文档相关视频:
1.安装kubeadm 和docker.io
Debian / Ubuntu
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt install -y kubectl=1.17.0-00 kubelet=1.17.0-00 kubeadm=1.17.0-00 docker.io
systemctl enable docker.service
CentOS / RHEL / Fedora
cat <<EOF >
/etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOFsetenforce 0
yum install -y kubelet kubeadm kubectlsystemctl enable kubelet && systemctl start kubelet
ps: 由于官网未开放同步方式, 可能会有索引gpg检查失败的情况, 这时请用 yum install -y --nogpgcheck kubelet kubeadm kubectl 安装
2.使用脚本获取国内1.17版本集群所需镜像
#获取dockerlist
images=(
`kubeadm config images list --kubernetes-version=1.17.0`
)
aliurl='registry.cn-hangzhou.aliyuncs.com/google_containers'
for image in ${images[@]}; do
#过滤掉warn的内容,过滤出镜像的行字符串
if [[ $image == *k8s* ]]
then
#将镜像的仓库地址替换成阿里的,拉取再改名
docker pull ${image/`echo ${image%%/*}`/$aliurl}
docker tag ${image/`echo ${image%%/*}`/$aliurl} $image
docker rmi ${image/`echo ${image%%/*}`/$aliurl}
fi
done
3.初始化kubernetes Master,并配置kubectl环境(根据具体需求选择如下3.1或3.2)
3.1 (单主)
#初始化master
kubeadm init --kubernetes-version=v1.17.0
#将配置拷贝到默认目录
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#配置命令补全
echo "source <(kubectl completion bash)" >> ~/.bashrc
3.2 (多主多控制平面)
安装haproxy并配置
apt install haproxy
#简单配置下haproxy
########k8s配置#################
listen k8s-master #这里是配置负载均衡,k8s-master是名字,可以任意
bind 0.0.0.0:23333 #这里是监听的IP地址和端口,端口号可以在0-65535之间,要避免端口冲突
mode tcp #连接的协议,这里是tcp协议
#maxconn 4086
#log 127.0.0.1 local0 debug
server master1 172.26.11.46:6443 #6443是默认的apiserver端口
server master2 172.26.11.45:6443 #负载的机器,负载的机器可以有多个,往下排列即可
初始化master
#初始化master
kubeadm init --kubernetes-version=v1.17.0 --control-plane-endpoint 172.26.11.45:23333 --upload-certs
#将配置拷贝到默认目录
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#配置命令补全
echo "source <(kubectl completion bash)" >> ~/.bashrc
3.3 执行kubead init输出的一些控制台信息,包含配置kubectl以及master和worker节点的join命令
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of the control-plane node running the following command on each as root:
kubeadm join 172.26.11.47:23333 --token 2tsvo9.wv6nmjduku4dulvw \
--discovery-token-ca-cert-hash sha256:98cb5c221fb9705632f7db4047e338cdb342b262ce8d0e0a676faa3049c9e863 \
--control-plane --certificate-key 614675010682b9fc6bfadd19bcfa3ccaa40e83dc4579da0f2d3f52d55400dff0
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.26.11.47:23333 --token 2tsvo9.wv6nmjduku4dulvw \
--discovery-token-ca-cert-hash sha256:98cb5c221fb9705632f7db4047e338cdb342b262ce8d0e0a676faa3049c9e863
TOKEN过期或信息遗忘的话:
#获取control-plan 的key (--control-plane --certificate-key)
kubeadm init phase upload-certs --upload-certs
#获取join 命令
kubeadm token create --print-join-command
kubeadm join 172.26.11.47:23333 --token k4g4og.ps6x1ye7sm26ylxm --discovery-token-ca-cert-hash sha256:98cb5c221fb9705632f7db4047e338cdb342b262ce8d0e0a676faa3049c9e863 --control-plane --certificate-key 604864b2b9afacc79770fa314fc11e6ca116427153aab29afeb494d31f5e2797
4.增加worker节点和master节点(master节点为可选操作,单主集群忽略)
#具体命令见3.3
kubeadm join 172.26.11.47:23333 --token 2tsvo9.wv6nmjduku4dulvw \ --discovery-token-ca-cert-hash sha256:98cb5c221fb9705632f7db4047e338cdb342b262ce8d0e0a676faa3049c9e863
kubeadm join 172.26.11.47:23333 --token 2tsvo9.wv6nmjduku4dulvw \
--discovery-token-ca-cert-hash sha256:98cb5c221fb9705632f7db4047e338cdb342b262ce8d0e0a676faa3049c9e863 \
--control-plane --certificate-key 614675010682b9fc6bfadd19bcfa3ccaa40e83dc4579da0f2d3f52d55400dff0
5.Master节点安装网络插件(weave)
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
6.安装Dashboard--参考链接: github.com/kubernetes/…
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc6/aio/deploy/recommended.yaml
7.将dashboard的svc修改为nodeport暴露的方式供调试访问
kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard
ClusterIP ## <------修改为NodePort
8.创建RBAC----参考链接github.com/kubernetes/…
apiVersion: v1kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
9.获取token登陆dashboard
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
