2020年11月25日 | Leave a comment https://blog.csdn.net/zhanghua850127/article/details/100511812 安装要求 在开始之前,部署Kubernetes集群机器需要满足以下几个条件: 一台或多台机器,操作系统 CentOS7.x-86_x64 硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘30GB或更多 集群中所有机器之间网络互通 可以访问外网,需要拉取镜像 禁止swap分区 学习目标 在所有节点上安装Docker和kubeadm 部署Kubernetes Master 部署容器网络插件 部署 Kubernetes Node,将节点加入Kubernetes集群中 部署Dashboard Web页面,可视化查看Kubernetes资源 准备环境 关闭防火墙: $ systemctl stop firewalld $ systemctl disable firewalld $ iptables -F 关闭selinux: $ sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config $ sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config $ setenforce 0 $ cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted 关闭swap: $ swapoff -a $ 临时 $ vim /etc/fstab $ 永久 $ sed -i 's/.*swap.*/#&/' /etc/fstab cat /etc/fstab # # /etc/fstab # Created by anaconda on Mon Mar 4 17:23:04 2019 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=3dd5660e-0905-4f1e-9fa3-9ce664d6eb94 /boot xfs defaults 0 0 /dev/mapper/centos-home /home xfs defaults 0 0 #/dev/mapper/centos-swap swap swap defaults 0 0 将桥接的IPv4流量传递到iptables的链: $ cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF $ sysctl --system 修改文件句柄限制 echo "* soft nofile 65536" >> /etc/security/limits.conf echo "* hard nofile 65536" >> /etc/security/limits.conf echo "* soft nproc 65536" >> /etc/security/limits.conf echo "* hard nproc 65536" >> /etc/security/limits.conf echo "* soft memlock unlimited" >> /etc/security/limits.conf echo "* hard memlock unlimited" >> /etc/security/limits.conf 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 关闭防火墙:$ systemctl stop firewalld$ systemctl disable firewalld$ iptables -F 关闭selinux:$ sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config$ sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config$ setenforce 0$ cat /etc/selinux/config # This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=disabled# SELINUXTYPE= can take one of three two values:# targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected.# mls - Multi Level Security protection.SELINUXTYPE=targeted 关闭swap:$ swapoff -a $ 临时$ vim /etc/fstab $ 永久$ sed -i 's/.*swap.*/#&/' /etc/fstabcat /etc/fstab ## /etc/fstab# Created by anaconda on Mon Mar 4 17:23:04 2019## Accessible filesystems, by reference, are maintained under '/dev/disk'# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info#/dev/mapper/centos-root / xfs defaults 0 0UUID=3dd5660e-0905-4f1e-9fa3-9ce664d6eb94 /boot xfs defaults 0 0/dev/mapper/centos-home /home xfs defaults 0 0#/dev/mapper/centos-swap swap swap defaults 0 0 将桥接的IPv4流量传递到iptables的链:$ cat > /etc/sysctl.d/k8s.conf << EOFnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1EOF$ sysctl --system修改文件句柄限制echo "* soft nofile 65536" >> /etc/security/limits.confecho "* hard nofile 65536" >> /etc/security/limits.confecho "* soft nproc 65536" >> /etc/security/limits.confecho "* hard nproc 65536" >> /etc/security/limits.confecho "* soft memlock unlimited" >> /etc/security/limits.confecho "* hard memlock unlimited" >> /etc/security/limits.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 所有节点安装Docker/kubeadm/kubelet Kubernetes默认CRI(容器运行时)为Docker,因此先安装Docker。 安装Docker $ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo $ yum -y install docker-ce-18.06.1.ce-3.el7 $ systemctl enable docker && systemctl start docker $ docker --version Docker version 18.06.1-ce, build e68fc7a 123456 $ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo$ yum -y install docker-ce-18.06.1.ce-3.el7$ systemctl enable docker && systemctl start docker$ docker --versionDocker version 18.06.1-ce, build e68fc7a 1 2 3 4 5 添加阿里云YUM软件源 $ cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 导入gpgkey文件 $ wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg $ rpm --import yum-key.gpg $ wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg $ rpm --import rpm-package-key.gpg 1234567891011121314151617 $ cat > /etc/yum.repos.d/kubernetes.repo << EOF[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttps://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF 导入gpgkey文件$ wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg$ rpm --import yum-key.gpg$ wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg$ rpm --import rpm-package-key.gpg 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 安装kubeadm,kubelet和kubectl 由于版本更新频繁,这里指定版本号部署: $ yum install -y kubelet-1.13.3 kubeadm-1.13.3 kubectl-1.13.3 kubernetes-cni-0.6.0 $ systemctl enable kubelet 123 $ yum install -y kubelet-1.13.3 kubeadm-1.13.3 kubectl-1.13.3 kubernetes-cni-0.6.0$ systemctl enable kubelet 1 2 部署Kubernetes Master 由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。 $ kubeadm init \ --apiserver-advertise-address=10.0.52.13 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.13.3 \ --service-cidr=10.1.0.0/16 \ --pod-network-cidr=10.244.0.0/16 1234567 $ kubeadm init \--apiserver-advertise-address=10.0.52.13 \--image-repository registry.aliyuncs.com/google_containers \--kubernetes-version v1.13.3 \--service-cidr=10.1.0.0/16 \--pod-network-cidr=10.244.0.0/16 1 2 3 4 5 6 使用kubectl工具: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config 1234 mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config 1 2 3 安装Pod网络插件(CNI) $ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml 12 $ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml 1 确保能够访问到quay.io这个registery。 加入Kubernetes Node 向集群添加新节点,执行在kubeadm init输出的kubeadm join命令: kubeadm join 10.0.52.13:6443 --token nqg5gl.zr84xb63z2ve7dbn --discovery-token-ca-cert-hash sha256:3e43b9c41dd74ba0f46c260d0e0b6663993cf4563c3852384916d76338d6202e 12 kubeadm join 10.0.52.13:6443 --token nqg5gl.zr84xb63z2ve7dbn --discovery-token-ca-cert-hash sha256:3e43b9c41dd74ba0f46c260d0e0b6663993cf4563c3852384916d76338d6202e 1 在master执行 $ kubectl get nodes 12 $ kubectl get nodes 1 测试kubernetes集群 在Kubernetes集群中创建一个pod,验证是否正常运行: $ kubectl create deployment nginx --image=nginx $ kubectl expose deployment nginx --port=80 --type=NodePort $ kubectl get pod,svc 1234 $ kubectl create deployment nginx --image=nginx$ kubectl expose deployment nginx --port=80 --type=NodePort$ kubectl get pod,svc 1 2 3 访问地址:http://NodeIP:Port 部署 Dashboard kubectl apply -f kubernetes-dashboard.yaml kubectl apply -f admin-dashboard.yaml 1234 kubectl apply -f kubernetes-dashboard.yaml kubectl apply -f admin-dashboard.yaml 1 2 3 访问地址:http://NodeIP:30001 选择令牌,令牌获取如下: kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') 12 kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') 1 首页如下: