手把手教你部署k8s(kubeadm方式)-------详解
1.Kubernetes架构与组件示意图2.部署准备准备三台虚拟机,master节点至少2核2Gmaster:192.168.13.141node1:192.168.13.142node2:192.168.13.143所有机器:关闭防火墙:systemctl stop firewalldsystemctl disable firewalld关闭selin...
·
1.Kubernetes架构与组件示意图
2.部署准备
准备三台虚拟机,master节点至少2核2G
master: 192.168.13.141
node1: 192.168.13.142
node2: 192.168.13.143
所有机器:
关闭防火墙:
systemctl stop firewalld
systemctl disable firewalld
关闭selinux:
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
关闭swap:
swapoff -a # 临时
vim /etc/fstab #永久(将带有swap的那一行注释掉)
free -m #查看,swap那一行会全部显示0
添加主机名与IP对应关系(记得设置主机名):
cat /etc/hosts
192.168.13.141 master
192.168.13.142 node1
192.168.13.143 node2
同步时间:(也可以不用同步,但是三台虚拟机的时间相差不能超过一天,
因为token只有一天的作用效果)
yum install ntpdate
ntpdate -u ntp.api.bz
ntpdate ntp1.aliyun.com #这里用的是阿里的
将桥接的IPv4流量传递到iptables的链:
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system #使配置生效
这些准备条件都需要做好,要不然很容易报错的
3.所有节点安装Docker/kubeadm/kubelet
1.安装Docker
Kubernetes默认CRI(容器运行时)为Docker,因此先安装Docker。
安装新版docker以及报错详解
#安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
#添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 更新并安装Docker-CE
yum makecache fast
yum -y install docker-ce
#开启Docker服务
systemctl enable docker && systemctl start docker
2.添加阿里云YUM软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
3.安装kubeadm,kubelet和kubectl
由于版本更新频繁,这里指定版本号部署:
yum install -y kubelet-1.14.0 kubeadm-1.14.0 kubectl-1.14.0
#我这里用的是1.14的,其他版本的都行
systemctl enable kubelet
这里做完之后建议做一个快照,因为下面一不小心就会出错
4.部署Kubernetes Master
在192.168.13.141(Master)执行下面操作
[root@master ~]# vim yjssjm.sh
#因为命令太长,还需要修改,所以直接创建一个文件来执行
kubeadm init \
--apiserver-advertise-address=192.168.13.141 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.14.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
================================================================
--apiserver-advertise-address=192.168.13.141 #指定master节点IP
--image-repository registry.aliyuncs.com/google_containers
#由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。
--kubernetes-version v1.14.0 #指定版本号
--pod-network-cidr=10.244.0.0/16 #指定pod的网段
================================================================
[root@master ~]# sh yjssjm.sh
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
...........................
...........................
