工作環(huán)境
虛擬機軟禁 VirtualBox
系統(tǒng) Centos7 配置 2 core 2G 3臺
1.Docker安裝
刪除docker
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
配置阿里yum源
### 安裝yum工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
### 添加阿里yum源
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
查看docker版本
yum list docker-ce --showduplicates
安裝docker
sudo yum install docker:版本
#explame
sudo yum install docker-ce-18.06.3.ce
設(shè)置鏡像加速
登錄:https://cr.console.aliyun.com ,選擇鏡像加速
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"]
}
EOF
啟動docker
systemctl enable docker && systemctl start docker
安裝命令補全
yum -y install bash-completion
source /etc/profile.d/bash_completion.sh
三臺節(jié)點機器都需要安裝docker 步驟同上
2.配置Master節(jié)點
修改主機名
hostnamectl set-hostname master
cat /etc/hostname
修改hosts文件
cat >> /etc/hosts << EOF
192.168.3.233 master
192.168.3.234 node01
192.168.3.235 node02
EOF
驗證mac地址、UUID
cat /sys/class/net/ens33/address
cat /sys/class/dmi/id/product_uuid
禁用swap
# 當前進程禁用
swapoff -a
# 永久禁用
sed -i.bak '/swap/s/^/#/' /etc/fstab
修改內(nèi)核參數(shù)
# 臨時修改
sysctl net.bridge.bridge-nf-call-iptables=1
sysctl net.bridge.bridge-nf-call-ip6tables=1
# 永久修改
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf
修改Cgroup Dirver
more /etc/docker/daemon.json
{
"registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
# 生效
systemctl daemon-reload & systemctl restart docker
設(shè)置Kubernetes源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all
yum -y makecache
- [] 中括號中的是repository id榨呆,唯一,用來標識不同倉庫
- name 倉庫名稱钉赁,自定義
- baseurl 倉庫地址
- enable 是否啟用該倉庫,默認為1表示啟用
- gpgcheck 是否驗證從該倉庫獲得程序包的合法性眠副,1為驗證
- repo_gpgcheck 是否驗證元數(shù)據(jù)的合法性 元數(shù)據(jù)就是程序包列表荚醒,1為驗證
- gpgkey=URL 數(shù)字簽名的公鑰文件所在位置,如果gpgcheck值為1哩牍,此處就需要指定gpgkey文件的位置,如果gpgcheck值為0就不需要此項了
查看版本
yum list kubelet --showduplicates | sort -r
安裝 kebelet令漂、kubeadm膝昆、kubectl
yum install -y kubelet-1.14.2 kubeadm-1.14.2 kubectl-1.14.2
kubelet 運行在集群所有節(jié)點上,用于啟動Pod和容器等對象的工具
kubeadm 用于初始化集群叠必,啟動集群的命令工具
kubectl 用于和集群通信的命令行荚孵,通過kubectl可以部署和管理應(yīng)用,查看各種資源纬朝,創(chuàng)建收叶、刪除和更新各種組件
啟動Kubelet
systemctl enable kubelet && systemctl start kubelet
kubelet 命令補全
echo "source <(kubectl completion bash)" >> ~/.bash_profile
source .bash_profile
下載鏡像Shell腳本
more image.sh
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.14.2
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
下載鏡像
sh image.sh
docker images
初始化Master
kubeadm init --apiserver-advertise-address 192.168.3.233 --pod-network-cidr=10.244.0.0/16
配置完成后最后一行會有一個kubeadm join命令,后需要這個命令加入集群中
加載環(huán)境變量
root賬號
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source .bash_profile
非Root賬號
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
安裝Pod網(wǎng)絡(luò)(flannel)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
master節(jié)點配置
taint:污點的意思共苛。如果一個節(jié)點被打上了污點判没,那么pod是不允許運行在這個節(jié)點上面的
刪除master節(jié)點默認污點
默認情況下集群不會在master上調(diào)度pod,如果偏想在master上調(diào)度Pod隅茎,可以執(zhí)行如下操作:
查看污點:
kubectl describe node master|grep -i taints
刪除默認污點:
kubectl taint nodes master node-role.kubernetes.io/master-
污點機制
kubectl taint node [node] key=value[effect]
其中[effect] 可取值: [ NoSchedule | PreferNoSchedule | NoExecute ]
NoSchedule: 一定不能被調(diào)度
PreferNoSchedule: 盡量不要調(diào)度
NoExecute: 不僅不會調(diào)度, 還會驅(qū)逐Node上已有的Pod
設(shè)置污點
kubectl taint node master key1=value1:NoSchedule
kubectl describe node master|grep -i taints
刪除污點
kubectl taint nodes master key1-
kubectl describe node master|grep -i taints
Node節(jié)點安裝
1. 安裝kubelet澄峰、kubeadm和kubectl
同master節(jié)點
2. 下載鏡像
同master節(jié)點
3. 加入集群
以下操作master上執(zhí)行
[root@master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
j5eoyz.zu0x6su7wzh752b3 <invalid> 2019-06-04T17:40:41+08:00 authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
發(fā)現(xiàn)之前初始化時的令牌已過期
3.2 生成新的令牌
[root@master ~]# kubeadm token create
1zl3he.fxgz2pvxa3qkwxln
3.3 生成新的加密串
[root@master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //'
3.4 node節(jié)點加入集群
在node節(jié)點上分別執(zhí)行如下操作:
[root@node01 ~]# kubeadm join 172.27.9.131:6443 --token 1zl3he.fxgz2pvxa3qkwxln --discovery-token-ca-cert-hash sha256:5f656ae26b5e7d4641a979cbfdffeb7845cc5962bbfcd1d5435f00a25c02ea50
Dashboard安裝
1.下載Yaml
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/kubernetes-dashboard.yaml
其他版本github地址:https://github.com/kubernetes/dashboard/releases
2.配置Yaml
2.1 修改鏡像地址
sed -i 's/k8s.gcr.io/loveone/g' kubernetes-dashboard.yaml
2.2訪問外網(wǎng)
sed -i '/targetPort:/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' kubernetes-dashboard.yaml
2.3 提示tls問題
image.png
2.4新增管理員賬號
cat >> kubernetes-dashboard.yaml << EOF
---
# ------------------- dashboard-admin ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
EOF
部署Dashboard
kubectl apply -f kubernetes-dashboard.yaml
狀態(tài)查看
kubectl get deployment kubernetes-dashboard -n kube-system
kubectl get pods -n kube-system -o wide
kubectl get services -n kube-system
令牌查看
kubectl describe secrets -n kube-system dashboard-admin
訪問
用https scheme訪問,否則無法訪問辟犀!
集群測試
kubectl run httpd-app --image=httpd --replicas=3
cat >> nginx.yml << EOF
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
restartPolicy: Always
containers:
- name: nginx
image: nginx:latest
EOF
kubectl apply -f nginx.yml
防止丟失俏竞,轉(zhuǎn)自:https://blog.51cto.com/3241766/2405624
