安裝基礎(chǔ)軟件

前置條件：一臺(tái) 2g內(nèi)存 2核 ，已設(shè)置固定ip卸奉， 已安裝 docker 的 centos7 的虛擬機(jī)丹弱，用做 master 節(jié)點(diǎn)。

配置域名 vim /etc/hosts 這一章會(huì)安裝 master 和 node1 兩個(gè)節(jié)點(diǎn)锻霎，不過(guò)把三個(gè)域名都提前配置了，后面再配置也可以

192.168.190.131 master
192.168.190.132 node1
192.168.190.133 node2

設(shè)置域名解析服務(wù)器 vim /etc/resolv.conf

nameserver 114.114.114.114

下載阿里云的 yum 源 repo 文件

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

安裝基本軟件包

yum install wget net-tools ntp git ‐y

同步系統(tǒng)時(shí)間

ntpdate 0.asia.pool.ntp.org

配置 docker,K8S 的阿里云 yum 源

cat >>/etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

將橋接的流量傳遞到 iptables

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

關(guān)閉防火墻

systemctl stop firewalld
systemctl disable firewalld

關(guān)閉 SeLinux

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

關(guān)閉 samp

swapoff -a
yes | cp /etc/fstab /etc/fstab_bak

vi /etc/fstab 注釋下面這一行

#/dev/mapper/centos-swap swap                    swap    defaults        0 0

Master 節(jié)點(diǎn)安裝 kubeadm, kubelet, kubectl

修改 docker 配置文件

1. mkdir /etc/docker

2. cat > /etc/docker/daemon.json <<EOF
   {
     "exec-opts": ["native.cgroupdriver=systemd"],
     "registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"]
   }
   EOF
   

3. systemctl daemon-reload
   systemctl restart docker
   systemctl enable docker
   

安裝 kubeadm, kubelet, kubectl

yum install -y kubelet-1.19.3 kubeadm-1.19.3 kubectl-1.19.3

如果報(bào)錯(cuò)：

failure: repodata/repomd.xml from kubernetes: [Errno 256] No more mirrors to try.
https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for kubernetes

那么：

• vim /etc/yum.repos.d/kubernetes.repo
• 修改： repo_gpgcheck=0

設(shè)置開(kāi)啟自啟動(dòng) kubelet
systemctl enable kubelet

關(guān)閉虛擬機(jī)揪漩，給虛擬機(jī)做一個(gè)快照

初始化 Master 節(jié)點(diǎn)

設(shè)置主機(jī)名

hostnamectl set-hostname master

初始化

kubeadm init --kubernetes-version=1.19.2 \
--apiserver-advertise-address=192.168.190.131 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16

記下下面這段旋恼，后面用

kubeadm join 192.168.190.131:6443 --token l7t563.ery226j7x0zv87p7 \
    --discovery-token-ca-cert-hash sha256:1271d25165cffe9623cc85980a5ac950eba7ff066149b590a509d3e09594a09d

添加配置文件

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

配置 KUBECONFIG 環(huán)境變量

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile

驗(yàn)證一下

kubectl get node

可以看到，這個(gè)時(shí)候 STATUS 是 NotReady

NAME     STATUS     ROLES    AGE    VERSION
master   NotReady   master   8m5s   v1.19.3

安裝網(wǎng)絡(luò)插件 Flannel

cd ~

git init

git clone https://git.imooc.com/coding-464/kubeblog.git

kubectl apply -f kubeblog/docs/Chapter4/flannel.yaml

等待一會(huì)奄容，查看是否成功創(chuàng)建 Flannel 網(wǎng)絡(luò)

ifconfig |grep flan

可以看到

flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450

大約10分鐘之后冰更，再驗(yàn)證一下 Kubernetes master 運(yùn)行情況

kubectl get node

可以看到，STATUS 是 Ready 了

NAME     STATUS   ROLES    AGE   VERSION
master   Ready    master   38m   v1.19.3

kubectl get pod -n kube-system

所有 pod 都應(yīng)該成功運(yùn)行

NAME                             READY   STATUS    RESTARTS   AGE
coredns-6d56c8448f-bvm98         1/1     Running   0          39m
coredns-6d56c8448f-mzggm         1/1     Running   0          39m
etcd-master                      1/1     Running   0          39m
kube-apiserver-master            1/1     Running   0          39m
kube-controller-manager-master   1/1     Running   0          39m
kube-flannel-ds-bgr8x            1/1     Running   0          15m
kube-proxy-xxczv                 1/1     Running   0          39m
kube-scheduler-master            1/1     Running   0          39m

安裝配置 worker Node 節(jié)點(diǎn)

clone master 虛擬機(jī)昂勒，從創(chuàng)建的快照那里 clone

修改 ip

重啟網(wǎng)絡(luò)

systemctl restart network

配置域名

hostnamectl set-hostname node1

重置 kubeadm

kubeadm reset

配置端口轉(zhuǎn)發(fā)

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

將 master 節(jié)點(diǎn)的 admin.conf 拷貝到 node1蜀细，在 master 機(jī)器上執(zhí)行：

scp /etc/kubernetes/admin.conf root@192.168.190.132:/etc/kubernetes/

配置 work1 Kubeconfig 環(huán)境變量

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile

重置一下，kubeadm reset

清理 node1 環(huán)境的網(wǎng)絡(luò)

systemctl stop kubelet && systemctl stop docker && rm -rf /var/lib/cni/ && rm -rf /var/lib/kubelet/* && rm -rf /etc/cni/ && ifconfig cni0 down && ifconfig flannel.1 down && ifconfig docker0 down && ip link delete cni0 && ip link delete flannel.1

如果提示沒(méi)找到設(shè)備戈盈，可以忽略

systemctl start docker && systemctl start kubelet

Kubeadm join

kubeadm join 192.168.190.131:6443 --token l7t563.ery226j7x0zv87p7 \
    --discovery-token-ca-cert-hash sha256:1271d25165cffe9623cc85980a5ac950eba7ff066149b590a509d3e09594a09d

執(zhí)行 kubectl get nodes
如果提示

Config not found: /etc/kubernetes/admin.conf
The connection to the server localhost:8080 was refused - did you specify the right host or port?

在重新傳一下配置文件：

• 在 master 執(zhí)行：scp /etc/kubernetes/admin.conf root@node1:/etc/kubernetes/
• 在 node 執(zhí)行：echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile source ~/.bash_profile

安裝 Dashboard

cd /root/kubeblog/docs/Chapter4

kubectl create -f kubernetes-dashboard.yaml

修改

vim kubernetes-dashboard.yaml

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 31111
  selector:
    k8s-app: kubernetes-dashboard

部署 Dashboard

kubectl apply -f docs/Chapter4/kubernetes-dashboard.yaml

查看 pod, svc 狀態(tài)

kubectl get pod,svc -n kubernetes-dashboard

瀏覽器訪問(wèn)：https://node的ip:31111/

訪問(wèn)之后奠衔，提示不安全谆刨，點(diǎn)擊當(dāng)前頁(yè)面，直接輸入 thisisunsafe

獲取登錄 token

kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token