1、环境准备规划
主机操作系统CentOS7.9
192.168.4.91 master01
192.168.4.92 work01
192.168.4.93 work02
2、设置主机名
[root@localhost ~]# hostnamectl set-hostname master01
[root@localhost ~]# hostnamectl set-hostname work01
[root@localhost ~]# hostnamectl set-hostname work02
3、设置hosts文件,原有的hosts文件不要删除
[root@localhost ~]# vi etc/hosts
192.168.4.91 master01
192.168.4.92 work01
192.168.4.93 work02
4、设置yum源,安装相关软件包
设置yum源
[root@localhost ~]# cd etc/yum.repos.d/
[root@localhost ~]# mkdir bak
[root@localhost ~]# mv *.repo bak
wget -O etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
安装软件包
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp
5、设置防火墙
关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
重置iptables
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
关闭swap
swapoff -a
sed -i '/swap/s/^\(.*\)$/#\1/g' etc/fstab
关闭selinux
setenforce 0
systemctl disable firewalld
vi /etc/selinux/config
SELINUX=disabled
关闭dnsmasq
service dnsmasq stop systemctl disable dnsmasq
6、设置系统参数
cat > etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
EOF
文件生效
sysctl -p etc/sysctl.d/kubernetes.conf
7、设置时间同步
yum install ntpdate -y
ntpdate time.windows.com8、加载 br_netfilter模块
[root@localhost yum.repos.d]# modprobe br_netfilter
[root@localhost yum.repos.d]# lsmod | grep br_netfilter
br_netfilter 22256 0
bridge 151336 1 br_netfilter
9、安装docker
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
wget -O etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install docker-ce
开机启动
systemctl enable docker && systemctl start docker10、设置镜像加速器
配置镜像加速器
cat > etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://j75wwuc0.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
11、安装kubeadm,kubectl、kubelet(所有节点)
配置yum
cat > etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
安装软件包,高版本的不支持docker
yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0
开机启动
systemctl enable kubelet && systemctl start kubelet12、初始化master节点,只是在master节点执行
kubeadm init --apiserver-advertise-address=192.168.4.91 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.19.0 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all
初始化完成后出现一下提示信息
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.4.91:6443 --token ghf97f.zl8vayhlgjaq5wqr \
--discovery-token-ca-cert-hash sha256:5344809968b7a3383a13fdd299c6267b46c57fc7bac53dd118f6361c711b835b
按照提醒,执行命令,master节点
mkdir -p $HOME/.kube
sudo cp -i etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看节点一
kubectl get node
NAME STATUS ROLES AGE VERSION
master01 NotReady master 10m v1.19.0
13、加入node节点,在两个node节点执行
kubeadm join 192.168.4.91:6443 --token ghf97f.zl8vayhlgjaq5wqr \
--discovery-token-ca-cert-hash sha256:5344809968b7a3383a13fdd299c6267b46c57fc7bac53dd118f6361c711b835b
在主节点执行查看
[root@master01 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master01 NotReady master 12m v1.19.0
work01 NotReady <none> 65s v1.19.0
work02 NotReady <none> 44s v1.19.0
生成的token只有24小时,过期以后得重新生成
kubeadm token create
kubeadm token list14、部署容器网络
下载文件,下载对应版本的yaml文件,否则会报错
[root@master01 ~]#curl https://docs.projectcalico.org/v3.20/manifests/calico.yaml -O
修改文件
vi calico.yaml
修改这个地方,地址为初始化的时候,--pod-network-cidr=10.244.0.0/16
修改后
此处注意上下文要对齐不能有空格,否则报错!!!!!!!!!!!
