Kubernetes(K8s) 安装(使用kubeadm安装Kubernetes集群)
<p>概述:</p><p> 这篇文章是为了介绍使用kubeadm安装Kubernetes集群(可以用于生产级别)。使用了Centos 7系统。</p>
<p>PS:</p>
<p> 篇幅有点长,但是比较详细、比较全面。(<span style="color: rgba(255, 0, 0, 1)">请注意文章最后分享的word文档,可以解决DNS的问题</span>)</p>
<h1>一、Centos7 配置说明</h1>
<h2>1.1 Firewalld(防火墙)</h2>
<p> CentOS Linux 7 默认开起来防火墙服务(firewalld),而Kubernetes的Master与工作Node之间会有大量的网络通信,安全的做法是在防火墙上配置Kbernetes各组件(api-server、kubelet等等)需要相互通信的端口号。在安全的内部网络环境中可以关闭防火墙服务。</p>
<p>关闭防火墙的命令:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> firewall-cmd --state #查看防火墙状态</span>
<span style="color: rgba(0, 128, 128, 1)">2</span> <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> systemctl stop firewalld.service #停止firewall</span>
<span style="color: rgba(0, 128, 128, 1)">3</span> <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> systemctl disable firewalld.service #禁止firewall开机启动</span></pre>
</div>
<p><strong><em>如果你不想关闭防火墙,请把以下端口开放(在防火墙开放以下端口)</em></strong></p>
<h2><img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200420101140629-474350150.png" alt=""></h2>
<h2> 1.2 SELinux</h2>
<p> 建议禁用SELinux,让容器可以读取主机文件系统</p>
<p> 执行命令:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> getenforce #查看selinux状态</span>
<span style="color: rgba(0, 128, 128, 1)">2</span> <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> setenforce 0 #临时关闭selinux</span>
<span style="color: rgba(0, 128, 128, 1)">3</span> <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config#永久关闭(需重启系统)</span>
<span style="color: rgba(0, 128, 128, 1)">4</span> <span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> shutdown -r now #重启系统</span></pre>
</div>
<h1>二、安装准备工作</h1>
<h2 align="left">2.1 安装环境</h2>
<table style="height: 176px; width: 598px" border="1" cellspacing="0" cellpadding="0" align="left">
<tbody>
<tr>
<td valign="top" width="141">
<p align="center"><strong>软硬件</strong></p>
</td>
<td valign="top" width="227">
<p align="center"><strong>最低配置</strong></p>
</td>
<td valign="top" width="184">
<p align="center"><strong>推荐配置</strong></p>
</td>
</tr>
<tr>
<td valign="top" width="141">
<p><strong>CPU和内存</strong></p>
</td>
<td valign="top" width="227">
<p>Master: 至少2 Core和4G内存</p>
<p>Node:至少4 Core和16G内存</p>
</td>
<td valign="top" width="184">
<p>Master:4 core和16G内存</p>
<p>Node:应根据需要运行的容器数量进行配置</p>
</td>
</tr>
<tr>
<td valign="top" width="141">
<p><strong>Linux操作系统</strong></p>
</td>
<td valign="top" width="227">
<p>基于x86_64架构的各种Linux发行版本,Kernel版本要求在3.10及以上</p>
</td>
<td valign="top" width="184">
<p>Red Hat Linux 7</p>
<p>CentOS 7</p>
</td>
</tr>
</tbody>
</table>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> 说明:</p>
<p> 以上为建议配置,实际安装过程中,Master必须2 core 及以上(否则安装失败,切记),Node可以采用1 core。</p>
<h2>2.2 部署环境说明</h2>
<p>主机列表:</p>
<table style="width: 598px; height: 273px" border="1" cellspacing="0" cellpadding="0" align="left">
<thead>
<tr>
<td>
<p align="center"><strong>主机名</strong></p>
</td>
<td>
<p align="center"><strong>Centos</strong><strong>版本</strong></p>
</td>
<td>
<p align="center"><strong>ip</strong></p>
</td>
<td>
<p align="center"><strong>docker version</strong></p>
</td>
<td>
<p align="center"><strong>flannel version</strong></p>
</td>
<td>
<p align="center"><strong>Keepalived version</strong></p>
</td>
<td>
<p align="center"><strong>主机配置</strong></p>
</td>
<td>
<p align="center"><strong>备注</strong></p>
</td>
</tr>
</thead>
<tbody>
<tr>
<td>
<p align="left">master01</p>
</td>
<td>
<p align="left">7.6.1810</p>
</td>
<td>
<p align="left">192.168.0.6</p>
</td>
<td>
<p align="left">18.09.9</p>
</td>
<td>
<p align="left">v0.11.0</p>
</td>
<td>
<p align="left">v1.3.5</p>
</td>
<td>
<p align="left">2C2G</p>
</td>
<td>
<p align="left">control plane</p>
</td>
</tr>
<tr>
<td>
<p align="left">work01</p>
</td>
<td>
<p align="left">7.6.1810</p>
</td>
<td>
<p align="left">192.168.0.10</p>
</td>
<td>
<p align="left">18.09.9</p>
</td>
<td>
<p align="left">/</p>
</td>
<td>
<p align="left">/</p>
</td>
<td>
<p align="left">1C2G</p>
</td>
<td>
<p align="left">worker nodes</p>
</td>
</tr>
<tr>
<td>
<p align="left">work02</p>
</td>
<td>
<p align="left">7.6.1810</p>
</td>
<td>
<p align="left">192.168.0.12</p>
</td>
<td>
<p align="left">18.09.9</p>
</td>
<td>
<p align="left">/</p>
</td>
<td>
<p align="left">/</p>
</td>
<td>
<p align="left">1C2G</p>
</td>
<td>
<p align="left">worker nodes</p>
</td>
</tr>
<tr>
<td>
<p align="left">VIP</p>
</td>
<td>
<p align="left">7.6.1810</p>
