一、环境
操作系统环境:
| 名称 | ip | 主机名 | 操作系统 |
|---|---|---|---|
| master节点 | 192.168.148.183 | master | centos7.6 |
| node节点 | 192.168.148.184 | node-1 | centos7.6 |
| node节点 | 192.168.148.185 | node-2 | centos7.6 |
| Pod网络 | 172.172.0.0/16 | — |
软件版本:
| name | version |
|---|---|
| docker | 18.09.3 |
| kubelet | 1.15.12 |
| kubeadm | 1.15.12 |
| kubectl | 1.15.12 |
| dashboard | 2.0.0-rc5 |
二、系统初始化
①、master、node节点初始化
1、关闭selinux防火墙
setenforce 0 && sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config 2.关闭默认防火墙
systemctl stop firewalld systemctl disable firewalld 3、设置hostname(管理为master、节点为node-1)
hostnamectl --static set-hostname master 4、配置hosts,实现本地主机名分析
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness=0 EOF #使内核参数配置生效 sysctl --system 5.关闭交换内存,如果不关闭,kubelet无法启动服务
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab 6、安装docker 、建议改成国内源,速度比较快
yum -y install yum-utils device-mapper-persistent-data lvm2 yum-config-manager -y --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum -y install docker-ce-18.09.3.ce-3.el7 docker-ce-cli-18.09.3.ce-3.el7 containerd.io systemctl start docker systemctl enable docker 7、优化Docker cgroup驱动、cgroup driver为systemd该模式可以保证资源紧张时服务器节点的稳定性,并在中国设置docker仓库
yum install -y systemd cat >/etc/docker/daemon.json<<EOF { "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": [ "https://3laho3y3.mirror.aliyuncs.com" ] } EOF systemctl restart docker 8、配置kubernetes yum安装源头Kubernetes阿里云镜像仓库的来源用于基本服务和工具
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 9、安装Kubernetes基本服务和工具
yum -y install kubelet-1.15.1 kubeadm-1.15.1 kubectl-1.15.1 systemctl start kubelet systemctl enable kubelet.service 三、部署master节点
Master 理论上,节点只需要接口服务、调度服务、控制管理服务和状态存储服务 kubeadm 以 Pod 形式部署 Master 组件,所以在 Master 节点主机仍需部署 kubelet 服务,kubeadm 自动对于初始化 kubelet 配置和管理服务
1、下载k8s并标记相关镜像
kubeadm config images list 需要镜像检查 
for i in `kubeadm config images list`; do imageName=${i#k8s.gcr.io/} docker pull registry.aliyuncs.com/google_containers/$imageName docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName docker rmi registry.aliyuncs.com/google_containers/$imageName done; 2、使用kubeadm初始化Mastr节点
kubeadm init --kubernetes-version=v1.15.12 --pod-network-cidr=172.172.0.0/16
#Master 节点初始化成功后,会提示成功并输出 token 和 discovery-token-ca-cert-hash
用于将 Node 加入所指定 Master 的 Kubernetes 集群
3、安装网络组件 Flannel、Kubernetes 本身并没有集成网络功能,需要单独安装网络插件实现 Kubernetes 集群中 Pod 的网络功能
初始化kubectl配置
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
4、获取网络组件Flannel的资源配置文件
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
5、修改Pod网段IP为自定义的172.172.0.0/16
sed -i "s#10.244.0.0/16#172.172.0.0/16#g" kube-flannel.yml
# 创建应用
kubectl apply -f kube-flannel.yml
6、查看主节点运行 Pod 的状态
kubectl get pods --all-namespaces -o wide
四、部署node
建议:
下载k8s相关镜像并打标签 kubeadm config images list 查看需要镜像
for i in kubeadm config images list; do
imageName=${i#k8s.gcr.io/}
docker pull [registry.aliyuncs.com/google_containers/ i m a g e N a m e ] ( h t t p : / / r e g i s t r y . a l i y u n c s . c o m / g o o g l e c o n t a i n e r s / imageName](http://registry.aliyuncs.com/google_containers/ imageName](http://registry.aliyuncs.com/googlecontainers/imageName)
docker tag registry.aliyuncs.com/google_containers/ i m a g e N a m e k 8 s . g c r . i o / imageName k8s.gcr.io/ imageNamek8s.gcr.io/imageName
docker rmi [registry.aliyuncs.com/google_containers/ i m a g e N a m e ] ( h t t p : / / r e g i s t r y . a l i y u n c s . c o m / g o o g l e c o n t a i n e r s / imageName](http://registry.aliyuncs.com/google_containers/ imageName](http://registry.aliyuncs.com/googlecontainers/imageName)
done;
1、加入集群
kubeadm join 192.168.148.183:6443 --token ci6nvr.waohhknikxljmute \
--discovery-token-ca-cert-hash sha256:1543186491d19bc5e2a42efdadd486aafcd5397d457f30ceff0bae7e100f4892
2、在Master节点通过命令查看节点状态
kubectl get nodes
3、在Master节点通过命令查看pod状态
kubectl get pod --all-namespaces -o wide
五、master节点部署web页面
部署:kubernetes-dashboard
1、获取资源配置文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml
2、vim recommended.yaml
vim recommended.yaml
#定位到39行,修改其提供的service资源
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 31000
selector:
k8s-app: kubernetes-dashboard
3、部署pod应用
kubectl apply -f recommended.yaml
4、Token 方式认证登录
#创建admin-user账户及授权的资源配置文件
cat>dashboard-adminuser.yml<<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
# 创建资源实例
kubectl create -f dashboard-adminuser.yml
5、获取账户admin-user的Token用于登录
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
token:
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXRkdjdjIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlYWYyMWE5Yy0yOGU1LTRiZTMtYjAzYi1mYzhiODlkMDgxYWEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Spj6pAQcesadqMgTGVa0OwQCWi165lXkVE-uRdbnprKabmfWE32II-Xj8EbC3X_vy9OebyQS-_6FdzzUZ1Rj7rC6r-jilHs7YK70nG-WAVOYKik9Nt6pnOfHCFS5eWKfQEbFNBSJzS3DAkHfawBNxa1evXai9WmAKI6fWRGSSYwcrR0IkFFAdwN6Lb2dW0elDqp_sz5L_ujLCh_RYqzdW5pMraM6nzq8w-gy4HXVBa6wZGhJDXHboTsrYtJZbwqatFcS2-bYpDe1evqN9PHy9BBALXgldptbfNPpSOcNiLzXdDTZ-XzVtCzac0DilLI4oduTPNEp8eq0zfk2qo6gIg
六、登录验证
访问:https://ip:31000
使用token登录即可