Docker学习(五)-Kubernetes 集群搭建 - Spring Boot 应用
<p> </p><h2>Docker学习</h2>
<p><span style="font-size: 13px">Docker学习-VMware Workstation 本地多台虚拟机互通,主机网络互通搭建</span></p>
<p><span style="font-size: 13px">Docker学习-Docker搭建Consul集群</span></p>
<p><span style="font-size: 13px">Docker学习-简单的私有DockerHub搭建</span></p>
<p><span style="font-size: 13px">Docker学习-Spring Boot on Docker</span></p>
<p><span style="font-size: 13px">Docker学习-Kubernetes - 集群部署</span><span style="font-size: 13px"> </span></p>
<p>Docker学习-Kubernetes - Spring Boot 应用</p>
<p class="postTitle"> </p>
<h2 id="简介">简介</h2>
<p>kubernetes,简称K8s,是用8代替8个字符“ubernete”而成的缩写。是一个开源的,用于管理云平台中多个主机上的容器化的应用,Kubernetes的目标是让部署容器化的应用简单并且高效(powerful),Kubernetes提供了应用部署,规划,更新,维护的一种机制。</p>
<div class="para">Kubernetes是Google开源的一个容器编排引擎,它支持自动化部署、大规模可伸缩、应用容器化管理。在生产环境中部署一个应用程序时,通常要部署该应用的多个实例以便对应用请求进行负载均衡。</div>
<div class="para">在Kubernetes中,我们可以创建多个容器,每个容器里面运行一个应用实例,然后通过内置的负载均衡策略,实现对这一组应用实例的管理、发现、访问,而这些细节都不需要运维人员去进行复杂的手工配置和处理。</div>
<div class="para"> </div>
<h2 id="基本概念">基本概念</h2>
<p>Kubernetes 中的绝大部分概念都抽象成 Kubernetes 管理的一种资源对象</p>
<ul>
<li>Master:Master 节点是 Kubernetes 集群的控制节点,负责整个集群的管理和控制。Master 节点上包含以下组件:</li>
<li>kube-apiserver:集群控制的入口,提供 HTTP REST 服务</li>
<li>kube-controller-manager:Kubernetes 集群中所有资源对象的自动化控制中心</li>
<li>kube-scheduler:负责 Pod 的调度</li>
<li>
<p>Node:Node 节点是 Kubernetes 集群中的工作节点,Node 上的工作负载由 Master 节点分配,工作负载主要是运行容器应用。Node 节点上包含以下组件:</p>
<ul>
<li>kubelet:负责 Pod 的创建、启动、监控、重启、销毁等工作,同时与 Master 节点协作,实现集群管理的基本功能。</li>
<li>kube-proxy:实现 Kubernetes Service 的通信和负载均衡</li>
<li>运行容器化(Pod)应用</li>
</ul>
</li>
<li>
<p>Pod: Pod 是 Kubernetes 最基本的部署调度单元。每个 Pod 可以由一个或多个业务容器和一个根容器(Pause 容器)组成。一个 Pod 表示某个应用的一个实例</p>
</li>
<li>ReplicaSet:是 Pod 副本的抽象,用于解决 Pod 的扩容和伸缩</li>
<li>Deployment:Deployment 表示部署,在内部使用ReplicaSet 来实现。可以通过 Deployment 来生成相应的 ReplicaSet 完成 Pod 副本的创建</li>
<li>Service:Service 是 Kubernetes 最重要的资源对象。Kubernetes 中的 Service 对象可以对应微服务架构中的微服务。Service 定义了服务的访问入口,服务的调用者通过这个地址访问 Service 后端的 Pod 副本实例。Service 通过 Label Selector 同后端的 Pod 副本建立关系,Deployment 保证后端Pod 副本的数量,也就是保证服务的伸缩性。</li>
</ul>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117092935131-1437208919.png"></p>
<p>Kubernetes 主要由以下几个核心组件组成:</p>
<ul>
<li>etcd 保存了整个集群的状态,就是一个数据库;</li>
<li>apiserver 提供了资源操作的唯一入口,并提供认证、授权、访问控制、API 注册和发现等机制;</li>
<li>controller manager 负责维护集群的状态,比如故障检测、自动扩展、滚动更新等;</li>
<li>scheduler 负责资源的调度,按照预定的调度策略将 Pod 调度到相应的机器上;</li>
<li>kubelet 负责维护容器的生命周期,同时也负责 Volume(CSI)和网络(CNI)的管理;</li>
<li>Container runtime 负责镜像管理以及 Pod 和容器的真正运行(CRI);</li>
<li>kube-proxy 负责为 Service 提供 cluster 内部的服务发现和负载均衡;</li>
</ul>
<p>当然了除了上面的这些核心组件,还有一些推荐的插件:</p>
<ul>
<li>kube-dns 负责为整个集群提供 DNS 服务</li>
<li>Ingress Controller 为服务提供外网入口</li>
<li>Heapster 提供资源监控</li>
<li>Dashboard 提供 GUI</li>
</ul>
<h2 id="组件通信">组件通信</h2>
<p>Kubernetes 多组件之间的通信原理:</p>
<ul>
<li>apiserver 负责 etcd 存储的所有操作,且只有 apiserver 才直接操作 etcd 集群</li>
<li>
<p>apiserver 对内(集群中的其他组件)和对外(用户)提供统一的 REST API,其他组件均通过 apiserver 进行通信</p>
<ul>
<li>controller manager、scheduler、kube-proxy 和 kubelet 等均通过 apiserver watch API 监测资源变化情况,并对资源作相应的操作</li>
<li>所有需要更新资源状态的操作均通过 apiserver 的 REST API 进行</li>
</ul>
</li>
<li>
<p>apiserver 也会直接调用 kubelet API(如 logs, exec, attach 等),默认不校验 kubelet 证书,但可以通过 <code>--kubelet-certificate-authority</code> 开启(而 GKE 通过 SSH 隧道保护它们之间的通信)</p>
</li>
</ul>
<p>比如最典型的创建 Pod 的流程:</p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117093021317-287383941.png"></p>
<ul>
<li>用户通过 REST API 创建一个 Pod</li>
<li>apiserver 将其写入 etcd</li>
<li>scheduluer 检测到未绑定 Node 的 Pod,开始调度并更新 Pod 的 Node 绑定</li>
<li>kubelet 检测到有新的 Pod 调度过来,通过 container runtime 运行该 Pod</li>
<li>kubelet 通过 container runtime 取到 Pod 状态,并更新到 apiserver 中</li>
</ul>
<p> </p>
<h1>集群部署</h1>
<p> </p>
<h2>使用kubeadm工具安装</h2>
<p>1. master和node 都用yum 安装kubelet,kubeadm,docker<br>2. master 上初始化:kubeadm init<br>3. master 上启动一个flannel的pod<br>4. node上加入集群:kubeadm join</p>
<p> </p>
<h2>准备环境</h2>
<p>Centos7 192.168.50.21 k8s-master <br>Centos7 192.168.50.22 k8s-node01<br>Centos7 192.168.50.23 k8s-node02</p>
<p><strong>修改主机名(3台机器都需要修改)</strong></p>
<div class="cnblogs_code">
<pre>hostnamectl <span style="color: rgba(0, 0, 255, 1)">set</span>-hostname k8s-master</pre>
</div>
<div class="cnblogs_code">
<pre>hostnamectl <span style="color: rgba(0, 0, 255, 1)">set</span>-hostname k8s-<span style="color: rgba(0, 0, 0, 1)">node01</span></pre>
</div>
<div class="cnblogs_code">
<pre>hostnamectl <span style="color: rgba(0, 0, 255, 1)">set</span>-hostname k8s-node02</pre>
</div>
<p><strong>关闭防火墙</strong></p>
<div class="cnblogs_code">
<pre>systemctl stop firewalld.service</pre>
</div>
<h2>配置docker yum源</h2>
<div class="cnblogs_code">
<pre>yum install -y yum-utils device-mapper-persistent-<span style="color: rgba(0, 0, 0, 1)">data lvm2 wget
cd </span>/etc/<span style="color: rgba(0, 0, 0, 1)">yum.repos.d
wget https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo</span></pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117105446844-1638794250.png"></p>
<p><strong>配置kubernetes yum 源</strong></p>
<div class="cnblogs_code">
<pre>cd /opt/<span style="color: rgba(0, 0, 0, 1)">
wget https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg</span>
wget https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg</span>
rpm --import yum-<span style="color: rgba(0, 0, 0, 1)">key.gpg
rpm </span>--import rpm-package-<span style="color: rgba(0, 0, 0, 1)">key.gpg
cd </span>/etc/<span style="color: rgba(0, 0, 0, 1)">yum.repos.d
vi kubernetes.repo
输入以下内容
name</span>=<span style="color: rgba(0, 0, 0, 1)">Kubernetes Repo
baseurl</span>=https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/</span>
gpgcheck=<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
gpgkey</span>=https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg</span>
enabled=<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
yum repolist</span></pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117110333551-1325458600.png"></p>
<p><strong>master和node 安装kubelet,kubeadm,docker</strong></p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">yum install docker
yum install kubelet-1.13.1
yum install kubeadm-1.13.1
</pre>
</div>
<p><span style="font-size: 14px"><strong>master 上安装kubectl</strong></span></p>
<div class="cnblogs_code">
<pre>yum install kubectl-1.13.1</pre>
</div>
<h2><span style="font-size: 14px">docker的配置</span></h2>
<p>配置私有仓库和镜像加速地址,私有仓库配置参见 https://www.cnblogs.com/woxpp/p/11871886.html</p>
<div class="cnblogs_code">
<pre>vi /etc/docker/daemon.json</pre>
</div>
<p> </p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">{
</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">registry-mirror</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">:[
</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">http://hub-mirror.c.163.com</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
],
</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">insecure-registries</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">:[
</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">192.168.50.24:5000</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
]
}</span></pre>
</div>
<p> </p>
<p><strong>启动docker</strong></p>
<div class="cnblogs_code">
<pre>systemctl daemon-<span style="color: rgba(0, 0, 0, 1)">reload
systemctl start docker <br></span>docker info</pre>
</div>
<p><strong>master 上初始化:kubeadm init </strong></p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">vi /etc/sysconfig/kubelet
</pre>
</div>
<div class="cnblogs_code">
<pre>KUBELET_EXTRA_ARGS=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">--fail-swap-on=false</span><span style="color: rgba(128, 0, 0, 1)">"</span></pre>
</div>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">kubeadm init \
</span>--apiserver-advertise-address=<span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span><span style="color: rgba(0, 0, 0, 1)"> \
</span>--image-repository registry.aliyuncs.com/<span style="color: rgba(0, 0, 0, 1)">google_containers \
</span>--kubernetes-version v1.<span style="color: rgba(128, 0, 128, 1)">13.1</span><span style="color: rgba(0, 0, 0, 1)"> \
</span>--pod-network-cidr=<span style="color: rgba(128, 0, 128, 1)">10.244</span>.<span style="color: rgba(128, 0, 128, 1)">0.0</span>/<span style="color: rgba(128, 0, 128, 1)">16</span></pre>
</div>
<p><strong>初始化命令说明:</strong></p>
<pre class="bash"><code class="hljs">--apiserver-advertise-address</code></pre>
<p>指明用 Master 的哪个 interface 与 Cluster 的其他节点通信。如果 Master 有多个 interface,建议明确指定,如果不指定,kubeadm 会自动选择有默认网关的 interface。</p>
<pre class="bash"><code class="hljs">--pod-network-cidr</code></pre>
<p>指定 Pod 网络的范围。Kubernetes 支持多种网络方案,而且不同网络方案对 --pod-network-cidr 有自己的要求,这里设置为 10.244.0.0/16 是因为我们将使用 flannel 网络方案,必须设置成这个 CIDR。</p>
<pre class="bash"><code class="hljs">--image-repository</code></pre>
<p>Kubenetes默认Registries地址是 k8s.gcr.io,在国内并不能访问 gcr.io,在1.13版本中我们可以增加–image-repository参数,默认值是 k8s.gcr.io,将其指定为阿里云镜像地址:registry.aliyuncs.com/google_containers。</p>
<pre><code class="hljs ini"><span class="hljs-attr">--kubernetes-version=v1.<span class="hljs-number">13.1 </span></span></code></pre>
<p>关闭版本探测,因为它的默认值是stable-1,会导致从https://dl.k8s.io/release/stable-1.txt下载最新的版本号,我们可以将其指定为固定版本(最新版:v1.13.1)来跳过网络请求。</p>
<p>初始化过程中</p>
<pre><span style="color: rgba(255, 0, 0, 1)"> You can also perform this action in beforehand using 'kubeadm config images pull' 是在下载镜像文件,过程比较慢。<br></span></pre>
<pre><span style="color: rgba(255, 0, 0, 1)"> Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
All control plane components are healthy after 24.002300 seconds 这个过程也比较慢 可以忽略</span></pre>
<pre><span style="color: rgba(255, 0, 0, 1)"> </span></pre>
<div class="cnblogs_code">
<pre> Using Kubernetes version: v1.<span style="color: rgba(128, 0, 128, 1)">13.1</span><span style="color: rgba(0, 0, 0, 1)">
Running pre</span>-<span style="color: rgba(0, 0, 0, 1)">flight checks
Pulling images required </span><span style="color: rgba(0, 0, 255, 1)">for</span><span style="color: rgba(0, 0, 0, 1)"> setting up a Kubernetes cluster
This might take a minute or two, depending on the speed of your internet connection
You can also perform </span><span style="color: rgba(0, 0, 255, 1)">this</span> action <span style="color: rgba(0, 0, 255, 1)">in</span> beforehand <span style="color: rgba(0, 0, 255, 1)">using</span> <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">kubeadm config images pull</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">
Writing kubelet environment file with flags to file <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/var/lib/kubelet/kubeadm-flags.env</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Writing kubelet configuration to file <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/var/lib/kubelet/config.yaml</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Activating the kubelet service
Using certificateDir folder </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/etc/kubernetes/pki</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">ca</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">apiserver-kubelet-client</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">apiserver</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
apiserver serving cert </span><span style="color: rgba(0, 0, 255, 1)">is</span> signed <span style="color: rgba(0, 0, 255, 1)">for</span> DNS names and IPs [<span style="color: rgba(128, 0, 128, 1)">10.96</span>.<span style="color: rgba(128, 0, 128, 1)">0.1</span> <span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span><span style="color: rgba(0, 0, 0, 1)">]
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">front-proxy-ca</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">front-proxy-client</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">etcd/ca</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">etcd/healthcheck-client</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">apiserver-etcd-client</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">etcd/server</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
etcd</span>/server serving cert <span style="color: rgba(0, 0, 255, 1)">is</span> signed <span style="color: rgba(0, 0, 255, 1)">for</span> DNS names and IPs [<span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span> <span style="color: rgba(128, 0, 128, 1)">127.0</span>.<span style="color: rgba(128, 0, 128, 1)">0.1</span> ::<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">]
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">etcd/peer</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> certificate and key
etcd</span>/peer serving cert <span style="color: rgba(0, 0, 255, 1)">is</span> signed <span style="color: rgba(0, 0, 255, 1)">for</span> DNS names and IPs [<span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span> <span style="color: rgba(128, 0, 128, 1)">127.0</span>.<span style="color: rgba(128, 0, 128, 1)">0.1</span> ::<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">]
Generating </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">sa</span><span style="color: rgba(128, 0, 0, 1)">"</span> key and <span style="color: rgba(0, 0, 255, 1)">public</span><span style="color: rgba(0, 0, 0, 1)"> key
Using kubeconfig folder </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/etc/kubernetes</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Writing </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">admin.conf</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> kubeconfig file
Writing </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubelet.conf</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> kubeconfig file
Writing </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">controller-manager.conf</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> kubeconfig file
Writing </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">scheduler.conf</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> kubeconfig file
Using manifest folder <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/etc/kubernetes/manifests</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Creating <span style="color: rgba(0, 0, 255, 1)">static</span> Pod manifest <span style="color: rgba(0, 0, 255, 1)">for</span> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kube-apiserver</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Creating <span style="color: rgba(0, 0, 255, 1)">static</span> Pod manifest <span style="color: rgba(0, 0, 255, 1)">for</span> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kube-controller-manager</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Creating <span style="color: rgba(0, 0, 255, 1)">static</span> Pod manifest <span style="color: rgba(0, 0, 255, 1)">for</span> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kube-scheduler</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Creating </span><span style="color: rgba(0, 0, 255, 1)">static</span> Pod manifest <span style="color: rgba(0, 0, 255, 1)">for</span> local etcd <span style="color: rgba(0, 0, 255, 1)">in</span> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/etc/kubernetes/manifests</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Waiting <span style="color: rgba(0, 0, 255, 1)">for</span> the kubelet to boot up the control plane <span style="color: rgba(0, 0, 255, 1)">as</span> <span style="color: rgba(0, 0, 255, 1)">static</span> Pods <span style="color: rgba(0, 0, 255, 1)">from</span> directory <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/etc/kubernetes/manifests</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">. This can take up to 4m0s
All control plane components are healthy after </span><span style="color: rgba(128, 0, 128, 1)">24.002300</span><span style="color: rgba(0, 0, 0, 1)"> seconds
storing the configuration used </span><span style="color: rgba(0, 0, 255, 1)">in</span> ConfigMap <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubeadm-config</span><span style="color: rgba(128, 0, 0, 1)">"</span> <span style="color: rgba(0, 0, 255, 1)">in</span> the <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kube-system</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> Namespace
Creating a ConfigMap </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubelet-config-1.13</span><span style="color: rgba(128, 0, 0, 1)">"</span> <span style="color: rgba(0, 0, 255, 1)">in</span> <span style="color: rgba(0, 0, 255, 1)">namespace</span> kube-system with the configuration <span style="color: rgba(0, 0, 255, 1)">for</span> the kubelets <span style="color: rgba(0, 0, 255, 1)">in</span><span style="color: rgba(0, 0, 0, 1)"> the cluster
Uploading the CRI Socket information </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/var/run/dockershim.sock</span><span style="color: rgba(128, 0, 0, 1)">"</span> to the Node API <span style="color: rgba(0, 0, 255, 1)">object</span> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">k8s-master</span><span style="color: rgba(128, 0, 0, 1)">"</span> <span style="color: rgba(0, 0, 255, 1)">as</span><span style="color: rgba(0, 0, 0, 1)"> an annotation
Marking the node k8s-master <span style="color: rgba(0, 0, 255, 1)">as</span> control-plane by adding the label <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">node-role.kubernetes.io/master=''</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Marking the node k8s-master <span style="color: rgba(0, 0, 255, 1)">as</span> control-plane by adding the taints
Using token: 7ax0k4.nxpjjifrqnbrpojv
Configuring bootstrap tokens, cluster-<span style="color: rgba(0, 0, 0, 1)">info ConfigMap, RBAC Roles
configured RBAC rules to allow Node Bootstrap tokens to post CSRs </span><span style="color: rgba(0, 0, 255, 1)">in</span> order <span style="color: rgba(0, 0, 255, 1)">for</span> nodes to <span style="color: rgba(0, 0, 255, 1)">get</span> <span style="color: rgba(0, 0, 255, 1)">long</span><span style="color: rgba(0, 0, 0, 1)"> term certificate credentials
configured RBAC rules to allow the csrapprover controller automatically approve CSRs </span><span style="color: rgba(0, 0, 255, 1)">from</span><span style="color: rgba(0, 0, 0, 1)"> a Node Bootstrap Token
configured RBAC rules to allow certificate rotation </span><span style="color: rgba(0, 0, 255, 1)">for</span> all node client certificates <span style="color: rgba(0, 0, 255, 1)">in</span><span style="color: rgba(0, 0, 0, 1)"> the cluster
creating the </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">cluster-info</span><span style="color: rgba(128, 0, 0, 1)">"</span> ConfigMap <span style="color: rgba(0, 0, 255, 1)">in</span> the <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kube-public</span><span style="color: rgba(128, 0, 0, 1)">"</span> <span style="color: rgba(0, 0, 255, 1)">namespace</span><span style="color: rgba(0, 0, 0, 1)">
Applied essential addon: CoreDNS
Applied essential addon: kube</span>-<span style="color: rgba(0, 0, 0, 1)">proxy
Your Kubernetes master has initialized successfully</span>!<span style="color: rgba(0, 0, 0, 1)">
To start </span><span style="color: rgba(0, 0, 255, 1)">using</span> your cluster, you need to run the following <span style="color: rgba(0, 0, 255, 1)">as</span><span style="color: rgba(0, 0, 0, 1)"> a regular user:
mkdir </span>-p $HOME/<span style="color: rgba(0, 0, 0, 1)">.kube
sudo cp </span>-i /etc/kubernetes/admin.conf $HOME/.kube/<span style="color: rgba(0, 0, 0, 1)">config
sudo chown $(id </span>-u):$(id -g) $HOME/.kube/<span style="color: rgba(0, 0, 0, 1)">config
You should now deploy a pod network to the cluster.
