k8s環境規劃總圖
環境裝備
二臺master節點 二臺node節點 二臺安裝nginx做負載均衡和故障轉移 以及飄逸地址vip
部署流程
關閉防火牆及安全功能
systemctl stop firewalld.service
setenforce 0
複製kubernetes目錄到master2 (上個實驗k8s目錄)
scp -r /opt/kubernetes/ [email protected]:/opt
複製etcd目錄到master2
scp -r /opt/etcd/ [email protected]:/opt
複製服務腳本
scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service [email protected]:/usr/lib/systemd/system/
修改配置文件,將ip地址改爲本機地址
vim /opt/kubernetes/cfg/kube-apiserver
--bind-address=192.168.149.129
--advertise-address=192.168.149.129
追加修改環境變量並執行生效
vim /etc/profile
export PATH=$PATH:/opt/kubernetes/bin/
source /etc/profile
部署keepalive服務,準備腳本
vim keepalive.conf
將腳本放入家目錄中後,建立yum倉庫
vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http:/ /nginx.org/packages/centos/7/$basearch/
gpgcheck=0
完成後,刷新yum倉庫,下載nginx
yum list
yum install nginx -y
添加四層轉發模塊,開啓服務
安裝keepalive服務,將準備好的配置文件覆蓋,並修改
yum install keepalived -y
cp keepalived.conf /etc/keepalived/keepalived.conf
vim /etc/keepalived/keepalived.conf
創建nginx腳本,並檢測
vim /etc/nginx/check_nginx.sh
count=$(ps -ef |grep nginx |egrep -cv "grep|$$")
if [ "$count" -eq 0 ];then
systemctl stop keepalived
fichmod +x /etc/nginx/check_nginx.sh
systemctl start keepalived.service
ip aens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:eb:11:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.149.140/24 brd 192.168.142.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::53ba:daab:3e22:e711/64 scope link
valid_lft forever preferred_lft forever
node節點修改配置文件
cd /opt/kubernetes/cfg/
#配置文件統一修改爲VIP
vim /opt/kubernetes/cfg/bootstrap.kubeconfigserver: https:/ /192.168.149.20:6443
#第5行改爲Vip的地址vim /opt/kubernetes/cfg/kubelet.kubeconfig
server: https:/ /192.168.149.20:6443
#第5行改爲Vip的地址vim /opt/kubernetes/cfg/kube-proxy.kubeconfig
server: https:/ /192.168.149.20:6443
#第5行改爲Vip的地址
替換完成後自檢
grep 20 *
bootstrap.kubeconfig: server: https:/ /192.168.142.20:6443
kubelet.kubeconfig: server: https:/ /192.168.142.20:6443
kube-proxy.kubeconfig: server: https:/ /192.168.142.20:6443
在lb01上查看nginx的k8s日誌
tail /var/log/nginx/k8s-access.log
192.168.142.140 192.168.142.129:6443 - [08/Feb/2020:19:20:40 +0800] 200 1119
192.168.142.140 192.168.142.120:6443 - [08/Feb/2020:19:20:40 +0800] 200 1119
192.168.142.150 192.168.142.129:6443 - [08/Feb/2020:19:20:44 +0800] 200 1120
192.168.142.150 192.168.142.120:6443 - [08/Feb/2020:19:20:44 +0800] 200 1120
創建Pod
測試創建Pod
kubectl run nginx --image=nginx
查看狀態
kubectl get pods
綁定羣集中的匿名用戶賦予管理員權限
kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
創建UI顯示界面
在master1上創建dashborad工作目錄
mkdir /k8s/dashboard
cd /k8s/dashboard
上傳官方的文件到該目錄中
授權訪問api
kubectl create -f dashboard-rbac.yaml
加密
kubectl create -f dashboard-secret.yaml配置應用
kubectl create -f dashboard-configmap.yaml控制器
kubectl create -f dashboard-controller.yaml發佈訪問
kubectl create -f dashboard-service.yaml
完成後查看創建在指定的kube-system命名空間下
kubectl get pods -n kube-system
查看如何訪問
kubectl get pods,svc -n kube-system
在master端,編寫證書自籤
重新應用新的自簽證書
bash dashboard-cert.sh /root/k8s/apiserver/
修改yaml文件
vim dashboard-controller.yaml- --tls-key-file=dashboard-key.pem - --tls-cert-file=dashboard.pem
重新進行部署
kubectl apply -f dashboard-controller.yaml生成令牌
kubectl create -f k8s-admin.yaml
將令牌保存
kubectl get secret -n kube-system
複製粘貼令牌登錄