30分钟部署kubernetes1.18

精选原创

李毓的运维之路 2020-06-21 02:16:38 ©著作权

文章标签 k8s 文章分类 运维

©著作权归作者所有：来自51CTO博客作者李毓的运维之路的原创作品，请联系作者获取转载授权，否则将追究法律责任

作者：李毓

kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具。

这个工具能通过两条指令完成一个kubernetes集群的部署：

创建一个 Master 节点
$ kubeadm init
 
将一个 Node 节点加入到当前集群中
$ kubeadm join <Master节点的IP和端口 >

1. 安装要求

一台或多台机器，操作系统 CentOS7.x-86_x64
硬件配置：2GB或更多RAM，2个CPU或更多CPU，硬盘30GB或更多
集群中所有机器之间网络互通
可以访问外网，需要拉取镜像
禁止swap分区

2.学习目标

在所有节点上安装Docker和kubeadm
部署Kubernetes Master
部署容器网络插件
部署 Kubernetes Node，将节点加入Kubernetes集群中
部署Dashboard Web页面，可视化查看Kubernetes资源

3.准备环境

[root@k8s-master ~]# cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)

关闭防火墙：
$ systemctl stop firewalld
$ systemctl disable firewalld
 
关闭selinux：
$ sed -i 's/enforcing/disabled/' /etc/selinux/config 
$ setenforce 0
 
关闭swap：
$ swapoff -a  $ 临时
$ vim /etc/fstab  $ 永久
 
添加主机名与IP对应关系（记得设置主机名）：
$ cat /etc/hosts
192.168.219.132 k8s-master
192.168.219.133 k8s-node1
192.168.219.134 k8s-node2
 
将桥接的IPv4流量传递到iptables的链：
$ cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system

更换阿里云YUM源
[root@k8s-master ~]# rm -rf /etc/yum.repos.d/*
[root@k8s-master ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
systemctl start docker && systemctl enable docker

添加阿里云加速器
[root@k8s-master ~]# mkdir -p /etc/docker
[root@k8s-master ~]# tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://38qjhfs2.mirror.aliyuncs.com"]
}
EOF

[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart docker

添加kubernetes阿里云yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF


安装kubectl、kubelet、kubeadm

yum install kubectl kubelet kubeadm -y

systemctl enable kubelet && systemctl start kubelet

以下为只在master部署

部署 kubernetes master

 kubeadm init \
  --apiserver-advertise-address=192.168.219.132 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.18.0 \
  --service-cidr=10.1.0.0/16\
  --pod-network-cidr=10.244.0.0/16
	
	```
	
	
	出现以下提示表示安装成功
	记录生成的最后部分内容，此内容需要在其它节点加入Kubernetes集群时执行。

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.219.132:6443 --token v6ikkp.r81cc0w4jxk3qzu3
--discovery-token-ca-cert-hash sha256:080838261e0a9569ae465a579d0c4cd21ff443cd0aec460de9809de7dfacaa78



创建kubectl

[root@k8s-master ~]# mkdir -p $HOME/.kube [root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config


执行下面命令，使kubectl可以自动补全

[root@k8s-master ~]# source <(kubectl completion bash)

kubectl自动补全依赖bash-completion，可以测试下运行：

type _init_completion

如果报错则没有安装，运行下面命令安装

yum install bash-completion

然后运行下面命令

echo "source /usr/share/bash-completion/bash_completion" >> ~/.bashrc echo 'source <(kubectl completion bash)' >>~/.bashrc source ~/.bashrc

type _init_completion #再次检查是否有正常内容输出



查看nodes信息
node节点为NotReady，因为corednspod没有启动，缺少网络pod

[root@k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master NotReady master 73m v1.18.4 [root@k8s-master ~]# kubectl get pod --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-7ff77c879f-jjp5n 0/1 Pending 0 74m kube-system coredns-7ff77c879f-jrzhx 0/1 Pending 0 74m kube-system etcd-k8s-master 1/1 Running 0 74m kube-system kube-apiserver-k8s-master 1/1 Running 0 74m kube-system kube-controller-manager-k8s-master 1/1 Running 0 74m kube-system kube-proxy-f6p5m 1/1 Running 0 74m kube-system kube-scheduler-k8s-master 1/1 Running 0 74m

安装flannel 插件

[root@k8s-master ~]#kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db1 1b/Documentation/kube-flannel.yml

这里被墙了，需要单独下载kube-flannel.yml文件。

再执行 kubectl apply -f kube-flannel.yml [root@k8s-master ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-7ff77c879f-jjp5n 1/1 Running 0 131m kube-system coredns-7ff77c879f-jrzhx 1/1 Running 0 131m kube-system etcd-k8s-master 1/1 Running 0 131m kube-system kube-apiserver-k8s-master 1/1 Running 0 131m kube-system kube-controller-manager-k8s-master 1/1 Running 0 131m kube-system kube-flannel-ds-amd64-tj54j 1/1 Running 0 28s kube-system kube-proxy-f6p5m 1/1 Running 0 131m kube-system kube-scheduler-k8s-master 1/1 Running 0 131m

在nodes执行添加节点的命令，之前拷贝的命令复制过来。

kubeadm join 192.168.219.132:6443 --token v6ikkp.r81cc0w4jxk3qzu3
--discovery-token-ca-cert-hash sha256:080838261e0a9569ae465a579d0c4cd21ff443cd0aec460de9809de7dfacaa78

		
可以看到集群建立成功

[root@k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master Ready master 141m v1.18.4 k8s-node1 Ready <none> 2m v1.18.4 k8s-node2 Ready <none> 20s v1.18.4


在集群中建立一个pod，看是否能正常运行。

kubectl create deployment nginx --image=nginx kubectl expose deployment nginx --port=80 --type=NodePort

[root@k8s-master ~]# kubectl get pods,svc NAME READY STATUS RESTARTS AGE pod/nginx-f89759699-k9gsg 1/1 Running 0 112s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 143m service/nginx NodePort 10.1.157.205 <none> 80:30135/TCP 9s


接下来部署Dashboard
和flannel一样，都是被墙了，需要自定义。并且暴露到外网。
kubectl apply -f recommended.yml

kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 8000 targetPort: 8000 nodePort: 30001 selector: k8s-app: dashboard-metrics-scraper

[root@k8s-master ~]# kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-6b4884c9d5-f5l46 1/1 Running 0 7m3s kubernetes-dashboard-67768d44c-t8hsc 1/1 Running 0 7m3s


创建service account并绑定默认cluster-admin管理员集群角色：

kubectl create serviceaccount dashboard-admin -n kube-system kubectl create clusterrolebinding serviceaccounts-cluster-admin --clusterrole=cluster-admin --group=system:serviceaccounts kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')




![](https://s4.51cto.com/images/blog/202006/21/c61b78b7fe0d0862220d2e14d170865f.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=)