虚拟机上部署K8S集群
- 安装VM Ware
- 安装Docker
- 安装K8S集群
- 安装kubeadm
- 使用kubeadm引导集群
安装VM Ware
参考:http://www.taodudu.cc/news/show-2034573.html?action=onClick
安装Docker
参考:https://www.yuque.com/leifengyang/oncloud/mbvigg#2ASxH
移除Docker相关包:
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
配置yum源
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装Docker
yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io-1.4.6
启动Docker
systemctl enable docker --now
配置加速
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
安装K8S集群
安装kubeadm
每台虚拟机分别设置主机名,需要不一样,比如master,node1,node2。
hostnamectl set-hostname xxxx
将 SELinux 设置为 permissive 模式(相当于将其禁用)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
安装kubeadm
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
使用kubeadm引导集群
下载需要镜像
sudo tee ./images.sh <<-'EOF'
#!/bin/bash
images=(
kube-apiserver:v1.20.9
kube-proxy:v1.20.9
kube-controller-manager:v1.20.9
kube-scheduler:v1.20.9
coredns:1.7.0
etcd:3.4.13-0
pause:3.2
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
done
EOF
chmod +x ./images.sh && ./images.sh
初始化主节点,注意ip地址一定不能和service,pod重叠,否则后面报错很麻烦,这里踩坑最后把网络修改,卸载后重新连接才可以。
#所有机器添加master域名映射,以下需要修改为自己的
echo "172.31.0.3 cluster-endpoint" >> /etc/hosts
#主节点初始化
kubeadm init \
--apiserver-advertise-address=172.31.0.3 \
--control-plane-endpoint=cluster-endpoint \
--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.168.0.0/16
#所有网络范围不重叠
结果如下:
根据提示操作:
export KUBECONFIG=/etc/kubernetes/admin.conf
查看集群所有节点
kubectl get nodes
查看集群部署了哪些应用?
docker ps === kubectl get pods -A
运行中的应用在docker里面叫容器,在k8s里面叫Pod
kubectl get pods -A
安装网络组件calico
curl https://docs.projectcalico.org/v3.20/manifests/calico.yaml -O
kubectl apply -f calico.yaml
master产生令牌
kubeadm token create --print-join-command
从节点执行产生的令牌:
kubeadm join cluster-endpoint:6443 --token t5mmdl.33emuumfpvvwhzns --discovery-token-ca-cert-hash sha256:6d7802252ce7ebd96e5520b331b77879aad5be92d463c1e712ffbe6ed519f410
如果碰到从节点加入超时,可以把主节点防火墙先关闭,加入后再开启:
systemctl disable firewalld --now
加入...
systemctl enable firewalld --now
查看节点:
kubectl get nodes
部署dashboard,如果下载不了,可以先windows下载,然后编辑recommended.yaml复制内容并拷贝到虚拟机中执行。
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
设置访问端口,文件中ClusterIP 改为 type: NodePort
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
查看
kubectl get svc -A |grep kubernetes-dashboard,可以看到30612端口,云服务器需要设置端口放行
可以在任意集群ip+端口号(图中的30612,这个每个人会变)访问到dashboard,如果发现问题,可以查看日志,根据日志分析,我碰到的问题是从节点防火墙没有关闭:
kubectl get pod -A,获得名字name
kubectl logs -f -n kubernetes-dashboard (dashboard名字)
创建yaml文件
vi dash.yaml
粘贴内容:
#创建访问账号,准备一个yaml文件; vi dash.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
运行yaml
kubectl apply -f dash.yaml
令牌访问,获取访问令牌
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
令牌类似:
eyJhbGciOiJSUzI1NiIsImtpZCI6IkpiMUc0YmpuTzJUbGZIYk9sQmlkaDRpNFg3SDFEcnV1ZjdTYno5dW9KN28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTg1Y2dyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyMTExYjNjMy03ZGY1LTQ4ODEtYjEzNy05MjFjMmY2NmZhNjAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Q3FYvZivviL8-s7G5X2s-6P0cfcZ_7s5QLs-77N04Yre801auf-nmzOs158J0mOno7zP45bSYJM9KxgZxQSBrly6tkIxA9b1lIPAtw0tgE9MpXDje9E0dbgDwqjEIMJU87Uts71S3vdJwvbrXCLLZkrHVZhizpI__wJCHUEpVQsH4uBnZQBD2UQ2vs3vanj9mP6XtXSoWO3NeFTEfRUGUwEYafu_DjpJ_-9s17pfM3-zm5LBZfzBhaAJJB3qCCIXizOAEXkNhQHp1XiHY7_yad6BQRrKWn88h_j_cB6RekBOc9eYCgIBjSuCAeJIZvsZFb23R5B5xJX-rFqmuJ077A
成功!