1.Kubernetes架构与组件示意图

在这里插入图片描述

2.部署准备

准备三台虚拟机,master节点至少2核2G

master:	192.168.13.141  
node1:		192.168.13.142 
node2: 	192.168.13.143 
所有机器:
关闭防火墙:
systemctl stop firewalld
systemctl disable firewalld

关闭selinux:
sed -i 's/enforcing/disabled/' /etc/selinux/config 
setenforce 0

关闭swap:
swapoff -a  	# 临时
vim /etc/fstab  #永久(将带有swap的那一行注释掉)
free -m 		#查看,swap那一行会全部显示0

添加主机名与IP对应关系(记得设置主机名):
cat /etc/hosts
192.168.13.141 	master
192.168.13.142	node1
192.168.13.143	node2

同步时间:(也可以不用同步,但是三台虚拟机的时间相差不能超过一天,
因为token只有一天的作用效果)
yum install ntpdate
ntpdate -u ntp.api.bz 
ntpdate ntp1.aliyun.com    #这里用的是阿里的

将桥接的IPv4流量传递到iptables的链:
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system        #使配置生效

这些准备条件都需要做好,要不然很容易报错的

3.所有节点安装Docker/kubeadm/kubelet
1.安装Docker

Kubernetes默认CRI(容器运行时)为Docker,因此先安装Docker。
安装新版docker以及报错详解

#安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
#添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 更新并安装Docker-CE
yum makecache fast
yum -y install docker-ce
#开启Docker服务
systemctl enable docker && systemctl start docker
2.添加阿里云YUM软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
3.安装kubeadm,kubelet和kubectl

由于版本更新频繁,这里指定版本号部署:

yum install -y kubelet-1.14.0 kubeadm-1.14.0 kubectl-1.14.0   
#我这里用的是1.14的,其他版本的都行
systemctl enable kubelet 

这里做完之后建议做一个快照,因为下面一不小心就会出错

4.部署Kubernetes Master
在192.168.13.141(Master)执行下面操作
[root@master ~]# vim yjssjm.sh    
#因为命令太长,还需要修改,所以直接创建一个文件来执行
kubeadm init \
  --apiserver-advertise-address=192.168.13.141 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.14.0 \
  --service-cidr=10.1.0.0/16 \
  --pod-network-cidr=10.244.0.0/16
================================================================
--apiserver-advertise-address=192.168.13.141   #指定master节点IP
--image-repository registry.aliyuncs.com/google_containers
#由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。
--kubernetes-version v1.14.0  #指定版本号
--pod-network-cidr=10.244.0.0/16   #指定pod的网段
================================================================
[root@master ~]# sh yjssjm.sh
[init] Using Kubernetes version: v1.14.0
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
...........................
...........................
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
    --discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b 

最后会生成一个token  ,将其保存好
[root@master ~]# cat token.txt 
kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
    --discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b
使用kubectl工具:
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# kubectl get nodes   #测试kubectl命令是否能使用
NAME     STATUS     ROLES    AGE   VERSION
master   NotReady   master   11m   v1.14.0
5.安装Pod网络插件(CNI)
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml 
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.extensions/kube-flannel-ds-amd64 created
daemonset.extensions/kube-flannel-ds-arm64 created
daemonset.extensions/kube-flannel-ds-arm created
daemonset.extensions/kube-flannel-ds-ppc64le created
daemonset.extensions/kube-flannel-ds-s390x created
[root@master ~]# kubectl get pods -n kube-system -o wide   #查看状态
NAME                             READY   STATUS    RESTARTS   AGE    IP               NODE     NOMINATED NODE   READINESS GATES
coredns-8686dcc4fd-4nlrq         1/1     Running   0          16m    10.244.0.3       master   <none>           <none>
coredns-8686dcc4fd-57f2z         1/1     Running   0          16m    10.244.0.2       master   <none>           <none>
etcd-master                      1/1     Running   0          16m    192.168.13.141   master   <none>           <none>
kube-apiserver-master            1/1     Running   0          15m    192.168.13.141   master   <none>           <none>
kube-controller-manager-master   1/1     Running   0          16m    192.168.13.141   master   <none>           <none>
kube-flannel-ds-amd64-9ls8s      1/1     Running   0          2m1s   192.168.13.141   master   <none>           <none>
kube-proxy-9j2ft                 1/1     Running   0          16m    192.168.13.141   master   <none>           <none>
kube-scheduler-master            1/1     Running   0          15m    192.168.13.141   master   <none>           <none>
只有都是running才是成功,如果你是pending或者Errimages之类的 一般都是拉取镜像失败,
你可以手动去拉取镜像。

加入Kubernetes Node

[root@master ~]# kubectl get no   #目前没有node节点加入
NAME     STATUS     ROLES    AGE   VERSION
master   Ready      master   23m   v1.14.0
[root@master ~]# cat token.txt #找到刚刚生成的token
kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
    --discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b

复制上面文件里面的内容,在node节点上执行
[root@node1 ~]# kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
>     --discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b
[root@node2 ~]# kubeadm join 192.168.13.141:6443 --token r9t8e3.nzsxr2k4bdjtw5t9 \
>     --discovery-token-ca-cert-hash sha256:1fe4f2d46e552f374919102d10061ceb2100008154b6ef9060ee73db7b37d55b
[root@master ~]# kubectl get no   #再次查看,node节点已经加入
NAME     STATUS     ROLES    AGE   VERSION
master   Ready      master   23m   v1.14.0
node1    NotReady   <none>   27s   v1.14.0
node2    NotReady   <none>   23s   v1.14.0

测试kubernetes集群
在Kubernetes集群中创建一个pod,验证是否正常运行:

这里用daocloud的镜像,以防下载慢导致失败
[root@master ~]# kubectl create deployment nginx --image=daocloud.io/library/nginx  
deployment.apps/nginx created
[root@master ~]# kubectl expose deployment nginx --port=80 --type=NodePort  #映射端口
service/nginx exposed
[root@master ~]# kubectl get pod,svc   #查看状态以及映射的端口号
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-5f965696dd-z4tnk   1/1     Running   0          22s

NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.1.0.1       <none>        443/TCP        29m
service/nginx        NodePort    10.1.221.148   <none>        80:31326/TCP   10s
[root@master ~]# curl -I 192.168.13.142:31326  #状态返回码是200
HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 06 May 2020 08:48:07 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

访问: 192.168.13.142:31326 能访问到nginx界面
在这里插入图片描述

6.安装Kuboard

Kuboard 是 Kubernetes 的一款图形化管理界面。
你也可以参考官网安装Kuboard官网

[root@master ~]# kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml
[root@master ~]# kubectl apply -f https://addons.kuboard.cn/metrics-server/0.3.6/metrics-server.yaml
查看 Kuboard 运行状态:
[root@master ~]# kubectl get pods -l k8s.eip.work/name=kuboard -n kube-system
NAME                       READY   STATUS    RESTARTS   AGE
kuboard-7db58754b5-cq4gt   1/1     Running   0          6m57s

http://任意一个node节点的IP地址:32567/
在这里插入图片描述

[root@master ~]# echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJvYXJkLXVzZXItdG9rZW4tNWNybW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoia3Vib2FyZC11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGM1OTNmYzctOGZhYS0xMWVhLWFlOGYtMDAwYzI5ODE0ZWY4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmt1Ym9hcmQtdXNlciJ9.O2oyHkQKLLeyTG0cZk7KA1g-1y_MS09BNFA7lbi02Dzm1GwCXe9X2a55Vy9hqaxbHEcYDjBF9OA1kA5CpM7dPJgXN4Z-tlDGkYdbcB-nMR--uffXbomPM4xbRvHD_HAcRqEc7nFw9MVIGr5cb4vGGJU4yEdalY9cg4iigyA0Jb4GaoNB_oy4QFM4LKik8OaXXro8yfj0QdFkF0DygsleyVp0VcZAmzHw5W--UPf5gHXOiF-mF3vgRtgbGiQdy3rBYp6FVfDISM-hSBTxfn8HdlrQi19m4t2FWza-IIxFoHg2rRq1B1fLvjgDiJRsHzJOaOsY2Pd-m-nnTjr0pXYt5A

在这里插入图片描述
如果你中途报错了,不妨看看这篇文章
k8s报错:pod状态为pending,coredns的状态是pending的解决办法

Logo

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