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
--discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b
最后会生成一个token ,将其保存好
[root@master ~]# cat token.txt
kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
--discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b
使用kubectl工具:
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# kubectl get nodes #测试kubectl命令是否能使用
NAME STATUS ROLES AGE VERSION
master NotReady master 11m v1.14.0
5.安装Pod网络插件(CNI)
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.extensions/kube-flannel-ds-amd64 created
daemonset.extensions/kube-flannel-ds-arm64 created
daemonset.extensions/kube-flannel-ds-arm created
daemonset.extensions/kube-flannel-ds-ppc64le created
daemonset.extensions/kube-flannel-ds-s390x created
[root@master ~]# kubectl get pods -n kube-system -o wide #查看状态
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-8686dcc4fd-4nlrq 1/1 Running 0 16m 10.244.0.3 master <none> <none>
coredns-8686dcc4fd-57f2z 1/1 Running 0 16m 10.244.0.2 master <none> <none>
etcd-master 1/1 Running 0 16m 192.168.13.141 master <none> <none>
kube-apiserver-master 1/1 Running 0 15m 192.168.13.141 master <none> <none>
kube-controller-manager-master 1/1 Running 0 16m 192.168.13.141 master <none> <none>
kube-flannel-ds-amd64-9ls8s 1/1 Running 0 2m1s 192.168.13.141 master <none> <none>
kube-proxy-9j2ft 1/1 Running 0 16m 192.168.13.141 master <none> <none>
kube-scheduler-master 1/1 Running 0 15m 192.168.13.141 master <none> <none>
只有都是running才是成功,如果你是pending或者Errimages之类的 一般都是拉取镜像失败,
你可以手动去拉取镜像。
加入Kubernetes Node
[root@master ~]# kubectl get no #目前没有node节点加入
NAME STATUS ROLES AGE VERSION
master Ready master 23m v1.14.0
[root@master ~]# cat token.txt #找到刚刚生成的token
kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
--discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b
复制上面文件里面的内容,在node节点上执行
[root@node1 ~]# kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
> --discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b
[root@node2 ~]# kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
> --discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b
[root@master ~]# kubectl get no #再次查看,node节点已经加入
NAME STATUS ROLES AGE VERSION
master Ready master 23m v1.14.0
node1 NotReady <none> 27s v1.14.0
node2 NotReady <none> 23s v1.14.0
测试kubernetes集群
在Kubernetes集群中创建一个pod,验证是否正常运行:
这里用daocloud的镜像,以防下载慢导致失败
[root@master ~]# kubectl create deployment nginx --image=daocloud.io/library/nginx
deployment.apps/nginx created
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort #映射端口
service/nginx exposed
[root@master ~]# kubectl get pod,svc #查看状态以及映射的端口号
NAME READY STATUS RESTARTS AGE
pod/nginx-5f965696dd-z4tnk 1/1 Running 0 22s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 29m
service/nginx NodePort 10.1.221.148 <none> 80:31326/TCP 10s
[root@master ~]# curl -I 192.168.13.142:31326 #状态返回码是200
HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 06 May 2020 08:48:07 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes
访问: 192.168.13.142:31326 能访问到nginx界面
6.安装Kuboard
Kuboard 是 Kubernetes 的一款图形化管理界面。
你也可以参考官网安装Kuboard官网
[root@master ~]# kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml
[root@master ~]# kubectl apply -f https://addons.kuboard.cn/metrics-server/0.3.6/metrics-server.yaml
查看 Kuboard 运行状态:
[root@master ~]# kubectl get pods -l k8s.eip.work/name=kuboard -n kube-system
NAME READY STATUS RESTARTS AGE
kuboard-7db58754b5-cq4gt 1/1 Running 0 6m57s
http://任意一个node节点的IP地址:32567/
[root@master ~]# echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJvYXJkLXVzZXItdG9rZW4tNWNybW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoia3Vib2FyZC11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGM1OTNmYzctOGZhYS0xMWVhLWFlOGYtMDAwYzI5ODE0ZWY4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmt1Ym9hcmQtdXNlciJ9.O2oyHkQKLLeyTG0cZk7KA1g-1y_MS09BNFA7lbi02Dzm1GwCXe9X2a55Vy9hqaxbHEcYDjBF9OA1kA5CpM7dPJgXN4Z-tlDGkYdbcB-nMR--uffXbomPM4xbRvHD_HAcRqEc7nFw9MVIGr5cb4vGGJU4yEdalY9cg4iigyA0Jb4GaoNB_oy4QFM4LKik8OaXXro8yfj0QdFkF0DygsleyVp0VcZAmzHw5W--UPf5gHXOiF-mF3vgRtgbGiQdy3rBYp6FVfDISM-hSBTxfn8HdlrQi19m4t2FWza-IIxFoHg2rRq1B1fLvjgDiJRsHzJOaOsY2Pd-m-nnTjr0pXYt5A
如果你中途报错了,不妨看看这篇文章
k8s报错:pod状态为pending,coredns的状态是pending的解决办法
更多推荐
已为社区贡献11条内容
所有评论(0)