</td>
<td>
<p align="left">192.168.0.130</p>
</td>
<td>
<p align="left">18.09.9</p>
</td>
<td>
<p align="left">v0.11.0</p>
</td>
<td>
<p align="left">v1.3.5</p>
</td>
<td>
<p align="left">4C4G</p>
</td>
<td>
<p align="left">在control plane上浮动</p>
</td>
</tr>
<tr>
<td>
<p align="left">client</p>
</td>
<td>
<p align="left">7.6.1810</p>
</td>
<td>
<p align="left">192.168.0.234</p>
</td>
<td>
<p align="left">/</p>
</td>
<td>
<p align="left">/</p>
</td>
<td>
<p align="left">/</p>
</td>
<td>
<p align="left">4C4G</p>
</td>
<td>
<p align="left">client(可不需要)</p>
</td>
</tr>
</tbody>
</table>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left"> </p>
<p align="left">共有7台服务器,3台control plane,3台work,1台client。</p>
<p align="left">k8s 版本(可根据需要进行更改):</p>
<table style="width: 595px; height: 196px" border="1" cellspacing="0" cellpadding="0" align="left">
<thead>
<tr>
<td>
<p align="center"><strong>主机名</strong></p>
</td>
<td>
<p align="center"><strong>kubelet version</strong></p>
</td>
<td>
<p align="center"><strong>kubeadm version</strong></p>
</td>
<td>
<p align="center"><strong>kubectl version</strong></p>
</td>
<td>
<p align="center"><strong>备注</strong></p>
</td>
</tr>
</thead>
<tbody>
<tr>
<td>
<p align="left">master01</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">kubectl选装</p>
</td>
</tr>
<tr>
<td>
<p align="left">work01</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">kubectl选装</p>
</td>
</tr>
<tr>
<td>
<p align="left">work02</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">kubectl选装</p>
</td>
</tr>
<tr>
<td>
<p align="left">client</p>
</td>
<td>
<p align="left">/</p>
</td>
<td>
<p align="left">/</p>
</td>
<td>
<p align="left">v1.16.4</p>
</td>
<td>
<p align="left">client</p>
</td>
</tr>
</tbody>
</table>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<h2>2.3. 配置主机名(master和node节点都执行)</h2>
<h3>2.3.1 修改主机名</h3>
<p> Master主机改为master01,执行以下命令:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)">1</span> # hostnamectl <span style="color: rgba(0, 0, 255, 1)">set</span>-<span style="color: rgba(0, 0, 0, 1)">hostname master01 #修改主机名称为master01
</span><span style="color: rgba(0, 128, 128, 1)">2</span> # more /etc/hostname#查看修改结果</pre>
</div>
<p><span style="text-decoration: underline"><em>同样的修改node01和node02(注意主机名为node01和node02)</em></span></p>
<p><img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403213707658-1112840943.png" alt=""></p>
<p> 说明:</p>
<p> 退出重新登陆即可显示新设置的主机名master01,重新登录之后</p>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403213632208-1913518046.png" alt=""></p>
<h3>2.3.2 修改hosts文件</h3>
<p> 执行以下命令:</p>
<div class="cnblogs_code">
<pre>cat >> /etc/hosts <<<span> EOF
192.168.0.6<span> master01
192.168.0.10<span> node01
192.168.0.12<span> node02
EOF</span></span></span></span></pre>
</div>
<h3>2.3.3 禁用swap</h3>
<p> Kubeadm建议关闭交换空间的使用,简单来说,执行swapoff -a命令,然后在/etc/fstab中删除对swap的加载,并重新启动服务器即可。</p>
<p> 临时禁用,执行以下命令:</p>
<div class="cnblogs_code">
<pre># swapoff -a</pre>
</div>
<p> 永久禁用,需要在swapoff -a之后,执行以下命令:</p>
<div class="cnblogs_code">
<pre># sed -i.bak <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">/swap/s/^/#/</span><span style="color: rgba(128, 0, 0, 1)">'</span> /etc/fstab</pre>
</div>
<h3>2.3.4 设置kubernetes源</h3>
<h4> 2.3.4.1 新增kubernetes源</h4>
<p> 执行以下命令:</p>
<p> 说明:repo_gpgcheck=0 禁用了GPG key 的验证机制(如值为1可能会遇到内存不足的问题)</p>
<div class="cnblogs_code">
<pre># cat <<EOF > /etc/yum.repos.d/<span style="color: rgba(0, 0, 0, 1)">kubernetes.repo
name</span>=<span style="color: rgba(0, 0, 0, 1)">Kubernetes
baseurl</span>=https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/</span>
enabled=<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
gpgcheck</span>=<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
repo_gpgcheck</span>=0<span style="color: rgba(0, 0, 0, 1)">
gpgkey</span>=https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg </span><span style="color: rgba(0, 128, 0, 1); text-decoration: underline">https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg</span>
EOF</pre>
</div>
<h4> 2.3.4.2 更新缓存</h4>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"># yum clean all
# yum </span>-y makecache</pre>
</div>
<h1>三、Docker安装(master和node节点都执行)</h1>
<p> 注意:</p>
<p> 安装docker之前,最好确认一下,kubernetes支持哪些版本的docker(kubernetes和docker的版本要对应,否则可能会造成重新安装)。</p>
<h2>3.1 卸载/更新已经安装的Docker</h2>
<p># 卸载docker</p>
<p>#1. 列出安装过的包</p>
<div class="cnblogs_code">
