安裝說明
操作系統(tǒng)版本:
cat /proc/version
# Linux version 3.10.0-862.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) ) #1 SMP Fri Apr 20 16:44:24 UTC 2018
rpm -q centos-release
# centos-release-7-5.1804.el7.centos.x86_64
cat /etc/redhat-release
# CentOS Linux release 7.5.1804 (Core)
docker版本:
docker --version
# Docker version 18.09.6, build 481bc77156
kubernetes版本
kubelet --version
# Kubernetes v1.14.2
安裝步驟
1.設(shè)置ssh使服務(wù)器之間互信
2.關(guān)閉 SeLinux 和 FireWall [所有機器執(zhí)行]
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld
swapoff -a
setenforce 0
vi /etc/selinux/config
SELINUX=disabled
3.安裝組件 [所有機器執(zhí)行]
(1) 安裝 docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce
docker --version
# Docker version 17.06.2-ce, build cec0b72
systemctl start docker
systemctl status docker
systemctl enable docker
(2) 安裝 kubelet孕豹、kubeadm、kubectl
設(shè)置倉庫地址:
cat>>/etc/yum.repos.d/kubrenetes.repo<<EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF
執(zhí)行命令馬上安裝
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX= disabled/' /etc/selinux/config
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
4.安裝鏡像 [所有機器執(zhí)行]
# 安裝鏡像
docker pull mirrorgooglecontainers/kube-apiserver:v1.14.2
docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.2
docker pull mirrorgooglecontainers/kube-scheduler:v1.14.2
docker pull mirrorgooglecontainers/kube-proxy:v1.14.2
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.3.10
docker pull coredns/coredns:1.3.1
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
# 取別名
docker tag mirrorgooglecontainers/kube-apiserver:v1.14.2 k8s.gcr.io/kube-apiserver:v1.14.2
docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.2 k8s.gcr.io/kube-controller-manager:v1.14.2
docker tag mirrorgooglecontainers/kube-scheduler:v1.14.2 k8s.gcr.io/kube-scheduler:v1.14.2
docker tag mirrorgooglecontainers/kube-proxy:v1.14.2 k8s.gcr.io/kube-proxy:v1.14.2
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64
# 刪除鏡像
docker rmi mirrorgooglecontainers/kube-apiserver:v1.14.2
docker rmi mirrorgooglecontainers/kube-controller-manager:v1.14.2
docker rmi mirrorgooglecontainers/kube-scheduler:v1.14.2
docker rmi mirrorgooglecontainers/kube-proxy:v1.14.2
docker rmi mirrorgooglecontainers/pause:3.1
docker rmi mirrorgooglecontainers/etcd:3.3.10
docker rmi coredns/coredns:1.3.1
docker rmi registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
5.安裝Master
(1) 初始化
kubeadm init --kubernetes-version=v1.14.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
kubernetes-version
: 當(dāng)前k8s版本
pod-network-cidr
: 用于指定Pod的網(wǎng)絡(luò)范圍。該參數(shù)使用依賴于使用的網(wǎng)絡(luò)方案誉察,本文將使用經(jīng)典的flannel網(wǎng)絡(luò)方案很魂。
service-cidr
:
如果沒有問題, 則會得到輸出結(jié)果: 輸出結(jié)果
(2) 設(shè)置.kube/config
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
(3) 保存輸出中kubeadm join
行命令, 在node
節(jié)點會執(zhí)行
kubeadm join 10.255.73.26:6443 --token xfnfrl.4zlyx5ecu4t7n9ie \
--discovery-token-ca-cert-hash sha256:c68bbf21a21439f8de92124337b4af04020f3332363e28522339933db813cc4b
(4) 配置 kubect
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
echo $KUBECONFIG
(5) 安裝Pod網(wǎng)絡(luò)
安裝 Pod網(wǎng)絡(luò)是 Pod之間進行通信的必要條件,k8s支持眾多網(wǎng)絡(luò)方案鞠绰,這里我們依然選用經(jīng)典的flannel
方案
a.在任意位置新建文件 kube-flannel.yaml
, 文件內(nèi)容: 文件內(nèi)容
b.首先設(shè)置系統(tǒng)參數(shù) sysctl net.bridge.bridge-nf-call-iptables=1
c.使用 kube-flannel.yaml
文件, kubectl apply -f kube-flannel.yaml
