这是我参与更文挑战的第3天,活动详情查看: 更文挑战
搭建一个单master kubernetes集群,使用官方推荐的kubeadm 方式安装,官方k8s从1.19版本开始 支持根证书10年有效期,api等证书一年有效期,到期可续,每次一年
三台机器:
192.168.1.100192.168.1.101192.168.1.102
环境初始化
设置文件打开数
echo "* - nofile 100001" >> /etc/security/limits.conf
echo "* - nproc 100001" >> /etc/security/limits.conf
关闭selinux
sed -i "s/SELINUXTYPE=targeted/#SELINUXTYPE=targeted/" /etc/selinux/config
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
安装基础工具
yum install wget iptables-services telnet net-tools git curl unzip sysstat lsof ntpdate lrzsz vim -y
配置时间同步
yum install ntp -y
systemctl start ntpd
systemctl enable ntpd
timedatectl set-timezone Asia/Shanghai
timedatectl set-ntp yes
timedatectl
关闭firwalld和iptables
systemctl stop firewalld.service
systemctl disable firewalld.service
mv /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
systemctl disable iptables.service
systemctl stop iptables.service
优化ssh登录
echo "UseDNS no" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
systemctl restart sshd
关闭swap
swapoff -a
sed -i 's/.*swap/#&/' /etc/fstab
k8s相关内核配置
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce
systemctl start docker
systemctl enable docker
docker version
安装kubeadm(三台机器执行)
cat <<EOF> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum list -y kubeadm --showduplicates
yum install -y kubeadm kubectl kubelet
kubeadm version
systemctl start kubelet
systemctl enable kubelet
下载k8s基础镜像(三台机器执行)
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers
docker images
集群初始化
Master节点初始化
kubeadm init --pod-network-cidr=192.168.0.0/16 --service-cidr=10.1.0.0/16 --image-repository=registry.aliyuncs.com/google_containers
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get pods -A
安装网络组件calico
kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
kubectl create -f https://docs.projectcalico.org/manifests/custom-resources.yaml
watch kubectl get pods -n calico-system
kubectl get nodes -o wide
Node节点初始化
相关token 在初始化完master节点后会显示
kubeadm join 10.10.1.40:6443 --token tqdzx9.xxxxx --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxx
安装dashbord
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml或
或者下载下来,更改相关配置再apply
创建用户和权限 并访问dashbord ui
Creating a Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
Creating a ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
将上面2个配置 写到dashboard-adminuser.yaml 然后执行apply应用
kubectl apply -f dashboard-adminuser.yaml
Getting a Bearer Token
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
得到token后 打开ui界面 输入token登录