<pre># yum list installed | grep docker</pre>
</div>
<p>#2. 根据安装过的包进行卸载</p>
<div class="cnblogs_code">
<pre># yum -y remove docker-ce-<span style="color: rgba(0, 0, 0, 1)">cli.x86_64
# yum </span>-y remove docker-<span style="color: rgba(0, 0, 0, 1)">ce.x86_64
# yum </span>-y remove containerd.io</pre>
</div>
<p># 更新docker</p>
<div class="cnblogs_code">
<pre># yum -y update docker</pre>
</div>
<h2>3.2 安装Docker环境</h2>
<h3>3.2.1 配置docker源</h3>
<p>如已安装过docker,则不需要进行此步骤</p>
<div class="cnblogs_code">
<pre># wget https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo</span></pre>
</div>
<h3>3.2.2 安装依赖包</h3>
<div class="cnblogs_code">
<pre># yum install -y yum-utils device-mapper-persistent-data lvm2</pre>
</div>
<h3>3.2.3 设置从stable仓库获取docker</h3>
<div class="cnblogs_code">
<pre># yum-config-manager --add-repohttps:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">download.docker.com/linux/centos/docker-ce.repo</span></pre>
</div>
<h3>3.2.4 安装Docker</h3>
<div class="cnblogs_code">
<pre># yum install docker-ce-<span style="color: rgba(128, 0, 128, 1)">18.09</span>.<span style="color: rgba(128, 0, 128, 1)">9</span> docker-ce-cli-<span style="color: rgba(128, 0, 128, 1)">18.09</span>.<span style="color: rgba(128, 0, 128, 1)">9</span> containerd.io -y</pre>
</div>
<p>说明:</p>
<p> 执行以上命令之前,可以看看docker版本,执行以下命令查看</p>
<div class="cnblogs_code">
<pre># yum list docker-ce --showduplicates | sort -r</pre>
</div>
<h3>3.2.5 启动Docker(并设置为开机启动)</h3>
<div class="cnblogs_code">
<pre># systemctl start docker && systemctl enable docker</pre>
</div>
<h3>3.2.6 命令补全(可选,建议跳过)</h3>
<p>安装bash-completion</p>
<div class="cnblogs_code">
<pre># yum -y install bash-completion</pre>
</div>
<p>加载bash-completion</p>
<div class="cnblogs_code">
<pre># source /etc/profile.d/bash_completion.sh</pre>
</div>
<h3>3.2.7 镜像加速(并修改Cgoup Driver)</h3>
<div class="cnblogs_code">
<pre># mkdir -p /etc/<span style="color: rgba(0, 0, 0, 1)">docker
# tee </span>/etc/docker/daemon.json <<-<span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">EOF</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">
{
</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">registry-mirrors</span><span style="color: rgba(128, 0, 0, 1)">"</span>: [<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">https://usydjf4t.mirror.aliyuncs.com</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">,
</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">https://registry.docker-cn.com</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
, </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">exec-opts</span><span style="color: rgba(128, 0, 0, 1)">"</span>: [<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">native.cgroupdriver=systemd</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
}
EOF
# systemctl daemon</span>-<span style="color: rgba(0, 0, 0, 1)">reload
# systemctl restart docker</span></pre>
</div>
<p>说明:</p>
<p> 修改cgroupdriver是为了消除告警:</p>
<div class="cnblogs_code">
<pre>: detected “cgroupfs” <span style="color: rgba(0, 0, 255, 1)">as</span> the Docker cgroup driver. The recommended driver <span style="color: rgba(0, 0, 255, 1)">is</span> “systemd”. Please follow the guide at https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">kubernetes.io/docs/setup/cri/</span></pre>
</div>
<h1>四、Keepalived安装(master节点安装)</h1>
<p>简介:</p>
<p> 为了保证Master的高可用,会使用多个服务器(作为一个Master集群,一般使用3台服务器,每台服务器都需要安装kube-apiserver、kube-controller-manager、kube-scheduler、etcd等组件),客户端将会通过负载均衡器进行访问kube-apiserver(Master服务器)。在不同的平台下,负载均衡的实现方式不同:公有云一般都有现成的实现方案(这里不进行过多讨论);本地集群,可以选择硬件(例如,F5)或者软件来实现,kubernetes社区推荐方案HAProxy和Keepalived,其中HAProxy负责负载均衡,而Keepalived负责对HAProxy进行监控和故障切换。</p>
<p>说明:</p>
<p> 由于只有一台8核机器,这里没有使用master集群,也没有使用HAProxy,但是仍然提供了Keepalived的安装,以便于使用虚拟IP(192.168.0.130),Node节点可以通过该IP进行访问Master,即使其他Master加入之后,也是通过虚拟IP进行访问</p>
<h2>4.1 安装keepalived</h2>
<div class="cnblogs_code">
<pre># yum -y install keepalived</pre>
</div>
<h2>4.2 keepalived配置</h2>
<p>保留默认配置</p>
<div class="cnblogs_code">
<pre># mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived_default.conf</pre>
</div>
<p>写入新的配置</p>
<div class="cnblogs_code">
<pre># cat <<EOF > /etc/keepalived/<span style="color: rgba(0, 0, 0, 1)">keepalived.conf
</span>! Configuration File <span style="color: rgba(0, 0, 255, 1)">for</span><span style="color: rgba(0, 0, 0, 1)"> keepalived
global_defs {