执行命令安装
[root@master01 ~]# kubectl apply -f calico.yaml
安装成功
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org configured
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers unchanged
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers unchanged
clusterrole.rbac.authorization.k8s.io/calico-node unchanged
clusterrolebinding.rbac.authorization.k8s.io/calico-node unchanged
daemonset.apps/calico-node created
serviceaccount/calico-node unchanged
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers unchanged
poddisruptionbudget.policy/calico-kube-controllers created
查看状态
[root@master01 ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-577f77cb5c-c82gr 1/1 Running 0 5m21s
calico-node-5k47s 1/1 Running 0 5m21s
calico-node-n9kvg 1/1 Running 0 5m21s
calico-node-rbpkm 1/1 Running 0 5m21s
coredns-6d56c8448f-dnmhj 1/1 Running 0 147m
coredns-6d56c8448f-l49sd 1/1 Running 0 147m
etcd-master01 1/1 Running 0 147m
kube-apiserver-master01 1/1 Running 0 147m
kube-controller-manager-master01 1/1 Running 0 147m
kube-proxy-mlwjh 1/1 Running 0 136m
kube-proxy-pzglf 1/1 Running 0 147m
kube-proxy-xfb2l 1/1 Running 0 136m
kube-scheduler-master01 1/1 Running 0 147m
查看节点状态
[root@master01 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master01 Ready master 149m v1.19.0
work01 Ready <none> 137m v1.19.0
work02 Ready <none> 137m v1.19.0
15、安装Dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
修改配置文件
vi recommended.yaml
修改这个地方
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
加一行,type: NodePort
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
type: NodePort
执行(master节点)
[root@master01 ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看容器是否启动
[root@master01 ~]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-7b59f7d4df-6jfhh 1/1 Running 0 87s
kubernetes-dashboard-5dbf55bd9d-5bqxs 1/1 Running 0 88s
查看端口
[root@master01 ~]# kubectl get pods,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-7b59f7d4df-6jfhh 1/1 Running 0 5h11m
pod/kubernetes-dashboard-5dbf55bd9d-5bqxs 1/1 Running 0 5h11m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.1.254.52 <none> 8000/TCP 5h11m
service/kubernetes-dashboard NodePort 10.1.133.155 <none> 443:30587/TCP 5h11m
浏览器登陆,用火狐浏览器
创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
授权
[root@master01 ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
执行结果:
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
获取token
[root@master01 ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name: dashboard-admin-token-v2dfj
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: e9f37bba-48b2-424c-8877-d02425596fb0
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ik8wemtVcU5MYXhKc2pDSENfMkx4NEl1dm9sc0psMHpMLVltX1VaelpCNVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdjJkZmoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZTlmMzdiYmEtNDhiMi00MjRjLTg4NzctZDAyNDI1NTk2ZmIwIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.E71Cb3PGywcvF1xCF280TGz3bYrg8aAv7IF8dHAFbw7XOOGSGD9XAs5jKc419wg_f2awkLV2BuNpFvuFlN3ioD3EyZNycnzlpARlV8urbl52unoEbtdLhhHJ9Xi1cf7_vTjELnHrR-W8OXNJJo0eYlNyi8gribFQ3GM86erJ-UDlurCcWSlMpCi0Vrp9v68dGighHDzdsE9MkMe424AfLTjLJz_I4f3iu3SL5bJ0iiw9DKQQUXYgVhYcW-bEeE6nLY2O4mHHSmmT6D-nrXcZElI_CwQAg_Up9NoVEoNhsvvmXoMx9zUBDpYKxJnwoz54qP7pSnNxy1TtcMARXuIsXw
复制token到浏览器,点击登陆
登陆后如下:
16、创建一个pod
使用Deployment控制器部署镜像:
[root@master01 ~]# kubectl create deployment web --image=nginx --replicas=3
deployment.apps/web created
查看创建的pod
[root@master01 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
web-96d5df5c8-lfbgg 1/1 Running 0 2m38s
web-96d5df5c8-nf9tz 1/1 Running 0 2m38s
web-96d5df5c8-tnzt4 1/1 Running 0 2m38s
使用Service将Pod暴露出去
[root@master01 ~]# kubectl expose deployment web --port=80 --target-port=80 --type=NodePort
service/web exposed
查看Service
[root@master01 ~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 21h
web NodePort 10.1.152.103 <none> 80:32009/TCP 106s
访问测试
17、Yaml文件创建pod
kubectl create 创建新的pod
kubectl apply 创建新的、更新
编写一个yaml文件,创建pod
apiVersion: apps/v1
kind: Deployment
metadata:
name: web2
spec:
replicas: 3
selector:
matchLabels:
app: nginx2
template:
metadata:
labels:
app: nginx2
spec:
containers:
- name: nginx
image: nginx
apiVersion : API版本,可以通过kubectl api-resource | grep deployment
[root@master01 ~]# kubectl api-resources | grep deployment
deployments deploy apps true Deployment
kind : 资源类型
使用yaml创建镜像:
[root@master01 ~]# kubectl apply -f deployment.yaml
deployment.apps/web2 created查看刚才创建的pod
[root@master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
web-96d5df5c8-lfbgg 1/1 Running 2 45h
web-96d5df5c8-nf9tz 1/1 Running 2 45h
web-96d5df5c8-tnzt4 1/1 Running 2 45h
web2-5fc4444698-8h68t 1/1 Running 0 113s
web2-5fc4444698-f99kz 1/1 Running 0 113s
web2-5fc4444698-jlsp2 1/1 Running 0 113s
18、yaml文件创建service
apiVersion: v1
kind: Service
metadata:
name: web2
spec:
selector:
app: nginx2
ports:
- protocol: TCP
port: 80
targetPort: 80
type: NodePort
selector: nginx2 这个地方是关联的pod的selector
创建service
[root@master01 ~]# kubectl apply -f service.yaml
service/web2 created查看服务:
[root@master01 ~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 6d20h
web NodePort 10.1.156.192 <none> 80:31614/TCP 5d21h
web2 NodePort 10.1.136.188 <none> 80:30321/TCP 3d18h
查看service关联的pod
[root@master01 ~]# kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 192.168.4.91:6443 6d21h
web 10.244.205.205:80,10.244.75.79:80,10.244.75.80:80 5d21h
web2 10.244.205.206:80,10.244.205.207:80,10.244.75.78:80 11m
如果要删除service,采用命令
[root@master01 ~]# kubectl delete service web2
service "web2" deleted
文章转载自香炉山人爱学习,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
