kubeadm安装kubernetes集群v1.14.3

时间  2019-11-08
标签 kubeadm 安装 kubernetes 集群 v1.14.3 栏目 负载均衡 繁體版
原文   原文链接

1、各相关组件及机器环境 (如下步骤每台master和node都须要操做)html

OS:CentOS 7.5 x86_64node

Container runtime:Docker 18.06.celinux

Kubernetes:1.14.3git

  IP地址   主机名 角色     CPU      Memory
   192.168.100.150  master.ilinux.io        master              >=2c          >=2G    
 192.168.100.156 node01.ilinux.io  node       >=2c   >=2G
 192.168.100.157 node02.ilinux.io node       >=2c   >=2G

一、编辑Master和各node的/etc/hosts,解析以下github

192.168.100.150 master.ilinux.io  master
192.168.100.156 node01.ilinux.io  node01
192.168.100.157 node02.ilinux.io  node02

二、主机时间同步(这里同步互联网时间)chrome

[root@master ~]# systemctl enable chronyd.service
[root@master ~]# systemctl status chronyd.service

三、关闭防火墙和Selinux服务docker

[root@node03 ~]# systemctl stop firewalld &&  systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

[root@master ~]# setenforce 0

[root@master ~]# vim /etc/selinux/config

SELINUX=disabled

四、禁用Swap设备(可选操做)vim

[root@master ~]# swapoff -a
[root@master ~]# sed -i 's/.*swap.*/#&/' /etc/fstab

2、部署kubernetes集群api

五、在Master及各Node安装Docker、kubelet及kubeadm,并以守护进程的方式启动Docker和Kuberlet 浏览器

     Docker的安装参照以前博客 http://www.javashuo.com/article/p-tihursoc-by.html

一、配置内核参数,将桥接的IPv4流量传递到iptables的链 (每台master和node都须要操做)
[root@master ~]# cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

[root@master ~]# sysctl --system

二、配置国内kuberneetes的yum源,因为网络缘由,中国没法直接链接到google的网络,须要配置阿里云的yum源(每台master和node都须要操做)
[root@master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

三、[root@master ~]# yum install -y kubelet kubeadm kubectl
[root@node01 ~]# yum install -y kubelet kubeadm
Kubelet负责与其余节点集群通讯,并进行本节点Pod和容器生命周期的管理。Kubeadm是Kubernetes的自动化部署工具,下降了部署难度,提升效率。Kubectl是Kubernetes集群管理工具
舒适提示:若是yum安装提示找不到镜像之类的,请yum makecache更新下yum源

四、[root@master ~]# systemctl daemon-reload

五、[root@master ~]# systemctl start kubelet && systemctl enable kubelet    //master和node节点都要启动kubelet

六、初始化集群,在master上执行kubeadm init

[root@master ~]#
kubeadm init --kubernetes-version=1.14.3 \
--apiserver-advertise-address=192.168.100.150 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16

//如下是执行完毕后输出的部分信息
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.100.150:6443 --token cxins6.pxbyomo4pp1mnrao \
    --discovery-token-ca-cert-hash sha256:35876ef6f2e5fe7eb5c7bb709dbd5e09d0e9e7d3adf41cbe708eec4fb586c8d6
  • --kubernetes-version 正在使用的Kubernetes程序组件的版本号,须要与kubelet 的版本号相同 。
  • --pod-network-cidr : Pod网络的地址范围,其值为CIDR格式的网络地址;使用flannel网络插件时,其默认地址为10.244.0.0/16 。
  • --service-cidr: Service 的网络地址范围,其值为CIDR格式的网络地址,默认地址为10.96.0.0/12 。
  • --apiserver-advertise-address : API server通告给其余组件的IP地址 ,通常应该为Master节点的 IP 地址,0.0.0.0 表示节点上全部可用的地址 。

七、配置kubectl工具

[root@master ~]# mkdir -p /root/.kube

[root@master ~]# sudo cp /etc/kubernetes/admin.conf /root/.kube/config

[root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
etcd-0               Healthy   {"health":"true"}   
controller-manager   Healthy   ok                  
scheduler            Healthy   ok

