1.基础环境
OS:Centos7
A.系统基础环境准备
准备两台Centos7虚拟机
master、node节点各一台
配置:2vCPU 4G RAM
B.开始安装基础环境(两台节点同步)
更新软件包
[root@master ~]# yum update
安装wget
[root@master ~]# yum install wget -y
关闭防火墙及selinux
[root@master ~]# systemctl stop firewalld && systemctl disable firewalld
[root@master ~]# sed -i ‘s/^SELINUX=.*/SELINUX=disabled/’ /etc/selinux/config && setenforce 0
关闭 swap 分区
[root@master ~]# swapoff -a # 临时,为了不用重启才生效
[root@master ~]# sed -i.bak ‘/swap/s/^/#/’ /etc/fstab #重启了也保持生效,永久
分别设置主机名称
[root@master ~]# hostnamectl set-hostname master
[root@node ~]# hostnamectl set-hostname node
在所有主机上上添加如下命令
[root@master ~]# cat >> /etc/hosts << EOF
192.168.1.150 master
192.168.1.151 node
EOF
[root@node ~]# cat >> /etc/hosts << EOF
192.168.1.150 master
192.168.1.151 node
EOF
内核参数修改
br_netfilter模块加载
临时新增br_netfilter模块:
[root@master ~]# modprobe br_netfilter
注:这种方式重启后会失效
永久新增br_netfilter模块:
[root@master ~]# cat > /etc/rc.sysinit << EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
[root@master ~]# cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter
EOF
[root@master01 ~]# chmod 755 /etc/sysconfig/modules/br_netfilter.modules
内核参数临时修改
[root@master ~]# sysctl net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-iptables = 1
[root@master ~]# sysctl net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-ip6tables = 1
内核参数永久修改
[root@master ~]# cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
[root@master ~]# sysctl -p /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
设置kubernetes源
新增kubernetes源
[root@master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
Docker CE安装
安装依赖包
[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
设置Docker源
[root@master ~]# yum-config-manager –add-repo https://download.docker.com/linux/centos/docker-ce.repo
安装docker
[root@master ~]# yum install docker-ce-18.09.9 docker-ce-cli-18.09.9 containerd.io -y #安装指定的docker ce版本
启动Docker并设置开机自启动
[root@master ~]# systemctl start docker
[root@master ~]# systemctl enable docker #设置开机自启动
设置命令补全
安装bash-completion
[root@master ~]# yum -y install bash-completion
加载bash-completion
[root@master ~]# source /etc/profile.d/bash_completion.sh
配置镜像加速器和修改Cgroup Driver
[root@master ~]# source /etc/profile.d/bash_completion.sh
[root@master ~]# mkdir -p /etc/docker
[root@master ~]# tee /etc/docker/daemon.json <<-‘EOF’
{
“registry-mirrors”: [“https://x19jk9l1.mirror.aliyuncs.com”],
“exec-opts”: [“native.cgroupdriver=systemd”]
}
EOF
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
2.k8s安装
如下步骤均在master、node进行
安装kubelet、kubeadm和kubectl
[root@master ~]# yum install -y kubelet-1.16.4 kubeadm-1.16.4 kubectl-1.16.4 #安装指定的版本
启动kubelet
启动kubelet并设置开机启动
[root@master ~]# systemctl enable kubelet && systemctl start kubelet
kubectl命令补全
[root@master ~]# echo “source <(kubectl completion bash)” >> ~/.bash_profile
[root@master ~]# source .bash_profile
下载镜像并运行
新建一个shell脚本
[root@master ~]# vi image.sh
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/loong576
version=v1.16.4
images=(`kubeadm config images list –kubernetes-version=$version|awk -F ‘/’ ‘{print $2}’`)
for imagename in ${images[@]} ; do
docker pull $url/$imagename
docker tag $url/$imagename k8s.gcr.io/$imagename
docker rmi -f $url/$imagename
done
拉取k8s指定的镜像
[root@master ~]# chmod +x image.sh #授予执行权限
[root@master ~]# ./image.sh #执行脚本,拉取指定的镜像
[root@master ~]# docker images #查看拉取的镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-apiserver v1.16.4 3722a80984a0 12 months ago 217MB
k8s.gcr.io/kube-controller-manager v1.16.4 fb4cca6b4e4c 12 months ago 163MB
k8s.gcr.io/kube-scheduler v1.16.4 2984964036c8 12 months ago 87.3MB
k8s.gcr.io/kube-proxy v1.16.4 091df896d78f 12 months ago 86.1MB
k8s.gcr.io/etcd 3.3.15-0 b2756210eeab 15 months ago 247MB
k8s.gcr.io/coredns 1.6.2 bf261d157914 16 months ago 44.1MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 2 years ago 742kB
3.初始化Master
如下步骤仅在master进行
配置kubeadm
[root@master ~]# vi kubeadm-config.yaml #新建yaml文件,controlPlaneEndpoint:的IP是master的IP
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.16.4
apiServer:
certSANs:
– master
– node
– 192.168.1.150
– 192.168.1.151
controlPlaneEndpoint: “192.168.1.150:6443”
networking:
podSubnet: “10.244.0.0/16”
master初始化
[root@master ~]# kubeadm init –config=kubeadm-config.yaml
留意记住kubeadm join执行完毕的日志,node加入需要输出的提示命令(如下是我截取我的初始化OK的日志片段,红色部分要记录下来)
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join 192.168.1.150:6443 –token t6njzx.pryjwydkmi7qapkn \
–discovery-token-ca-cert-hash sha256:f46856a870817212b5c1fb0b2f3523b6c00a685b1e665e466617110019f13632 \
–control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.1.150:6443 –token t6njzx.pryjwydkmi7qapkn \
–discovery-token-ca-cert-hash sha256:f46856a870817212b5c1fb0b2f3523b6c00a685b1e665e466617110019f13632
加载环境变量
[root@master ~]# echo “export KUBECONFIG=/etc/kubernetes/admin.conf” >> ~/.bash_profile
[root@master ~]# source .bash_profile
安装flannel网络
在master创建flannel网络
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
4.Node节点加入集群
如下步骤在node节点进行
[root@master ~]# kubeadm join 192.168.1.150:6443 –token t6njzx.pryjwydkmi7qapkn \
–discovery-token-ca-cert-hash sha256:f46856a870817212b5c1fb0b2f3523b6c00a685b1e665e466617110019f13632
……
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run ‘kubectl get nodes’ on the control-plane to see this node join the cluster. #看到这个日志片段是证明加入完成
加入后在master验证
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady master 5m7s v1.16.4
node NotReady <none> 4m8s v1.16.4
[root@master ~]# kubectl get nodes #稍等一会儿后,状态为Ready,验证OK
NAME STATUS ROLES AGE VERSION
master Ready master 5m34s v1.16.4
node Ready <none> 4m35s v1.16.4
5.Dashboard搭建
如下步骤在Master节点进行
下载yaml
[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
配置yaml
修改镜像地址
[root@master~]# sed -i ‘s/kubernetesui/registry.cn-hangzhou.aliyuncs.com\/loong576/g’ recommended.yaml
设置暴露端口
[root@master ~]# sed -i ‘/targetPort: 8443/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort’ recommended.yaml
新增管理员帐号
[root@master ~]# cat >> recommended.yaml << EOF
—
# ——————- dashboard-admin ——————- #
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kubernetes-dashboard
—
