這段時(shí)間研究Kubernetes(K8S),KubeSphere蛾魄。運(yùn)行環(huán)境的搭建花了很多時(shí)間征峦,踩了很多坑情屹,寫(xiě)此分享避免小伙伴從入門(mén)到放棄。希望正在學(xué)習(xí)的容器化技術(shù)的小伙伴們看完此文章能夠更加得心應(yīng)手酿箭。
K8S幫助文檔地址(https://www.kubernetes.org.cn/k8s)
KubeSphere幫助文檔地址(https://kubesphere.com.cn/docs/quick-start/minimal-kubesphere-on-k8s/)
服務(wù)器配置
操作系統(tǒng) centos_7_02_64
CPU:2核
內(nèi)存:8G
硬盤(pán):25G
環(huán)境軟件
kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3
Docker? 20.10.0
Helm 2.16.3
OpenEBS 1.5.0
Flannel
1 安裝依賴(lài)包
sudo yum install-y yum-utils
2 設(shè)置鏡像的倉(cāng)庫(kù)
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3 更新yum軟件包索引
? yum makecache fast
4 安裝docker相關(guān)的源 docker-ce 社區(qū) ee 企業(yè)版
yum install docker-ce docker-ce-clicontainerd.io
5 配置鏡像加速器(下面命令可從注冊(cè)阿里云服務(wù)器复亏,搜索框輸入鏡像加速 可獲取獲取到 如下圖)
sudomkdir-p /etc/dockersudotee/etc/docker/daemon.json<<-'EOF'{"registry-mirrors":["https://ke9h1pt4.mirror.aliyuncs.com"]}EOFsudosystemctl daemon-reloadsudosystemctl restart docker
5 啟動(dòng)docker
systemctlstartdocker
驗(yàn)證安裝(出現(xiàn)下圖打印信息安裝成功)
docker--version
6 設(shè)置開(kāi)機(jī)啟動(dòng)
? systemctl enable docker
1 關(guān)閉防火墻 (安裝過(guò)程中沒(méi)關(guān)能成功)
? systemctl stop firewalld
? systemctl disable firewalld
2 關(guān)閉Linux(必關(guān))
sed-i's/enforcing/disabled/'/etc/selinux/config setenforce 0
3 關(guān)閉swap(必關(guān))
swapoff -a#臨時(shí)關(guān)閉sed-ri's/.*swap.*/#&/'/etc/fstab#永久關(guān)閉 線上使用這種free-g#驗(yàn)證,swap必須為0
4 K8S 安裝相關(guān)命令
4.1 添加阿里云yum源
cat</etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF
4.2 K8S組件安裝
yuminstall-y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3
4.3 K8S設(shè)置開(kāi)機(jī)啟動(dòng)與啟動(dòng)K8S
systemctlenablekubelet&&systemctl start kubelet
4.4 查看啟動(dòng)狀態(tài)
systemctl status kubelet
出現(xiàn)這種提示可以不用管,其他安裝就不會(huì)出現(xiàn)了
Unit kubelet.service entered failed state.
kubelet.service failed.
4.5 創(chuàng)建Master節(jié)點(diǎn),把下面腳本保存到文件master_create.sh,執(zhí)行命令sh master_create.sh
#!/bin/bashimages=(kube-apiserver:v1.17.3? ? kube-proxy:v1.17.3kube-controller-manager:v1.17.3kube-scheduler:v1.17.3coredns:1.6.5etcd:3.4.3-0? ? pause:3.1)forimageNamein${images[@]};dodocker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageNamedone
4.6 初始化kubeadm,–apiserver-advertise-address=10.0.2.21,IP地址是master主機(jī)的地址缭嫡,eth0網(wǎng)卡的地址缔御。
kubeadm init \--apiserver-advertise-address=10.0.12.25 \--image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \--kubernetes-version? v1.17.3 \--service-cidr=10.96.0.0/16? \--pod-network-cidr=10.244.0.0/16
出現(xiàn)下面提示表示初始化成功
Your Kubernetes control-plane has initialized successfully!
4.7 執(zhí)行4.6步驟成功返回腳本如下
mkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.kube/configsudo chown $(id-u):$(id-g)$HOME/.kube/config
4.8 單機(jī)與集群節(jié)點(diǎn)配置
4.8.1 單機(jī)Master隔離解除(主節(jié)點(diǎn)也能部署工作任務(wù),單臺(tái)服務(wù)器需要設(shè)置,集群不用配置)
kubectl taint nodes--all node-role.kubernetes.io/master-
成功時(shí)會(huì)輸出類(lèi)似提示:
xxx untainted
4.8.2 集群時(shí)需要執(zhí)行4.6初始化成功返回腳本如下(每臺(tái)子節(jié)點(diǎn)都要執(zhí)行)
kubeadmjoin10.0.12.25:6443 --token sg47f3.4asffoi6ijb8ljhq \--discovery-token-ca-cert-hash sha256:81fccdd29970cbc1b7dc7f171ac0234d53825bdf9b05428fc9e6767436991bfb
4.8.3子節(jié)點(diǎn)join結(jié)果查看
? kubectl get nodes
4.8.4 4.6步驟返回腳本 kubeadm join … 妇蛀,token過(guò)期重新生成命令
kubeadm token create --print-join-command
4.9安裝Pod網(wǎng)絡(luò)插件
4.9.1 通過(guò)腳本鏈接安裝
kubectl apply -f \
https://raw.githubusercontent.com/coreos/flanne/master/Documentation/kube-flannel.yml
4.9.2 通過(guò)本地腳本安裝
kubectl apply -f? kube-flannel.yml
4.9.3 查看安裝結(jié)果
kubectl get pods --all-namespaces
出現(xiàn)如下圖表示網(wǎng)絡(luò)插件Flannel安裝成功
1 helm安裝包本地安裝
1.1 下載這個(gè)版本helm-v2.16.3-linux-amd64.tar.gz
1.2 解壓安裝包
tar-zxvf helm-v2.16.3-linux-amd64.tar.gz
1.3移動(dòng)helm的位置
cplinux-amd64/helm/usr/local/bin/
1.4 建helm-rbac.yaml耕突。腳本如下
apiVersion: v1kind: ServiceAccountmetadata:? name: tiller? namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:? name: tillerroleRef:? apiGroup: rbac.authorization.k8s.io? kind: ClusterRole? name: cluster-adminsubjects:-kind: ServiceAccount? ? name: tiller? ? namespace: kube-system
1.5 運(yùn)行腳本
kubectl apply-f helm-rbac.yaml
1.6 Helm初始化
helm init--service-account tiller--upgrade-i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.3--skip-refresh
1.7 運(yùn)行命令,安裝校驗(yàn),成功提示
helm version
1.8 運(yùn)行狀態(tài)校驗(yàn),如下面截圖說(shuō)明啟動(dòng)成功
kubectl get pods-n kube-system
1.9 出現(xiàn)如下,執(zhí)行下面命令
Error: configmaps is forbidden: User"system:serviceaccount:kube-system:tiller"cannot list resource"configmaps"in APIgroup""in the namespace"kube-system"
kubectl create serviceaccount--namespace kube-system tillerkubectl create clusterrolebinding tiller-cluster-rule--clusterrole=cluster-admin--serviceaccount=kube-system:tillerkubectl patch deploy--namespace kube-system tiller-deploy-p'{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
2 腳本安裝Helm(由于網(wǎng)絡(luò)原因比較難成功)
2.1 創(chuàng)建腳本create_helm.sh
2.2 執(zhí)行腳本
sh get_helm.sh
參考https://v2-1.docs.kubesphere.io/docs/zh-CN/appendix/install-openebs/
1 遠(yuǎn)程腳本鏈接安裝
kubectl apply-f https://raw.githubusercontent.com/kubesphere/ks-installer/master/kubesphere-minimal.yaml
2 本地腳本鏈接安裝kubesphere-minimal.yaml
kubectl apply-f? kubesphere-minimal.yaml
2.1 安裝日志打印
kubectl logs-n kubesphere-system $(kubectl get pod-n kubesphere-system-l app=ks-install-o jsonpath='{.items[0].metadata.name}')-f
2.2 安裝成功日志打印
2.3 出現(xiàn)下圖錯(cuò)誤打印忽略
2.4 KubeSphere檢驗(yàn)安裝結(jié)果评架,如下圖為安裝成功
kubectl get pods--all-namespaces
2.5 KubeSphere 瀏覽器登錄
1 重置
kubeadm reset
2 刪除文件
rm-rf$HOME/.kube
1 執(zhí)行命令
kubectl get-n kube-system secrets,sa,clusterrolebinding-o name|grep tiller|xargs kubectl-n kube-system deletekubectl get all-n kube-system-l app=helm-o name|xargs kubectl delete-n kube-system
1 執(zhí)行命令
kubectl delete-f kubesphere-minimal.yaml
2 執(zhí)行腳本
shdel.sh