 上面的STATUS结果为"Healthy",表示组件处于健康状态,不然须要检查错误,若是排除不了问题,可使用"kubeadm reset" 命令重置集群后从新初始化

[root@master ~]# kubectl get nodes
NAME               STATUS     ROLES    AGE   VERSION
master.ilinux.io   NotReady   master   10m   v1.14.3

 此时的Master处于"NotReady"(未就绪),由于集群中还没有安装网络插件,部署完网络后会ready,下面部署flannel

八、部署flannel网络,只在master上部署

[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

下面看下集群的状态

[root@master ~]# kubectl get nodes
NAME               STATUS   ROLES    AGE   VERSION
master.ilinux.io   Ready    master   17m   v1.14.3

集群处于Ready状态,node节点能够加入集群中

九、node节点加入集群

[root@node01 ~]# kubeadm join 192.168.100.150:6443 --token 2dt1wp.oudskargctjss991 \
    --discovery-token-ca-cert-hash sha256:15aa0537c14d50df4fc9f45b6bdff0c30f8ef7114463a12e022e33619936266c

//如下是部分输出信息

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

执行完毕后稍等一会,在主节点上查看集群的状态,到这里咱们一个最简单的包含最核心组件的集群搭建完毕!

[root@master ~]# kubectl get nodes
NAME               STATUS   ROLES    AGE     VERSION
master.ilinux.io   Ready    master   34m     v1.14.3
node01.ilinux.io   Ready    <none>   6m14s   v1.14.3
node02.ilinux.io   Ready    <none>   6m8s    v1.14.3

3、安装其余附件组件

 十、查看集群的API通告地址

[root@master ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.100.150:6443
KubeDNS is running at https://192.168.100.150:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

 查看集群的版本

[root@master ~]# kubectl version --short
Client Version: v1.14.3
Server Version: v1.14.3

十一、安装dashboard,使用UI界面管理集群

一、建立dashboard的yaml文件
[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

二、修改部分配置文件内容

[root@master ~]# sed -i 's/k8s.gcr.io/loveone/g' kubernetes-dashboard.yaml
[root@master ~]# sed -i '/targetPort:/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' kubernetes-dashboard.yaml

三、部署dashboard
[root@master ~]# kubectl create -f kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created

四、建立完成后,检查各服务运行状态
[root@master ~]# kubectl get deployment kubernetes-dashboard -n kube-system
NAME                   READY   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard   1/1     1            1           89s

[root@master ~]# kubectl get services -n kube-system
NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
kube-dns               ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP   61m
kubernetes-dashboard   NodePort    10.102.234.209   <none>        443:30001/TCP            16m
[root@master ~]# netstat -ntlp|grep 30001
tcp6       0      0 :::30001                :::*                    LISTEN      17306/kube-proxy

使用Firefox浏览器输入Dashboard访问地址:https://192.168.100.150:30001 

这里使用其余如chrome会提示安全问题没法链接!!!

查看访问Dashboard的token
[root@master ~]# kubectl create serviceaccount  dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@master ~]# kubectl create clusterrolebinding  dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name:         dashboard-admin-token-9hglw
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 30efdd50-92bd-11e9-91e3-000c296bd9bc

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOWhnbHciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMzBlZmRkNTAtOTJiZC0xMWU5LTkxZTMtMDAwYzI5NmJkOWJjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Bg9FOIr6RkepjCFav8tbkbTALGEX7bZJMNOYMOrYhFPhnhCs1RSxop7pCGBtdjug_Zpsb9UJ1WNWTsCInUlMYtSHkbaqVLZQEdIgD6jGb177CxIZBcCuxmxxQm0JMJdYjc6Y_1wYSTJGHtmWOHa70pUEcKo9I0LonTUfHCZh5PgS3JrwiTrsqe1RGyz3Jz4p9EIVPfcxmKCowSuapinOTezAWK2XAUhk2h5utXgag6RRnrPcHtlncZzW5fMTSfdAZv5xlaI64AM__qiwOTqyK-14xkda5nbk9DGhN5UwhkHzyvU6ApGT7A9Tr3j3QkMov9gEyVIDbSbBaSj8xBt36Q

 

相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程