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
subjects:
– kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
部署Dashboard
[root@master ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
查看状态
[root@master ~]# kubectl get all -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-5f4bf8c7d8-jplms 1/1 Running 0 24s
pod/kubernetes-dashboard-8478d57dc6-88tk2 1/1 Running 0 25s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.99.95.147 <none> 8000/TCP 24s
service/kubernetes-dashboard NodePort 10.106.240.141 <none> 443:30001/TCP 25s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dashboard-metrics-scraper 1/1 1 1 24s
deployment.apps/kubernetes-dashboard 1/1 1 1 25s
NAME DESIRED CURRENT READY AGE
replicaset.apps/dashboard-metrics-scraper-5f4bf8c7d8 1 1 1 24s
replicaset.apps/kubernetes-dashboard-8478d57dc6 1 1 1 25s
令牌查看(橙色的显示是登录令牌)
[root@master ~]# kubectl describe secrets -n kubernetes-dashboard dashboard-admin
Name: dashboard-admin-token-5xw4z
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 7377746f-59ab-4497-bfe6-bd6a52cd2bd5
Type: kubernetes.io/service-account-token
Data
====
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlQyMk5ySEhJeU40ZnViV2ZyLWpRMG1uT01xRWNpZHBZeEQyakV2dEI4dkEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNXh3NHoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNzM3Nzc0NmYtNTlhYi00NDk3LWJmZTYtYmQ2YTUyY2QyYmQ1Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.K2Q3q2jt7fGWhGoDs8fLXqXfMneHiR1LYsjdTJECfdSRblvLJYB4hrMHn0s_iMzBoOmlfc6f5pteR1noXcMizbHpCPOq0s6uf502lcphJ4Um7Q46bVQ0lAJavgzHD5XIfkNHo-7Y49qGu1F3wwey3O9Ldtair-oMyeKIFAFO3tb36dCh7tuv9ZRcxEK_xkg9kjf0MQhw58f_zb37dkM2JdHnuWrIMb3UgPfaYQTxpRNMq-q_t2moCiLidWGf7CK8iXcMk4BvpmCFccD7PcvvO3o6CEpESb-dRV9tk4VInYSd9zarRXfcE49CLRzmGzZ-WZVb8iXIfBgjcQQFOradVw
6.Dashboard登录演示
注意:需要用火狐浏览器
Token处填入橙色的长串的字段
原创文章,作者:admin,如若转载,请注明出处:https://www.starz.top/2020/12/13/k8s%e7%b3%bb%e5%88%97%e4%b9%8b%e6%90%ad%e5%bb%bak8s-lab/
相关推荐
-
虚拟化系列之iSCSI存储安装
1.准备 OS镜像 openfileresa-2.99.1-x86_64-disc 虚拟机设置 安装过程省略。因为安装过程比安装很多OS要简单,只需要下一步,配置…
-
Docker实施之部署篇
1.安装前的准备 本次安装部署以rhel7的环境进行部署 准备yum源 *挂载ISO镜像配置本地yum源 *配置本地网络repo服务器提供的yum源 >进入/etc/yum….
-
DEVOPS系列-部署DEVOPS一体化环境
一、环境介绍 下面环境部署集成在一台机器上 Jenkins JDK环境 Jenkins环境 Gitlab环境 Gitlab安装配置文件(基于docker-compose快速安装) …
-
虚拟化系列之构建iSCSI存储网络
1.配置iSCSI网络 上次已经配置iSCSI的存储服务器,现在配置一下ESXI主机连接iSCSI的存储 首先配置好iSCSI的网络 新建iSCSI的虚拟交换机 由于需要构建冗余的…
-
快速高效部署k8s高可用集群
一、安装组件准备 节点规划 HA(Keepalived+haproxy) 安装的服务器: 2. DOCKER CE安装包 这里用ansible进行对6个节点进行安装 3. 其他的R…
-
K8S部署wordpress(整合多个k8s技术点)
1.部署NFS-SERVER [root@nfs-server k8s]# hostnamectl set-hostname NFS-Server [root@nfs-server…
-
搭建Harbor仓库
1.基础环境准备 1.1关闭防火墙和selinux systemctl stop firewalld systemctl disable firewalld setenforce …
-
DEVOPS系列–Gitlab的部署和参数设置
一、部署gitlab 1.基于docker-compose环境部署gitlab 2. 默认密码查看 3. 设置ssh-key 二、gitlab的使用 1.新建项目 创建后会得到一个…
-
Docker实施之镜像与容器使用
1.Docker的常用命令 镜像的搜索docker search例docker search nginx镜像的拉取docker pull nginx 镜像查看docker imag…
-
openshift环境部署
1.基础环境准备(以下步骤所有节点进行) 1.1主机名: hostnamectl set-hostname ocp-master hostnamectl set-hostname …
