image.png

準(zhǔn)備工作：所有機(jī)器

關(guān)閉防火墻和SELinux
# systemctl stop firewalld
# systemctl disable firewalld

# setenforce 0
# sed -i 's/enforcing/disabled/' /etc/selinux/config 

更改主機(jī)名稱(chēng)配置解析
# hostnamectl set-hostname k8s-master

[root@k8s-master ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.18 k8s-master
192.168.1.22 k8s-node1
192.168.1.25 k8s-node2

關(guān)閉swap
# swapoff -a     #臨時(shí)
# vim /etc/fstab     #注釋保存成洗，永久

將橋接的IPv4流量傳遞到iptables的鏈
# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

# sysctl --system

一摧茴、所有節(jié)點(diǎn)安裝Docker、kubeadm饲梭、kubelet

Kubernetes默認(rèn)CRI（容器運(yùn)行時(shí)）為Docker，因此先安裝Docker焰檩。

1. 安裝Docker（版本一致）

# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
# yum -y install docker-ce
# docker -v
# systemctl enable docker && systemctl start docker

2. 安裝kubeadm憔涉，kubelet和kubectl

# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

由于版本更新頻繁，這里指定版本號(hào)部署
# yum install -y kubelet-1.16.0 kubeadm-1.16.0 kubectl-1.16.0
# systemctl enable kubelet

二析苫、部署Kubernetes Master

master 節(jié)點(diǎn)執(zhí)行

[root@k8s-master ~]# vim kubeadminit.sh
[root@k8s-master ~]# cat kubeadminit.sh
kubeadm init \
  --apiserver-advertise-address=192.168.1.18 \     #修改為master的IP
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.16.0 \     #版本號(hào)
  --service-cidr=10.1.0.0/16 \
  --pod-network-cidr=10.244.0.0/16

[root@k8s-master ~]# sh kubeadminit.sh >> join.txt
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

#看到master
[root@k8s-master ~]# kubectl get nodes
NAME         STATUS     ROLES    AGE    VERSION
k8s-master   NotReady   master   116s   v1.16.0

三兜叨、安裝Pod網(wǎng)絡(luò)插件（CNI）

master 節(jié)點(diǎn)執(zhí)行

[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

#確保都是running，不是的話等一會(huì)
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-58cc8c89f4-gssl8             1/1     Running   0          8m2s
coredns-58cc8c89f4-hvvql             1/1     Running   0          8m2s
etcd-k8s-master                      1/1     Running   0          7m29s
kube-apiserver-k8s-master            1/1     Running   0          7m4s
kube-controller-manager-k8s-master   1/1     Running   0          7m
kube-flannel-ds-amd64-4bjws          1/1     Running   0          96s
kube-proxy-tg2pj                     1/1     Running   0          8m2s
kube-scheduler-k8s-master            1/1     Running   0          7m9s

四藤违、加入Kubernetes Node

[root@k8s-master ~]# tail -n 2 join.txt 
kubeadm join 192.168.1.18:6443 --token l7lmzs.m6qjgl39tcd3hrvw \
    --discovery-token-ca-cert-hash sha256:1d2b02b1979cf61273f676b640411bdd07cbc9e75c76f083b42fe8090f8c9da0 

#向集群添加新節(jié)點(diǎn)浪腐，執(zhí)行在kubeadm init輸出的kubeadm join命令
[root@k8s-node1 ~]# kubeadm join 192.168.1.18:6443 --token l7lmzs.m6qjgl39tcd3hrvw \
>     --discovery-token-ca-cert-hash sha256:1d2b02b1979cf61273f676b640411bdd07cbc9e75c76f083b42fe8090f8c9da0 

[root@k8s-node2 ~]# kubeadm join 192.168.1.18:6443 --token l7lmzs.m6qjgl39tcd3hrvw \
>     --discovery-token-ca-cert-hash sha256:1d2b02b1979cf61273f676b640411bdd07cbc9e75c76f083b42fe8090f8c9da0 

#master查看
[root@k8s-master ~]# kubectl get nodes
NAME         STATUS     ROLES    AGE   VERSION
k8s-master   Ready      master   11m   v1.16.0
k8s-node1    NotReady   <none>   88s   v1.16.0
k8s-node2    NotReady   <none>   50s   v1.16.0

五、測(cè)試kubernetes集群

master 節(jié)點(diǎn)執(zhí)行

[root@k8s-master ~]# kubectl create deployment nginx --image=daocloud.io/library/nginx

[root@k8s-master ~]# kubectl expose deployment nginx --port=80 --type=NodePort

[root@k8s-master ~]# kubectl get pod,svc
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-54c66f4bdc-4sp2p   1/1     Running   0          23s

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.1.0.1     <none>        443/TCP        28m
service/nginx        NodePort    10.1.60.49   <none>        80:31407/TCP   19s

#訪問(wèn)測(cè)試：節(jié)點(diǎn)中任一IP+PORT都可以訪問(wèn)到
[root@k8s-master ~]# curl -I 192.168.1.22:31407
HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 06 May 2020 11:00:20 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

六顿乒、部署 Dashboard

master 節(jié)點(diǎn)執(zhí)行

[root@k8s-master ~]# curl https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml >> kubernetes-dashboard-1.10.1.yaml

#鏡像下載因?yàn)榫W(wǎng)絡(luò)的原因難以下載议街，修改以下兩個(gè)地方解決。
[root@k8s-master ~]# vim kubernetes-dashboard-1.10.1.yml
image: tigerfive/kubernetes-dashboard-amd64:v1.10.1     #修改此行

# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort     #添加此行
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001     #添加此行璧榄，選一個(gè)沒(méi)被占用的端口
  selector:
    k8s-app: kubernetes-dashboard

[root@k8s-master ~]# kubectl apply -f kubernetes-dashboard-1.10.1.yml

1. 瀏覽器輸入 https://192.168.1.18:30001 查看（注意前面要添加 https:// ）

image.png

2. 創(chuàng)建service account并綁定默認(rèn)cluster-admin管理員集群角色

[root@k8s-master ~]# kubectl create serviceaccount dashboard-admin -n kube-system

[root@k8s-master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

[root@k8s-master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name:         dashboard-admin-token-zh8vq
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 801ce091-0447-4259-8c4e-ad3baf59eac0

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVJhcV8xaF9nR0hkQmtyd0hZWmp4Z3hhSHJzbjdUQU5ERmVTbWljWVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4temg4dnEiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODAxY2UwOTEtMDQ0Ny00MjU5LThjNGUtYWQzYmFmNTllYWMwIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Mo2UhbKLbh4TOzfx1nOB3i_IcSItcFH77IJCJ59HsDSaJHe-jGQvkBGixp9HQONO5gh3-d-P-HvMQpGn9NHRmGd3tRQ2x01bzFqwnB3NKDK6VE-ahFv8OVEpDyNMJ40HFQZSCWdswrnwAuFZb0XTWGCHfJx0dALHozcpfw205hxUSPvqYHUu_-b5m1uOdoPGuqpBL65_nWBiWLQVdrWj0O9s-EhdUfmKB-Pt8pCFbYEf0j5tY4I-Ljc0ki7KwI_JjsilpcRg7POESbDQ2KPgS9ZG2y7-29w_wbvd1IS8iozj-RfIeEU57iW4wZ6kaFu-1K1nhsj_10mvDmG6j34byA

3. 復(fù)制token值選擇令牌登陸

image.png

image.png

七特漩、也可以部署Kuboard