前期准备
关闭防火墙
#查看防火墙状态systemctl status firewalld#关闭防火墙systemctl stop firewalld#停止防火墙服务systemctl disable firewalld
设置主机名称
hostnamectl set-hostname <hostname>
主机名解析
cat >> /etc/hosts <<EOF
192.168.94.72 master
192.168.94.76 node1
EOF
禁用交换分区
#永久关闭swap分区,需要重启
sed -ri 's/.*swap.*/#&/' /etc/fstab
#临时关闭swap分区,重启之后,无效:
swapoff -a
时间同步
kubernetes要求集群中的节点时间必须精确一致,所以在每个节点上添加时间同步:
yum install ntpdate -y
ntpdate time.windows.com
允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
安装runtime
- 在每个节点上,根据安装 Docker 引擎 为你的 Linux 发行版安装 Docker
- 配置 Docker 守护程序,尤其是使用 systemd 来管理容器的 cgroup。
sudo mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
- 重新启动 Docker 并在启动时启用:
sudo systemctl enable docker sudo systemctl daemon-reload sudo systemctl restart docker
开始
安装 kubeadm、kubelet 和 kubectl
# 设置k8s的镜像地址
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# 将 SELinux 设置为 permissive 模式(相当于将其禁用)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 查看可安装的列表
yum list --showduplicates kubeadm --disableexcludes=kubernetes
# 选择版本进行安装
sudo yum install -y kubelet-1.21.1-0 kubeadm-1.21.1-0 kubectl-1.21.1-0 --disableexcludes=kubernetes
# 开机自启动
sudo systemctl enable --now kubelet
sudo systemctl enable kubelet.service
编写init配置文件
查看默认init文件,并将其写入到本地
kubeadm config print init-defaults >/home/lichuanzhang/workspace/k8s/kubeadm-config.yaml
对默认配置进行一些修改
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
# 控制面板广播地址:master
advertiseAddress: 192.168.94.72
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
# 名称默认为:node
name: master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
# 镜像地址:默认为k8s.gcr.io
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
#安装pod网络附加组件时依赖
podSubnet: 10.244.0.0/16
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
进行集群初始化
仅在master节点执行如下命令
kubeadm init --config kubeadm-config.yaml
根据提示执行以下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
安装 Pod 网络附加组件
#安装flannel 组件,在控制平面执行以下命令:
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
节点加入集群
1.在控制节点获取加入集群需要的token
#获取一个永不过期的token,在控制节点执行以下命令:
kubeadm token create --ttl 0 --print-join-command
#输出如下:
kubeadm join 192.168.94.72:6443 --token 027vb4.x5s8oo2ihs8e9s1i --discovery-token-ca-cert-hash sha256:a7e45be317844321cecb3ade344004e5ffdcdea10817d37a50d0cc58a7fa4ff1
2.在节点上执行上述输出数据;
安装dashboard
1.安装服务
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
2.配置外部访问
kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
# 编辑打开的文件然后:Change type: ClusterIP to type: NodePort and save file
3.创建登录用户
vim dashboard-adminuser.yaml
#添加如下配置:
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
#保存并退出,然后执行apply
kubectl apply -f dashboard-adminuser.yaml
4.获取登录使用的token
#执行如下命令:
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
#It should print something like:
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiO
5.获取访问地址
#获取Dashboard暴露的port
kubectl -n kubernetes-dashboard get service kubernetes-dashboard
#输出如下:Dashboard has been exposed on port 30131 (HTTPS).
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.100.124.90 <nodes> 443:30131/TCP 21h
#获取masterip: 192.168.94.72
kubectl cluster-info
#最终dashboard访问地址:192.168.94.72:30131
若有收获,就点个赞吧
0 人点赞