router_id <span style="color: rgba(255, 0, 0, 1)">master01</span>
}
vrrp_instance VI_1 {
state MASTER
</span><span style="color: rgba(0, 0, 255, 1)">interface</span><span style="color: rgba(0, 0, 0, 1)"><span style="color: rgba(255, 0, 0, 1)"> enp0s3</span>
virtual_router_id </span><span style="color: rgba(128, 0, 128, 1)">50</span><span style="color: rgba(0, 0, 0, 1)">
priority </span><span style="color: rgba(128, 0, 128, 1)">100</span><span style="color: rgba(0, 0, 0, 1)">
advert_int </span><span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
authentication {
auth_type PASS
auth_pass </span><span style="color: rgba(128, 0, 128, 1)">1111</span><span style="color: rgba(0, 0, 0, 1)">
}
virtual_ipaddress {
</span><span style="color: rgba(255, 0, 0, 1)">192.168.0.130</span><span style="color: rgba(0, 0, 0, 1)">
}
}
EOF</span></pre>
</div>
<p>说明:</p>
<p> 特别注意<span style="color: rgba(255, 0, 0, 1)">红色</span>字体文本,master01是主机名称(如果有其他主机则使用对应的主机名称进行替换),enp0s3是网卡名称(每个linux系统可能不一致),192.168.0.130是虚拟IP</p>
<p> </p>
<h2>4.3 启动keepalived</h2>
<div class="cnblogs_code">
<pre># service keepalived start && systemctl enable keepalived</pre>
</div>
<h2>4.4 VIP查看</h2>
<p>在master机器上执行</p>
<div class="cnblogs_code">
<pre># ip a</pre>
</div>
<p><img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403215940929-860069438.png" alt=""></p>
<p>可以看到VIP在master01(目前只有一台master,以后可能会有多个master)上</p>
<h1>五、安装k8s(master和node节点都执行)</h1>
<h2>5.1 查看kubernetes版本</h2>
<div class="cnblogs_code">
<pre># yum list kubelet --showduplicates | sort -r</pre>
</div>
<p>说明:</p>
<p> 本文安装的kubelet版本是1.16.4,该版本支持的docker版本为1.13.1, 17.03, 17.06, 17.09, 18.06, 18.09。</p>
<h2>5.2 安装kubelet、kubeadm和kubectl(注意版本号,根据需要进行改变)</h2>
<div class="cnblogs_code">
<pre># yum install -y kubelet-<span style="color: rgba(128, 0, 128, 1)">1.16</span>.<span style="color: rgba(128, 0, 128, 1)">4</span> kubeadm-<span style="color: rgba(128, 0, 128, 1)">1.16</span>.<span style="color: rgba(128, 0, 128, 1)">4</span> kubectl-<span style="color: rgba(128, 0, 128, 1)">1.16</span>.<span style="color: rgba(128, 0, 128, 1)">4</span></pre>
</div>
<p>说明:</p>
<ul>
<li>kubelet 运行在集群所有节点上,用于启动Pod和容器等对象的工具</li>
<li>kubeadm 用于初始化集群,启动集群的命令工具</li>
<li>kubectl 用于和集群通信的命令行,通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件</li>
</ul>
<h2>5.3 启动kubelet(并设置为开机启动)</h2>
<div class="cnblogs_code">
<pre># systemctl enable kubelet && systemctl start kubelet</pre>
</div>
<h2>5.4 命令补全(可选,建议跳过)</h2>
<div class="cnblogs_code">
<pre># echo <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">source <(kubectl completion bash)</span><span style="color: rgba(128, 0, 0, 1)">"</span> >> ~/<span style="color: rgba(0, 0, 0, 1)">.bash_profile
# source .bash_profile</span></pre>
</div>
<h2>5.5 下载镜像</h2>
<p>Kubernetes几乎所有的安装组件和Docker镜像都放在goolge自己的网站上,直接访问可能会有网络问题,这里的解决办法是从阿里云镜像仓库下载镜像,拉取到本地以后改回默认的镜像tag。本文通过运行image.sh脚本方式拉取镜像。</p>
<p>直接执行以下命令(灰色背景部分):</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"># more image.sh #以下为image.sh文件的内容,如没有该文件,可以在当前文件下创建文件
#</span>!/bin/<span style="color: rgba(0, 0, 0, 1)">bash
url</span>=registry.cn-hangzhou.aliyuncs.com/google_containers<span style="color: rgba(0, 0, 0, 1)"> #阿里云镜像仓库地址,可以按需修改
version</span>=v<span style="color: rgba(255, 0, 0, 1)">1.16.4</span><span style="color: rgba(0, 0, 0, 1)"> #安装的kubernetes的版本(可以按需修改)
images</span>=(`kubeadm config images list --kubernetes-version=$version|awk -F <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">/</span><span style="color: rgba(128, 0, 0, 1)">'</span> <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">{print $2}</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">`)
</span><span style="color: rgba(0, 0, 255, 1)">for</span> imagename <span style="color: rgba(0, 0, 255, 1)">in</span> ${images[@]} ; <span style="color: rgba(0, 0, 255, 1)">do</span><span style="color: rgba(0, 0, 0, 1)">
docker pull $url</span>/<span style="color: rgba(0, 0, 0, 1)">$imagename
docker tag $url</span>/$imagename k8s.gcr.io/<span style="color: rgba(0, 0, 0, 1)">$imagename
docker rmi </span>-f $url/<span style="color: rgba(0, 0, 0, 1)">$imagename
done<br>## 执行以下命令进行安装<br># chmod 755 image.sh#给文件授权<br># ./image.sh#执行文件<br><br></span></pre>
</div>
<p>注意:</p>
<p> 如果需要下载其他的kubernetes版本,需要修改对应的版本号(红色字体部分)</p>
<p> </p>
<h2>5.6 查看已经下载的镜像</h2>
<div class="cnblogs_code">
<pre># docker images</pre>
</div>
<p><img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403220654054-2116686550.png" alt=""></p>
