一、镜像安装与启动

1、下载各个机器需要的镜像

  1. # 只需要在在master节点上执行,贪方便,直接全部节点都执行这个
  2. sudo tee ./images.sh <<-'EOF'
  3. #!/bin/bash
  4. images=(
  5. kube-apiserver:v1.20.9
  6. kube-proxy:v1.20.9
  7. kube-controller-manager:v1.20.9
  8. kube-scheduler:v1.20.9
  9. coredns:1.7.0
  10. etcd:3.4.13-0
  11. pause:3.2
  12. )
  13. for imageName in ${images[@]} ; do
  14. docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
  15. done
  16. EOF
  18. # 授权并执行
  19. chmod +x ./images.sh && ./images.sh

2、初始化主节点

  1. # 所有机器添加master域名映射,以下需要修改为自己的内网ip
  2. echo "172.31.0.2 cluster-endpoint" >> /etc/hosts
  5. #主节点初始化
  6. # 只在主节点执行, apiserver-advertise-address为主节点IP
  7. kubeadm init \
  8. --apiserver-advertise-address=172.31.0.2 \
  9. --control-plane-endpoint=cluster-endpoint \
  10. --image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
  11. --kubernetes-version v1.20.9 \
  12. --service-cidr=10.96.0.0/16 \
  13. --pod-network-cidr=192.168.0.0/16
  15. # 所有网络范围不重叠
  16. service-cidrpod-network-cidrapiserver-advertise-address不重叠

k8s安装成功提示

  1. Your Kubernetes control-plane has initialized successfully!
  3. To start using your cluster, you need to run the following as a regular user
  4.     # 执行以下三条命令设置.kube/config
  5.   mkdir -p $HOME/.kube
  6.   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  7.   sudo chown $(id -u):$(id -g) $HOME/.kube/config
  9. Alternatively, if you are the root user, you can run:
  11.   export KUBECONFIG=/etc/kubernetes/admin.conf
  13. You should now deploy a pod network to the cluster.
  14. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  15.   https://kubernetes.io/docs/concepts/cluster-administration/addons/
  17. You can now join any number of control-plane nodes by copying certificate authorities
  18. and service account keys on each node and then running the following as root:
  19.     # 以下命令用于加入新的master节点
  20.   kubeadm join cluster-endpoint:6443 --token 6y92i9.0r0v5jp5sahsyps8 \
  21.     --discovery-token-ca-cert-hash sha256:1b9304739c3fde432f031edf734588bb70362ce349ef175b8fe0db075304e0e1 \
  22.     --control-plane 
  24. Then you can join any number of worker nodes by running the following on each as root:
  25.     # 以下命令用来加入新的worker节点
  26. kubeadm join cluster-endpoint:6443 --token 6y92i9.0r0v5jp5sahsyps8 \
  27.     --discovery-token-ca-cert-hash sha256:1b9304739c3fde432f031edf734588bb70362ce349ef175b8fe0db075304e0e1
  1. # 执行以下三条命令设置.kube/config
  1. mkdir -p $HOME/.kube
  2. sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  3. sudo chown $(id -u):$(id -g) $HOME/.kube/config

二、安装网络组件

用于将所有节点串联起来,网络插件有很多种,点击下方查看更多 https://kubernetes.io/docs/concepts/cluster-administration/addons/

1.安装网络组件

  1. curl https://docs.projectcalico.org/manifests/calico.yaml -O
  3. # k8s命令根据配置文件安装东西,以下根据calico配置文件安装calico
  4. kubectl apply -f calico.yaml

k8s命令

  1. # 查看集群所有节点
  2. kubectl get nodes
  4. # 根据配置文件,给集群创建资源
  5. kubectl apply -f xxx.yaml
  7. # 查看集群部署了那一些应用, 需要在著节点上运行
  8. kubectl get pods -A 等价与docker docker ps
  10. docker中将运行的应用称为容器
  11. k8s中将运行的应用称为pod
  13. # 持续监控
  14. kubectl get pod -A -w

从节点加入主节点

  1. #k8s第一次初始化时会打印出来,需要保存下来
  2. kubeadm join cluster-endpoint:6443 --token 6y92i9.0r0v5jp5sahsyps8 \
  3.     --discovery-token-ca-cert-hash sha256:1b9304739c3fde432f031edf734588bb70362ce349ef175b8fe0db075304e0e1

以上命令只在24小时内有效
可以通过刷新令牌重置时间

kubeadm token create —print-join-command

执行命令后得到:

kubeadm join cluster-endpoint:6443 —token g0jik0.li221h9mkkx52zaf —discovery-token-ca-cert-hash sha256:1b9304739c3fde432f031edf734588bb70362ce349ef175b8fe0db075304e0e1

执行该命令让从节点重新加入

高可用部署方式,也是在这一步的时候,使用添加主节点的命令即可

三、部署dashboard

1.部署

kubernetes官方提供的可视化界面 https://github.com/kubernetes/dashboard

  1. kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

2.部署设置访问端口(为了公网访问)
将k8s外网访问界面的端口暴露到机器上(类似docker -p 8080:8080)

  1. kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

type: ClusterIP 改为 type: NodePort

  1. kubectl get svc -A |grep kubernetes-dashboard
  2. ## 找到端口,在安全组放行

image.png

放行端口后,可以通过任意一个节点的公网IP:端口访问k8s界面(注意:必须使用https)

例如:https://139.198.178.29:30537/#/login

3.创建访问账号

  1. #创建访问账号,准备一个yaml文件; vi dash.yaml
  2. apiVersion: v1
  3. kind: ServiceAccount
  4. metadata:
  5.   name: admin-user
  6.   namespace: kubernetes-dashboard
  7. ---
  8. apiVersion: rbac.authorization.k8s.io/v1
  9. kind: ClusterRoleBinding
  10. metadata:
  11.   name: admin-user
  12. roleRef:
  13.   apiGroup: rbac.authorization.k8s.io
  14.   kind: ClusterRole
  15.   name: cluster-admin
  16. subjects:
  17. - kind: ServiceAccount
  18.   name: admin-user
  19.   namespace: kubernetes-dashboard

应用配置,创建账号

kubectl apply -f dash-user.yaml

4.令牌访问

  1. #获取访问令牌
  2. kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

令牌(jwt格式)

  1. eyJhbGciOiJSUzI1NiIsImtpZCI6ImQtUmFQOXQzWWRIXzdUTXJNSVY5Ry14UFF0XzJTOGpVbUpHZm9JSmhaeFEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTd2N3RqIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3ODU5ODg4OC1lZWY5LTRlN2ItOTNmNi0xNmJkMDZiMjhjNmQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.chSFLdd7ZKtXfF71Gs2WlAgs22QGxRFDHm3mRl23C82WYMVuKonf3fSgzavxhnyPVO4gI5llmwGxa5vN_7u3-dzxVCWiOTVRJ_kJ7_avPavutd_Xl8f6gDEypEVbHiNu8-FZvg0d1S_LhA6v01aCTPnJxLGkfEHp90UMao8K2qm_UH-SGLkE-sBqVoB8DgIpAzXVuxIiai9S4T22edMRPFdlkG26IGaNybeyEf4wZV9ZpB9YOYnvDx3cLJIwqmlo_hE2ZXXALD2wRXsCiSO-5KctdcyNK51Vqnn0pnxydKMeYNj3g9ZToNxhUU7QEJC6lc1CbtZCXrr3syD9rcyUQQ