首页 > 其他分享 >04. Kubernetes安装篇-Kuberadm

04. Kubernetes安装篇-Kuberadm

时间:2024-07-20 13:29:26浏览次数:19  
标签:Kubernetes 04 -- keepalived etc master k8s 节点 Kuberadm

架构解析

高可用架构图

组件用途

  • Etcd Cluster
    • ectd是一个键值数据库,主要存放Kubernetes数据,如创建的资源、变更的操作等;
  • Master
    • Kubernetes中的控制节点,主要用于控制Kubernetes集群;
  • Node
    • Kubernetes中的工作节点,主要用于运行Kubernetes集群部署的Pod;
  • Kube-APIServer
    • Kubernetes中的控制组件,Kubernetes集群中所有流量都会经过Kube-APIServer;
  • ControllerManager
    • Kubernetes中的控制组件,主要用于监控Kubernetes集群的状态;
  • Scheduler
    • Kubernetes中的调度组件,主要用于控制Kubernetes集群中的Pod调度到哪个Node节点去运行;
  • Load Balancer
    • Kubernetes中各个节点直接负载均衡器,一般使用keepailved和haproxy组合实现负责均衡;
  • Kubelet
    • Kubernetes中的代理组件,主要用于保证Kubernetes集群中的Pod运行状态;
  • Kube-Proxy
    • Kubernetes中的网络代理组件,主要用于保证Kubernetes集群中的Pod访问控制;

部署集群

主机规划

主机名称主机地址主机资源安装组件主机用途
k8s-master-01192.168.23.1392C4G;200Ghaproxy+keepalived+ectd+Kubernetes-Master集群管理节点
k8s-master-02192.168.23.1402C4G;200Ghaproxy+keepalived+ectd+Kubernetes-Master集群管理节点
k8s-master-03192.168.23.1412C4G;200Ghaproxy+keepalived+ectd+Kubernetes-Master集群管理节点
k8s-node-01192.168.23.1421C2G;200GKubernetes-Node集群工作节点
k8s-node-02192.168.23.1431C2G;200GKubernetes-Node集群工作节点
Vip192.168.23.100集群虚拟IP

软件规划

软件名称软件版本备注
LinuxCentOS Linux release 7.9.2009 (Core)推荐使用CentOS8版本
Kubernetes1.20.9
Kernel6.9.7-1.el7.elrepo.x86_64
Docker26.1.4
kubectl1.20.9
kubeadm1.20.9
kubelet1.20.9
haproxy1.5.18
keepalived1.3.5
kube-apiserver1.20.9
kube-controller-manager1.20.9
kube-scheduler1.20.9
kube-proxy1.20.9
coredns1.7.0
etcd3.4.13-0
pause3.2
calico/cni3.20.6
calico/pod2daemon-flexvol3.20.6
calico/node3.20.6
calico/kube-controllers3.20.6
metrics-server0.6.0
dashboard2.4.0

基础配置

配置源

所有节点都执行

  • yum源
cat > /etc/yum.repos.d/CentOS-7-ali.repo << 'EOF'
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#
 
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that extend functionality of existing packages
EOF
  • k8s源
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name = kubernetes
baseurl = https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled = 1
gpgcheck =1
gpgkey = https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg \
  https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF
  • 验证源配置
yum -y install vim wget telnet

配置时间同步阿里云

所有节点都执行

  • 配置时间同步
#所有节点都要执行
yum -y install ntpdate chrony
sed -ri 's/^server/#server/g' /etc/chrony.conf
echo "server ntp.aliyun.com iburst" >> /etc/chrony.conf
systemctl start chronyd
systemctl enable chronyd
  • 配置定期同步
cat >> /var/spool/cron/root <<EOF
# rsync ali clock
*/10 * * * * /usr/sbin/ntpdate ntp.aliyun.com
EOF
  • 验证时间同步
chronyc sourcestats -v

