1. 本文章参考尚硅谷《云原生Java架构师第一课》来整理出一套K8s搭建流程。

  1. 移除原有Docker相关包

    1. sudo yum remove docker \
    2.                docker-client \
    3.                docker-client-latest \
    4.                docker-common \
    5.                docker-latest \
    6.                docker-latest-logrotate \
    7.                docker-logrotate \
    8.                docker-engine

  2. 配置yum源

    1. sudo yum install -y yum-utils
    2. sudo yum-config-manager \
    3. --add-repo \
    4. http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

  3. 安装Docker-20.10.7

    1. yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7  containerd.io-1.4.6

  4. 启动

    1. systemctl enable docker --now

  5. 配置阿里加速器

    1. sudo mkdir -p /etc/docker
    2. sudo tee /etc/docker/daemon.json <<-'EOF'
    3. {
    4. "registry-mirrors": ["https://vovncyjm.mirror.aliyuncs.com"],
    5. "exec-opts": ["native.cgroupdriver=systemd"],
    6. "log-driver": "json-file",
    7. "log-opts": {
    8.  "max-size": "100m"
    9. },
    10. "storage-driver": "overlay2"
    11. }
    12. EOF
    13. sudo systemctl daemon-reload
    14. sudo systemctl restart docker

    3.K8s集群安装

    • 基础设施的配置(3台)
    • 安装安装kubelet、kubeadm、kubectl(3台)
    • 镜像准备(3台)
    • 主节点初始化(主节点)
    • Node节点设置

      3.1基础设施的配置

  6. 主机名的设置(3台)

    1. #各个机器设置自己的域名
    2. hostnamectl set-hostname k8s-master
    3. hostnamectl set-hostname k8s-node01
    4. hostnamectl set-hostname k8s-node02

  7. 基础配置设置(3台) ```bash

将 SELinux 设置为 permissive 模式(相当于将其禁用)

sudo setenforce 0 sudo sed -i ‘s/^SELINUX=enforcing$/SELINUX=permissive/‘ /etc/selinux/config

关闭swap

swapoff -a
sed -ri ‘s/.swap./#&/‘ /etc/fstab

允许 iptables 检查桥接流量

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf br_netfilter EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF

sudo sysctl —system

  1. <a name="VkP39"></a>
  2. ## 3.2安装kubelet、kubeadm、kubectl
  3. 3台均安装
  4. ```bash
  5. cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
  6. [kubernetes]
  7. name=Kubernetes
  8. baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
  9. enabled=1
  10. gpgcheck=0
  11. repo_gpgcheck=0
  12. gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
  13.    http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  14. exclude=kubelet kubeadm kubectl
  15. EOF
  18. sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
  20. sudo systemctl enable --now kubelet

3.3镜像准备

3台均准备一下

  1. sudo tee ./images.sh <<-'EOF'
  2. #!/bin/bash
  3. images=(
  4. kube-apiserver:v1.20.9
  5. kube-proxy:v1.20.9
  6. kube-controller-manager:v1.20.9
  7. kube-scheduler:v1.20.9
  8. coredns:1.7.0
  9. etcd:3.4.13-0
  10. pause:3.2
  11. )
  12. for imageName in ${images[@]} ; do
  13. docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
  14. done
  15. EOF
  17. chmod +x ./images.sh && ./images.sh

3.4主节点初始化

注意:
下面的命令有的只需要在主节点上执行

  1. 初始化命令 ```bash

    所有机器添加master域名映射,以下需要修改为自己的

    echo “172.31.0.4 cluster-endpoint” >> /etc/hosts

主节点初始化

kubeadm init \ —apiserver-advertise-address=172.31.0.4 \ —control-plane-endpoint=cluster-endpoint \ —image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \ —kubernetes-version v1.20.9 \ —service-cidr=10.96.0.0/16 \ —pod-network-cidr=192.168.0.0/16