Run </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubectl apply -f .yaml</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> with one of the options listed at:
https:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">kubernetes.io/docs/concepts/cluster-administration/addons/</span>
<span style="color: rgba(0, 0, 0, 1)">
You can now join any number of machines by running the following on each node
</span><span style="color: rgba(0, 0, 255, 1)">as</span><span style="color: rgba(0, 0, 0, 1)"> root:
kubeadm join </span><span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span>:<span style="color: rgba(128, 0, 128, 1)">6443</span> --token 7ax0k4.nxpjjifrqnbrpojv --discovery-token-ca-cert-hash sha256:95942f10859a71879c316e75498de02a8b627725c37dee33f74cd040e1cd9d6b</pre>
</div>
<p>初始化过程说明:</p>
<p>1) kubeadm 执行初始化前的检查。<br>2) 生成kubelet的配置文件”/var/lib/kubelet/config.yaml”<br>3) 生成相关的各种token和证书<br>4) 生成 KubeConfig 文件,kubelet 需要这个文件与 Master 通信<br>5) 安装 Master 组件,会从指定的 Registry 下载组件的 Docker 镜像。<br>6) 生成token记录下来,后边使用kubeadm join往集群中添加节点时会用到<br>7) 安装附加组件 kube-proxy 和 kube-dns。<br>8) Kubernetes Master 初始化成功,提示如何配置常规用户使用kubectl访问集群。<br>9) 提示如何安装 Pod 网络。<br>10) 提示如何注册其他节点到 Cluster。</p>
<p> </p>
<p><span style="color: rgba(255, 0, 0, 1)">异常情况:</span></p>
<div class="cnblogs_code">
<pre> : docker service <span style="color: rgba(0, 0, 255, 1)">is</span> not enabled, please run <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">systemctl enable docker.service</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">
: running with swap on </span><span style="color: rgba(0, 0, 255, 1)">is</span><span style="color: rgba(0, 0, 0, 1)"> not supported. Please disable swap
: hostname </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">k8s-master</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> could not be reached
: hostname </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">k8s-master</span><span style="color: rgba(128, 0, 0, 1)">"</span>: lookup k8s-master on <span style="color: rgba(128, 0, 128, 1)">114.114</span>.<span style="color: rgba(128, 0, 128, 1)">114.114</span>:<span style="color: rgba(128, 0, 128, 1)">53</span><span style="color: rgba(0, 0, 0, 1)">: no such host
: kubelet service <span style="color: rgba(0, 0, 255, 1)">is</span> not enabled, please run <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">systemctl enable kubelet.service</span><span style="color: rgba(128, 0, 0, 1)">'</span></pre>
</div>
<p><strong>运行</strong></p>
<div class="cnblogs_code">
<pre>systemctl enable docker.service</pre>
</div>
<div class="cnblogs_code">
<pre>systemctl enable kubelet.service</pre>
</div>
<p><strong>会提示以下错误</strong></p>
<div class="cnblogs_code">
<pre>: hostname <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">k8s-master</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> could not be reached
: hostname </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">k8s-master</span><span style="color: rgba(128, 0, 0, 1)">"</span>: lookup k8s-master on <span style="color: rgba(128, 0, 128, 1)">114.114</span>.<span style="color: rgba(128, 0, 128, 1)">114.114</span>:<span style="color: rgba(128, 0, 128, 1)">53</span><span style="color: rgba(0, 0, 0, 1)">: no such host
error execution phase preflight: Some fatal errors occurred:</span></pre>
</div>
<p><strong>配置host</strong></p>
<div class="cnblogs_code">
<p>cat >> /etc/hosts << EOF<br>192.168.50.21 k8s-master<br>192.168.50.22 k8s-node01<br>192.168.50.23 k8s-node02<br>EOF</p>
</div>
<p><strong>再次运行初始化命令会出现</strong></p>
<div class="cnblogs_code">
<pre>: the number of available CPUs <span style="color: rgba(128, 0, 128, 1)">1</span> <span style="color: rgba(0, 0, 255, 1)">is</span> less than the required <span style="color: rgba(128, 0, 128, 1)">2 --设置虚拟机CPU个数大于2</span><span style="color: rgba(0, 0, 0, 1)">
: /proc/sys/net/bridge/bridge-nf-call-iptables contents are not <span style="color: rgba(0, 0, 255, 1)">set</span> to <span style="color: rgba(128, 0, 128, 1)">1</span></pre>
</div>
<div class="cnblogs_code">
<pre data-spm-anchor-id="a2c4e.11153940.0.i0.1b9e5aa9VoW81r"><code class="shell hljs bash"><span class="hljs-built_in">echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
<span class="hljs-built_in">echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables</span></span></code></pre>
</div>
<p><strong>设置好虚拟机CPU个数,重启后再次运行:</strong></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">kubeadm init \
</span>--apiserver-advertise-address=<span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span><span style="color: rgba(0, 0, 0, 1)"> \
</span>--image-repository registry.aliyuncs.com/<span style="color: rgba(0, 0, 0, 1)">google_containers \
</span>--kubernetes-version v1.<span style="color: rgba(128, 0, 128, 1)">13.1</span><span style="color: rgba(0, 0, 0, 1)"> \
</span>--pod-network-cidr=<span style="color: rgba(128, 0, 128, 1)">10.244</span>.<span style="color: rgba(128, 0, 128, 1)">0.0</span>/<span style="color: rgba(128, 0, 128, 1)">16</span></pre>
</div>
<p> </p>
<div class="cnblogs_code">
<pre> Using Kubernetes version: v1.<span style="color: rgba(128, 0, 128, 1)">13.1</span><span style="color: rgba(0, 0, 0, 1)">
Running pre</span>-<span style="color: rgba(0, 0, 0, 1)">flight checks
Pulling images required </span><span style="color: rgba(0, 0, 255, 1)">for</span><span style="color: rgba(0, 0, 0, 1)"> setting up a Kubernetes cluster
This might take a minute or two, depending on the speed of your internet connection
You can also perform </span><span style="color: rgba(0, 0, 255, 1)">this</span> action <span style="color: rgba(0, 0, 255, 1)">in</span> beforehand <span style="color: rgba(0, 0, 255, 1)">using</span> <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">kubeadm config images pull</span></pre>
</div>
<p><strong>解决办法:docker.io仓库对google的容器做了镜像,可以通过下列命令下拉取相关镜像</strong></p>
<p><strong>先看下需要用到哪些</strong></p>
<div class="cnblogs_code">
<pre>kubeadm config images list</pre>
</div>
<p><strong>配置yum源</strong></p>
<div class="cnblogs_code">
<pre># vi kubeadm-config.yaml</pre>
</div>
<div class="cnblogs_code">
<pre>apiVersion: kubeadm.k8s.io/<span style="color: rgba(0, 0, 0, 1)">v1beta1
kind: ClusterConfiguration
kubernetesVersion: v1.</span><span style="color: rgba(128, 0, 128, 1)">13.1</span><span style="color: rgba(0, 0, 0, 1)">
imageRepository: registry.</span>aliyuncs.com/<span style="color: rgba(0, 0, 0, 1)">google_containers
apiServer:
certSANs:
</span>- <span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span><span style="color: rgba(0, 0, 0, 1)">
controlPlaneEndpoint: </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">192.168.50.20:16443</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
networking:
# This CIDR </span><span style="color: rgba(0, 0, 255, 1)">is</span> a Calico <span style="color: rgba(0, 0, 255, 1)">default</span>. Substitute or remove <span style="color: rgba(0, 0, 255, 1)">for</span><span style="color: rgba(0, 0, 0, 1)"> your CNI provider.
