一、部署環境
主機名 | centos版本 | ip | docker version |
flannel |
主機配置 | k8s版本 |
master | centos7 | 192.168.1.12 | 19.03.9 | v0.11.0 | 2G | v1.18.2 |
node1 | centos7 | 192.168.1.13 | 19.03.9 | v0.11.0 | 2G | v1.18.2 |
node2 | centos7 | 192.168.1.14 | 19.03.9 | v0.11.0 | 2G | v1.18.2 |
二、安裝準備工作
1. 配置阿里源:
阿里源鏈接:http://mirrors.aliyun.com/repo/
1.1 下載阿里雲的repo
yum -y install wget
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
1.2 清除緩存並生成新的緩存
yum clean all && yum makecache
1.3 安裝net-tools工具,運行ifconfig命令
yum install net-tools -y
2. 關閉防火牆
firewall-cmd --state #查看防火牆狀態
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall開機啓動
3. 關閉selinux
getenforce #查看selinux狀態
setenforce 0 #臨時關閉selinux
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config #永久關閉(需重啓系統)
四、環境配置
1. 配置主機名
1.1 修改主機名
[root@centos7 ~]# hostnamectl set-hostname master01
[root@centos7 ~]# more /etc/hostname
master01
退出重新登陸即可顯示新設置的主機名master01
1.2 修改hosts文件
[root@master ~]# cat >> /etc/hosts << EOF
192.168.1.12 master
192.168.1.13 node1
492.168.1.14 node2
EOF
2. 驗證mac地址uuid
[root@master01 ~]# cat /sys/class/net/ens160/address
[root@master01 ~]# cat /sys/class/dmi/id/product_uuid
保證各節點mac和uuid唯一
3. 禁用swap
3.1 臨時禁用
[root@master ~]# swapoff -a
3.2 永久禁用
若需要重啓後也生效,在禁用swap後還需修改配置文件/etc/fstab,註釋swap
[root@master ~]# sed -i.bak '/swap/s/^/#/' /etc/fstab
4. 內核參數修改
本文的k8s網絡使用flannel,該網絡需要設置內核參數bridge-nf-call-iptables=1,修改這個參數需要系統有br_netfilter模塊。
4.1 br_netfilter模塊加載
查看br_netfilter模塊:
[root@master01 ~]# lsmod |grep br_netfilter
如果系統沒有br_netfilter模塊則執行下面的新增命令,如有則忽略
臨時新增br_netfilter模塊:
[root@master01 ~]# modprobe br_netfilter
該方式重啓後會失效
永久新增br_netfilter模塊:
[root@master01 ~]# cat > /etc/rc.sysinit << EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
[root@master01 ~]# cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter
EOF
[root@master01 ~]# chmod 755 /etc/sysconfig/modules/br_netfilter.modules
4.2 內核參數臨時修改
[root@master01 ~]# sysctl net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-iptables = 1
[root@master01 ~]# sysctl net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-ip6tables = 1
4.3 內核參數永久修改
[root@master01 ~]# cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[root@master01 ~]# sysctl -p /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
5. 設置kubernetes源
[root@master01 ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
5.2 更新緩存
[root@master01 ~]# yum clean all
[root@master01 ~]# yum -y makecache
6. 免密登錄
配置master到node1、node2免密登錄,本步驟只在master上執行
6.1 創建祕鑰
[root@master01 ~]# ssh-keygen -t rsa
6.2 將祕鑰同步至node2/node3
[root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
[root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
6.3 免密登陸測試
[root@master ~]# ssh 192.168.1.13
[root@master ~]# ssh node2
五、Docker安裝
1. 安裝依賴包
[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
2. 設置Docker源
[root@master ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
3. 安裝Docker CE
3.1 docker安裝版本查看
[root@master ~]# yum list docker-ce --showduplicates | sort -r
3.2 安裝docker
[root@master01 ~]# yum install docker-ce docker-ce-cli containerd.io -y
4. 啓動Docker
[root@master ~]# systemctl start docker
[root@master ~]# systemctl enable docker
5. 命令補全
5.1 安裝bash-completion
[root@master ~]# yum -y install bash-completion
5.2 加載bash-completion
[root@master ~]# source /etc/profile.d/bash_completion.sh
6. 鏡像加速
由於Docker Hub的服務器在國外,下載鏡像會比較慢,可以配置鏡像加速器。主要的加速器有:Docker官方提供的中國registry mirror、阿里雲加速器、DaoCloud 加速器,本文以阿里加速器配置爲例
6.1 登陸阿里雲
登陸地址爲:https://cr.console.aliyun.com ,未註冊的可以先註冊阿里雲賬戶容器模塊
6.2 配置鏡像加速器
配置daemon.json文件
[root@master ~]# mkdir -p /etc/docker
[root@master ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"]
}
EOF
重啓服務
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
7. 驗證
[root@master ~]# docker --version
[root@master ~]# docker run hello-world
8. 修改Cgroup Driver
8.1 修改daemon.json
修改daemon.json,新增‘”exec-opts”: [“native.cgroupdriver=systemd”’
[root@master ~]# more /etc/docker/daemon.json
{
"registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
8.2 重新加載docker
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
六、k8s安裝
1. 版本查看
[root@master ~]# yum list kubelet --showduplicates | sort -r
2. 安裝kubelet、kubeadm和kubectl
2.1 安裝三個包
[root@master ~]# yum install -y kubelet kubeadm kubectl
2.2 安裝包說明
- kubelet 運行在集羣所有節點上,用於啓動Pod和容器等對象的工具
- kubeadm 用於初始化集羣,啓動集羣的命令工具
- kubectl 用於和集羣通信的命令行,通過kubectl可以部署和管理應用,查看各種資源,創建、刪除和更新各種組件
2.3 啓動kubelet