所有网络范围不重叠

  1. 结果:<br />![image.png](https://cdn.nlark.com/yuque/0/2021/png/1609516/1634650036250-a0af3b70-4cbe-4cea-9cf4-f61dcdae8c20.png#clientId=uc830bee8-d0fe-4&from=paste&height=323&id=uea4c08f6&margin=%5Bobject%20Object%5D&name=image.png&originHeight=646&originWidth=1201&originalType=binary&ratio=1&size=87742&status=done&style=none&taskId=u8c4ad2e2-b5e8-42d5-9965-9bd00b9ac2c&width=600.5)
  2. ```bash
  4. Your Kubernetes control-plane has initialized successfully!
  6. To start using your cluster, you need to run the following as a regular user:
  8.   mkdir -p $HOME/.kube
  9.   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  10.   sudo chown $(id -u):$(id -g) $HOME/.kube/config
  12. Alternatively, if you are the root user, you can run:
  14.   export KUBECONFIG=/etc/kubernetes/admin.conf
  16. You should now deploy a pod network to the cluster.
  17. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  18.   https://kubernetes.io/docs/concepts/cluster-administration/addons/
  20. You can now join any number of control-plane nodes by copying certificate authorities
  21. and service account keys on each node and then running the following as root:
  23.   kubeadm join cluster-endpoint:6443 --token 0aovmb.gcphoq6ore68gblg \
  24.     --discovery-token-ca-cert-hash sha256:b323305dd16e4cacb037a6b0f61992f75d33562773d57bf24d6923cb06c37bb6 \
  25.     --control-plane 
  27. Then you can join any number of worker nodes by running the following on each as root:
  29. kubeadm join cluster-endpoint:6443 --token 0aovmb.gcphoq6ore68gblg \
  30.     --discovery-token-ca-cert-hash sha256:b323305dd16e4cacb037a6b0f61992f75d33562773d57bf24d6923cb06c37bb6

2.配置.kube/config

  1.   mkdir -p $HOME/.kube
  2.   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  3.   sudo chown $(id -u):$(id -g) $HOME/.kube/config

3.网络组件安装

  1. curl https://docs.projectcalico.org/manifests/calico.yaml -O
  3. kubectl apply -f calico.yaml

3.5Node节点配置

  1. kubeadm join cluster-endpoint:6443 --token 0aovmb.gcphoq6ore68gblg \
  2.     --discovery-token-ca-cert-hash sha256:b323305dd16e4cacb037a6b0f61992f75d33562773d57bf24d6923cb06c37bb6

新令牌生成 kubeadm token create —print-join-command

image.png

4.K8s-Dashboard安装

  1. 部署

    1. kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

  2. 设置访问端口

    • 修改文件 ```bash kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

寻找ClusterIP改为:NodePort

  2.    - 查看映射结果,并安全组内放行
  3. ```bash
  4. kubectl get svc -A |grep kubernetes-dashboard
  5. ## 找到端口,在安全组放行

image.png
image.png

https://139.198.165.238:31508
image.png

  1. 创建访问账号 ```yaml

    创建访问账号,准备一个yaml文件; vi dash.yaml

    apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects:

  • kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
    1. ```bash
    2. kubectl apply -f dash.yaml
  1. 令牌生成
    1. #获取访问令牌
    2. kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
    image.png
  1. eyJhbGciOiJSUzI1NiIsImtpZCI6IjQzUXhsTWNad0tNRUpEXzdTcEpyUEp1a1V3S0FkM1d1aHQ2T0ozSTJta3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTI0NDhsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NGFkZWNhYy1kMjZmLTQ5MmMtYTA4OS05NzY1YWEyOWFjMzMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.mJii_IURESDtjbyqyEyLYwBPfb7PJtm8mxbZuYMF2DdCcQCQV66GEuaI-JDXUIVlO5xo05zwMqQ3UCCqaNikWJyUThkrhdhqWvnn2IjCmBqdFm2GVELalCqNpTryAKYQgRjRfAEmjBvBdJtEY36THPrmAYCp_jBsULmgSC152jY4qxROdOnBHAQdL3iUUDiRkiZehOHov3yxkOX2PNBwD8Ip7lEfcjUNJ8QM-wOmLFP1bcMakPbEGUsUiox8-3CMzhpNIIDw38C2bs2ogAAxjTHggMzIhKVpC08r1Wp2Zxr0UySa6QicHkMs9GRuSPQYtapT8KY5M06HkbvNCXMwkg

image.png

5.命令尝试

  1. #查看集群所有节点
  2. kubectl get nodes
  4. #根据配置文件,给集群创建资源
  5. kubectl apply -f xxxx.yaml
  7. #查看集群部署了哪些应用?
  8. docker ps   ===   kubectl get pods -A
  9. # 运行中的应用在docker里面叫容器,在k8s里面叫Pod
  10. kubectl get pods -A