安裝說明

操作系統(tǒng)版本:

cat /proc/version
# Linux version 3.10.0-862.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) ) #1 SMP Fri Apr 20 16:44:24 UTC 2018
rpm -q centos-release
# centos-release-7-5.1804.el7.centos.x86_64
cat /etc/redhat-release
# CentOS Linux release 7.5.1804 (Core)

docker版本:

docker --version
# Docker version 18.09.6, build 481bc77156

kubernetes版本

kubelet --version
# Kubernetes v1.14.2

安裝步驟

1.設(shè)置ssh使服務(wù)器之間互信

2.關(guān)閉 SeLinux 和 FireWall [所有機器執(zhí)行]

sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld

swapoff -a

setenforce 0
vi /etc/selinux/config
SELINUX=disabled

3.安裝組件 [所有機器執(zhí)行]

(1) 安裝 docker

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce
docker --version
# Docker version 17.06.2-ce, build cec0b72
systemctl start docker
systemctl status docker
systemctl enable docker

(2) 安裝 kubelet孕豹、kubeadm、kubectl

設(shè)置倉庫地址:

cat>>/etc/yum.repos.d/kubrenetes.repo<<EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF

執(zhí)行命令馬上安裝

setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX= disabled/' /etc/selinux/config

yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

4.安裝鏡像 [所有機器執(zhí)行]

# 安裝鏡像
docker pull mirrorgooglecontainers/kube-apiserver:v1.14.2
docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.2
docker pull mirrorgooglecontainers/kube-scheduler:v1.14.2
docker pull mirrorgooglecontainers/kube-proxy:v1.14.2
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.3.10
docker pull coredns/coredns:1.3.1
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64

# 取別名
docker tag mirrorgooglecontainers/kube-apiserver:v1.14.2 k8s.gcr.io/kube-apiserver:v1.14.2
docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.2 k8s.gcr.io/kube-controller-manager:v1.14.2
docker tag mirrorgooglecontainers/kube-scheduler:v1.14.2 k8s.gcr.io/kube-scheduler:v1.14.2
docker tag mirrorgooglecontainers/kube-proxy:v1.14.2 k8s.gcr.io/kube-proxy:v1.14.2
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64

# 刪除鏡像
docker rmi mirrorgooglecontainers/kube-apiserver:v1.14.2
docker rmi mirrorgooglecontainers/kube-controller-manager:v1.14.2
docker rmi mirrorgooglecontainers/kube-scheduler:v1.14.2
docker rmi mirrorgooglecontainers/kube-proxy:v1.14.2
docker rmi mirrorgooglecontainers/pause:3.1
docker rmi mirrorgooglecontainers/etcd:3.3.10
docker rmi coredns/coredns:1.3.1
docker rmi registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64

5.安裝Master

(1) 初始化

kubeadm init --kubernetes-version=v1.14.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap

kubernetes-version: 當(dāng)前k8s版本

pod-network-cidr: 用于指定Pod的網(wǎng)絡(luò)范圍。該參數(shù)使用依賴于使用的網(wǎng)絡(luò)方案誉察，本文將使用經(jīng)典的flannel網(wǎng)絡(luò)方案很魂。

service-cidr:

如果沒有問題, 則會得到輸出結(jié)果: 輸出結(jié)果

(2) 設(shè)置.kube/config

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

(3) 保存輸出中kubeadm join行命令, 在node節(jié)點會執(zhí)行

kubeadm join 10.255.73.26:6443 --token xfnfrl.4zlyx5ecu4t7n9ie \
    --discovery-token-ca-cert-hash sha256:c68bbf21a21439f8de92124337b4af04020f3332363e28522339933db813cc4b

(4) 配置 kubect

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
echo $KUBECONFIG

(5) 安裝Pod網(wǎng)絡(luò)

安裝 Pod網(wǎng)絡(luò)是 Pod之間進行通信的必要條件，k8s支持眾多網(wǎng)絡(luò)方案鞠绰，這里我們依然選用經(jīng)典的flannel方案

a.在任意位置新建文件 kube-flannel.yaml, 文件內(nèi)容: 文件內(nèi)容

b.首先設(shè)置系統(tǒng)參數(shù) sysctl net.bridge.bridge-nf-call-iptables=1

c.使用 kube-flannel.yaml文件, kubectl apply -f kube-flannel.yaml

d.檢查pod網(wǎng)絡(luò)是否正常 kubectl get pods --all-namespaces -o wide, 如果READY都為1/1, 則正常

NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE     IP             NODE              NOMINATED NODE   READINESS GATES
kube-system   coredns-fb8b8dccf-2hwr4                   1/1     Running   0          7h44m   10.244.0.3     pjr-ofckv-73-26   <none>           <none>
kube-system   coredns-fb8b8dccf-nwqt9                   1/1     Running   0          7h44m   10.244.0.2     pjr-ofckv-73-26   <none>           <none>

e.查看節(jié)點狀態(tài) kubectl get nodes

pjr-ofckv-73-26   Ready    master   7h47m   v1.14.2

6 添加Node節(jié)點

(1)執(zhí)行master節(jié)點init的時候輸出的kubeadm join,即

kubeadm join 10.255.73.26:6443 --token xfnfrl.4zlyx5ecu4t7n9ie \
    --discovery-token-ca-cert-hash sha256:c68bbf21a21439f8de92124337b4af04020f3332363e28522339933db813cc4b

如果在部署master節(jié)點的時候沒有保存, 則可以通過kubeadm token list找回, ip即為master節(jié)點所在機器的ip, 端口為6443(可能默認是)

(2) 校驗節(jié)點狀態(tài) kubectl get nodes

所有的節(jié)點皆為Ready狀態(tài)表示集群正常

pjr-ofckv-73-24   Ready    <none>   47m     v1.14.2
pjr-ofckv-73-25   Ready    <none>   7h34m   v1.14.2
pjr-ofckv-73-26   Ready    master   7h55m   v1.14.2

(3) 查看所有Pod狀態(tài) kubectl get pods --all-namespaces -o wide

所有的的組件的READY皆為1/1

NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE     IP             NODE              NOMINATED NODE   READINESS GATES
kube-system   coredns-fb8b8dccf-2hwr4                   1/1     Running   0          7h55m   10.244.0.3     pjr-ofckv-73-26   <none>           <none>
kube-system   coredns-fb8b8dccf-nwqt9                   1/1     Running   0          7h55m   10.244.0.2     pjr-ofckv-73-26   <none>           <none>
kube-system   etcd-pjr-ofckv-73-26                      1/1     Running   0          7h54m   10.255.73.26   pjr-ofckv-73-26   <none>           <none>
kube-system   kube-apiserver-pjr-ofckv-73-26            1/1     Running   0          7h54m   10.255.73.26   pjr-ofckv-73-26   <none>           <none>
kube-system   kube-controller-manager-pjr-ofckv-73-26   1/1     Running   0          7h54m   10.255.73.26   pjr-ofckv-73-26   <none>           <none>
kube-system   kube-flannel-ds-amd64-9qhcl               1/1     Running   0          48m     10.255.73.24   pjr-ofckv-73-24   <none>           <none>
kube-system   kube-flannel-ds-amd64-xmrzz               1/1     Running   0          7h51m   10.255.73.26   pjr-ofckv-73-26   <none>           <none>
kube-system   kube-flannel-ds-amd64-zqdzp               1/1     Running   0          7h34m   10.255.73.25   pjr-ofckv-73-25   <none>           <none>
kube-system   kube-proxy-kgcxj                          1/1     Running   0          7h34m   10.255.73.25   pjr-ofckv-73-25   <none>           <none>
kube-system   kube-proxy-rpn4z                          1/1     Running   0          7h55m   10.255.73.26   pjr-ofckv-73-26   <none>           <none>
kube-system   kube-proxy-tm8df                          1/1     Running   0          48m     10.255.73.24   pjr-ofckv-73-24   <none>           <none>
kube-system   kube-scheduler-pjr-ofckv-73-26            1/1     Running   0          7h54m   10.255.73.26   pjr-ofckv-73-26   <none>           <none>

7.刪除節(jié)點 [備注: 操作過程中遇到錯誤, 暫時不確定下面的刪除操作是否正確]

(1) 在master節(jié)點執(zhí)行

kubectl drain pjr-ofckv-73-24 --delete-local-data --force --ignore-daemonsets
kubectl delete node pjr-ofckv-73-24

(2)在移除的節(jié)點上執(zhí)行

kubeadm reset

8.在master節(jié)點上安裝dashbord

dashboard的版本為v1.10.0

(1) 下載鏡像 kubernetes-dashboard-amd64:v1.10.0

docker pull registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0
docker tag registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
docker image rm registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0

(2) 安裝dashborad

kubectl create -f kubernetes-dashboard.yaml

kubernetes-dashboard.yaml可以在任意位置新建即可, 具體內(nèi)容參考: 文件內(nèi)容

注意點: NodePort及hostPath設(shè)置, 官方提供的版本為: 官方版本, 可以對比一下不同之處

(3) 參看dashborad的pod是否安正常啟動, 如果正常則說明啟動成功

kubectl get pods --namespace=kube-system

成功輸出內(nèi)容如下: READY為1/1, STATUS為Running,

NAME                                      READY   STATUS    RESTARTS   AGE
kubernetes-dashboard-595d866bb8-n8bh7     1/1     Running   0          141m

此時如果遇到其他狀態(tài)如ContainerCreating, 可以通過 kubectl describe pod kubernetes-dashboard-xxxxxxxx-yyyy --namespace=kube-system查看指定的pod的錯誤原因, 我在安裝的時候, 就顯示在node節(jié)點之上沒有kubernetes-dashboard-amd64:v1.10.0這個鏡像.

