环境和版本
CentOS:7.6
kubelet:1.20.5
kubeadm:1.20.5
kubectl:1.20.5
master 节点:腾讯云服务器为 2C2G,公网 IP:xxx.xxx.xx.xxx
node1节点:华为云(不建议)服务器为 2 核 4 GB,公网 IP:xxx.xx.xxx.xxx
以下安装与配置每个节点都需要处理
一、设置时间同步
1、chrony安装:yum install -y chrony 2、动chrony服务:systemctl start chronyd 3、设置系统开机自动启动chrony服务:systemctl enable chronyd 4、查看系统时间是否已同步:date
二、关闭防火墙
1、防火墙处理
1、关闭防火墙:systemctl stop firewalld 2、关闭防火墙开机启动:systemctl disable firewalld 3、置空规则:yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables sav 4、查看防火墙状态、systemctl status firewalld
2、k8s内部节点之间的通讯使用的是内网ip,我们需要把内网ip的重定向到公网ip上
iptables -t nat -A OUTPUT -d 内网IP -j DNAT --to-destination 公网IP iptables -t nat -A OUTPUT -d 内网IP -j DNAT --to-destination 公网IP
三、设置hosts文件
1、通过命令进入hosts文件:vim /etc/hosts 2、可以删除原有配置,然后新增IP 新增格式: xx.xxx.xx.xx k8s-master x.xxx.xxx.xxx k8s-node1
四、设置关闭selinux
# 临时关闭 ,但是重启系统后还会开启 setenforce 0 # 永久关闭 输入命令vi /etc/selinux/config,将SELINUX=enforcing改为SELINUX=disabled,然后保存退出。 vi /etc/selinux/config
五、设置关闭swap分区
# 临时 swapoff -a # 永久 sed -ri 's/.*swap.*/#&/' /etc/fstab
#关闭不需要的系统服务(可省略)
systemctl stop postfix && systemctl disable postfix
六、开放云服务器端口
1、master节点的端口配置
2、Node节点
七、Docker安装
1、依赖包:yum install -y yum-utils 2、添加yum源,这里添加的是阿里云的yum源:yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 3、安装:yum -y install docker-ce-20.10.12-3.el7 4、设置国内镜像加速,你也可以用自己的仓库镜像,这里是我申请的阿里云个人加速镜像 mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://ui3fq00k.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"] } EOF 5、导入镜像设置:systemctl daemon-reload 6、启动docker:systemctl restart docker 7、设置docker开机启动:systemctl enable docker
八、接IPV4流量传递到iptables 的链
1、执行命令: tee /etc/sysctl.d/k8s.conf <<-'EOF' net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF 2、配置生效:sysctl -p /etc/sysctl.d/k8s.conf
九、K8S相关安装
1、设置k8s yum源
tee /etc/yum.repos.d/kubernetes.repo <<-'EOF' [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
2、安装kubeadm(初始化cluster),kubelet(启动pod)和kubectl(k8s命令工具)
安装:yum install -y kubelet-1.20.5 kubeadm-1.20.5 kubectl-1.20.5 (查看版本信息:kubectl version) 卸载:yum remove -y kubelet kubeadm kubectl
设置开机启动:systemctl enable --now kubelet
3、拉取docker镜像并改名
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.5 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.5 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.5 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.5 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.5 k8s.gcr.io/kube-proxy:v1.20.5 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.5 k8s.gcr.io/kube-scheduler:v1.20.5 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.5 k8s.gcr.io/kube-apiserver:v1.20.5 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.5 k8s.gcr.io/kube-controller-manager:v1.20.5 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 k8s.gcr.io/etcd:3.4.13-0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0 k8s.gcr.io/coredns:1.7.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.20.5 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.20.5 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.20.5 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.20.5 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0
查看docker镜像:docker images
每个节点都需安装和配置结束
十、k8s部署
1、在 master 节点配置 kubeadm 初始化文件
kubeadm config print init-defaults > kubeadm.yaml
2、kubeadm.yaml 文件修改,修改 kubeadm.yaml 文件,修改advertiseAddress--IP、imageRepository路径、nodeRegistration-name主节点名称,新增kube-proxy 的模式为 ipvs,
networking.podSubnet 设置为10.244.0.0/16
apiVersion: kubeadm.k8s.io/v1beta2 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 公网IP # apiserver master节点IP--修改 bindPort: 6443 nodeRegistration: criSocket: /var/run/dockershim.sock name: k8s-master # 默认读取当前master节点的hostname--修改 taints: - effect: NoSchedule key: node-role.kubernetes.io/master --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: registry.aliyuncs.com/google_containers # 修改成阿里云镜像源--修改 kind: ClusterConfiguration kubernetesVersion: v1.16.2 networking: dnsDomain: cluster.local podSubnet: 10.244.0.0/16 # Pod 网段,flannel插件需要使用这个网段--新增 serviceSubnet: 10.96.0.0/12 scheduler: {} --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs # kube-proxy 模式--新增
保存完成后通过命令再次初始化
kubeadm init --config kubeadm.yaml
会提示错误:Initial timeout of 40s passed.此时需要新增一个窗口,进入进入vim /etc/kubernetes/manifests/etcd.yaml 进行修改,修改内容
listen-client-urls---删除公网IP,保留127.0.0.1:2379
listen-peer-urls---修改为127.0.0.1:2380
然后保存退出后需等待几分钟,初始化窗口就会成功
3、查看启动状态:
systemctl status kubelet
4、拷贝 kubeconfig 文件
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
十一、部署容器网络flannel
1、安装
curl https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml >>kube-flannel.yml chmod 777 kube-flannel.yml kubectl apply -f kube-flannel.yml
2、查看cs状态
kubectl get cs
进入:/etc/kubernetes/manifests下/kube-controller-manager.yaml、/etc/kubernetes/manifests下/kube-scheduler.yaml。注释掉:port=0
重启服务
systemctl restart kubelet.service
十二、加入子节点
1、kubeadm初始化成功后会有一个kubeadm join的token链接地址,将此地址拷贝到节点服务器直接执行。即可加入集群,若token链接地址过期,可通过命令重新获取
kubeadm token create --print-join-command
2、查看节点加入情况
kubectl get nodes -o wide
3、如果节点为未运行状态,需要安装flannel 网络插件(第十一步),安装成功后通过:kubectl get pods -n kube-system查看pods运行状态,pods全部为runnning时。nodes等几分钟也会运行正常。
若子节点还是为NotReady状态,可能是roles为null引起。执行下面命令执行角色即可解决(执行完成后需要等待几分钟)
kubectl label node hecs-82955(节点名称Name) node-role.kubernetes.io/worker=worker
十三、部署dashboard
1、安装dashboard及配置
1、查看k8s现有服务:kubectl get svc --all-namespaces
若存在,删除现有的dashboard服务:
kubectl delete service kubernetes-dashboard --namespace=kubernetes-dashboard
kubectl delete service dashboard-metrics-scraper --namespace=kubernetes-dashboard
2、执行安装:
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
3、修改recommended.yaml:vim recommended.yaml(默认Dashboard只能集群内部访问,运行命令vi recommended.yaml
修改Service类型为NodePort,同事新增端口,方便集群外的机器访问。)
2、执行生效,执行生效后需要等待几分钟
kubectl apply -f kube-flannel.yml
3、查看运行状态
kubectl get pods -n kubernetes-dashboard
4、此时若通过IP:30443去访问,可能会出现无法访问的情况,此时我们需要重新处理证书
证书过期 #新建目录: mkdir key && cd key #生成证书 openssl genrsa -out dashboard.key 2048 #我这里写的自己的node1节点,因为我是通过nodeport访问的;如果通过apiserver访问,可以写成自己的master节点ip openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=节点IP' openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt #删除原有的证书secret kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard #创建新的证书secret kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard #查看pod kubectl get pod -n kubernetes-dashboard #重启pod kubectl delete pod dashboard-metrics-scraper-79c5968bdc-jh564 -n kubernetes-dashboard 重启成功后:https://IP:30443(通过查看现有服务确定端口:kubectl get svc --all-namespaces)
5、此时通过IP访问
创建用户
# 创建用户 kubectl create serviceaccount dashboard-admin -n kube-system # 用户授权 kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin # 获取用户Token kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') # 会生成一串很长的base64后的字符串token
最后将上面的 base64 的字符串作为 token 登录 Dashboard 即可
到此为止:K8s部署已经完成
参考地址:https://blog.csdn.net/emmmmmaoni/article/details/127308993
标签:kubectl,aliyuncs,Kubernetes,集群,dashboard,docker,kube,com,搭建 From: https://www.cnblogs.com/chj929555796/p/16992180.html