[TOC]
一、安装先决条件和集群规划
1.1 环境配置
以下操作在所有节点执行
- 关闭防火墙:
systemctl stop firewalld
systemctl disable firewalld
- 禁用SELinux ,让容器可以读取主机文件系统:
setenforce 0
sed -i 's/enforcing/disabled/' /etc/selinux/config
- 校正时间:
date
- 安装ntp
yum install -y ntp
- 同步时间
ntpdate cn.pool.ntp.org
- 关闭swap K8S中不支持swap分区
swapoff -a
vim /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0
1.2 集群规划
- docker 版本: 19.03.5
- kubelet 版本: V1.16.3
- kubeadm 版本: v1.16.3
| 角色 | 主机名 | IP 地址 | 配置信息 |
|---|---|---|---|
| Master | k8s-master | 192.168.92.10 | 2核4G内存 |
| Node | k8s-slave01 | 192.168.92.11 | 2核4G内存 |
| Node | k8s-slave02 | 192.168.92.12 | 2核4G内存 |
以下操作在所有节点执行
更改hosts文件添加主机名与IP映射关系
vim /etc/hosts
192.168.92.10 k8s-master
192.169.92.11 k8s-slave01
192.168.92.12 k8s-slave02
将桥接的IPV4流量传递到iptables的链
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 0
net.ipv4.ip_forward= 1
EOF
载入配置:
sysctl --system
允许自动登录:
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
二、安装Docker
以下操作在所有节点执行
1.卸载旧版本
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
2.安装并运行Docker[使用存储库进行安装]
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
3.设置稳定的存储库。
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
4. 安装docker
sudo yum install docker-ce
sudo systemctl start docker
sudo systemctl enable docker
5.检查安装结果
# docker info
出现如下信息,则docker安装成功
Kernel Version: 3.10.0-693.17.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 1
Total Memory: 1.359 GiB
Name: localhost.localdomain
ID: KE6P:FAHI:ZYWT:AUWU:NVFG:6JRF:33ZS:AT4X:63QZ:ICYW:PUTO:V4ZB
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Registries: docker.io (secure)
三、安装kubeadm工具
以下操作所有节点进行
1.添加kerbernets镜像文件信息
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2.安装kubeadm工具
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
2.设置开机自启动
systemctl enable kubelet && systemctl start kubelet
3.查看kubeadm、kubelet版本
kubelet --version
kubeadm version
三、安装master节点
以下步骤在主节点进行
1.初始化配置安装参数
kubeadm config print init-defaults > init.default.yaml
初始化结果如下:
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: localhost.localdomain
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
2.下载kubernetes相关镜像
添加docker镜像仓库信息:
echo '{"registry-mirrors":["https://registry.docker-cn.com"]}' > /etc/docker/daemon.json
cat /etc/docker/daemon.json
重启docker容器
systemctl restart docker
修改初始化打印文件名为:init-config.yaml
mv init-default.yaml intit-config.yaml
修改init-config.yaml 文件,修改镜像地址信息:
imageRepository: registry.aliyuncs.com/google_containers
删除无用信息,最终配置文件如下,如多配置,会导致Master节点安装失败:
apiVersion: kubeadm.k8s.io/v1beta2
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.16.0
networking:
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
根据初始化的参数文件进行相关镜像下载:
kubeadm config images pull --config=init-config.yaml
根据下载的镜像安装Master
kubeeadm init --config=init-config.yaml
安装成功后会有如下类似提示:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.92.10:6443 --token 4nmcwj.ebrnxqyks0rmkgki \
--discovery-token-ca-cert-hash sha256:3d246361bc34b33cd7c60eb6a19e74a13842a4a810128b890c0f06c23065a28a
