k8s版本:1.21.3
docker版本:1.19.3

前期准备

  • 节点:
    • master:172.200.111.101(4核4G)
    • node-1:172.200.111.102(4核4G)

  • 关闭firewalld防火墙(都要关)

    1. systemctl stop firewalld && systemctl disable firewalld

  • 关闭swap分区(都关)

    1. # 临时关闭
    2. swapoff -a
    3. # 永久关闭
    4. sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

  • 关闭selinux(都关)

    1. setenforce 0
    2. sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
    3. sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

  • 设置hostname:(分别设置)

    1. # 111.101
    2. hostnamectl set-hostname k8s-master
    3. # 111.102
    4. hostnamectl set-hostname k8s-node1

  • 修改hosts文件:(都设置)

    1. 172.200.111.101 k8s-master
    2. 172.200.111.102 k8s-node1

  • 调整系统内核参数(都要设置)

    1. cat > /etc/sysctl.d/k8s.conf << EOF
    2. net.ipv4.ip_forward = 1
    3. net.bridge.bridge-nf-call-ip6tables = 1
    4. net.bridge.bridge-nf-call-iptables = 1
    5. vm.swappiness = 0
    6. EOF

  • 执行sysctl -p或者sysctl --system使修改后的系统参数生效。如果提示cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: 没有那个文件或目录,则执行 modprobe br_netfilter

    安装docker并修改默认配置

    安装

    1. # 安装docker所需的工具
    2. yum install -y gcc gcc-c++ yum-utils device-mapper-persistent-data lvm2
    3. # 配置阿里云的docker源
    4. yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    5. # 更新yum缓存
    6. yum makecache
    7. # 指定安装这个版本的docker-ce
    8. yum install -y docker-ce-18.09.9-3.el7
    9. # 启动docker
    10. systemctl enable docker && systemctl start docker

    修改docker文件

    ```shell

    先停止docker服务

    systemctl stop docker

修改/etc/docker/daemon.json,内容应如下。注意修改tmp1234为实际阿里云加速地址

{ “exec-opts”: [“native.cgroupdriver=systemd”], “log-driver”: “json-file”, “log-level”: “warn”, “log-opts”: { “max-size”: “100m”, }, “storage-driver”: “overlay2”, “storage-opts”: [ “overlay2.override_kernel_check=true” ], “registry-mirrors”: [ “https://tmp1234.mirror.aliyuncs.com“ ], “ip-forward”: true, “ip-masq”: false, “iptables”: false, “ipv6”: false, “live-restore”: true, “selinux-enabled”: false, “data-root”: “/home/data/docker”, }

重新加载docker配置文件并启动

systemctl daemon-reload systemctl start docker

  1. <a name="d044e71f"></a>
  2. ## 添加k8s的yum源(三节点都要配置)
  3. ```shell
  4. cat > /etc/yum.repos.d/kubernetes.repo << EOF
  5. [kubernetes]
  6. name=Kubernetes
  7. baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
  8. enabled=1
  9. gpgcheck=0
  10. repo_gpgcheck=0
  11. gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  12. EOF

安装k8s组件

  1. yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
  2. systemctl enable kubelet && systemctl start kubelet

master节点初始化

  1. kubeadm init \
  2. --apiserver-advertise-address=172.200.111.101 \
  3. --image-repository registry.aliyuncs.com/google_containers \
  4. --kubernetes-version v1.15.0 \
  5. --service-cidr=10.100.0.0/16 \
  6. --pod-network-cidr=10.244.0.0/16

主要参数说明:

  • apiserver-advertise-address:指定api server地址
  • image-repository:镜像仓库地址
  • kubernetes-version:k8s版本
  • service-cidr:service的IP地址段
  • pod-network-cidr:pod网络IP段

等待执行完成,根据输出结果进行操作:

  1. mkdir -p $HOME/.kube
  2. sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  3. sudo chown $(id -u):$(id -g) $HOME/.kube/config

在node节点执行:(以实际主节点执行**kubeadm init**的结果为准

  1. kubeadm join 172.50.13.103:6443 --token 12345 --discovery-token-ca-cert-hash 123456

在master节点安装网络插件:

  1. wget https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml

修改kube-flannel.yml

  1. # 第106行
  2. image: lizhenliang/flannel:v0.11.0-amd64
  3. # 第120行
  4. image: lizhenliang/flannel:v0.11.0-amd64

应用网络插件:

  1. kubectl apply -f kube-flannel.yml

查看集群状态

  1. kubectl get nodes

status全部为ready才能进行后面的操作。

  1. kubectl get pod -n kube-system

只有全部ready都为1/1则可以成功执行后续步骤,如果flannel需检查网络情况,重新进行如下操作:
kubectl delete -f kube-flannel.yml -> 重新wget,修改镜像地址,然后 kubectl apply -f kube-flannel.yml

测试k8s集群

  1. # 创建一个pod。nginx需要提前docker pull
  2. kubectl create deployment nginx --image=nginx
  3. # 暴露端口
  4. kubectl expose deployment nginx --port=80 --type=NodePort
  5. # 查看状态
  6. kubectl get pods,svc
  7. # 以下为返回结果,其中30938为nginx端口。在浏览器访问172.50.13.103:30938
  8. NAME                         READY   STATUS    RESTARTS   AGE
  9. pod/nginx-554b9c67f9-v7ztr   1/1     Running   0          5h21m
  11. NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
  12. service/kubernetes   ClusterIP   10.1.0.1     <none>        443/TCP        5h43m
  13. service/nginx        NodePort    10.1.82.8    <none>        80:30938/TCP   5h20m

部署dashboard

  1. wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

修改vim kubernetes-dashboard.yaml

  1. 109     spec:
  2. 110       containers:
  3. 111       - name: kubernetes-dashboard
  4. 112         image: lizhenliang/kubernetes-dashboard-amd64:v1.10.1   # 修改此行
  6. ......
  8. 157 spec:
  9. 158   type: NodePort     # 增加此行
  10. 159   ports:
  11. 160     - port: 443
  12. 161       targetPort: 8443
  13. 162       nodePort: 30001   # 增加此行
  14. 163   selector:
  15. 164     k8s-app: kubernetes-dashboard

应用:kubectl apply -f kubernetes-dashboard.yaml
在浏览器上验证:https://172.50.13.103:30001(chrome如果打不开,换火狐)
创建service account并绑定默认cluster-admin管理员集群角色:

  1. # step 1
  2. kubectl create serviceaccount dashboard-admin -n kube-system
  3. # step 2
  4. kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
  5. # step 3
  6. kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

复制token到页面的令牌处。

健康状态检查

组件、插件健康状态检查

  1. kubectl get cs
  2. 或者
  3. kubectl get componentstatus

服务状态检查

  1. systemctl status kubelet docker

检查pod状态

  1. kubectl get pods -o wide -n kube-system