检查并升级内核

所有节点都执行
Kubernetes集群要求Linux系统在4…18以上稳定版本,如不满足需要升级避免出现异常。

  • 检查内核版本
uname -r
  • 升级内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh https://elrepo.org/linux/elrepo/el7/x86_64/RPMS/elrepo-release-7.0-8.el7.elrepo.noarch.rpm

yum update -y --exclude=kernel* && reboot
yum --enablerepo=elrepo-kernel install kernel-ml-devel kernel-ml -y
yum --enablerepo=elrepo-kernel install kernel-lt-devel kernel-lt -y
  • 更改内核启动顺序
#查看内核的序号
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg

#选择内核的序号
grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
  • 注意:
    • 通过命令awk -F’ ‘$1=="menuentry " {print i++ " : " $2}’ /etc/grub2.cfg可以查看到可用内核,及内核的序号。
    • 通过命令grub2-set-default 0,设置新内核为默认启动的内核。
    • 通过命令grub2-mkconfig -o /boot/grub2/grub.cfg生成grub文件。
    • 通过reboot启动服务器即可。

关闭firewalld、dnsmasq、selinux、swap

所有节点都执行

  • 关闭firewalld
systemctl stop firewalld
systemctl disable firewalld

#担心防火墙策略有遗漏,所以关闭firewalld
  • 关闭dnsmasq
systemctl stop dnsmasq
systemctl disable dnsmasq
  • 关闭selinux
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
  • 关闭swap
swapoff -a && sysctl -w vm.swappiness=0
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

#由于swap会影响Docker的性能,所以关闭

集群调优配置

所有节点都执行

  • /etc/security/limits.conf
cat >> /etc/security/limits.conf << EOF
* soft noproc 655350
* hard noproc 655350
* soft nofile 655350
* hard nofile 655350
EOF

#用于调整用户的系统资源限制,要求大于65535
  • /etc/sysctl.conf
#注意:内核版本4.19以上版本需要使用nf_conntrack,内核版本4.18以下版本使用nf_conntrack_ipv4
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack

cat >> /etc/sysctl.conf << EOF
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF

systemctl enable --now systemd-modules-load

#用于调整内核的资源限制
  • /etc/sysctl.d/k8s.conf
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.ip_forward = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
# 要求iptables不对bridge的数据进行处理
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.netfilter.nf_conntrack_max = 2310720
fs.inotify.max_user_watches=89100
fs.may_detach_mounts = 1
fs.file-max = 52706963
fs.nr_open = 52706963
vm.overcommit_memory=1
# 开启OOM
vm.panic_on_oom=0
# 禁止使用 swap 空间,只有当系统 OOM 时才允许使用它
vm.swappiness=0
# ipvs优化
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 10
EOF

#用于系统调优参数配置
  • /etc/security/limits.d/k8s.conf
cat > /etc/security/limits.d/k8s.conf <<EOF
*       soft    nproc   1048576
*       hard    nproc   1048576
*       soft    nofile  1048576
*       hard    nofile  1048576
root    soft    nproc   1048576
root    hard    nproc   1048576
root    soft    nofile  1048576
root    hard    nofile  1048576
EOF

#用于文件最大打开数调优
  • /etc/rsyslog.conf
sed -ri 's/^\$ModLoad imjournal/#&/' /etc/rsyslog.conf
sed -ri 's/^\$IMJournalStateFile/#&/' /etc/rsyslog.conf

sed -ri 's/^#(DefaultLimitCORE)=/\1=100000/' /etc/systemd/system.conf
sed -ri 's/^#(DefaultLimitNOFILE)=/\1=100000/' /etc/systemd/system.conf

#用于优化日志处理,减少磁盘IO
  • /etc/ssh/sshd_config
sed -ri 's/^#(UseDNS )yes/\1no/' /etc/ssh/sshd_config

#用于ssh 连接优化

配置hostname&host

所有节点都执行

  • 配置hostname

所有节点都分别执行

hostnamectl set-hostname k8s-master-01
hostnamectl set-hostname k8s-master-02
hostnamectl set-hostname k8s-master-03
hostnamectl set-hostname k8s-node-01
hostnamectl set-hostname k8s-node-02
  • 配置host
cat >> /etc/hosts << EOF
192.168.23.139 k8s-master-01
192.168.23.140 k8s-master-02
192.168.23.141 k8s-master-03
192.168.23.142 k8s-node-01
192.168.23.143 k8s-node-02
EOF
  • 验证解析
ping  k8s-master-01
ping  k8s-master-02
ping  k8s-master-03
ping  k8s-node-01
ping  k8s-node-02

