持续创作,加速成长!这是我参与「掘金日新计划 · 6 月更文挑战」的第29天,点击查看活动详情
Kubernetes集群搭建(单master版本)
环境
| 主机 | 操作系统 | ip | docker version | kubelet version |
|---|---|---|---|---|
| master | Centos 7.6.1810 | 192.168.3.190 | 18.09.6 | 1.16.4 |
| node01 | Centos 7.6.1810 | 192.168.3.191 | 18.09.6 | 1.16.4 |
| node02 | Centos 7.6.1810 | 192.168.3.192 | 18.09.6 | 1.16.4 |
准备
安装工具包
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git lrzsz zip unzip
安装命令补全
yum -y install bash-completion
source /etc/profile.d/bash_completion.sh
安装Docker(18.09.6 版本), 配置镜像加速, ...略
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum install docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
主机配置
- 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
- 禁止分区交换
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
- 关闭SELINUX
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
配置hosts
vim /etc/hosts
192.168.3.190 master
192.168.3.191 node01
192.168.3.182 node02
修改内核参数
vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
# 立即生效
sysctl -p /etc/sysctl.d/k8s.conf
修改Cgroup Driver(修改cgroupdriver是为了消除告警)
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
systemctl daemon-reload && systemctl restart docker
添加kubernetes源
vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
更新缓存
yum clean all && yum -y makecache
安装
安装kubelet-1.16.4 kubeadm-1.16.4 kubectl-1.16.4
yum list kubelet --showduplicates | sort -r
yum install -y kubelet-1.16.4 kubeadm-1.16.4 kubectl-1.16.4
systemctl enable kubelet && systemctl start kubelet
kubelet命令补全
echo "source <(kubectl completion bash)" >> ~/.bash_profile
source .bash_profile
下载镜像(由于网络问题, 这里采用脚本从阿里云仓库拉取)
- vim k8s-images.sh
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.16.4
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
- 赋权限并执行脚本开始下载镜像
chmod u+x k8s-images.sh
./k8s-images.sh
初始化master节点kubeadm
kubeadm init --kubernetes-version 1.16.4 --apiserver-advertise-address 192.168.3.190 --pod-network-cidr 10.244.0.0/16
初始化完成后按照提示操作(提示如下)
安装pod网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
加入集群, 分别在node01和node02上执行
kubeadm join 192.168.3.193:6443 --token 92ywrh.3x73udki8zkrici1 \
--discovery-token-ca-cert-hash sha256:db33c191de78e87d690a2f91f0000dcf2c5c10adbdf31c3efdae1aed6b3ede0d
验证
nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
创建nginx并暴露端口
kubectl apply -f nginx.yaml
kubectl expose deployment nginx-master --port=80 --target-port=80
查看,修改svc,将type:ClusterIP改为type:NodePort
kubectl get svc
kubectl edit svc nginx
查看信息
- 查看节点
kubectl get nodes
- 查看pod
kubectl get pod --all-namespaces
- 查看副本
kubectl get deployments
- 查看deployment详细信息
kubectl describe deployments
安装Dashboard kubernetes-dashboard.yaml
部署访问
- 创建dashboard
kubectl apply -f kubernetes-dashboard.yaml
- 获取登录令牌
kubectl get deployment kubernetes-dashboard -n kube-system
- 使用令牌访问, 注意是https, toke失效很短, 可以修改, 或者使用Kubeconfig方式登录
kubectl describe secrets -n kube-system dashboard-admin
证书
查看证书信息, 生成的证书默认有效期是1年, 失效之后服务就不可用了 可以使用脚本将证书有效期更新
openssl x509 -in apiserver.crt -text -noout