<h1>六、网络插件(flannel)配置(Master执行)</h1>
<p>本文的k8s网络使用flannel,该网络需要设置内核参数bridge-nf-call-iptables=1,修改这个参数需要系统有br_netfilter模块。</p>
<p>说明:</p>
<p> K8s网络插件有很多,使用网络插件之前,要进行判断是否和系统适配。</p>
<h3>6.1 br_netfilter模块加载</h3>
<p>查看br_netfilter模块:</p>
<div class="cnblogs_code">
<pre># lsmod |grep br_netfilter</pre>
</div>
<p>如果系统没有br_netfilter模块则执行下面的新增命令,如有则忽略。</p>
<p>永久新增br_netfilter模块:</p>
<div class="cnblogs_code">
<pre># cat > /etc/rc.sysinit <<<span style="color: rgba(0, 0, 0, 1)"> EOF
#</span>!/bin/<span style="color: rgba(0, 0, 0, 1)">bash
</span><span style="color: rgba(0, 0, 255, 1)">for</span> file <span style="color: rgba(0, 0, 255, 1)">in</span> /etc/sysconfig/modules<span style="color: rgba(0, 128, 0, 1)">/*</span><span style="color: rgba(0, 128, 0, 1)">.modules ; do
[ -x $file ] && $file
done
EOF</span></pre>
</div>
<div class="cnblogs_code">
<pre># cat > /etc/sysconfig/modules/br_netfilter.modules <<<span style="color: rgba(0, 0, 0, 1)"> EOF
modprobe br_netfilter
EOF
# chmod </span><span style="color: rgba(128, 0, 128, 1)">755</span> /etc/sysconfig/modules/br_netfilter.modules</pre>
</div>
<h3>6.2 内核参数永久修改</h3>
<div class="cnblogs_code">
<pre># cat <<EOF >/etc/sysctl.d/<span style="color: rgba(0, 0, 0, 1)">k8s.conf
net.bridge.bridge</span>-nf-call-ip6tables = <span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
net.bridge.bridge</span>-nf-call-iptables = <span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
EOF
# sysctl </span>-p /etc/sysctl.d/k8s.conf</pre>
</div>
<p><img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403220925776-192521200.png" alt=""></p>
<p> </p>
<h1>七、初始化Master(Master节点执行)</h1>
<p><span style="color: rgba(255, 0, 0, 1)">说明:</span></p>
<p><span style="color: rgba(255, 0, 0, 1)"> Master的kubernetes之前,须先确定要确定的网络插件(因为可能会影响到初始化的参数),不同的系统可能需要使用不同的网络插件(Centos 不支持 <span lang="EN-US">Calico</span>)。</span></p>
<p><span style="color: rgba(255, 0, 0, 1)"> 建议先阅读网络插件资料。(Kubernetes所有网络插件说明:这里)</span></p>
<h2>7.1 创建初始化文件</h2>
<h3>7.1.1 获取默认的初始化参数文件</h3>
<div class="cnblogs_code">
<pre># kubeadm config print init-defaults > init.<span style="color: rgba(0, 0, 255, 1)">default</span>.yaml</pre>
</div>
<h3>7.1.2 查看init.default.yaml文件</h3>
<div class="cnblogs_code">
<pre># cat init.<span style="color: rgba(0, 0, 255, 1)">default</span>.yaml</pre>
</div>
<h3>7.1.3 配置初始化文件</h3>
<p>创建kubeadm.conf.yaml文件,输入以下内容:</p>
<div class="cnblogs_code">
<pre>apiVersion: kubeadm.k8s.io/<span style="color: rgba(0, 0, 0, 1)">v1beta2
kind: ClusterConfiguration
kubernetesVersion: v<span style="color: rgba(255, 0, 0, 1)">1.</span></span><span style="color: rgba(255, 0, 0, 1)">16.4</span><span style="color: rgba(0, 0, 0, 1)">
apiServer:
certSANs: #填写所有kube</span>-<span style="color: rgba(0, 0, 0, 1)">apiserver节点的hostname、IP、VIP
</span><span style="color: rgba(255, 0, 0, 1)">- master01
- node01
- node02
- 192.168.0.6
- 192.168.0.10
- 192.168.0.12
- 192.168.0.130</span><span style="color: rgba(0, 0, 0, 1)">
controlPlaneEndpoint: </span><span style="color: rgba(255, 0, 0, 1)">"192.168.0.130:6443"<br>imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers</span><span style="color: rgba(0, 0, 0, 1)">
networking:
podSubnet: </span><span style="color: rgba(128, 0, 0, 1)">"<span style="color: rgba(255, 0, 0, 1)">10.244.0.0/16</span></span><span style="color: rgba(128, 0, 0, 1)">"#这里需要根据具体的网络插件来配置(这里使用的flannel网络插件配置,如果想要使用calico插件要改为:10.211.0.0/16)</span></pre>
</div>
<p>说明:</p>
<p> 注意红色字体部分内容,需要根据init.default.yaml文件和自己的需要进行更改</p>
<p> </p>
<h2>7.2 初始化kubernetes</h2>
<div class="cnblogs_code">
<pre># kubeadm init --config=kubeadm.conf.yaml</pre>
</div>
<p>说明:</p>
<p> 如果初始化失败,可执行kubeadm reset后重新初始化(执行以下两条命令)</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"># kubeadm reset
# rm </span>-rf $HOME/.kube/config</pre>
</div>
<p>初始化成功,如下图:</p>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403222250324-1223343825.png" alt=""></p>
<p>按照提示执行下面的命令,复制配置文件到普通用户的home目录下:</p>
<div class="cnblogs_code">
<pre># mkdir -p $HOME/<span style="color: rgba(0, 0, 0, 1)">.kube
# cp </span>-i /etc/kubernetes/admin.conf $HOME/.kube/<span style="color: rgba(0, 0, 0, 1)">config
# chown $(id </span>-u):$(id -g) $HOME/.kube/config</pre>
</div>
<p>在其他位置(或者主机),保存如下信息(其他node节点加入集群时使用):</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">You should now deploy a pod network to the cluster.
