Kubeadm安裝Kubernetes集群

實驗環境

基礎環境配置

使用的都是root用戶進行操作

3臺均需操作

cat > /etc/hosts << EOF

172.20.20.171 node171

172.20.20.172 node172

172.20.20.173 node173

EOF

#?swapoff ?/dev/mapper/cl-swap

# vi /etc/fstab

#?systemctl disable firewalld

#?systemctl stop firewalld

#?vi /etc/sysconfig/selinux

#?setenforce 0

#?cat > /etc/sysctl.d/k8s.conf <<EOF

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

#?sysctl ?--system

#?cat >> ?/etc/sysctl.conf <<EOF

net.ipv4.ip_forward = 1

EOF

#?sysctl -p

#?yum install -y wget

#?mkdir -p /etc/yum.repos.d/bak

#?cd /etc/yum.repos.d/

#?mv * bak

#?wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo

#?wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo

#?yum clean all && yum makecache

#?cat > /etc/yum.repos.d/kubernetes.repo << EOF

[kubernetes]

name=Kubernetes

baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/

enabled=1

gpgcheck=1

repo_gpgcheck=1

gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

#?wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

#?yum install -y docker-ce-18.06.1.ce-3.el7

#?systemctl enable docker && systemctl start docker

#?yum install -y kubelet kubeadm kubectl

#?systemctl enable kubelet

在master上進行操作

#?kubeadm init --kubernetes-version=1.14.2 ?--apiserver-advertise-address=172.20.20.171 ?--image-repository registry.aliyuncs.com/google_containers ?--service-cidr=172.100.0.0/16 ?--pod-network-cidr=10.244.0.0/16

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

?mkdir -p $HOME/.kube

?sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

?sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

?https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.20.20.171:6443 --token 7d6gy1.wcroc19bpsbpx7bp \

? ?--discovery-token-ca-cert-hash sha256:654a19df7e29ccd08b993014852a678893aeaa5241362767c0c3d59743a16ec9

#?mkdir -p $HOME/.kube

#?sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

#?chown $(id -u):$(id -g) $HOME/.kube/config

[root@node171 ~]# kubectl get nodes

NAME ? ? ?STATUS ? ? ROLES ? ?AGE ? ? VERSION

node171 ? NotReady ? master ? 2m26s ? v1.14.3

[root@node171 ~]# kubectl get cs

NAME ? ? ? ? ? ? ? ? STATUS ? ?MESSAGE ? ? ? ? ? ? ERROR

scheduler ? ? ? ? ? ?Healthy ? ok

controller-manager ? Healthy ? ok

etcd-0 ? ? ? ? ? ? ? Healthy ? {"health":"true"}

部署flannel網絡

#?wget https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml

kubectl create -f ./kube-flannel.yml

在Node節點上操作

需要master節點上的pods狀態都是Running時，才執行如下語句：

#?kubeadm join 172.20.20.171:6443 --token 7d6gy1.wcroc19bpsbpx7bp \

--discovery-token-ca-cert-hash sha256:654a19df7e29ccd08b993014852a678893aeaa5241362767c0c3d59743a16ec9

在Master查看集群狀態

[root@node171 ~]# kubectl get nodes

NAME ? ? ?STATUS ? ROLES ? ?AGE ? ? VERSION

node171 ? Ready ? ?master ? 18m ? ? v1.14.3

node172 ? Ready ? ?<none> ? 4m8s ? ?v1.14.3

node173 ? Ready ? ?<none> ? 2m24s ? v1.14.3

若出現Ready說明集群狀態正常

驗證Pod以驗證集群是否正常

#?kubectl create deployment nginx --image=nginx

#?kubectl expose deployment nginx --port=80 --type=NodePort

[root@node171 ~]# kubectl get pod,svc

NAME ? ? ? ? ? ? ? ? ? ? ? ? READY ? STATUS ? ? ? ? ? ? ?RESTARTS ? AGE

pod/nginx-65f88748fd-7sthx ? 0/1 ? ? ContainerCreating ? 0 ? ? ? ? ?67s

NAME ? ? ? ? ? ? ? ? TYPE ? ? ? ?CLUSTER-IP ? ? ? ?EXTERNAL-IP ? PORT(S) ? ? ? ?AGE

service/kubernetes ? ClusterIP ? 169.169.0.1 ? ? ? <none> ? ? ? ?443/TCP ? ? ? ?21m

service/nginx ? ? ? ?NodePort ? ?169.169.231.102 ? <none> ? ? ? ?80:30073/TCP ? 12s

部署Dashboard

在master上操作

#?cat ?> kubernetes-dashboard.yaml ?<< EOF

# Copyright 2017 The Kubernetes Authors.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

# ? ? http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# ------------------- Dashboard Secret ------------------- #

apiVersion: v1

kind: Secret

metadata:

?labels:

? ?k8s-app: kubernetes-dashboard

?name: kubernetes-dashboard-certs

?namespace: kube-system

type: Opaque

---

# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1

kind: ServiceAccount

metadata:

?labels:

? ?k8s-app: kubernetes-dashboard

?name: kubernetes-dashboard

?namespace: kube-system

---

# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

?name: kubernetes-dashboard-minimal

?namespace: kube-system

rules:

?# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.

