作者:李毓

kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具。

这个工具能通过两条指令完成一个kubernetes集群的部署:

创建一个 Master 节点
$ kubeadm init

将一个 Node 节点加入到当前集群中
$ kubeadm join <Master节点的IP和端口 >

1. 安装要求


  • 一台或多台机器,操作系统 CentOS7.x-86_x64
  • 硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘30GB或更多
  • 集群中所有机器之间网络互通
  • 可以访问外网,需要拉取镜像
  • 禁止swap分区

2.学习目标


  • 在所有节点上安装Docker和kubeadm
  • 部署Kubernetes Master
  • 部署容器网络插件
  • 部署 Kubernetes Node,将节点加入Kubernetes集群中
  • 部署Dashboard Web页面,可视化查看Kubernetes资源

3.准备环境

[root@k8s-master ~]# cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)

关闭防火墙:
$ systemctl stop firewalld
$ systemctl disable firewalld

关闭selinux:
$ sed -i 's/enforcing/disabled/' /etc/selinux/config 
$ setenforce 0

关闭swap:
$ swapoff -a  $ 临时
$ vim /etc/fstab  $ 永久

添加主机名与IP对应关系(记得设置主机名):
$ cat /etc/hosts
192.168.219.132 k8s-master
192.168.219.133 k8s-node1
192.168.219.134 k8s-node2

将桥接的IPv4流量传递到iptables的链:
$ cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system

更换阿里云YUM源
[root@k8s-master ~]# rm -rf /etc/yum.repos.d/*
[root@k8s-master ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
systemctl start docker && systemctl enable docker

添加阿里云加速器
[root@k8s-master ~]# mkdir -p /etc/docker
[root@k8s-master ~]# tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://38qjhfs2.mirror.aliyuncs.com"]
}
EOF

[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart docker

添加kubernetes阿里云yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装kubectl、kubelet、kubeadm

yum install kubectl kubelet kubeadm -y

systemctl enable kubelet && systemctl start kubelet

以下为只在master部署

部署 kubernetes master

 kubeadm init \
  --apiserver-advertise-address=192.168.219.132 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.18.0 \
  --service-cidr=10.1.0.0/16\
  --pod-network-cidr=10.244.0.0/16
出现以下提示表示安装成功
记录生成的最后部分内容,此内容需要在其它节点加入Kubernetes集群时执行。

    Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.219.132:6443 --token v6ikkp.r81cc0w4jxk3qzu3 \
    --discovery-token-ca-cert-hash sha256:080838261e0a9569ae465a579d0c4cd21ff443cd0aec460de9809de7dfacaa78 

创建kubectl

[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config

执行下面命令,使kubectl可以自动补全

[root@k8s-master ~]# source <(kubectl completion bash)

kubectl自动补全依赖bash-completion,可以测试下运行:

type _init_completion

如果报错则没有安装,运行下面命令安装

yum install bash-completion 

然后运行下面命令

echo "source /usr/share/bash-completion/bash_completion" >>  ~/.bashrc
echo 'source <(kubectl completion bash)' >>~/.bashrc
source ~/.bashrc

type _init_completion         #再次检查是否有正常内容输出

查看nodes信息
node节点为NotReady,因为corednspod没有启动,缺少网络pod

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS     ROLES    AGE   VERSION
k8s-master   NotReady   master   73m   v1.18.4
[root@k8s-master ~]# kubectl get pod --all-namespaces
NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   coredns-7ff77c879f-jjp5n             0/1     Pending   0          74m
kube-system   coredns-7ff77c879f-jrzhx             0/1     Pending   0          74m
kube-system   etcd-k8s-master                      1/1     Running   0          74m
kube-system   kube-apiserver-k8s-master            1/1     Running   0          74m
kube-system   kube-controller-manager-k8s-master   1/1     Running   0          74m
kube-system   kube-proxy-f6p5m                     1/1     Running   0          74m
kube-system   kube-scheduler-k8s-master            1/1     Running   0          74m

安装flannel 插件

[root@k8s-master ~]#kubectl apply -f 
https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db1
1b/Documentation/kube-flannel.yml

这里被墙了,需要单独下载kube-flannel.yml文件。

再执行
kubectl apply -f kube-flannel.yml
[root@k8s-master ~]# kubectl get pods --all-namespaces 
NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   coredns-7ff77c879f-jjp5n             1/1     Running   0          131m
kube-system   coredns-7ff77c879f-jrzhx             1/1     Running   0          131m
kube-system   etcd-k8s-master                      1/1     Running   0          131m
kube-system   kube-apiserver-k8s-master            1/1     Running   0          131m
kube-system   kube-controller-manager-k8s-master   1/1     Running   0          131m
kube-system   kube-flannel-ds-amd64-tj54j          1/1     Running   0          28s
kube-system   kube-proxy-f6p5m                     1/1     Running   0          131m
kube-system   kube-scheduler-k8s-master            1/1     Running   0          131m

在nodes执行添加节点的命令,之前拷贝的命令复制过来。

kubeadm join 192.168.219.132:6443 --token v6ikkp.r81cc0w4jxk3qzu3 \
    --discovery-token-ca-cert-hash sha256:080838261e0a9569ae465a579d0c4cd21ff443cd0aec460de9809de7dfacaa78 

可以看到集群建立成功

[root@k8s-master ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE    VERSION
k8s-master   Ready    master   141m   v1.18.4
k8s-node1    Ready    <none>   2m     v1.18.4
k8s-node2    Ready    <none>   20s    v1.18.4

在集群中建立一个pod,看是否能正常运行。

kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort

[root@k8s-master ~]# kubectl get pods,svc
NAME                        READY   STATUS    RESTARTS   AGE
pod/nginx-f89759699-k9gsg   1/1     Running   0          112s

NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.1.0.1       <none>        443/TCP        143m
service/nginx        NodePort    10.1.157.205   <none>        80:30135/TCP   9s

接下来部署Dashboard
和flannel一样,都是被墙了,需要自定义。并且暴露到外网。
kubectl apply -f recommended.yml

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 8000
      targetPort: 8000
      nodePort: 30001
  selector:
    k8s-app: dashboard-metrics-scraper
[root@k8s-master ~]# kubectl get pods -n kubernetes-dashboard 
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-6b4884c9d5-f5l46   1/1     Running   0          7m3s
kubernetes-dashboard-67768d44c-t8hsc         1/1     Running   0          7m3s

创建service account并绑定默认cluster-admin管理员集群角色:

kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding serviceaccounts-cluster-admin --clusterrole=cluster-admin --group=system:serviceaccounts
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk 
'/dashboard-admin/{print $1}')

30分钟部署kubernetes1.18