Run </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubectl apply -f .yaml</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> with one of the options listed at:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">kubernetes.io/docs/concepts/cluster-administration/addons/</span>
<span style="color: rgba(0, 0, 0, 1)">
You can now join any number of control</span>-<span style="color: rgba(0, 0, 0, 1)">plane nodes by copying certificate authorities
and service account keys on each node and then running the following </span><span style="color: rgba(0, 0, 255, 1)">as</span><span style="color: rgba(0, 0, 0, 1)"> root:<br>
kubeadm join </span><span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">0.130</span>:<span style="color: rgba(128, 0, 128, 1)">6443</span> --<span style="color: rgba(0, 0, 0, 1)">token afeqnz.vhp0e8rtrw6jz6v2 \
</span>--discovery-token-ca-cert-<span style="color: rgba(0, 0, 0, 1)">hash sha256:d6a450aafb14e82efb69fbcb71e426bfed8e423d64b37bac85b3ff8ce7dc6562 \
</span>--control-<span style="color: rgba(0, 0, 0, 1)">plane
Then you can join any number of worker nodes by running the following on each </span><span style="color: rgba(0, 0, 255, 1)">as</span><span style="color: rgba(0, 0, 0, 1)"> root:
## <span style="color: rgba(255, 0, 0, 1)">node加入集群时使用</span>
kubeadm join </span><span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">0.130</span>:<span style="color: rgba(128, 0, 128, 1)">6443</span> --<span style="color: rgba(0, 0, 0, 1)">token afeqnz.vhp0e8rtrw6jz6v2 \
</span>--discovery-token-ca-cert-hash sha256:d6a450aafb14e82efb69fbcb71e426bfed8e423d64b37bac85b3ff8ce7dc6562</pre>
</div>
<h2>7.3 加载环境变量(如果前面没有执行命令补全的命令,这里跳过)</h2>
<div class="cnblogs_code">
<pre># echo <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">export KUBECONFIG=/etc/kubernetes/admin.conf</span><span style="color: rgba(128, 0, 0, 1)">"</span> >> ~/<span style="color: rgba(0, 0, 0, 1)">.bash_profile
# source .bash_profile</span></pre>
</div>
<h1>八、node节点加入集群</h1>
<h2>8.1 开启Master节点防火墙端口</h2>
<p><span style="color: rgba(255, 0, 0, 1)">说明:</span></p>
<p> <span style="color: rgba(255, 0, 0, 1)">如果master节点的防火墙已经关闭,可以直接跳过此小节</span></p>
<p> 如果node已经加入其它集群,需要退出集群,请执行在node上执行:</p>
<div class="cnblogs_code">
<pre># kubeadm reset</pre>
</div>
<p>查看防火墙状态:</p>
<div class="cnblogs_code">
<pre># systemctl status firewalld 或者 firewall-cmd --state</pre>
</div>
<p>开启6443端口</p>
<div class="cnblogs_code">
<pre># firewall-cmd --zone=<span style="color: rgba(0, 0, 255, 1)">public</span> --add-port=<span style="color: rgba(128, 0, 128, 1)">6443</span>/tcp --<span style="color: rgba(0, 0, 0, 1)">permanent
## 出现success表明添加成功</span></pre>
</div>
<p>命令含义:</p>
<div class="cnblogs_code">
<pre>--<span style="color: rgba(0, 0, 0, 1)">zone #作用域
</span>--add-port=<span style="color: rgba(128, 0, 128, 1)">80</span>/tcp#添加端口,格式为:端口/<span style="color: rgba(0, 0, 0, 1)">通讯协议
</span>--permanent #永久生效,没有此参数重启后失效</pre>
</div>
<p>重启防火墙</p>
<div class="cnblogs_code">
<pre># systemctl restart firewalld.service</pre>
</div>
<p>说明:</p>
<p> Kubernetes集群中的Service可使用的物理机端口号范围为30000~32767</p>
<p>一次全部公开所有可能使用的端口:</p>
<div class="cnblogs_code">
<pre># firewall-cmd --zone=<span style="color: rgba(0, 0, 255, 1)">public</span> --add-port=<span style="color: rgba(128, 0, 128, 1)">30000</span>-<span style="color: rgba(128, 0, 128, 1)">32767</span>/tcp --<span style="color: rgba(0, 0, 0, 1)">permanent
# systemctl restart firewalld.service</span></pre>
</div>
<h2>8.2 加入集群</h2>
<p>Master节点在初始化完成之后,最后一行代码,如下:</p>
<div class="cnblogs_code">
<pre># kubeadm join <span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">0.130</span>:<span style="color: rgba(128, 0, 128, 1)">6443</span> --<span style="color: rgba(0, 0, 0, 1)">token afeqnz.vhp0e8rtrw6jz6v2 \
</span>--discovery-token-ca-cert-hash sha256:d6a450aafb14e82efb69fbcb71e426bfed8e423d64b37bac85b3ff8ce7dc6562</pre>
</div>
<p>把两行信息复制出来,在node节点执行,如下图:(join成功)</p>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403222854396-5450536.png" alt=""></p>
<p>在master节点,执行以下命令查看已经加入的节点</p>
<div class="cnblogs_code">
<pre># kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> nodes</pre>
</div>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403222905971-1975588676.png" alt=""></p>
<p><span style="color: rgba(255, 0, 0, 1)">说明:</span></p>
<p><span style="color: rgba(255, 0, 0, 1)"> 由于没有安装网络插件,这里STATUS为NotReady</span></p>
<h1>九、安装网络插件(Master,这里是flannel,如果calico则需要换一个地址)</h1>
<p> 在master主机上执行以下命令:</p>
<div class="cnblogs_code">
<pre># kubectl apply -f https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml</span></pre>
</div>
<p><span style="color: rgba(255, 0, 0, 1)">说明:</span></p>
<p><span style="color: rgba(255, 0, 0, 1)"> 由于网络原因,可能会安装失败,可以在浏览器直接下载kube-flannel.yml文件(也可以在浏览器打开url地址,然后复制文件内容到文件),然后再执行apply</span></p>
<p>查看节点状态,执行以下命令:</p>
<div class="cnblogs_code">
<pre># kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> nodes</pre>
</div>
<p><img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403223111770-1496812232.png" alt=""></p>
<p>说明:</p>
<p> STATUS从NotReady变为Ready</p>
<p> 如安装网络插件之后,长时间状态没有变更(需要一段时间,是因为需要安装),则可以试试重启机器(或者是虚拟机,这里是指Centos 7系统)。</p>
<h1>十、Client配置(client端执行)</h1>
<h2>10.1 新增kubernetes源</h2>
<div class="cnblogs_code">
<pre># cat <<EOF > /etc/yum.repos.d/<span style="color: rgba(0, 0, 0, 1)">kubernetes.repo
name</span>=<span style="color: rgba(0, 0, 0, 1)">Kubernetes
baseurl</span>=https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/</span>
enabled=<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
gpgcheck</span>=<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
repo_gpgcheck</span>=<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
gpgkey</span>=https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg </span><span style="color: rgba(0, 128, 0, 1); text-decoration: underline">https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg</span>
EOF</pre>
</div>
<h2>10.2 更新缓存</h2>
<div class="cnblogs_code">
<pre># yum clean all && yum -y makecache</pre>
</div>
<h2>10.3 安装kubectl</h2>
<div class="cnblogs_code">
<pre># yum install -y kubectl-<span style="color: rgba(128, 0, 128, 1)">1.16</span>.<span style="color: rgba(128, 0, 128, 1)">4</span></pre>
</div>
<h2>10.4 命令补全(可选,也可以跳过)</h2>
<p>安装bash- completion</p>
<div class="cnblogs_code">
<pre># yum -y install bash-completion</pre>
</div>
<p>加载bash-completion</p>
<div class="cnblogs_code">
<pre># source /etc/profile.d/bash_completion.sh</pre>
</div>
<h2>10.5 从Master节点拷贝admin.conf(注意:如果需要Node上也执行kubectl命令,需要把admin.conf复制到Node上)</h2>
<div class="cnblogs_code">
<pre># mkdir -p /etc/kubernetes<br># scp 192.168.0.6:/etc/kubernetes/admin.conf /etc/kubernetes/</pre>
</div>
<p>说明:</p>
<p> 192.168.0.6 是master主机</p>
<div class="cnblogs_code">
<pre># echo <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">export KUBECONFIG=/etc/kubernetes/admin.conf</span><span style="color: rgba(128, 0, 0, 1)">"</span> >> ~/<span style="color: rgba(0, 0, 0, 1)">.bash_profile
# source .bash_profile</span></pre>
</div>
<h2>10.6 加载环境变量</h2>
<div class="cnblogs_code">
<pre># echo <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">source <(kubectl completion bash)</span><span style="color: rgba(128, 0, 0, 1)">"</span> >> ~/<span style="color: rgba(0, 0, 0, 1)">.bash_profile
# source .bash_profile</span></pre>
</div>
<h2>10.7 Kubectl 测试</h2>
<div class="cnblogs_code">
<pre># kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> nodes</pre>
</div>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403223639374-438196517.png" alt=""></p>
<div class="cnblogs_code">
<pre># kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> cs</pre>
</div>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403223645584-1009810996.png" alt=""></p>
<div class="cnblogs_code">
<pre># kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> po -o wide -n kube-system</pre>
</div>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403223651366-972215581.png" alt=""></p>
<h1>十一、Dashboard搭建(client端执行)</h1>
<h2>11.1 下载yaml</h2>
<div class="cnblogs_code">
<pre># wget https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml</span></pre>
</div>
<p>说明:</p>
<p> 如果连接超时,可以多试几次。也可以在这里下载</p>
<h2>11.2 修改镜像地址</h2>
<div class="cnblogs_code">
<pre># sed -i <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">s/kubernetesui/registry.cn-hangzhou.aliyuncs.com\/loong576/g</span><span style="color: rgba(128, 0, 0, 1)">'</span> recommended.yaml</pre>
</div>
<p><span style="color: rgba(255, 0, 0, 1)">说明:</span></p>
<p><span style="color: rgba(255, 0, 0, 1)"> 也可以采用其他的一些镜像(切换镜像,需要更改recommended.yaml文件)</span></p>
<p><span style="color: rgba(255, 0, 0, 1)">更改镜像操作:</span></p>
<p><span style="color: rgba(255, 0, 0, 1)"> 如果需要更改镜像的版本号,需要在阿里云查询一下是否有镜像</span></p>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403223927679-1645373205.png" alt=""></p>
<p> <span style="color: rgba(255, 0, 0, 1)"> 下载镜像命令:(注意阿里云是没有带版本号的,需要自己录入版本号)</span></p>
<div class="cnblogs_code">
<pre># docker pull registry.cn-hangzhou.aliyuncs.com/kubernetesui/dashboard:v2.<span style="color: rgba(128, 0, 128, 1)">0.0</span>-rc5</pre>
</div>
<p><span style="color: rgba(255, 0, 0, 1)"> </span></p>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403223935478-607170878.png" alt=""></p>
<h2>11.3 配置yaml</h2>
<p>外网访问</p>
<div class="cnblogs_code">
<pre># sed -i <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">/targetPort: 8443/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort</span><span style="color: rgba(128, 0, 0, 1)">'</span> recommended.yaml</pre>
</div>
<p>说明:</p>
<p> 配置NodePort,外部通过https://NodeIp:NodePort 访问Dashboard,此时端口为30001</p>
<h2>11.4 新增管理员账号</h2>
<p>创建超级管理员的账号用于登录Dashboard</p>
<div class="cnblogs_code">
<pre># cat >> recommended.yaml <<<span style="color: rgba(0, 0, 0, 1)"> EOF
</span>---<span style="color: rgba(0, 0, 0, 1)">
# </span>------------------- dashboard-admin -------------------<span style="color: rgba(0, 0, 0, 1)"> #
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard</span>-<span style="color: rgba(0, 0, 0, 1)">admin