d.檢查pod網(wǎng)絡(luò)是否正常 kubectl get pods --all-namespaces -o wide
, 如果READY
都為1/1
, 則正常
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-fb8b8dccf-2hwr4 1/1 Running 0 7h44m 10.244.0.3 pjr-ofckv-73-26 <none> <none>
kube-system coredns-fb8b8dccf-nwqt9 1/1 Running 0 7h44m 10.244.0.2 pjr-ofckv-73-26 <none> <none>
e.查看節(jié)點狀態(tài) kubectl get nodes
pjr-ofckv-73-26 Ready master 7h47m v1.14.2
6 添加Node節(jié)點
(1)執(zhí)行master
節(jié)點init的時候輸出的kubeadm join
,即
kubeadm join 10.255.73.26:6443 --token xfnfrl.4zlyx5ecu4t7n9ie \
--discovery-token-ca-cert-hash sha256:c68bbf21a21439f8de92124337b4af04020f3332363e28522339933db813cc4b
如果在部署master節(jié)點的時候沒有保存, 則可以通過kubeadm token list
找回, ip即為master節(jié)點所在機器的ip, 端口為6443
(可能默認是)
(2) 校驗節(jié)點狀態(tài) kubectl get nodes
所有的節(jié)點皆為Ready
狀態(tài)表示集群正常
pjr-ofckv-73-24 Ready <none> 47m v1.14.2
pjr-ofckv-73-25 Ready <none> 7h34m v1.14.2
pjr-ofckv-73-26 Ready master 7h55m v1.14.2
(3) 查看所有Pod狀態(tài) kubectl get pods --all-namespaces -o wide
所有的的組件的READY皆為1/1
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-fb8b8dccf-2hwr4 1/1 Running 0 7h55m 10.244.0.3 pjr-ofckv-73-26 <none> <none>
kube-system coredns-fb8b8dccf-nwqt9 1/1 Running 0 7h55m 10.244.0.2 pjr-ofckv-73-26 <none> <none>
kube-system etcd-pjr-ofckv-73-26 1/1 Running 0 7h54m 10.255.73.26 pjr-ofckv-73-26 <none> <none>
kube-system kube-apiserver-pjr-ofckv-73-26 1/1 Running 0 7h54m 10.255.73.26 pjr-ofckv-73-26 <none> <none>
kube-system kube-controller-manager-pjr-ofckv-73-26 1/1 Running 0 7h54m 10.255.73.26 pjr-ofckv-73-26 <none> <none>
kube-system kube-flannel-ds-amd64-9qhcl 1/1 Running 0 48m 10.255.73.24 pjr-ofckv-73-24 <none> <none>
kube-system kube-flannel-ds-amd64-xmrzz 1/1 Running 0 7h51m 10.255.73.26 pjr-ofckv-73-26 <none> <none>
kube-system kube-flannel-ds-amd64-zqdzp 1/1 Running 0 7h34m 10.255.73.25 pjr-ofckv-73-25 <none> <none>
kube-system kube-proxy-kgcxj 1/1 Running 0 7h34m 10.255.73.25 pjr-ofckv-73-25 <none> <none>
kube-system kube-proxy-rpn4z 1/1 Running 0 7h55m 10.255.73.26 pjr-ofckv-73-26 <none> <none>
kube-system kube-proxy-tm8df 1/1 Running 0 48m 10.255.73.24 pjr-ofckv-73-24 <none> <none>
kube-system kube-scheduler-pjr-ofckv-73-26 1/1 Running 0 7h54m 10.255.73.26 pjr-ofckv-73-26 <none> <none>
7.刪除節(jié)點 [備注: 操作過程中遇到錯誤, 暫時不確定下面的刪除操作是否正確]
(1) 在master節(jié)點執(zhí)行
kubectl drain pjr-ofckv-73-24 --delete-local-data --force --ignore-daemonsets
kubectl delete node pjr-ofckv-73-24
(2)在移除的節(jié)點上執(zhí)行
kubeadm reset
8.在master節(jié)點上安裝dashbord
dashboard
的版本為v1.10.0
(1) 下載鏡像 kubernetes-dashboard-amd64:v1.10.0
docker pull registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0
docker tag registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
docker image rm registry.cn-qingdao.aliyuncs.com/wangxiaoke/kubernetes-dashboard-amd64:v1.10.0
(2) 安裝dashborad
kubectl create -f kubernetes-dashboard.yaml
kubernetes-dashboard.yaml
可以在任意位置新建即可, 具體內(nèi)容參考: 文件內(nèi)容
注意點: NodePort
及hostPath
設(shè)置, 官方提供的版本為: 官方版本, 可以對比一下不同之處
(3) 參看dashborad的pod是否安正常啟動, 如果正常則說明啟動成功
kubectl get pods --namespace=kube-system
成功輸出內(nèi)容如下: READY為1/1
, STATUS為Running
,
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-595d866bb8-n8bh7 1/1 Running 0 141m
此時如果遇到其他狀態(tài)如ContainerCreating
, 可以通過 kubectl describe pod kubernetes-dashboard-xxxxxxxx-yyyy --namespace=kube-system
查看指定的pod
的錯誤原因, 我在安裝的時候, 就顯示在node節(jié)點之上沒有kubernetes-dashboard-amd64:v1.10.0
這個鏡像.
另外,如果將錯誤修改之后,重新執(zhí)行kubectl create -f kubernetes-dashboard.yaml
會提示文件存在, 可以使用kubectl delete -f kubernetes-dashboard.yaml
清除文件.
另外,kubernetes-dashboard.yaml
文件中涉及的文件夾/home/share/certs
也需要提前創(chuàng)建, 我在master和node節(jié)點都新建了
(4) 查看 dashboard的外網(wǎng)暴露端口
kubectl get service --namespace=kube-system
輸出如下: 31234
即為外網(wǎng)訪問接口,在訪問dashboard
頁面時會使用
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 3d23h
kubernetes-dashboard NodePort 10.108.134.118 <none> 443:31234/TCP 150m
(5) 生成私鑰和證書簽名
在master節(jié)點執(zhí)行, 如果輸入或者選擇, 直接回車
openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
rm dashboard.pass.key
openssl req -new -key dashboard.key -out dashboard.csr # 全部回車
(6) 生成SSL證書
openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
然后將生成的dashboard.key
和dashboard.crt
置于路徑/home/share/certs
下厢洞,該路徑會配置到下面即將要操作的
(7) 創(chuàng)建dashbord
用戶
kubectl create -f dashboard-user-role.yaml
dashboard-user-role.yaml
文件內(nèi)容: dashboard-user-role.yaml
(8) 獲取登錄token, 如果忘了, 可以直接執(zhí)行下面命令獲取
kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system
輸出如下:
Name: admin-token-rfc2l
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin
kubernetes.io/service-account.uid: 42eeeee9-802c-11e9-a88a-f0000aff491a
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1yZmMybCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjQyZWVlZWU5LTgwMmMtMTFlOS1hODhhLWYwMDAwYWZmNDkxYSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.gRK_RO2Nk24tRCLq9ekkWvL_hNOTKKxQB0FrJEAHASGEpNP9Ew9JHBwljA-jPBZiNDxheOURQJuypDvCLXdRqyAWM26QEeYKB8EdHxiZb7fcTazMnPnl7hbBsWOsuTonpD2gWQYaRFFmkJds-ta5UKvtGJiKeUUEAzBilNvRp60mws5L-KAPB0yFAtHWXyz682eVu_NjcEWH-1f_uZ-noXJJPqvz0XarmR1RenQtnMd3brKjhk02FUIQyD2l1s6hH6tHVm59LZ74jLPcXTlaUpEG6LE_vJHzktTsHdRmtKg6wDeq_blvGtT4vU8k92LFC-r2p3O2BJQ-jqfy1y-T6w
(9) 登錄
登錄地址: https://masterIp:31234(第(4)步輸出)/#!/settings?namespace=default
選擇令牌
, 使用上面得到的token
登錄
安裝問題
- The connection to the server localhost:8080 was refused - did you specify the right host or port?
在node節(jié)點安裝的時候會碰到該問題, 原因是node節(jié)點所在服務(wù)器缺少文件/etc/kubernetes/admin.conf
,
解決方法:
1.需要將master節(jié)點上的/etc/kubernetes/admin.conf
文件復(fù)制到node節(jié)點/etc/kubernetes/admin.conf
中
2.設(shè)置變量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
- node節(jié)點如果一直都處于
not ready
狀態(tài)
我在第一次安裝的時候, 在node節(jié)點沒有下載鏡像, 在執(zhí)行kubeadm join
加入集群時, 確實能夠加入集群,但是一直處于UnReady
狀態(tài),通過tail /var/log/messages
參看錯誤日志,才知道是因為鏡像沒有安裝, 因為安裝的時候程序會自動去k8s.gcr.io
節(jié)點下拉鏡像,不幸的是,沒有梯梯
參考文檔
利用Kubeadm部署 Kubernetes 1.13.1集群實踐錄
歡迎關(guān)注公號:程序員的金融圈
一個探討技術(shù),金融西饵,賺錢
的小圈子酝掩,為你提供最有味道
的內(nèi)容,日日更新眷柔!