另外,如果將錯誤修改之后,重新執(zhí)行kubectl create -f kubernetes-dashboard.yaml會提示文件存在, 可以使用kubectl delete -f kubernetes-dashboard.yaml清除文件.

另外,kubernetes-dashboard.yaml文件中涉及的文件夾/home/share/certs也需要提前創(chuàng)建, 我在master和node節(jié)點都新建了

(4) 查看 dashboard的外網(wǎng)暴露端口

kubectl get service --namespace=kube-system

輸出如下: 31234即為外網(wǎng)訪問接口,在訪問dashboard頁面時會使用

NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
kube-dns               ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP   3d23h
kubernetes-dashboard   NodePort    10.108.134.118   <none>        443:31234/TCP            150m

(5) 生成私鑰和證書簽名
在master節(jié)點執(zhí)行, 如果輸入或者選擇, 直接回車

openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
rm dashboard.pass.key
openssl req -new -key dashboard.key -out dashboard.csr # 全部回車

(6) 生成SSL證書

openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt

然后將生成的dashboard.key和dashboard.crt置于路徑/home/share/certs下厢洞，該路徑會配置到下面即將要操作的

(7) 創(chuàng)建dashbord用戶

kubectl create -f dashboard-user-role.yaml

dashboard-user-role.yaml文件內(nèi)容: dashboard-user-role.yaml

(8) 獲取登錄token, 如果忘了, 可以直接執(zhí)行下面命令獲取

kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system

輸出如下:

Name:         admin-token-rfc2l
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: 42eeeee9-802c-11e9-a88a-f0000aff491a

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1yZmMybCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjQyZWVlZWU5LTgwMmMtMTFlOS1hODhhLWYwMDAwYWZmNDkxYSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.gRK_RO2Nk24tRCLq9ekkWvL_hNOTKKxQB0FrJEAHASGEpNP9Ew9JHBwljA-jPBZiNDxheOURQJuypDvCLXdRqyAWM26QEeYKB8EdHxiZb7fcTazMnPnl7hbBsWOsuTonpD2gWQYaRFFmkJds-ta5UKvtGJiKeUUEAzBilNvRp60mws5L-KAPB0yFAtHWXyz682eVu_NjcEWH-1f_uZ-noXJJPqvz0XarmR1RenQtnMd3brKjhk02FUIQyD2l1s6hH6tHVm59LZ74jLPcXTlaUpEG6LE_vJHzktTsHdRmtKg6wDeq_blvGtT4vU8k92LFC-r2p3O2BJQ-jqfy1y-T6w

(9) 登錄

登錄地址: https://masterIp:31234(第(4)步輸出)/#!/settings?namespace=default

選擇令牌, 使用上面得到的token登錄

登錄頁面

管理界面首頁

安裝問題

• The connection to the server localhost:8080 was refused - did you specify the right host or port?
  在node節(jié)點安裝的時候會碰到該問題, 原因是node節(jié)點所在服務(wù)器缺少文件/etc/kubernetes/admin.conf,
  解決方法:

1.需要將master節(jié)點上的/etc/kubernetes/admin.conf文件復(fù)制到node節(jié)點/etc/kubernetes/admin.conf中

2.設(shè)置變量

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile

• node節(jié)點如果一直都處于not ready狀態(tài)
  我在第一次安裝的時候, 在node節(jié)點沒有下載鏡像, 在執(zhí)行kubeadm join加入集群時, 確實能夠加入集群,但是一直處于UnReady狀態(tài),通過tail /var/log/messages參看錯誤日志,才知道是因為鏡像沒有安裝, 因為安裝的時候程序會自動去k8s.gcr.io節(jié)點下拉鏡像,不幸的是,沒有梯梯

參考文檔

利用Kubeadm部署 Kubernetes 1.13.1集群實踐錄

歡迎關(guān)注公號：程序員的金融圈

一個探討技術(shù)，金融西饵，賺錢的小圈子酝掩，為你提供最有味道的內(nèi)容，日日更新眷柔！

image