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
</span>---<span style="color: rgba(0, 0, 0, 1)">
apiVersion: rbac.authorization.k8s.io</span>/<span style="color: rgba(0, 0, 0, 1)">v1beta1
kind: ClusterRoleBinding
metadata:
name: dashboard</span>-<span style="color: rgba(0, 0, 0, 1)">admin
subjects:
</span>-<span style="color: rgba(0, 0, 0, 1)"> kind: ServiceAccount
name: dashboard</span>-<span style="color: rgba(0, 0, 0, 1)">admin
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster</span>-<span style="color: rgba(0, 0, 0, 1)">admin
EOF
</span></pre>
</div>
<h2>11.5 部署Dashboard</h2>
<div class="cnblogs_code">
<pre># kubectl apply -f recommended.yaml</pre>
</div>
<p>状态查看:</p>
<div class="cnblogs_code">
<pre># kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> all -n kubernetes-dashboard</pre>
</div>
<p>令牌查看:</p>
<div class="cnblogs_code">
<pre># kubectl describe secrets -n kubernetes-dashboard dashboard-admin</pre>
</div>
<p><img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403224213319-714639358.png" alt=""></p>
<p>令牌为(<span style="color: rgba(255, 0, 0, 1)">一定要注意可能存在换行的情况</span>):</p>
<div class="cnblogs_code">
<pre>eyJhbGciOiJSUzI1NiIsImtpZCI6IllkWjQxWENEYnBXYV9rUlNqWTRldjVOYXV3M0tPTklYTVZTWUZWOXp0SHMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZzRwdzUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjNmNzllODUtNzMzMy00MDY1LTg1YTEtYzkxZTkzNjk3ZjA0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.vsizK9ZP53to5aL5d1oyFYAiR8Kt1LaQ_Lkt86yPgHp6QloMS_pLCdD7KZi76deQ4ISTFC9Ldc62zslLtY4qgxNvSUiVWj1bWUn2BfCJ-3jPxpd7ZOgr3Gbp2xAFc3xjgm-qZaOydec9i44CbkdiVDoAjL0Au78yt7aHSW8B6plc2fAYNdywtyIOAMhe7f0gjyRaWrGQje2CVduITxZ-2NCwd3EYQNs31OA-zUPFvel_xi_KzdMBuj4z7DdvIK9wPQHyuke0TIs5dHSUEtiY84erLMg5i0ZGXCd019D5Nrsd78fVe_NbO-NThVReskA-jt1FyhAUesZie4GX-2eL3Q</pre>
</div>
<p>说明:</p>
<p> 如果安装Dashboard过程中出现问题,要仔细进行排查,可能pod还没有安装完成,等待一段时间之后,再看看,如果还是不行,则需要考虑一下中途是否有问题,是否需要重新安装。</p>
<p> 如果忘记Token,可以通过以下命令获取:</p>
<div class="cnblogs_code">
<pre># kubectl describe secret -n kubernetes-dashboard $(kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> secret -n kubernetes-dashboard |grepkubernetes-dashboard-token | awk <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">{print $1}</span><span style="color: rgba(128, 0, 0, 1)">'</span>) |grep token | awk <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">{print $2}</span><span style="color: rgba(128, 0, 0, 1)">'</span></pre>
</div>
<h2>11.6 使用火狐浏览器浏览</h2>
<p>https://192.168.0.6:30001</p>
<p> </p>
<p>部署Dashboard之后,由于证书问题导致无法在浏览器浏览(暂时没有找到解决方案,尝试了网上的方式,不行,以下是尝试的过程(可以跳过))</p>
<p> 删除已经部署的Dashboard</p>
<p>1. kubectl delete ns kubernetes-dashboard</p>
<p>https://github.com/kubernetes/dashboard/releases</p>
<p>2. 阅读参考资料(并执行命令,除了删除命令)</p>
<p>https://blog.51cto.com/10616534/2430512</p>
<p> </p>
<h1>十二、查找问题方式</h1>
<h2>12.1 查看Pod详细信息</h2>
<p>查看所有Pod</p>
<div class="cnblogs_code">
<pre># kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> pods --all-namespaces</pre>
</div>
<p>查看Pod日志(使用真实的pod名称,替换pod-name)</p>
<div class="cnblogs_code">
<pre># kubectl logs pod-name --all-containers=true</pre>
</div>
<p>查看状态异常的Pod的详细信息</p>
<div class="cnblogs_code">
<pre># kubectl describe pod kubernetes-dashboard-8478d57dc6-p7jt7 --<span style="color: rgba(0, 0, 255, 1)">namespace</span>=kubernetes-dashboard</pre>
</div>
<p>说明:</p>
<p> 可以看到在哪台Node上创建了容器</p>
<p><img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403224553467-419247580.png" alt=""></p>
<h2>12.2 防火墙的问题</h2>
<p>建议关闭防火墙</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"># systemctl stop firewalld.service
# systemctl disable firewalld.service</span></pre>
</div>
<p>说明:</p>
<p> 如果不关闭防火墙,可能会造成容器产生错误,如no host to route,是因为防火墙拦截了端口。</p>
<h2>12.3 Dashboard 证书过期问题</h2>
<p> <img src="https://img2020.cnblogs.com/blog/336878/202004/336878-20200403224621972-1530240280.png" alt=""> </p>
<h2>12.4 Node节点执行kubectl命令出错问题</h2>
<p>错误描述信息:</p>
<div class="cnblogs_code">
<pre>The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port?</pre>
</div>
<p>需要将master节点的 /etc/kubernetes/admin.conf 文件复制到node节点下。</p>
<h1>参考资料</h1>
<p>Kubernetes的安装:</p>
<p>https://www.kubernetes.org.cn/6632.html</p>
<p>CentOS Linux 开放端口:</p>
<p>https://www.cnblogs.com/archoncap/p/5402983.html</p>
<p>Kubernetes所有网络插件说明:</p>
<p>https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/#pod-network</p>
<p>PS:</p>
<p> 最后分享一个问题的解决方案(在发布网站/应用的时候可能需要),下载</p>
<p> </p>
<p>如果您在使用该文章进行安装kubernetes集群时遇到问题,请在下方留言,我看到后会及时回复。</p>
<p> </p>
<p>--------------------------------------------------------------------------------------------------------</p>
<p>2020-04-20 补充</p>
<p>官网安装资料:</p>
<p>http://docs.kubernetes.org.cn/457.html(中文版,低版本,作为参考)</p>
<p>http://docs.kubernetes.org.cn/459.html(中文版,低版本,作为参考)</p>
<p>https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/ (英文版,最新版本)</p><br><br>
来源:https://www.cnblogs.com/zhizihuakai/p/12629514.html
頁:
[1]