1、简介
- 1、Kubeadm
Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群。
- 2、二进制
从github下载发行版的二进制包,手动部署每个组件,组成Kubernetes集群。
本文通过kudeadm的方式在centos7上安装kubernetes集群。
2、环境准备
(1)初始化配置
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
#关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
#关闭swap
把/etc/fstab下的swap注释掉。
sed -ri 's/.*swap.*/#&/' /etc/fstab
#设置主机名
hostnamectl set-hostname k8s-node
hostnamectl set-hostname k8s-master
#在master添加hosts
cat > /etc/hosts << EOF
192.168.44.137 k8s-node
192.168.44.138 k8s-master
EOF
#将桥接的IPV4流量传递到iptables的链:
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
#时间同步
yum install ntpdate -y
ntpdate time.windows.com
(2) 安装Docker
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
systemctl enable docker && systemctl start docker
#配置镜像加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://kd88kykb.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
(3)添加阿里云yum软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
(4)安装kubeadm、kubelet和kubectl
yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0
systemctl enable kubelet
3、部署Kubernetes Master
kubeadm init \
--apiserver-advertise-address=192.168.44.138 \
--image-repository=registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.19.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
安装成功:
使用kubectl查看节点状态
4、部署Node节点
向集群添加新节点,执行kubeadm join命令即可。
kubeadm join 192.168.44.138:6443 --token 1g5b2s.sany5uo5w4op3hae \
--discovery-token-ca-cert-hash sha256:0fc38e874b727a9a4c2118e562a0b941dde98fa6ecc4ec2a6161b7d70a3966e2
journalctl -u kubelet
5、部署容器网络(CNI)
找到k8s版本对应的calico
https://projectcalico.docs.tigera.io/archive/v3.20/getting-started/kubernetes/requirements
#下载calico.yaml,替换CALICO_IPV4POOL_CIDR
curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico-etcd.yaml -o calico.yaml
kubectl apply -f calico.yaml
kubectl get pods -n kube-system
6、测试kubernetes集群
在集群中创建一个pod,验证是否正常运行:
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
http://192.168.44.138:31819/
http://192.168.44.137:31819/
7、部署Dashboard
下载,并增加 type: NodePort
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
kubectl apply -f recommended.yaml
kubectl get pod,svc -n kubernetes-dashboard
浏览器访问:
创建service account 并绑定默认cluster-admin管理员集群角色:
#创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
#用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
#获取用户token
kubectl describe secret -n kube-system $(kubectl -n kube-system get secret|awk '/dashboard-admin/{print $1}')
使用token登录dashboard。
![[答疑]经营困难时期谈建模和伪创新-长点心和长点良心](https://img-blog.csdnimg.cn/img_convert/b069adfbb8e4c559e3a1d5585483baf8.png)