按提示操作:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
此时查看雁阵kubeadm-config 的ConfigMap对象:
kubectl get -n kube-system configmap
查看安装状态:
[root@k8s-master k8s]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 17m v1.16.3
四、安装CNI网络通信插件
1.安装CNI插件
此处采用kube-flannel
mkdir flannel && cd flannel
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubekubectl apply -f kube-flannel.yml
flannel支持的模式:
flannel支持多种模型
VxLAN #vxLAN有以下两种模式
(1) vxlan #叠加网络或者隧道网络,通过封装网络报文的方式使不同网段的pod之间可以通讯
(2) Directrouting #直接使用主机的IP地作为网关,通过主机路由的方式与目标pod进行通讯,当目标pod与当前pod不在同一三层网络内,会自动降级为VxLAN模式
host-gw: Host GateWay #与VxLAN的Directrouting模式相同,当目标pod与当前pod不在同一三层网络内时,pod之间无法通讯
UDP: #早期由于Linux内核不支持VxLAN,host-gw又有非常高的入门门槛,udp是flannel最早期使用的模式,由于使用普通的udp报文通讯,性能非常差,在可以使用前面两种模式的情况下请勿使用该模式
如安装不成功,手动下载镜像并修改镜像名为yml镜像名:
docker pull quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
docker tag quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64
查看集群状态:
[root@k8s-master flannel]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 5m43s v1.16.3
TIPS:
- 如果master安装失败,执行
kubeadm reset #重置主机,之后重新执行kubeadm init再次安装
- 如果 Pod 错误,需要执行如下命令查看Pod错误信息
kubectl --namespace=kube-system describe pod <pod_name>
五、node节点加入集群
先决条件: 已经安装kubelet kubeadm
1.创建节点加入配置文件 join-config.yaml
vim /home/k8s/join-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: JoinConfiguration
discovery:
bootstrapToken:
apiServerEndpoint: 192.168.92.10:6443
token: 4nmcwj.ebrnxqyks0rmkgki
unsafeSkipCAVerification: true
tlsBootstrapToken: 4nmcwj.ebrnxqyks0rmkgki
其中 token 和 tlsBootstrapToken 来自Master安装后的提示末尾信息, 如果忘记了token信息和证书信息可使用以下命令查询:
- 查询token信息
kubeadm token list
token 24小时失效
可使用如下命令重新创建
kubeadm token create
- 查询ca证书hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
2.node节点加入集群
以下操作适用于node1和node2
kubeadm join --config=join-config.yaml
节点加入成功会有如下信息:
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.5. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.16" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
如果节点加入超时,请执行如下命令:
swapoff -a
kubeadm reset
systemctl daemon-reload
systemctl restart kubelet
并手动在node节点下载flannel镜像:
docker pull quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64
docker tag quay-mirror.qiniu.com/coreos/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64
剔除节点并重新加入
节点剔除:
【master执行】
kubectl drain k8s-slave2 --delete-local-data --ignore-daemonsets
kubectl delete node k8s-slave2
node退出节点执行:
kubeadm reset
六、常用命令:
1.查看所加入节点
[root@k8s-master kubernetes]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 101m v1.16.3
k8s-slave1 Ready <none> 41s v1.16.3
k8s-slave2 Ready <none> 11m v1.16.3
2.查看所有Pod命令
kubectl get pod --all-namespaces
七、安装k8s dashboard
- dashboard版本:V2.0.0.0-beta8
- metrics Scaraper版本: v1.0.1
1.下载yaml文件
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
如果无法下载请下载离线安装yaml文件,由于文件和镜像被墙,请采用笔者分享的最新的镜像版本手动下载后导入镜像
2.下载dashboard镜像
由于dashboard镜像无法在国内下载,需要手动下载镜像到node1和node2,请手动导入镜像到node1和node2到docker镜像中
- 导入镜像命令:
docker load< dashboard-2.0.0-beata.tar
docker load< metrics-scraper-1.0.0.1.tar
- 修改导入的镜像名称
docker tag xxxx kubernetesui/dashboard:v2.0.0-beta8 ## xxx为你刚才导入的镜像ID
docker tag xxxx kubernetesui/metrics-scraper:v1.0.1
3.安装dashboard
环境准备工作做好后,检查下节点状态OK后进行dashboard安装,以上操作如果你可以直接下载资源,可不用手动下载配置文件和镜像资源,直接开始安装
- 安装dashboard [主节点进行]
kubectl apply -f recommended.yaml
等待安装完成,值的说明的是,需要创建一个管理员账号和角色方可登录dashboard系统,因此创建角色和账号,新的dashboard采用了新的命名空间,与kube-system命名空间进行了分离,需要注意此处内容
- 查看dashboard-adminuser.yaml,注意nameSpace
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
执行角色创建
kubectl apply -f dashboard-adminuser.yaml
查看密钥创建信息
kubectl get secret -n kubernetes-dashboard
用户和角色创建后,我们需要创建https证书便于浏览器查看系统
- 生成client-certificate-data
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
- 生成client-key-data
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
- 生成p12,不要随便输入,要用此密码在浏览器导入证书
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
生成后将有以下文件信息:
配置文件信息
将kubecfg.p12文件下载到电脑卓明,点击chrome浏览器设置,点击高级,点击证书管理,
点击导入
QNCJZd.png
选择文件,输入刚才生成证书的密码,候选选择默认,最终会提示完成,点击退出,重启浏览器
QNCwz8.png
完成后我们需要看下dashboard 的pod是否正常,查看一下所有pod信息
[root@k8s-master dashboard]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-58cc8c89f4-8tfwv 1/1 Running 3 4h14m
kube-system coredns-58cc8c89f4-tnt4l 1/1 Running 4 4h14m
kube-system etcd-k8s-master 1/1 Running 4 4h13m
kube-system kube-apiserver-k8s-master 1/1 Running 4 4h13m
kube-system kube-controller-manager-k8s-master 1/1 Running 5 4h13m
kube-system kube-flannel-ds-amd64-5ddlb 1/1 Running 5 4h9m
kube-system kube-flannel-ds-amd64-svdt4 1/1 Running 2 4h5m
kube-system kube-flannel-ds-amd64-wcd9f 1/1 Running 2 4h3m
kube-system kube-proxy-cq724 1/1 Running 1 4h5m
kube-system kube-proxy-l52m7 1/1 Running 3 4h14m
kube-system kube-proxy-zzs5c 1/1 Running 1 4h3m
kube-system kube-scheduler-k8s-master 1/1 Running 4 4h13m
kubernetes-dashboard dashboard-metrics-scraper-76585494d8-txftz 1/1 Running 2 3h11m
kubernetes-dashboard kubernetes-dashboard-7bb44758b6-kbgqs 1/1 Running 1 3h11m
可以清楚的看到,dashboard是在Runing状态,且在kubernetes-dashboard命名空间内,然后查看一下具体的运行状态细信息
kubectl describe -n kubernetes-dashboard pod kubernetes-dashboard-7bb44758b6-kbgqs
如果提示启动容器成功等消息,证明我们的dashboard是没有问题的
- 查看代理节点信息
[root@k8s-master dashboard]# kubectl cluster-info
Kubernetes master is running at https://192.168.92.10:6443
KubeDNS is running at https://192.168.92.10:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump
4.访问dashboard
浏览器输入代理地址信息:
https://192.168.92.10:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
上述IP为你Master节点的信息,端口来源于代理节点信息查询结果,请根据自己部署的IP进行查看系统。
输入后首先需要确认证书,点击同意,之后打开了登录界面,选择 token
- master节点查询tokne
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin | awk '{print $1}')
以上命令注意查询的命名空间,避免查错管理员token而导致进入后提示部分模块无法查询,缺少权限等。
输入token后就可以看到k8s dashboard面板了
dashboard
5.安装失败后的一些处理方法
如果安装失败可以删除dashboard和角色重新安装
- 删除dashboard
kubectl delete -f recommended.yaml
- 删除角色信息
kubelct delete -f dashboard-adminuser.yaml
本文由博客一文多发平台 OpenWrite 发布!
网友评论