学习笔记

k8s安装(使用kubeadm)

# 介绍

[TOC]

主机配置:

主机名	IP地址
master	192.168.153.131
node1	192.168.153.132
node2	192.168.153.133

系统：CentOS7

docker版本：19.03.5

k8s版本：1.18.0

1. 前期准备

修改主机名（所有节点）

#永久修改主机名，你可以修改静态主机名
hostnamectl --static set-hostname <host-name>

1
2

同步/etc/hosts（所有节点）

192.168.153.131   server01
192.168.153.132   server02
192.168.153.133   server03

1
2
3

关闭防火墙、swap、selinux（所有节点）

# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 关闭swap
swapoff -a
sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
# 关闭selinux
setenforce 0
vi /etc/selinux/config
#SELINUX修改为disabled
SELINUX=disabled

1
2
3
4
5
6
7
8
9
10

系统参数设置（所有节点）

# 制作配置文件
cat <<EOF >  /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 生效文件
$ sysctl -p /etc/sysctl.d/kubernetes.conf

1
2
3
4
5
6
7
8

配置K8S源（所有节点）

## 配置k8s源
 cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
 
## 重建yum缓存
yum clean all
yum makecache fast
yum -y update

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

安装kubeadm，kubelet ,kubeadm（所有节点）

 yum install kubectl kubelet kubeadm
 #指定版本
 yum install kubectl-1.18.0  kubelet-1.18.0 kubeadm-1.18.0
 #设置kubelet开机启动
 systemctl enable kubelet

1
2
3
4
5

master节点安装（主节点）

kubeadm init --kubernetes-version=1.18.0  \
--apiserver-advertise-address=192.168.153.131   \
--image-repository registry.aliyuncs.com/google_containers  \
--service-cidr=10.16.0.0/16 --pod-network-cidr=172.20.0.0/16

1
2
3
4

创建kubectl

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

1
2
3

使kubectl可以自动补充
```
source <(kubectl completion bash)
```
1

安装calico网络（主节点）

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

查看是否正常

kubectl get pod --all-namespaces

NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE
kube-system            calico-kube-controllers-578894d4cd-wjsdt     1/1     Running   0          33m
kube-system            calico-node-rrrmr                            1/1     Running   0          33m
kube-system            coredns-7ff77c879f-rbccf                     1/1     Running   0          34m
kube-system            coredns-7ff77c879f-zh8mf                     1/1     Running   0          34m
kube-system            etcd-server01                                1/1     Running   0          35m
kube-system            kube-apiserver-server01                      1/1     Running   0          35m
kube-system            kube-controller-manager-server01             1/1     Running   0          35m
kube-system            kube-proxy-2xhws                             1/1     Running   0          34m
kube-system            kube-scheduler-server01                      1/1     Running   0          35m

1
2
3
4
5
6
7
8
9
10

查看集群是否正常

kubectl get pods -A  -o wide

NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE   IP                NODE       NOMINATED NODE   READINESS GATES
kube-system            calico-kube-controllers-578894d4cd-wjsdt     1/1     Running   0          34m   172.20.188.2      server01   <none>           <none>
kube-system            calico-node-rrrmr                            1/1     Running   0          34m   192.168.153.131   server01   <none>           <none>
kube-system            coredns-7ff77c879f-rbccf                     1/1     Running   0          36m   172.20.188.1      server01   <none>           <none>
kube-system            coredns-7ff77c879f-zh8mf                     1/1     Running   0          36m   172.20.188.3      server01   <none>           <none>
kube-system            etcd-server01                                1/1     Running   0          36m   192.168.153.131   server01   <none>           <none>
kube-system            kube-apiserver-server01                      1/1     Running   0          36m   192.168.153.131   server01   <none>           <none>
kube-system            kube-controller-manager-server01             1/1     Running   0          36m   192.168.153.131   server01   <none>           <none>
kube-system            kube-proxy-2xhws                             1/1     Running   0          36m   192.168.153.131   server01   <none>           <none>
kube-system            kube-scheduler-server01                      1/1     Running   0          36m   192.168.153.131   server01   <none>           <none>
kubernetes-dashboard   dashboard-metrics-scraper-6b4884c9d5-6c5f9   1/1     Running   0          33m   172.20.188.5      server01   <none>           <none>
kubernetes-dashboard   kubernetes-dashboard-7f99b75bf4-w5krx        1/1     Running   0          33m   172.20.188.4      server01   <none>           <none>

1
2
3
4
5
6
7
8
9
10
11
12

获取添加节点命令

kubeadm token create --print-join-command

node节点安装（使用获取到的命令安装node节点）

kubeadm join 192.168.153.130:6443 --token re24q1.7sin74aq7c0awnru \
    --discovery-token-ca-cert-hash sha256:82e68e2af70c642e7307c68505f513149c364867fd368ab0305c85ad2777f037 \
   --ignore-preflight-errors=all

1
2
3

Dashboard安装

官网 (opens new window)找的对应版本dashboard,下载至本地解压。修改dashboard-2.0.3\aio\deploy\recommended.yaml，在service里添加nodeport

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000
  selector:
    k8s-app: kubernetes-dashboard

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

创建dashboard
```
kubectl create -f recommended.yaml
```
1

查看dashboard

kubectl get svc -n kubernetes-dashboard

NAME                        TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.16.96.37    <none>        8000/TCP        48m
kubernetes-dashboard        NodePort    10.16.84.236   <none>        443:30000/TCP   48m

1
2
3

访问dashboard
```
https://192.168.153.131:30000/
```
1
登录dashboard

创建serviceaccount和clusterrolebinding资源YAML文件adminuser.yaml

---
apiVersion: v1
kind: ServiceAccount

1
2
3

# metadata: name: admin-user namespace: kubernetes-dashboard

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects:

kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard


创建admin-user并且赋予admin-user集权管理员权限

```shell
kubectl create -f adminuser.yaml

1
2
3
4
5

获取token,使用token登录

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

Data
====
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImZRUkVRb0VrX1FZY1FWaUJqdnVQd2FRc3FqaWVSajJ2NXcyRGlpOTYzWWsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWx6aGR3Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI5YmVhOTdhYy1mN2IzLTQyNGItYmU3OS1kODliZWE4NGNiNjciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.UGFI3X6_E3eQQ4WXPGkLwWP00AwfsrxB3DkZhelVZHGS-ixecDKh5O9tF4jJButfOmp2XEj8HJk7m02V-ojCoK3k4tM6Cp28z4pG_wLdWKwnXN07VPfTiAEot12ruN_krXzBGMAuyRfoEPhasDX4ANRXv3sJ3FsP8L8PZl2NZ1mx_rQz1ieV40wO3ybpIUNVPoxlRPUo_YFQ155DdV6xW1XIo3-26QYgalLUG5UaiN-xpXevUq8xiDeFGJ85oTKwkNegEN0c22INyy0cUHJtRZ033z3E_Y2KcsGLWe6JImwsnPRI2un69IRvHlrbPGR92CpPqWp_zxD8gGIU4lkhjQ
ca.crt:     1025 bytes

1
2
3
4
5

← /运维/K8s/k8s安装(使用kubeadm).html k8s基本使用 →