podSubnet: </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">172.168.0.0/16</span><span style="color: rgba(128, 0, 0, 1)">"</span></pre>
</div>
<div class="cnblogs_code">
<pre> kubeadm config images pull --config /opt/kubeadm-config.yaml</pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117153439259-891551174.png"></p>
<p><strong>初始化master</strong></p>
<div class="cnblogs_code">
<pre>kubeadm init --config=kubeadm-config.yaml--upload-certs</pre>
</div>
<p> </p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">xecution phase preflight: Some fatal errors occurred:
: /etc/kubernetes/manifests/kube-<span style="color: rgba(0, 0, 0, 1)">apiserver.yaml already exists
: /etc/kubernetes/manifests/kube-controller-<span style="color: rgba(0, 0, 0, 1)">manager.yaml already exists
: /etc/kubernetes/manifests/kube-<span style="color: rgba(0, 0, 0, 1)">scheduler.yaml already exists
: /etc/kubernetes/manifests/<span style="color: rgba(0, 0, 0, 1)">etcd.yaml already exists
: Port <span style="color: rgba(128, 0, 128, 1)">10250</span> <span style="color: rgba(0, 0, 255, 1)">is</span> <span style="color: rgba(0, 0, 255, 1)">in</span> use</pre>
</div>
<p><br>k<strong>ubeadm会自动检查当前环境是否有上次命令执行的“残留”。如果有,必须清理后再行执行init。我们可以通过”kubeadm reset”来清理环境,以备重来。</strong></p>
<div class="cnblogs_code">
<pre> Waiting <span style="color: rgba(0, 0, 255, 1)">for</span> the kubelet to boot up the control plane <span style="color: rgba(0, 0, 255, 1)">as</span> <span style="color: rgba(0, 0, 255, 1)">static</span> Pods <span style="color: rgba(0, 0, 255, 1)">from</span> directory <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/etc/kubernetes/manifests</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">. This can take up to 4m0s
Initial timeout of 40s passed.</pre>
</div>
<p>==原因==</p>
<p>这是因为kubelet没启动</p>
<p>==解决==</p>
<p>systemctl restart kubelet</p>
<p>如果启动不了kubelet</p>
<div class="cnblogs_code">
<pre>kubelet.service - kubelet: The Kubernetes Node Agent</pre>
</div>
<p> </p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117154814657-1743243357.png"></p>
<p>则可能是swap交换分区还开启的原因<br>-关闭swap</p>
<div class="cnblogs_code">
<pre>swapoff -a</pre>
</div>
<p>-配置kubelet</p>
<div class="cnblogs_code">
<pre>vi /etc/sysconfig/<span style="color: rgba(0, 0, 0, 1)">kubelet
KUBELET_EXTRA_ARGS</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">--fail-swap-on=false</span><span style="color: rgba(128, 0, 0, 1)">"</span></pre>
</div>
<p> 再次运行</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">kubeadm init \
</span>--apiserver-advertise-address=<span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span><span style="color: rgba(0, 0, 0, 1)"> \
</span>--image-repository registry.aliyuncs.com/<span style="color: rgba(0, 0, 0, 1)">google_containers \
</span>--kubernetes-version v1.<span style="color: rgba(128, 0, 128, 1)">13.1</span><span style="color: rgba(0, 0, 0, 1)"> \
</span>--pod-network-cidr=<span style="color: rgba(128, 0, 128, 1)">10.244</span>.<span style="color: rgba(128, 0, 128, 1)">0.0</span>/<span style="color: rgba(128, 0, 128, 1)">16</span></pre>
</div>
<p> </p>
<p> </p>
<h2 id="配置-kubectl">配置 kubectl</h2>
<p>kubectl 是管理 Kubernetes Cluster 的命令行工具,前面我们已经在所有的节点安装了 kubectl。Master 初始化完成后需要做一些配置工作,然后 kubectl 就能使用了。<br>依照 kubeadm init 输出的最后提示,推荐用 Linux 普通用户执行 kubectl。</p>
<ul>
<li>创建普通用户centos</li>
</ul>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">#创建普通用户并设置密码123456
useradd centos </span>&& echo <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">centos:123456</span><span style="color: rgba(128, 0, 0, 1)">"</span> |<span style="color: rgba(0, 0, 0, 1)"> chpasswd centos
#追加sudo权限,并配置sudo免密
sed </span>-i <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">/^root/a\centosALL=(ALL) NOPASSWD:ALL</span><span style="color: rgba(128, 0, 0, 1)">'</span> /etc/<span style="color: rgba(0, 0, 0, 1)">sudoers
#保存集群安全配置文件到当前用户.kube目录
su </span>-<span style="color: rgba(0, 0, 0, 1)"> centos
mkdir </span>-p $HOME/<span style="color: rgba(0, 0, 0, 1)">.kube
sudo cp </span>-i /etc/kubernetes/admin.conf $HOME/.kube/<span style="color: rgba(0, 0, 0, 1)">config
sudo chown $(id </span>-u):$(id -g) $HOME/.kube/<span style="color: rgba(0, 0, 0, 1)">config
#启用 kubectl 命令自动补全功能(注销重新登录生效)
echo </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">source <(kubectl completion bash)</span><span style="color: rgba(128, 0, 0, 1)">"</span> >> ~/.bashrc</pre>
</div>
<p>需要这些配置命令的原因是:Kubernetes 集群默认需要加密方式访问。所以,这几条命令,就是将刚刚部署生成的 Kubernetes 集群的安全配置文件,保存到当前用户的.kube 目录下,kubectl 默认会使用这个目录下的授权信息访问 Kubernetes 集群。<br>如果不这么做的话,我们每次都需要通过 export KUBECONFIG 环境变量告诉 kubectl 这个安全配置文件的位置。<br>配置完成后centos用户就可以使用 kubectl 命令管理集群了。</p>
<p>查看集群状态:</p>
<p>kubectl get cs</p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117170436395-764170430.png"></p>
<p> </p>
<p> </p>
<p> </p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117170602677-571190357.png"></p>
<p> </p>
<p> </p>
<p> 部署网络插件</p>
<div class="cnblogs_code">
<pre>kubectl apply -f https:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml</span></pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117170722717-1727191576.png"></p>
<p> </p>
<p>kubectl get 重新检查 Pod 的状态</p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191117170748717-1773195017.png"></p>
<p> </p>
<p> </p>
<h2 id="部署worker节点">部署worker节点</h2>
<p> 在master机器保存生成号的镜像文件</p>
<div class="cnblogs_code">
<pre>docker save -o master.tar registry.aliyuncs.com/google_containers/kube-proxy:v1.<span style="color: rgba(128, 0, 128, 1)">13.1</span> registry.aliyuncs.com/google_containers/kube-apiserver:v1.<span style="color: rgba(128, 0, 128, 1)">13.1</span> registry.aliyuncs.com/google_containers/kube-controller-manager:v1.<span style="color: rgba(128, 0, 128, 1)">13.1</span> registry.aliyuncs.com/google_containers/kube-scheduler:v1.<span style="color: rgba(128, 0, 128, 1)">13.1</span>registry.aliyuncs.com/google_containers/coredns:<span style="color: rgba(128, 0, 128, 1)">1.2</span>.<span style="color: rgba(128, 0, 128, 1)">6</span>registry.aliyuncs.com/google_containers/etcd:<span style="color: rgba(128, 0, 128, 1)">3.2</span>.<span style="color: rgba(128, 0, 128, 1)">24</span> registry.aliyuncs.com/google_containers/pause:<span style="color: rgba(128, 0, 128, 1)">3.1</span></pre>
</div>
<p>注意对应的版本号</p>
<p>将master上保存的镜像同步到节点上</p>
<div class="cnblogs_code">
<pre>scp master.tar node01:/root/
scp master.tar node02:/root/</pre>
</div>
<p>将镜像导入本地,node01,node02</p>
<div class="cnblogs_code">
<pre> docker load< master.tar</pre>
</div>
<p>配置host,node01,node02</p>
<div class="cnblogs_code">
<p>cat >> /etc/hosts << EOF<br>192.168.50.21 k8s-master<br>192.168.50.22 k8s-node01<br>192.168.50.23 k8s-node02<br>EOF</p>
</div>
<p>配置iptables,node01,node02</p>
<div class="cnblogs_code">
<pre>echo <span style="color: rgba(128, 0, 128, 1)">1</span> > /proc/sys/net/bridge/bridge-nf-call-<span style="color: rgba(0, 0, 0, 1)">iptables
echo </span><span style="color: rgba(128, 0, 128, 1)">1</span> > /proc/sys/net/bridge/bridge-nf-call-ip6tables</pre>
</div>
<p>-关闭swap,node01,node02</p>
<div class="cnblogs_code">
<pre>swapoff -a</pre>
</div>
<p>-配置kubelet,node01,node02</p>
<div class="cnblogs_code">
<pre>vi /etc/sysconfig/<span>kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"</span> </pre>
</div>
<div class="cnblogs_code">
<pre>systemctl enable docker.service</pre>
</div>
<div class="cnblogs_code">
<pre>systemctl enable kubelet.service</pre>
</div>
<p>启动docker,node01,node02</p>
<div class="cnblogs_code">
<pre>service docker strat</pre>
</div>
<p>部署网络插件,node01,node02</p>
<div class="cnblogs_code">
<pre>kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml</pre>
</div>
<p>获取join指令,master</p>
<div class="cnblogs_code">
<pre>kubeadm token create --print-join-command</pre>
</div>
<div class="cnblogs_code">
<pre>kubeadm token create --print-join-<span style="color: rgba(0, 0, 0, 1)">command
kubeadm join </span><span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span>:<span style="color: rgba(128, 0, 128, 1)">6443</span> --token n9g4nq.kf8ppgpgb3biz0n5 --discovery-token-ca-cert-hash sha256:95942f10859a71879c316e75498de02a8b627725c37dee33f74cd040e1cd9d6b</pre>
</div>
<p> </p>
<p>在子节点运行指令 ,node01,node02</p>
<div class="cnblogs_code">
<pre>kubeadm join <span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">50.21</span>:<span style="color: rgba(128, 0, 128, 1)">6443</span> --token n9g4nq.kf8ppgpgb3biz0n5 --discovery-token-ca-cert-<span style="color: rgba(0, 0, 0, 1)">hash sha256:95942f10859a71879c316e75498de02a8b627725c37dee33f74cd040e1cd9d6b
Running pre</span>-<span style="color: rgba(0, 0, 0, 1)">flight checks
Trying to connect to API Server </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">192.168.50.21:6443</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Created cluster</span>-info discovery client, requesting info <span style="color: rgba(0, 0, 255, 1)">from</span> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">https://192.168.50.21:6443</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Requesting info </span><span style="color: rgba(0, 0, 255, 1)">from</span> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">https://192.168.50.21:6443</span><span style="color: rgba(128, 0, 0, 1)">"</span> again to validate TLS against the pinned <span style="color: rgba(0, 0, 255, 1)">public</span><span style="color: rgba(0, 0, 0, 1)"> key
Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">192.168.50.21:6443</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Successfully established connection with API Server </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">192.168.50.21:6443</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Reading configuration </span><span style="color: rgba(0, 0, 255, 1)">from</span><span style="color: rgba(0, 0, 0, 1)"> the cluster...
FYI: You can look at </span><span style="color: rgba(0, 0, 255, 1)">this</span> config file with <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">kubectl -n kube-system get cm kubeadm-config -oyaml</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">
WARNING: unable to stop the kubelet service momentarily:
Downloading configuration </span><span style="color: rgba(0, 0, 255, 1)">for</span> the kubelet <span style="color: rgba(0, 0, 255, 1)">from</span> the <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubelet-config-1.13</span><span style="color: rgba(128, 0, 0, 1)">"</span> ConfigMap <span style="color: rgba(0, 0, 255, 1)">in</span> the kube-system <span style="color: rgba(0, 0, 255, 1)">namespace</span><span style="color: rgba(0, 0, 0, 1)">
Writing kubelet configuration to file <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/var/lib/kubelet/config.yaml</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Writing kubelet environment file with flags to file <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/var/lib/kubelet/kubeadm-flags.env</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Activating the kubelet service
Waiting </span><span style="color: rgba(0, 0, 255, 1)">for</span><span style="color: rgba(0, 0, 0, 1)"> the kubelet to perform the TLS Bootstrap...
Uploading the CRI Socket information </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">/var/run/dockershim.sock</span><span style="color: rgba(128, 0, 0, 1)">"</span> to the Node API <span style="color: rgba(0, 0, 255, 1)">object</span> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">k8s-node01</span><span style="color: rgba(128, 0, 0, 1)">"</span> <span style="color: rgba(0, 0, 255, 1)">as</span><span style="color: rgba(0, 0, 0, 1)"> an annotation
This node has joined the cluster:
</span>*<span style="color: rgba(0, 0, 0, 1)"> Certificate signing request was sent to apiserver and a response was received.
</span>* The Kubelet was informed of the <span style="color: rgba(0, 0, 255, 1)">new</span><span style="color: rgba(0, 0, 0, 1)"> secure connection details.
Run </span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">kubectl get nodes</span><span style="color: rgba(128, 0, 0, 1)">'</span> on the master to see <span style="color: rgba(0, 0, 255, 1)">this</span> node join the cluster.</pre>
</div>
<p>在master上查看节点状态</p>
<div class="cnblogs_code">
<pre>kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> nodes</pre>
</div>
<p> </p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118094401937-281646431.png"></p>
<p> 这种状态是错误的 ,只有一台联机正确</p>
<p>查看node01,和node02发现 node01有些进程没有完全启动</p>
<p>删除node01所有运行的容器,node01</p>
<div class="cnblogs_code">
<pre>docker stop $(docker ps -q) & docker rm $(docker ps -aq)</pre>
</div>
<p>重置 kubeadm ,node01</p>
<div class="cnblogs_code">
<pre>kubeadm reset</pre>
</div>
<p>获取join指令,master</p>
<div class="cnblogs_code">
<pre>kubeadm token create --print-join-command</pre>
</div>
<p>再次在node01上运行join</p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118100842382-1377946367.png"></p>
<p> </p>
<p> </p>
<p> </p>
<p>查看node01镜像运行状态</p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118101005720-1338173325.png"></p>
<p> </p>
<p>查看master状态</p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118101026300-1476887468.png"></p>
<p> </p>
<p>nodes状态全部为ready,由于每个节点都需要启动若干组件,如果node节点的状态是 NotReady,可以查看所有节点pod状态,确保所有pod成功拉取到镜像并处于running状态:</p>
<div class="cnblogs_code">
<pre>kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> pod --all-namespaces -o wide</pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118101251489-1025836717.png"></p>
<p> </p>
<h2>配置kubernetes UI图形化界面</h2>
<p>创建kubernetes-dashboard.yaml</p>
<div class="cnblogs_code">
<pre># Copyright <span style="color: rgba(128, 0, 128, 1)">2017</span><span style="color: rgba(0, 0, 0, 1)"> The Kubernetes Authors.
#
# Licensed under the Apache License, Version </span><span style="color: rgba(128, 0, 128, 1)">2.0</span> (the <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">License</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">);
# you may not use </span><span style="color: rgba(0, 0, 255, 1)">this</span> file except <span style="color: rgba(0, 0, 255, 1)">in</span><span style="color: rgba(0, 0, 0, 1)"> compliance with the License.
# You may obtain a copy of the License at
#
# http:</span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">www.apache.org/licenses/LICENSE-2.0</span>
<span style="color: rgba(0, 0, 0, 1)">#
# Unless required by applicable law or agreed to </span><span style="color: rgba(0, 0, 255, 1)">in</span><span style="color: rgba(0, 0, 0, 1)"> writing, software
# distributed under the License </span><span style="color: rgba(0, 0, 255, 1)">is</span> distributed on an <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">AS IS</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License </span><span style="color: rgba(0, 0, 255, 1)">for</span><span style="color: rgba(0, 0, 0, 1)"> the specific language governing permissions and
# limitations under the License.
# </span>------------------- Dashboard Secret -------------------<span style="color: rgba(0, 0, 0, 1)"> #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s</span>-app: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
name: kubernetes</span>-dashboard-<span style="color: rgba(0, 0, 0, 1)">certs
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kube-<span style="color: rgba(0, 0, 0, 1)">system
type: Opaque
</span>---<span style="color: rgba(0, 0, 0, 1)">
# </span>------------------- Dashboard Service Account -------------------<span style="color: rgba(0, 0, 0, 1)"> #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s</span>-app: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
name: kubernetes</span>-<span style="color: rgba(0, 0, 0, 1)">dashboard
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kube-<span style="color: rgba(0, 0, 0, 1)">system
</span>---<span style="color: rgba(0, 0, 0, 1)">
# </span>------------------- Dashboard Role & Role Binding -------------------<span style="color: rgba(0, 0, 0, 1)"> #
kind: Role
apiVersion: rbac.authorization.k8s.io</span>/<span style="color: rgba(0, 0, 0, 1)">v1
metadata:
name: kubernetes</span>-dashboard-<span style="color: rgba(0, 0, 0, 1)">minimal
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kube-<span style="color: rgba(0, 0, 0, 1)">system
rules:
# Allow Dashboard to create </span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard-key-holder</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)"> secret.
</span>- apiGroups: [<span style="color: rgba(128, 0, 0, 1)">""</span><span style="color: rgba(0, 0, 0, 1)">]
resources: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">secrets</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
verbs: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">create</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
# Allow Dashboard to create </span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard-settings</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)"> config map.
</span>- apiGroups: [<span style="color: rgba(128, 0, 0, 1)">""</span><span style="color: rgba(0, 0, 0, 1)">]
resources: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">configmaps</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
verbs: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">create</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
# Allow Dashboard to </span><span style="color: rgba(0, 0, 255, 1)">get</span><span style="color: rgba(0, 0, 0, 1)">, update and delete Dashboard exclusive secrets.
</span>- apiGroups: [<span style="color: rgba(128, 0, 0, 1)">""</span><span style="color: rgba(0, 0, 0, 1)">]
resources: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">secrets</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
resourceNames: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard-key-holder</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard-certs</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
verbs: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">get</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">update</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">delete</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
# Allow Dashboard to </span><span style="color: rgba(0, 0, 255, 1)">get</span> and update <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard-settings</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)"> config map.
</span>- apiGroups: [<span style="color: rgba(128, 0, 0, 1)">""</span><span style="color: rgba(0, 0, 0, 1)">]
resources: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">configmaps</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
resourceNames: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard-settings</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
verbs: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">get</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">update</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
# Allow Dashboard to </span><span style="color: rgba(0, 0, 255, 1)">get</span> metrics <span style="color: rgba(0, 0, 255, 1)">from</span><span style="color: rgba(0, 0, 0, 1)"> heapster.
</span>- apiGroups: [<span style="color: rgba(128, 0, 0, 1)">""</span><span style="color: rgba(0, 0, 0, 1)">]
resources: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">services</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
resourceNames: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">heapster</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
verbs: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">proxy</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
</span>- apiGroups: [<span style="color: rgba(128, 0, 0, 1)">""</span><span style="color: rgba(0, 0, 0, 1)">]
resources: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">services/proxy</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
resourceNames: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">heapster</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">http:heapster:</span><span style="color: rgba(128, 0, 0, 1)">"</span>, <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">https:heapster:</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
verbs: [</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">get</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">]
</span>---<span style="color: rgba(0, 0, 0, 1)">
apiVersion: rbac.authorization.k8s.io</span>/<span style="color: rgba(0, 0, 0, 1)">v1
kind: RoleBinding
metadata:
name: kubernetes</span>-dashboard-<span style="color: rgba(0, 0, 0, 1)">minimal
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kube-<span style="color: rgba(0, 0, 0, 1)">system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes</span>-dashboard-<span style="color: rgba(0, 0, 0, 1)">minimal
subjects:
</span>-<span style="color: rgba(0, 0, 0, 1)"> kind: ServiceAccount
name: kubernetes</span>-<span style="color: rgba(0, 0, 0, 1)">dashboard
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kube-<span style="color: rgba(0, 0, 0, 1)">system
</span>---<span style="color: rgba(0, 0, 0, 1)">
# </span>------------------- Dashboard Deployment -------------------<span style="color: rgba(0, 0, 0, 1)"> #
kind: Deployment
apiVersion: apps</span>/<span style="color: rgba(0, 0, 0, 1)">v1
metadata:
labels:
k8s</span>-app: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
name: kubernetes</span>-<span style="color: rgba(0, 0, 0, 1)">dashboard
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kube-<span style="color: rgba(0, 0, 0, 1)">system
spec:
replicas: </span><span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
revisionHistoryLimit: </span><span style="color: rgba(128, 0, 128, 1)">10</span><span style="color: rgba(0, 0, 0, 1)">
selector:
matchLabels:
k8s</span>-app: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
template:
metadata:
labels:
k8s</span>-app: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
spec:
containers:
</span>- name: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
image: registry.cn</span>-hangzhou.aliyuncs.com/rsqlh/kubernetes-dashboard:v1.<span style="color: rgba(128, 0, 128, 1)">10.1</span><span style="color: rgba(0, 0, 0, 1)">
imagePullPolicy: IfNotPresent
ports:
</span>- containerPort: <span style="color: rgba(128, 0, 128, 1)">8443</span><span style="color: rgba(0, 0, 0, 1)">
protocol: TCP
args:
</span>- --auto-generate-<span style="color: rgba(0, 0, 0, 1)">certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only </span><span style="color: rgba(0, 0, 255, 1)">if</span> the <span style="color: rgba(0, 0, 255, 1)">default</span><span style="color: rgba(0, 0, 0, 1)"> does not work.
# </span>- --apiserver-host=http:<span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">my-address:port</span>
<span style="color: rgba(0, 0, 0, 1)"> volumeMounts:
</span>- name: kubernetes-dashboard-<span style="color: rgba(0, 0, 0, 1)">certs
mountPath: </span>/<span style="color: rgba(0, 0, 0, 1)">certs
# Create on</span>-<span style="color: rgba(0, 0, 0, 1)">disk volume to store exec logs
</span>- mountPath: /<span style="color: rgba(0, 0, 0, 1)">tmp
name: tmp</span>-<span style="color: rgba(0, 0, 0, 1)">volume
livenessProbe:
httpGet:
scheme: HTTPS
path: </span>/<span style="color: rgba(0, 0, 0, 1)">
port: </span><span style="color: rgba(128, 0, 128, 1)">8443</span><span style="color: rgba(0, 0, 0, 1)">
initialDelaySeconds: </span><span style="color: rgba(128, 0, 128, 1)">30</span><span style="color: rgba(0, 0, 0, 1)">
timeoutSeconds: </span><span style="color: rgba(128, 0, 128, 1)">30</span><span style="color: rgba(0, 0, 0, 1)">
volumes:
</span>- name: kubernetes-dashboard-<span style="color: rgba(0, 0, 0, 1)">certs
secret:
secretName: kubernetes</span>-dashboard-<span style="color: rgba(0, 0, 0, 1)">certs
</span>- name: tmp-<span style="color: rgba(0, 0, 0, 1)">volume
emptyDir: {}
serviceAccountName: kubernetes</span>-<span style="color: rgba(0, 0, 0, 1)">dashboard
# Comment the following tolerations </span><span style="color: rgba(0, 0, 255, 1)">if</span><span style="color: rgba(0, 0, 0, 1)"> Dashboard must not be deployed on master
tolerations:
</span>- key: node-role.kubernetes.io/<span style="color: rgba(0, 0, 0, 1)">master
effect: NoSchedule
</span>---<span style="color: rgba(0, 0, 0, 1)">
# </span>------------------- Dashboard Service -------------------<span style="color: rgba(0, 0, 0, 1)"> #
kind: Service
apiVersion: v1
metadata:
labels:
k8s</span>-app: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
name: kubernetes</span>-<span style="color: rgba(0, 0, 0, 1)">dashboard
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kube-<span style="color: rgba(0, 0, 0, 1)">system
spec:
type: NodePort
ports:
</span>- port: 443<span style="color: rgba(0, 0, 0, 1)">
targetPort: 8443</span><span style="color: rgba(0, 0, 0, 1)">
nodePort: 30000</span><span style="color: rgba(0, 0, 0, 1)">
selector:
k8s</span>-app: kubernetes-dashboard</pre>
</div>
<p> </p>
<p>执行以下命令创建kubernetes-dashboard:</p>
<div class="cnblogs_code">
<pre>kubectl create -f kubernetes-dashboard.yaml</pre>
</div>
<p>如果出现</p>
<div class="cnblogs_code">
<pre>Error <span style="color: rgba(0, 0, 255, 1)">from</span> server (AlreadyExists): error when creating <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard.yaml</span><span style="color: rgba(128, 0, 0, 1)">"</span>: secrets <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard-certs</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> already exists
Error </span><span style="color: rgba(0, 0, 255, 1)">from</span> server (AlreadyExists): error when creating <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard.yaml</span><span style="color: rgba(128, 0, 0, 1)">"</span>: serviceaccounts <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> already exists
Error </span><span style="color: rgba(0, 0, 255, 1)">from</span> server (AlreadyExists): error when creating <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard.yaml</span><span style="color: rgba(128, 0, 0, 1)">"</span>: roles.rbac.authorization.k8s.io <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard-minimal</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> already exists
Error </span><span style="color: rgba(0, 0, 255, 1)">from</span> server (AlreadyExists): error when creating <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard.yaml</span><span style="color: rgba(128, 0, 0, 1)">"</span>: rolebindings.rbac.authorization.k8s.io <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard-minimal</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)"> already exists
Error </span><span style="color: rgba(0, 0, 255, 1)">from</span> server (AlreadyExists): error when creating <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard.yaml</span><span style="color: rgba(128, 0, 0, 1)">"</span>: deployments.apps <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">kubernetes-dashboard</span><span style="color: rgba(128, 0, 0, 1)">"</span> already exists</pre>
</div>
<p>运行delete清理</p>
<div class="cnblogs_code">
<pre>kubectl delete -f kubernetes-dashboard.yaml</pre>
</div>
<p>查看组件运行状态</p>
<div class="cnblogs_code">
<pre>kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> pods --all-namespaces</pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118104901969-230500779.png"></p>
<p> </p>
<p> </p>
<p> ErrImagePull 拉取镜像失败</p>
<p>手动拉取 并重置tag</p>
<div class="cnblogs_code">
<pre>docker pull registry.cn-hangzhou.aliyuncs.com/rsqlh/kubernetes-dashboard:v1.<span style="color: rgba(128, 0, 128, 1)">10.1</span><span style="color: rgba(0, 0, 0, 1)">
docker tag registry.cn</span>-hangzhou.aliyuncs.com/rsqlh/kubernetes-dashboard:v1.<span style="color: rgba(128, 0, 128, 1)">10.1</span> k8s.gcr.io/kubernetes-dashboard-amd64:v1.<span style="color: rgba(128, 0, 128, 1)">10.1</span></pre>
</div>
<p>重新创建</p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118105307627-1338684217.png"></p>
<p> </p>
<p> </p>
<p>ImagePullBackOff</p>
<p>默认情况是会根据配置文件中的镜像地址去拉取镜像,如果设置为IfNotPresent 和Never就会使用本地镜像。</p>
<p>IfNotPresent :如果本地存在镜像就优先使用本地镜像。<br>Never:直接不再去拉取镜像了,使用本地的;如果本地不存在就报异常了。</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"> spec:
containers:
</span>- name: kubernetes-<span style="color: rgba(0, 0, 0, 1)">dashboard
image: registry.cn</span>-hangzhou.aliyuncs.com/rsqlh/kubernetes-dashboard:v1.<span style="color: rgba(128, 0, 128, 1)">10.1</span><span style="color: rgba(0, 0, 0, 1)">
imagePullPolicy: IfNotPresent</span></pre>
</div>
<p> </p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118110910185-388305445.png"></p>
<p>查看映射状态 </p>
<div class="cnblogs_code">
<pre> kubectl <span style="color: rgba(0, 0, 255, 1)">get</span> service-n kube-system</pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118142116354-1249744125.png"></p>
<p> </p>
<p> </p>
<p> <img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118142017885-2030922.png"></p>
<p> </p>
<p>创建能够访问 Dashboard 的用户</p>
<p> 新建文件 <code>account.yaml</code> ,内容如下:</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"># Create Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin</span>-<span style="color: rgba(0, 0, 0, 1)">user
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kube-<span style="color: rgba(0, 0, 0, 1)">system
</span>---<span style="color: rgba(0, 0, 0, 1)">
# Create ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io</span>/<span style="color: rgba(0, 0, 0, 1)">v1beta1
kind: ClusterRoleBinding
metadata:
name: admin</span>-<span style="color: rgba(0, 0, 0, 1)">user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster</span>-<span style="color: rgba(0, 0, 0, 1)">admin
subjects:
</span>-<span style="color: rgba(0, 0, 0, 1)"> kind: ServiceAccount
name: admin</span>-<span style="color: rgba(0, 0, 0, 1)">user
</span><span style="color: rgba(0, 0, 255, 1)">namespace</span>: kube-system</pre>
</div>
<div class="cnblogs_code">
<pre>kubectl -n kube-system describe secret $(kubectl -n kube-system <span style="color: rgba(0, 0, 255, 1)">get</span> secret | grep admin-user | awk <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">{print $1}</span><span style="color: rgba(128, 0, 0, 1)">'</span>)</pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118142354720-1245828815.png"></p>
<p> </p>
<p> 复制token登陆</p>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118142548439-1861171209.png"></p>
<p> </p>
<p> </p>
<div class="cnblogs_code">
<pre>configmaps <span style="color: rgba(0, 0, 255, 1)">is</span> forbidden: User <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">system:serviceaccount:kube-system:admin-user</span><span style="color: rgba(128, 0, 0, 1)">"</span> cannot list resource <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">configmaps</span><span style="color: rgba(128, 0, 0, 1)">"</span> <span style="color: rgba(0, 0, 255, 1)">in</span> API group <span style="color: rgba(128, 0, 0, 1)">""</span> <span style="color: rgba(0, 0, 255, 1)">in</span> the <span style="color: rgba(0, 0, 255, 1)">namespace</span> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">default</span><span style="color: rgba(128, 0, 0, 1)">"</span> </pre>
</div>
<p> 授权用户</p>
<div class="cnblogs_code">
<pre>kubectl create clusterrolebinding test:admin-user --clusterrole=cluster-admin --serviceaccount=kube-system:admin-user</pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118143021255-385635182.png"></p>
<p> <img src="https://img2018.cnblogs.com/blog/333725/201911/333725-20191118171622410-372526831.png"></p>
<p> </p>
<p> <code>NodePort</code>方式,可以到任意一个节点的<code>XXXX</code>端口查看</p>
<p> Docker学习-Kubernetes - Spring Boot 应用</p>
<p> </p>
<p>本文参考:</p>
<p>https://www.cnblogs.com/tylerzhou/p/10971336.html</p>
<p>https://www.cnblogs.com/zoujiaojiao/p/10986320.html</p>
<p> </p>
</div>
<div id="MySignature" role="contentinfo">
<style>#yangshicopy { background: url("http://images.cnitblog.com/blog/435188/201408/122329534672560.png") no-repeat scroll 1% 50% #fffefe; border: 1px solid #e5e5e5; padding: 10px 10px 10px 60px; font-size: 12px; margin-top: 10px }
#yangshicopy1 { margin-top: 10px; border: 1px solid #e5e5e5; padding: 10px 10px 10px 20px; font-size: 12px }
#yangshicopy1 img { width: 60px; height: 60px; margin-left: 10px }
#yangshicopy1 a:link { text-decoration: none }</style>
<div id="yangshicopy">
<div style="margin-left: 13px">
作者:释迦苦僧<br>
出处:http://www.cnblogs.com/woxpp<br>
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接。</div>
</div>
<div id="yangshicopy1">
<div style="margin-left: 13px">
<font style="margin-left: 10px; font-size: 14px">生活不易,五行缺金,求打点</font>
<br>
<img style="width: 150px; height: 150px" src="http://files.cnblogs.com/files/woxpp/QQ%E6%88%AA%E5%9B%BE20161229110254.bmp">
</div>
</div><br><br>
来源:https://www.cnblogs.com/woxpp/p/11875547.html
頁:
[1]