k8s 安裝指南

介紹

• kubectl用于運行Kubernetes集群命令的管理工具。
• kubelet是主要的節(jié)點代理，它會監(jiān)視已分配給節(jié)點的pod裸违，具體功能：
• kubeadm Kubeadm 是一個工具

本次安裝版本為：

• Kubernetes v1.19.2
• Docker

環(huán)境準備

• 操作系統(tǒng)

• 集群配置

  IP	角色	cpu	內(nèi)存
  192.168.31.121	k8smaster	1	4G
  192.168.31.131	k8snode1	1	4G
  192.168.31.132	k8snode2	1	4G

192.168.31.121 k8smaster
192.168.31.131 k8snode1
192.168.31.132 k8snode2

系統(tǒng)配置

• 禁用selinux
• 禁用swap
• 設(shè)置rpm鏡像源

安裝docker

• 設(shè)置containerd.io源

   wget https://download.docker.com/linux/centos/7/x86_64/edge/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
   yum install containerd.io-1.2.6-3.3.el7.x86_64.rpm
  

• 安裝docker

  curl -sSL https://get.daocloud.io/docker | sh
  

• 設(shè)置阿里云加速器并設(shè)置docker以systemd驅(qū)動啟動

  sudo mkdir -p /etc/docker
  sudo tee /etc/docker/daemon.json <<-'EOF'
  {
  "exec-opts":["native.cgroupdriver=systemd"],   
  "log-driver": "json-file",
      "log-opts": {
      "max-size": "100m"
   },
  "storage-driver": "overlay2",
  "storage-opts": [
      "overlay2.override_kernel_check=true"
  ], 
  "registry-mirrors": ["https://xxx.mirror.aliyuncs.com"]
  }
  EOF
  sudo systemctl daemon-reload
  sudo systemctl restart docker
  

• 啟動容器

  sudo systemctl restart docker
  

添加阿里kubernetes源

所有電腦

# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

k8s master 安裝

yum install kubectl kubelet kubeadm
systemctl enable kubelet

初始化集群

kubeadm init --kubernetes-version=1.19.2  \
--apiserver-advertise-address=192.168.31.121   \
--image-repository registry.aliyuncs.com/google_containers  \
--service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16

參數(shù)說明：

• apiserver-advertise-address: k8smaster ip地址
• image-repository 用來拉取 k8s 的鏡像倉庫地址
• service-cidr 指明用 Master 的哪個 interface 與 Cluster 的其他節(jié)點通信。
• pod-network-cidr Pod 網(wǎng)絡(luò)的范圍

初始化完畢返回如下信息表示成功：

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.31.121:6443 --token 8gkv2e.futyk4tc5ekh9p1g \
    --discovery-token-ca-cert-hash sha256:55931b102e704c98ce1acc63a0052789579ddbc9c2dcfccbc8fb7f9bb8f51573 

查看狀態(tài)

kubectl get node
kubectl get pod --all-namespaces

node節(jié)點為NotReady冕香，因為corednspod沒有啟動，缺少網(wǎng)絡(luò)pod

安裝網(wǎng)絡(luò)

這里選擇calico網(wǎng)絡(luò)

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

安裝完網(wǎng)絡(luò)后后豫，等待片刻查看狀態(tài)發(fā)現(xiàn)都啟動成功了悉尾。

[root@k8smaster .kube]# kubectl get pod --all-namespaces
NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-c9784d67d-8p2qd   1/1     Running   0          2m59s
kube-system   calico-node-drm2r                         1/1     Running   0          2m59s
kube-system   coredns-6d56c8448f-gp4n9                  1/1     Running   0          14m
kube-system   coredns-6d56c8448f-hsmkm                  1/1     Running   0          14m
kube-system   etcd-k8smaster                            1/1     Running   0          14m
kube-system   kube-apiserver-k8smaster                  1/1     Running   0          14m
kube-system   kube-controller-manager-k8smaster         1/1     Running   0          14m
kube-system   kube-proxy-n2vzn                          1/1     Running   0          14m
kube-system   kube-scheduler-k8smaster                  1/1     Running   0          14m
[root@k8smaster .kube]# kubectl get node
NAME        STATUS   ROLES    AGE   VERSION
k8smaster   Ready    master   15m   v1.19.2

安裝dashborad

• 安裝

  wget  https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml
  kubectl apply -f recommended.yaml
  

• 自定義token生成

  mkdir dashboard-certs
  cd dashboard-certs/
  #創(chuàng)建命名空間
  kubectl create namespace kubernetes-dashboard
  # 創(chuàng)建key文件
  openssl genrsa -out dashboard.key 2048
  #證書請求
  openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
  #自簽證書
  openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
  #創(chuàng)建kubernetes-dashboard-certs對象
  kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
  

• 設(shè)置管理員

#創(chuàng)建賬號：
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namespace: kubernetes-dashboard

---
#為用戶分配權(quán)限：
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-bind-cluster-role
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard

使管理員生效

kubectl apply dashboard-admin.yaml

• 查看dashboard-admin賬戶的登錄 token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')

工作站點接入

1. 將主節(jié)點中的【/etc/kubernetes/admin.conf】文件拷貝到從節(jié)點相同目錄下
2. 執(zhí)行腳本

   mkdir -p $HOME/.kube
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
   sudo chown $(id -u):$(id -g) $HOME/.kube/config
   

參考文檔

• 使用kubeadm在Centos8上部署kubernetes1.18
• Kubernetes 1.8.x 全手動安裝教程