啓動kubelet並設置開機啓動
[root@master ~]# systemctl enable kubelet && systemctl start kubelet
啓動失敗不影響後期部署
2.4 kubectl命令補全
[root@master ~]# echo "source <(kubectl completion bash)" >> ~/.bash_profile
[root@master ~]# source .bash_profile
3. 下載鏡像
3.1 鏡像下載的腳本
Kubernetes幾乎所有的安裝組件和Docker鏡像都放在goolge自己的網站上,直接訪問可能會有網絡問題,這裏的解決辦法是從阿里雲鏡像倉庫下載鏡像,拉取到本地以後改回默認的鏡像tag。本文通過運行image.sh腳本方式拉取鏡像。
[root@master01 ~]# more image.sh
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.18.2
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
url爲阿里雲鏡像倉庫地址,version爲安裝的kubernetes版本。
3.2 下載鏡像
運行腳本image.sh,下載指定版本的鏡像
[root@master ~]# ./image.sh
[root@master ~]# docker images
七、初始化Master
1、初始化Master
kubeadm init \
--apiserver-advertise-address=192.168.1.12 \
--image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version v1.18.2 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
初始化失敗:
如果初始化失敗,可執行kubeadm reset後重新初始化
[root@master ~]# kubeadm reset
[root@master ~]# rm -rf $HOME/.kube/config
加載環境變量
[root@master ~]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
[root@master ~]# source .bash_profile
本文所有操作都在root用戶下執行,若爲非root用戶,則執行如下操作:
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
2. 安裝flannel網絡
在master01上新建flannel網絡
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
由於網絡原因,可能會安裝失敗,可以在文末直接下載kube-flannel.yml文件,然後再執行apply
3、node節點加入集羣
kubeadm join 172.27.34.130:6443 --token qbwt6v.rr4hsh73gv8vrcij \
--discovery-token-ca-cert-hash sha256:e306ffc7a126eb1f2c0cab297bbbed04f5bb464a04c05f1b0171192acbbae966 \
--control-plane
4. 集羣節點查看
[root@master ~]# kubectl get nodes
[root@master ~]# kubectl get po -o wide -n kube-system
5、 集羣節點查看
[root@master Deload]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 28h v1.18.2
node1 Ready <none> 26h v1.18.2
node2 Ready <none> 26h v1.18.2
八、Dashboard搭建
1. 下載yaml
[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
如果連接超時,可以多試幾次。recommended.yaml已上傳,也可以在文末下載。
2. 配置yaml
2.1 修改鏡像地址
[root@master ~]# sed -i 's/kubernetesui/registry.cn-hangzhou.aliyuncs.com/google_containers' recommended.yaml
由於默認的鏡像倉庫網絡訪問不通,故改成阿里鏡像
2.2 外網訪問
[root@master ~]# sed -i '/targetPort: 8443/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' recommended.yaml
配置NodePort,外部通過https://NodeIp:NodePort 訪問Dashboard,此時端口爲30001
2.3 新增管理員帳號
[root@client ~]# cat >> recommended.yaml << EOF
---
# ------------------- dashboard-admin ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
EOF
創建超級管理員的賬號用於登錄Dashboard
3. 部署訪問
3.1 部署Dashboard
[root@master ~]# kubectl apply -f recommended.yaml
3.2 狀態查看
[root@master ~]# kubectl get all -n kubernetes-dashboard
[root@master Deload]# kubectl get all -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-bb46cc778-lnbxt 1/1 Running 0 25h
pod/kubernetes-dashboard-655f9dd789-fk2jw 1/1 Running 0 25h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.1.182.0 <none> 8000/TCP 25h
service/kubernetes-dashboard NodePort 10.1.255.0 <none> 443:30001/TCP 25h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dashboard-metrics-scraper 1/1 1 1 25h
deployment.apps/kubernetes-dashboard 1/1 1 1 25h
NAME DESIRED CURRENT READY AGE
replicaset.apps/dashboard-metrics-scraper-bb46cc778 1 1 1 25h
replicaset.apps/kubernetes-dashboard-655f9dd789 1 1 1 25h
3.3 令牌查看
[root@master ~]# kubectl describe secrets -n kubernetes-dashboard dashboard-admin
[root@master Deload]# kubectl describe secrets -n kubernetes-dashboard dashboard-admin
Name: dashboard-admin-token-sx9fl
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 003bf92a-7eb7-46ca-b324-1e8431c5323f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjBuU1Zld2VGVnRvY3NobzNMRzB2eHg2NHhINzRXZDN1UkduN3Q1OWJkUjAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tc3g5ZmwiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMDAzYmY5MmEtN2ViNy00NmNhLWIzMjQtMWU4NDMxYzUzMjNmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.lKm22xDO6xDFLWFr-BjjGWJyxRkpRERnGgH1HS6uXXqHzNA6XAqfeRYb8W1HSH_G6UF_gOvf7tddsfsp1axpEs75fyQQJvRhKAbwugHOCFwPd-JB58T5L5aIPjkdJKp5ugPe8erMTOirskVmutrDUdKaAz8hvcrWyQaAtYcPF5SZyQ3jiHMcMIR3oteKi-W_5KFCM8Tb-Fs1d2Gkv4YIXkA5mizES5hTmAtkomL4jY0Fdtm1_mPMAaP4uBM9vWOPmRRXdN0ze2vE_PIdIy6WvEqeOzvjjbWPzypP8ZjKnYgjFBLBubsIoP-5lM4VL1nnC4Tx1MI_WtVXIku8aqltLQ
3.4 訪問
請使用火狐瀏覽器訪問:https://192.168.1.12:30001
通過令牌方式登錄
用戶授權:
kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous
kubectl create clusterrolebinding test:kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard