k8s集群搭建(1master2node)

k8s集群搭建(1master2node)

文章目录

• • 服务器
  • 准备工作
  • kubeadm方式部署
  • 部署master节点
  • 部署node节点
  • 部署CNI网络插件
  • 测试kubernetes集群
  • 部署官方 Doshboard (UI)

服务器

k8s-n1   master    10.2.0.151
k8s-n2   node      10.2.0.152
k8s-n3   node	   10.2.0.153

准备工作

1.修改主机名

hostnamectl set-hostname k8s-n1

2.同步host

cat >> /etc/hosts << EOF
10.2.0.151 k8s-n1
10.2.0.153 k8s-n2
10.2.0.153 k8s-n3
EOF

3、关闭防火墙

systemctl stop firewalld && systemctl disable firewalld
systemctl status firewalld

4、关闭selinux

setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

5、关闭swap分区

swapoff -a && sed  -ri 's/.*swap.*/#&/' /etc/fstab

6、同步时间

yum install -y ntpdate
ntpdate time.windows`

7、配置阿里云镜像

cd /pos.d/ && mkdir bak &&  mv CentOS-* bak/
curl -o /pos.po .reposed -i -e '/mirrors.cloud.aliyuncs/d' -e '/mirrors.aliyuncs/d' /pos.po

8、生成本地缓存

yum makecache fast

9、更新YUM源软件包

yum update -y 

10、将桥接的 IPv4 流量传递到 iptables 的链

cat >> /etc/sysctl.f << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

kubeadm方式部署

1.所有节点安装Docker

#yum安装gcc相关环境（需要确保虚拟机可以上外网。）
yum install -y gcc && yum install -y gcc-c++1、卸载旧版本docker
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine2、安装需要的依赖包
yum install -y yum-utils3、设置阿里云docker镜像
yum-config-manager --add-repo .repo4、安装docker  docker-ce   ee企业版
yum install -y docker-ce docker-ce-cli containerd.io5、启动Docker
systemctl start docker && systemctl enable docker && systemctl status docker6、查看docker版本信息
docker version

2.所有节点配置阿里云Docker、kubernetes镜像

7、配置阿里云docker镜像加速
sudo mkdir -p /etc/dockersudo tee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": [""]
}
EOFsudo systemctl daemon-reload && systemctl restart docker8、配置阿里云Kubernetes 镜像
cat >> /pos.po << EOF
[kubernetes]
name=Kubernetes
baseurl=/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=.gpg .gpg
EOF

3.所有节点安装kubelet kubeadm kubectl

# 指定K8S版本安装，不指定版本默认安装最新版。
yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
systemctl enable kubelet

上述步骤需要在所有节点操作！
上述步骤需要在所有节点操作！
上述步骤需要在所有节点操作！

部署master节点

#apiserver-advertise-address 改成master节点
kubeadm init --apiserver-advertise-address=10.2.0.151 --image-repository registry.aliyuncs/google_containers --kubernetes-version v1.18.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16

# 在master节点执行 
mkdir -p $HOME/.kube
sudo cp -i /etc/f $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

部署node节点

#在10.2.0.152,10.2.0.153分别执行，在master init 完会有下面内容  
kubeadm join 10.2.0.151:6443 --token 45asd8b.6asdasda1123z --discovery-token-ca-cert-hash sha256:5sda5sdasde1851aeasdjhkfe4eae8adsf2542

部署CNI网络插件

kubectl apply -f .yml

# 查看状态
kubectl get pods -Akubectl get nodes

测试kubernetes集群

# 拉取nginx镜像
kubectl create deployment nginx --image=nginx# nginx启动完成
kubectl get podNAME                    READY   STATUS    RESTARTS   AGE
nginx-f89759699-r6j49   1/1     Running   0          88s# 暴露nginx端口80
kubectl expose deployment nginx --port=80 --type=NodePort# 查看暴露端口信息
# kubectl get pod,svc
NAME                        READY   STATUS    RESTARTS   AGE
pod/nginx-f89759699-76k68   1/1     Running   0          50sNAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        37m
service/nginx        NodePort    10.105.73.159   <none>        80:30821/TCP   26s

nginx访问：
10.2.0.151:30821
10.2.0.152:30821
10.2.0.153:30821

部署官方 Doshboard (UI)

1.vi recommended.yaml

apiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard---apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---
apiVersion: v1
kind: ServiceAccount
metadata:name: dashboard-adminnamespace: kubernetes-dashboard
---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:type: NodePortports:- port: 443targetPort: 8443nodePort: 31443selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: dashboard-admin
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: dashboard-adminnamespace: kubernetes-dashboard
---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.0.0-rc7imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboardvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"beta.kubernetes.io/os": linuxtolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.4ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"beta.kubernetes.io/os": linuxtolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}

2.kubectl apply -f recommended.yaml
3.kubectl get pods,svc -n kubernetes-dashboard

4.火狐浏览器访问 IP:31443

5.获取token

kubectl create serviceaccount dashboard-user -n kube-systemkubectl create clusterrolebinding dashboard-user --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-userkubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-user/{print $1}')

6.复制token 登录