token cxins6.pxbyomo4pp1mnrao --discovery-token-ca-cert-hash sha256:35876ef6f2e5fe7eb5c7bb709dbd5e09d0e9e7d3adf41cbe708eec4fb586c8d6
- --kubernetes-version 正在使用的Kubernetes程序组件的版本号,需要与kubelet 的版本号相同 。
- --pod-network-cidr : Pod网络的地址范围,其值为CIDR格式的网络地址;使用flannel网络插件时,其默认地址为10.244.0.0/16 。
- --service-cidr: Service 的网络地址范围,其值为CIDR格式的网络地址,默认地址为10.96.0.0/12 。
- --apiserver-advertise-address : API server通告给其他组件的IP地址 ,一般应该为Master节点的 IP 地址,0.0.0.0 表示节点上所有可用的地址 。
7、配置kubectl工具
[root@master ~]# mkdir -p /root/.kube [root@master ~]# sudo cp /etc/kubernetes/admin.conf /root/.kube/config [root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
etcd-0 Healthy {"health":"true"}
controller-manager Healthy ok
scheduler Healthy ok
上面的STATUS结果为"Healthy",表示组件处于健康状态,否则需要检查错误,如果排除不了问题,可以使用"kubeadm reset" 命令重置集群后重新初始化
[root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master.ilinux.io NotReady master 10m v1.14.3
此时的Master处于"NotReady"(未就绪),因为集群中尚未安装网络插件,部署完网络后会ready,下面部署flannel
8、部署flannel网络,只在master上部署
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
下面看下集群的状态
[root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master.ilinux.io Ready master 17m v1.14.3 集群处于Ready状态,node节点可以加入集群中
9、node节点加入集群
[root@node01 ~]# kubeadm join 192.168.100.150:6443 --token 2dt1wp.oudskargctjss991
--discovery-token-ca-cert-hash sha256:15aa0537c14d50df4fc9f45b6bdff0c30f8ef7114463a12e022e33619936266c
//以下是部分输出信息
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
执行完毕后稍等一会,在主节点上查看集群的状态,到这里我们一个最简单的包含最核心组件的集群搭建完毕!
[root@master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION master.ilinux.io Ready master 34m v1.14.3 node01.ilinux.io Ready <none> 6m14s v1.14.3 node02.ilinux.io Ready <none> 6m8s v1.14.3
三、安装其他附件组件
10、查看集群的API通告地址
[root@master ~]# kubectl cluster-info Kubernetes master is running at https://192.168.100.150:6443 KubeDNS is running at https://192.168.100.150:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
查看集群的版本
[root@master ~]# kubectl version --short Client Version: v1.14.3 Server Version: v1.14.3
11、安装dashboard,使用UI界面管理集群
1、创建dashboard的yaml文件 [root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml 2、修改部分配置文件内容 [root@master ~]# sed -i 's/k8s.gcr.io/loveone/g' kubernetes-dashboard.yaml [root@master ~]# sed -i '/targetPort:/a nodePort: 30001 type: NodePort' kubernetes-dashboard.yaml 3、部署dashboard [root@master ~]# kubectl create -f kubernetes-dashboard.yaml secret/kubernetes-dashboard-certs created serviceaccount/kubernetes-dashboard created role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created deployment.apps/kubernetes-dashboard created service/kubernetes-dashboard created 4、创建完成后,检查各服务运行状态 [root@master ~]# kubectl get deployment kubernetes-dashboard -n kube-system NAME READY UP-TO-DATE AVAILABLE AGE kubernetes-dashboard 1/1 1 1 89s [root@master ~]# kubectl get services -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 61m kubernetes-dashboard NodePort 10.102.234.209 <none> 443:30001/TCP 16m [root@master ~]# netstat -ntlp|grep 30001 tcp6 0 0 :::30001 :::* LISTEN 17306/kube-proxy
使用Firefox浏览器输入Dashboard访问地址:https://192.168.100.150:30001
这里使用其他如chrome会提示安全问题无法连接!!!
查看访问Dashboard的token
[root@master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name: dashboard-admin-token-9hglw
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 30efdd50-92bd-11e9-91e3-000c296bd9bc
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOWhnbHciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMzBlZmRkNTAtOTJiZC0xMWU5LTkxZTMtMDAwYzI5NmJkOWJjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Bg9FOIr6RkepjCFav8tbkbTALGEX7bZJMNOYMOrYhFPhnhCs1RSxop7pCGBtdjug_Zpsb9UJ1WNWTsCInUlMYtSHkbaqVLZQEdIgD6jGb177CxIZBcCuxmxxQm0JMJdYjc6Y_1wYSTJGHtmWOHa70pUEcKo9I0LonTUfHCZh5PgS3JrwiTrsqe1RGyz3Jz4p9EIVPfcxmKCowSuapinOTezAWK2XAUhk2h5utXgag6RRnrPcHtlncZzW5fMTSfdAZv5xlaI64AM__qiwOTqyK-14xkda5nbk9DGhN5UwhkHzyvU6ApGT7A9Tr3j3QkMov9gEyVIDbSbBaSj8xBt36Q
