DockerKubernetes

centos7下使用kubeadm安装kubernetes

2018-10-29  本文已影响5人  peerless_1024

K8S_VERSION=v1.12.1
ETCD_VERSION=3.2.24
DASHBOARD_VERSION=v1.8.3
FLANNEL_VERSION=v0.10.0-amd64
DNS_VERSION=1.2.2
PAUSE_VERSION=3.1

1. 环境配置

1.1关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

1.2 关闭selinux

永久关闭:(推荐)

vim /etc/selinux/config

将SELINUX=enforcing 改为 SELINUX=disabled

reboot

1.3 关闭swap

swapoff -a # 临时
vim /etc/fstab # 永久

1.4 添加主机名与IP对应关系:

$ cat /etc/hosts
192.168.0.11 k8s-master
192.168.0.12 k8s-node1
192.168.0.13 k8s-node2

1.5 同步时间

yum install ntpdate -y
ntpdate ntp.api.bz

2. 安装Docker

请参考Centos7下Docker的安装

systemctl enable docker

3. 安装kubeadm,kubelet和kubectl

kubeadm: 引导集群的命令
kubelet:集群中运行任务的代理程序
kubectl:命令行管理工具

3.1 添加阿里云YUM软件源

vim /etc/yum.repos.d/kubernetes.repo

内容如下

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

3.2 安装kubeadm,kubelet和kubectl

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet

4. 使用kubeadm创建单个Master集群

4.1 默认下载镜像地址在国外无法访问,先从准备好所需镜像

kubeadm.x86_64 0:1.12.1-0                          kubectl.x86_64 0:1.12.1-0                          kubelet.x86_64 0:1.12.1-0
vim k8s-run.sh

根据上面yum下载得到的对应填写相应的K8S_VERSION,内容如下:

K8S_VERSION=v1.12.1
ETCD_VERSION=3.2.24
DASHBOARD_VERSION=v1.8.3
FLANNEL_VERSION=v0.10.0-amd64
DNS_VERSION=1.2.2
PAUSE_VERSION=3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:$ETCD_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$DNS_VERSION
docker pull quay.io/coreos/flannel:$FLANNEL_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:$K8S_VERSION k8s.gcr.io/kube-apiserver:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:$K8S_VERSION k8s.gcr.io/kube-controller-manager:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:$K8S_VERSION k8s.gcr.io/kube-scheduler:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:$K8S_VERSION k8s.gcr.io/kube-proxy:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:$ETCD_VERSION k8s.gcr.io/etcd:$ETCD_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION k8s.gcr.io/pause:$PAUSE_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$DNS_VERSION k8s.gcr.io/coredns:$DNS_VERSION

赋予可执行权限并执行

chmod u+x k8s-run.sh
./k8s-run.sh

4.2初始化Master(主节点)

$ kubeadm init --kubernetes-version=1.12.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.16.1.215
...
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run (as a regular user):
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the addon options listed at:
http://kubernetes.io/docs/admin/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash
sha256:<hash>

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

4.3 安装Pod网络 - 插件(主节点)

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

4.4 加入工作节点(从节点)

在Node节点切换到root账号:
格式:kubeadm join --token : --discovery-token-ca-cert-hash sha256:

kubeadm join 192.16.1.215:6443 --token 22s6kh.6zqaqpsil3vc57bt --discovery-token-ca-cert-hash sha256:3bcef78a33fbd55ebdb09f269707fb63acaf98aa6ea50b0ab14f9a2da831f85f

systemctl daemon-reload && systemctl restart kubelet

5. 安装kubernetes dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboardamd64:v1.10.0

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard

kubectl apply -f kubernetes-dashboard.yaml

[root@weiyi-docker-master ~]# cat k8s-admin.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

kubectl apply -f k8s-admin.yaml

kubectl get secret -n kube-system

找到dashboard-admin-token-*****,并执行如下命令

kubectl describe secret dashboard-admin-token-????? -n kube-system

会生成一个登陆token,作为dashboard 的登陆令牌

kubectl get pods --all-namespaces -o wide

k8s 的dashboard 用chrome 和IE没办法打开,用火狐浏览器就可以
根据这个https:IP:30001地址打开,添加安全例外如图所示


dashboard k8s集群

获取dashboard token执行

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-dashboard-token|awk '{print $1}')|grep token:|awk '{print $2}'

6. 简单部署一个服务

利用Weave公司提供的服务来验证系统:

$ kubectl create namespace sock-shop
$ wget https://github.com/microservices-demo/microservices-demo/blob/master/deploy/kubernetes/complete-demo.yaml?raw=true
$ mv complete-demo.yaml?raw=true complete-demo.yaml
$ vim complete-demo.yaml

将30001改为其他其他未使用的端口号,例如改为30002

$ kubectl apply -n sock-shop -f complete-demo.yaml
$ kubectl describe svc front-end -n sock-shop
$ kubectl get pods -n sock-shop
部署例子

通过服务节点http://IP:30002即可看到服务的前端

访问服务

7. 清理已部署的集群

kubeadm会自动检查当前环境是否有上次命令执行的“残留”。如果有,必须清理后再行执行init。我们可以通过”kubeadm reset”来清理环境,以备重来。

$ kubeadm reset
[preflight] Running pre-flight checks
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Removing kubernetes-managed containers
[reset] Deleting contents of stateful directories: [/var/lib/kubelet /etc/cni/net.d /var/lib/etcd]
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf]
---------------------

8. 删除节点

kubectl drain <node name> --delete-local-data --force --ignore-daemonsets
kubectl delete node <node name>

参考博客
10分钟搭建Kubernetes容器集群平台
Kubernetes文章专栏地址
用 kubeadm 部署 Kubernetes 集群
kubernetes集群问题排查

上一篇 下一篇

猜你喜欢

热点阅读