- apiGroups: [""]

?resources: ["secrets"]

?verbs: ["create"]

?# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

?resources: ["configmaps"]

?verbs: ["create"]

?# Allow Dashboard to get, update and delete Dashboard exclusive secrets.

- apiGroups: [""]

?resources: ["secrets"]

?resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]

?verbs: ["get", "update", "delete"]

?# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

?resources: ["configmaps"]

?resourceNames: ["kubernetes-dashboard-settings"]

?verbs: ["get", "update"]

?# Allow Dashboard to get metrics from heapster.

- apiGroups: [""]

?resources: ["services"]

?resourceNames: ["heapster"]

?verbs: ["proxy"]

- apiGroups: [""]

?resources: ["services/proxy"]

?resourceNames: ["heapster", "http:heapster:", "https:heapster:"]

?verbs: ["get"]

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

?name: kubernetes-dashboard

roleRef:

?kind: ClusterRole

?name: cluster-admin

?apiGroup: rbac.authorization.k8s.io

subjects:

- kind: ServiceAccount

?name: kubernetes-dashboard

?namespace: kube-system

---

# ------------------- Dashboard Deployment ------------------- #

kind: Deployment

apiVersion: apps/v1

metadata:

?labels:

? ?k8s-app: kubernetes-dashboard

?name: kubernetes-dashboard

?namespace: kube-system

spec:

?replicas: 1

?revisionHistoryLimit: 10

?selector:

? ?matchLabels:

? ? ?k8s-app: kubernetes-dashboard

?template:

? ?metadata:

? ? ?labels:

? ? ? ?k8s-app: kubernetes-dashboard

? ?spec:

? ? ?containers:

? ? ?- name: kubernetes-dashboard

? ? ? ?image: loveone/kubernetes-dashboard-amd64:v1.10.1

? ? ? ?ports:

? ? ? ?- containerPort: 8443

? ? ? ? ?protocol: TCP

? ? ? ?args:

? ? ? ? ?- --auto-generate-certificates

? ? ? ? ?# Uncomment the following line to manually specify Kubernetes API server Host

? ? ? ? ?# If not specified, Dashboard will attempt to auto discover the API server and connect

? ? ? ? ?# to it. Uncomment only if the default does not work.

? ? ? ? ?# - --apiserver-host=http://my-address:port

? ? ? ?volumeMounts:

? ? ? ?- name: kubernetes-dashboard-certs

? ? ? ? ?mountPath: /certs

? ? ? ? ?# Create on-disk volume to store exec logs

? ? ? ?- mountPath: /tmp

? ? ? ? ?name: tmp-volume

? ? ? ?livenessProbe:

? ? ? ? ?httpGet:

? ? ? ? ? ?scheme: HTTPS

? ? ? ? ? ?path: /

? ? ? ? ? ?port: 8443

? ? ? ? ?initialDelaySeconds: 30

? ? ? ? ?timeoutSeconds: 30

? ? ?volumes:

? ? ?- name: kubernetes-dashboard-certs

? ? ? ?secret:

? ? ? ? ?secretName: kubernetes-dashboard-certs

? ? ?- name: tmp-volume

? ? ? ?emptyDir: {}

? ? ?serviceAccountName: kubernetes-dashboard

? ? ?# Comment the following tolerations if Dashboard must not be deployed on master

? ? ?tolerations:

? ? ?- key: node-role.kubernetes.io/master

? ? ? ?effect: NoSchedule

---

# ------------------- Dashboard Service ------------------- #

kind: Service

apiVersion: v1

metadata:

?labels:

? ?k8s-app: kubernetes-dashboard

?name: kubernetes-dashboard

?namespace: kube-system

spec:

?ports:

? ?- port: 443

? ? ?targetPort: 8443

? ? ?nodePort: 30001

?type: NodePort

?selector:

? ?k8s-app: kubernetes-dashboard

EOF

#?kubectl ?create -f kubernetes-dashboard.yaml

[root@node171 ~]# kubectl get deployment kubernetes-dashboard -n kube-system

NAME ? ? ? ? ? ? ? ? ? READY ? UP-TO-DATE ? AVAILABLE ? AGE

kubernetes-dashboard ? 1/1 ? ? 1 ? ? ? ? ? ?1 ? ? ? ? ? 92s

#?kubectl get pods -n kube-system -o wide

#?kubectl get services -n kube-system

在瀏覽器中輸入：

https://172.20.20.171:30001

#?kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-dashboard-token|awk '{print $1}')|grep token:|awk '{print $2}'

使用得到的值，在下方粘貼過去

最后登錄成功界面如下：