基础组件

所有节点都执行

基本组件安装–ipvs模块

modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack

基本组件安装–Docker

  • 安装依赖
yum install -y yum-utils
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  • 安装Docker
yum -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin
  • 配置Docker
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": [
    "https://11777p0c.mirror.aliyuncs.com",
    "https://hub-mirror.c.163.com",
    "https://mirror.baidubce.com",
    "https://docker.m.daocloud.io",
    "https://docker.1panel.live"
  ],
  "dns": [
    "8.8.8.8",
    "114.114.114.114"
  ],
  "log-driver": "json-file",
  "log-opts": {
    "max-file": "10",
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
  • 启动Docker
systemctl enable --now docker
systemctl enable --now containerd
  • 查看版本
docker version
  • 命令补全
yum install -y bash-completion
#安装完成之后重新登录shell或者重启系统即可
  • 注意

docker版本选择参考https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/,如果对应k8s版本没有docker版本信息,则去上一个版本查找。

基本组件安装–kubelet、kubeadm、kubectl

  • 查看可用版本
yum list kubeadm.x86_64 --showduplicates | sort -r
  • 安装组件
yum -y install kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9
  • 检查版本
kubeadm version
kubectl version
kubelet --version
  • 启动组件
systemctl daemon-reload
systemctl enable --now kubelet
  • 命令补全
yum -y install bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

高可用组件

Master节点安装

高可用组件安装–haproxy

  • 安装haproxy
yum -y install haproxy
  • 配置haproxy
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg_`date +%F`

#定义主机名称和IP地址
HOST_NAME_1=k8s-master-01
HOST_IP_1=192.168.23.139
HOST_NAME_2=k8s-master-02
HOST_IP_2=192.168.23.140
HOST_NAME_3=k8s-master-03
HOST_IP_3=192.168.23.141

cat > /etc/haproxy/haproxy.cfg << EOF
global
  maxconn 2000
  ulimit-n 16384
  log 127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode http
  option httplog
  timeout connect 5000
  timeout client 50000
  timeout server 50000
  timeout http-request 15s
  timeout http-keep-alive 15s

#haproxy监控检测
frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor

#haproxy状态检测
listen stats
  bind *:8006
  mode http
  stats enable
  stats hide-version
  stats uri /stats
  stats refresh 30s
  stats realm Haproxy\ Statistics
  stats auth admin:admin

#kubernetes代理配置
frontend k8s-master
  bind 0.0.0.0:16443
  bind 127.0.0.1:16443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

#kubernetes后端配置
backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server $HOST_NAME_1 $HOST_IP_1:6443 check
  server $HOST_NAME_2 $HOST_IP_2:6443 check
  server $HOST_NAME_3 $HOST_IP_3:6443 check
EOF
  • 启动haproxy
systemctl enable --now haproxy

高可用组件安装–keepalived

  • 安装keepalived
yum -y install keepalived
  • 配置keepalived配置健康检查脚本
mkdir -p /etc/keepalived/script

cat > /etc/keepalived/script/check_apiserver.sh << "EOF"
!#/bin/bash

ERR=0
for k in $(seq 1 5)
do
  	CHECK_CODE=$(pgrep kube-apiserver)
  	if [[ $CHECK_CODE = "" ]]; then
      	ERR=$(expr $ERR + 1)
      	sleep 5
      	continue
  	else
      	ERR=0
      	break
  	fi
done

if [[ $ERR != "0" ]]; then
  	echo "systemctl stop keepalived"
  	/usr/bin/systemctl stop keepalived
  	exit 1
else
  	exit 0
fi
EOF
  • 配置keepalived(仅k8s-master-01执行
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_`date +%F`

HOST_IP=$(ip addr | grep dynamic | awk -F' ' '{print $2}' | awk -F'/' '{print $1}')
HOST_VIP=192.168.23.100
INTERFACE=ens32
TYPES=MASTER

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived

global_defs {
  router_id LVS_DEVEL
}

vrrp_script chk_apiserver {
  script "/etc/keepalived/script/check_apiserver.sh"
  interval 2
  weight -5
  fall 3
  rise 2
}

vrrp_instance VI_1 {
  state MASTER
  interface $INTERFACE
  mcast_src_ip $HOST_IP
  virtual_router_id 51
  priority 100
  advert_int 2
  authentication {
    auth_type PASS
    auth_pass K8SHA_KA_AUTH
  }
  virtual_ipaddress {
    $HOST_VIP
  }
#  track_script {
#    chk_apiserver
#  }
}
EOF
  • 配置keepalived(k8s-master-02和k8s-master-03执行
cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_`date +%F`

HOST_IP=$(ip addr | grep dynamic | awk -F' ' '{print $2}' | awk -F'/' '{print $1}')
HOST_VIP=192.168.23.100
INTERFACE=ens32

cat > /etc/keepalived/keepalived.conf << EOF
! Configuration File for keepalived

global_defs {
  router_id LVS_DEVEL
}

vrrp_script chk_apiserver {
  script "/etc/keepalived/script/check_apiserver.sh"
  interval 2
  weight -5
  fall 3
  rise 2
}

vrrp_instance VI_1 {
  state BACKUP
  interface $INTERFACE
  mcast_src_ip $HOST_IP
  virtual_router_id 51
  priority 100
  advert_int 2
  authentication {
    auth_type PASS
    auth_pass K8SHA_KA_AUTH
  }
  virtual_ipaddress {
    $HOST_VIP
  }
#  track_script {
#    chk_apiserver
#  }
}
EOF
  • 启动keepalived
systemctl enable --now keepalived

集群部署

初始化文件

Master节点执行

  • 默认配置文件

kubeadm-config.yaml

  • 生成kubeadm文件
kubeadm config print init-defaults --component-configs \
KubeProxyConfiguration,KubeletConfiguration > kubeadm-config.yaml

# 查看所需镜像
kubeadm config images list --config kubeadm-config.yaml
  • 编辑镜像下载文件
cat > ./images_kube.sh << 'EOF'
#!/bin/bash
images=(
kube-apiserver:v1.20.0
kube-controller-manager:v1.20.0
kube-scheduler:v1.20.0
kube-proxy:v1.20.0
coredns:1.7.0
etcd:3.4.13-0
pause:3.2
)
for imageName in ${images[@]} ; do
docker pull registry.aliyuncs.com/google_containers/$imageName
done
EOF
  • 下载安装镜像
chmod +x ./images.sh && ./images.sh

初始化集群

仅k8s-master-01操作
初始化k8s-master-01节点后,会在/etc/kubernetes目录下生成对应的证书和配置。最后将其他master节点、node节点加入到k8s-master-01即可。

kubeadm init \
--apiserver-advertise-address=192.168.23.139 \
--control-plane-endpoint=k8s-master-01 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=83.12.0.0/16

如果初始化失败,需要重置后再初始化

#初始化重置命令
kubeadm reset

节点管理

添加master节点

  • 创建令牌

仅k8s-master-01节点执行

#生成token
kubeadm token create --print-join-command

#生成key
kubeadm init phase upload-certs --upload-certs
  • 添加节点

k8s-master-02和k8s-master-03节点执行
根据生成的令牌组合成添加master的命令,并在k8s-master-02和k8s-master-03节点上执行

kubeadm join k8s-master-01:6443 --token xpeers.u6ok4v3ju2oaq25t \
--discovery-token-ca-cert-hash sha256:137e28cb3a7be99914bc8ec2ce83c269dc724768c5cb6e3e06700c4494e6afad \
--control-plane --certificate-key fc56a938a45bf445b69458b1afb5ac9aaa66fabbd5c3414db6696a8fdb51ff2d

添加worker节点

  • 创建令牌

仅k8s-master-01节点执行

#生成token
kubeadm token create --print-join-command
  • 添加节点

k8s-node-01和k8s-node-02节点执行
根据生成的令牌添加worker,并在k8s-node-01和k8s-node-02节点上执行

kubeadm join k8s-master-01:6443 --token lx60mi.isnids1u0qlmybv7 \
--discovery-token-ca-cert-hash sha256:799108e2b9f6fe87aa1af2e4bf3ddc22b379e2ed35dd7b82ddbc3a433d1d976a

设置control节点

Master节点都执行

  • 设置管理节点
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
  • 设置环境变量
cat >> /root/.bashrc << EOF
export KUBECONFIG=/etc/kubernetes/admin.conf
EOF

source /root/.bashrc
  • 查看所有节点
kubectl get nodes

# NAME            STATUS     ROLES                  AGE     VERSION
# k8s-master-01   NotReady   control-plane,master   13m     v1.20.9
# k8s-master-02   NotReady   <none>                 93s     v1.20.9
# k8s-master-03   NotReady   control-plane,master   6m1s    v1.20.9
# k8s-node-01     NotReady   <none>                 6m52s   v1.20.9
# k8s-node-02     NotReady   <none>                 6m40s   v1.20.9

各个节点NotReady的原因是没有安装网络插件。网络插件有:flannel、calico、canal、kube-router、weave net等,这里使用calico网络插件。

删除节点

  • 格式
kubectl delete nodes 节点名称
  • 举例
kubectl delete nodes k8s-node-01

核心组件

仅k8s-master-01节点执行

核心组件安装–calico

安装时间较长,需要耐心等待

  • 下载calico安装文件
curl -O https://docs.projectcalico.org/v3.20/manifests/calico.yaml
  • calico默认文件

calico-v3_20.yaml

  • 安装calico
kubectl apply -f ./calico.yaml
  • 检查calico
kubectl get -n kube-system pod | grep calico

其他组件

仅k8s-master-01节点执行(用不着可以不安装)

其他组件安装–metrics-server

  • 下载metrics-server安装文件
wget -O /root/install_k8s/metrics-server-v0.6.0.yaml \
  https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.0/components.yaml
  • metrics-server默认文件

metrics-server-v0_4_3.yaml

  • 安装metrics-server

如果镜像地址下载失败,可以尝试使用镜像地址:registry.aliyuncs.com/google_containers/metrics-server:v0.6.0

kubectl apply -f ./metrics-server-v0.6.0.yaml
  • 检查metrics-server
kubectl top nodes

其他组件安装–dashboard

  • 下载dashboard安装文件
wget -O dashboard-v2.4.0.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
  • 默认配置文件

dashboard-v2_4_0.yaml

  • 配置dashboard文件
# 使用 NodePort
sed -i '39a\  type: NodePort' dashboard-v2.4.0.yaml
sed -i '43a\      nodePort: 30443' dashboard-v2.4.0.yaml

# 使用 LoadBalancer
sed -i '39a\  type: LoadBalancer' dashboard-v2.4.0.yaml

# 创建自定义证书时需要
sed -i '48,58d' dashboard-v2.4.0.yaml 

# 镜像拉取策略
sed -i '/imagePullPolicy/s@Always@IfNotPresent@' dashboard-v2.4.0.yaml
  • 安装dashboard
kubectl apply -f dashboard-v2.4.0.yaml
  • 查看dashboard访问端口
kubectl get svc -A |grep kubernetes-dashboard
  • 创建dashboard账号
cat > /root/install_k8s/dash.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
EOF

kubectl apply -f /root/install_k8s/dash.yaml
  • 获取访问令牌
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

验证集群

查看集群中所有容器

查看集群中所有容器是否启动

kubectl get pod --all-namespaces

查看集群中主要Service

  • 查看Cluster的Service
kubectl get service
  • 查看DNS的Service
kubectl get service -n kube-system

查看集群中节点网络是否通

  • 查看集群中pod运行节点
kubectl get pod --all-namespaces -owide
  • ping测试任意ip地址
ping 83.12.151.130

查看集群中所有节点状态

kubectl get nodes

标签:Kubernetes,04,--,keepalived,etc,master,k8s,节点,Kuberadm
From: https://blog.csdn.net/weixin_40901913/article/details/140569884

相关文章

  • SSM城镇居民社区再生资源回收系统-计算机毕业设计源码04175
    摘 要本论文介绍了一个基于SSM(Spring+SpringMVC+MyBatis)技术的城镇居民社区再生资源回收系统的设计与实现。随着社会对环境保护意识的不断提高,再生资源回收成为了一种重要的环保行动。然而,传统的再生资源回收方式存在着信息不对称、流程繁琐等问题,导致回收效率低下。......
  • Ubuntu 20.04 ARM64安装Docker
    Ubuntu20.04ARM64安装Docker内容参考:https://blog.csdn.net/qq_34253926/article/details/121629068查看系统版本hostnamectl可以看到,我的版本是Ubuntu20.04,我的内核是arm64更新aptsudoapt-getupdate安装基本软件sudoapt-getinstallcurlwgetapt-transport-ht......
  • Ubuntu 22.04.4 LTS (linux) Tomcat 下载 安装配置详细教程
    1官网下载下载链接2ubuntu服务器安装#下载wgethttps://dlcdn.apache.org/tomcat/tomcat-9/v9.0.91/bin/apache-tomcat-9.0.91.tar.gz#解压tarzxvfapache-tomcat-9.0.91.tar.gzsudomvapache-tomcat-9.0.91//data/tomcat#配置环境变量sudovi/etc/profile......
  • 组件服务:8000401a 因为配置标识不正确,系统无法开始服务器进程。请检查用户名和密码
     报错日志:StartCADException:RetrievingtheCOMclassfactoryforcomponentwithCLSID{DED89DB0-45B6-11CE-B307-0800363A1E02}failedduetothefollowingerror:8000401a因为配置标识不正确,系统无法开始服务器进程。请检查用户名和密码。(0x8000401A).【记录时间......
  • 1004:字符三角形 题解
    题目链接题目描述给定一个字符,用它构造一个底边长\(5\)个字符,高\(3\)个字符的等腰字符三角形。解题思路由于是字符,我们需要定义一个char类型的字符变量。第一行为两个空格和一个字符第二行为一个空格和三个字符第三行是五个字符输出即可ACCode#include<bits/stdc++.h......
  • 【日记】我倒是想穿可爱的 JK 小裙子,可惜我是哥布林……(704 字)
    正文中午给三盆植物换水,惊叹于文竹的根。长得之长,都能在花盆里盘几圈了。而且我好像有一段时间没换水了,花盆的水中和盆底有了些绿藻。虽然不知道好不好,但我还是清掉了,摸起来黏黏的。而且我也总是觉得单位的水,摸起来油油的。看了一眼淘宝,还是觉得那个JK格裙好便宜,也好......
  • day16-binary tree-part04-7.18
    tasksfortoday1.513找树左下角值2.112路径总和3.106从中序与后序遍历序列构造二叉树-------------------------------------------------------------------------------1.513找树左下角值ThispracticeissuitablefortheBFS(layertraverse),recordeach......
  • ubuntu16.04安装python3.7
    二.安装python3.7本次python3.7使用源码安装安装环境sudoapt-getinstallzlib1g-devlibbz2-devlibssl-devlibncurses5-devlibsqlite3-dev libreadline-devtk-devlibgdbm-devlibdb-devlibpcap-devxz-utilslibexpat1-dev liblzma-devlibffi-devlibc6-dev源......
  • 旅游攻略网站设计(10304)
     有需要的同学,源代码和配套文档领取,加文章最下方的名片哦一、项目演示项目演示视频二、资料介绍完整源代码(前后端源代码+SQL脚本)配套文档(LW+PPT+开题报告)远程调试控屏包运行三、技术介绍Java语言SSM框架SpringBoot框架Vue框架JSP页面Mysql数据库IDEA/Eclipse开发四、项......
  • MATH1041 Statistics for Life
    MATH1041 Statistics for Life and Social SciencesTerm 2, 2024MATH1041 AssignmentData:  Together with this document, you should have received your unique dataset in an e-mail sent to your  official university email address. The......