kubernetes(k8s)安装配置及使用
2018-11-20 本文已影响0人
potenstop
环境
os: Ubuntu18
apt源: 阿里源
Kubernetes: 1.11.3
docker: 17.12.1
1 安装docker
sudo apt-get update && sudo apt-get install -y apt-transport-https
sudo apt install -y docker.io
sudo systemctl start docker
sudo systemctl enable docker
2 安装Kubernetes(master和salve)
sudo apt-get install gnupg -y
wget https://raw.githubusercontent.com/potenstop/services-init/master/public/apt-key.gpg -O apt-key.gpg
apt-key add apt-key.gpg
sudo echo "deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubernetes-cni=0.6.0-00
sudo apt-get install -y kubectl=1.11.3-00 kubeadm=1.11.3-00 kubelet=1.11.3-00
3 关闭swap分区(master和salve)
swapoff -a # 临时关闭
sed -i '/swap/ s/^/#/' /etc/fstab # 永久关闭
4 手动下载镜像 否则需要翻墙(master)
### 版本信息
K8S_VERSION=v1.11.3
ETCD_VERSION=3.2.18
COREDNS_VERSION=1.1.3
PAUSE_VERSION=3.1
## 基本组件
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:$ETCD_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:$PAUSE_VERSION
### 网络
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$COREDNS_VERSION
## 修改tag
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:$K8S_VERSION k8s.gcr.io/kube-apiserver-amd64:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:$K8S_VERSION k8s.gcr.io/kube-controller-manager-amd64:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:$K8S_VERSION k8s.gcr.io/kube-scheduler-amd64:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:$K8S_VERSION k8s.gcr.io/kube-proxy-amd64:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:$ETCD_VERSION k8s.gcr.io/etcd-amd64:$ETCD_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$COREDNS_VERSION k8s.gcr.io/coredns:$COREDNS_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:$PAUSE_VERSION k8s.gcr.io/pause:$PAUSE_VERSION
## 删除镜像
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:$K8S_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:$K8S_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:$K8S_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:$K8S_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:$ETCD_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$COREDNS_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:$PAUSE_VERSION
5 初始化(master)
192.168.200.10为master的内网ip, 需要替换为对应的ip
kubeadm init --apiserver-advertise-address=192.168.200.10 --ignore-preflight-errors=all --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.11.3
mkdir -p $HOME/.kube
\cp -f /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
6 安装helm(master)
wget http://note.youdao.com/yws/public/resource/b58d28c992c7ca7bbedba7293a8645e3/xmlnote/8980D26EEF794B2DA709394BAC53F712/6554 -O helm-v2.11.0-linux-amd64.tar.gz
tar -zxf helm-v2.11.0-linux-amd64.tar.gz
cp linux-amd64/helm /usr/local/bin/
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.11.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
执行 kubectl get pods --watch动态查询安装的动态
,执行helm version不报错则正常安装
7 使用helm安装nginx-ingress
kubectl label node k8s-dev-master node-role.kubernetes.io/edge=
helm repo update
kubectl taint nodes --all node-role.kubernetes.io/master-
helm install stable/nginx-ingress --set controller.hostNetwork=true,rbac.create=true
8 使用helm安装kubernetes-dashboard
## 需要替换dashboard.potens.top为你自己对应的域名
$ cat kubernetes-dashboard.yaml
api:
config:
repos:
- name: stable
url: https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts
source: https://github.com/kubernetes/charts/tree/master/stable
- name: incubator
url: https://aliacs-app-catalog.oss-cn-hangzhou.aliyuncs.com/charts-incubator
source: https://github.com/kubernetes/charts/tree/master/incubator
- name: monocular
url: https://kubernetes-helm.github.io/monocular
source: https://github.com/kubernetes-helm/monocular/tree/master/charts
#Default values for kubernetes-dashboard
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
replicaCount: 1
## Here labels can be added to the kubernetes dashboard deployment
##
labels: {}
# kubernetes.io/cluster-service: "true"
# kubernetes.io/name: "Kubernetes Dashboard"
## Additional container arguments
##
#extraArgs:
# - --enable-insecure-login
# - --system-banner="Welcome to Kubernetes"
# - --port=8444 # By default, https uses 8443 so we move it away to something else
# - --insecure-port=8443 # The chart has 8443 hard coded as a containerPort in the deployment spec so we must use this internally for the http service
# - --insecure-bind-address=0.0.0.0
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## List of node taints to tolerate (requires Kubernetes >= 1.6)
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute"
service:
type: ClusterIP
externalPort: 443
## This allows an override of the heapster service name
## Default: {{ .Chart.Name }}
##
# nameOverride:
## Kubernetes Dashboard Service annotations
##
annotations: {}
# foo.io/bar: "true"
## Here labels can be added to the Kubernetes Dashboard service
##
labels: {}
# kubernetes.io/name: "Kubernetes Dashboard"
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
ingress:
## If true, Kubernetes Dashboard Ingress will be created.
##
enabled: true
## Kubernetes Dashboard Ingress annotations
##
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/secure-backends: "true"
#nginx.ingress.kubernetes.io/configuration-snippet: |
# proxy_set_header "Host: 127.0.0.1";
#kubernetes.io/tls-acme: 'true'
## Kubernetes Dashboard Ingress path
##
path: /
## Kubernetes Dashboard Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- dashboard.potens.top
## Kubernetes Dashboard Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: dashboard-imroc-io-tls
hosts:
- dashboard.potens.top
rbac:
# Specifies whether RBAC resources should be created
create: true
# Specifies whether cluster-admin ClusterRole will be used for dashboard
# ServiceAccount (NOT RECOMMENDED).
clusterAdminRole: true
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
helm install stable/kubernetes-dashboard -f kubernetes-dashboard.yaml
9 helm相关命令
helm ls # 查看安装的应用的状态
helm version # helm版本
helm delete ${name} # helm ls对应的NAME列
10 kubernetes相关命令
kubectl get pod --all-namespaces -o wide # 查看所有命名空间pod状态
kubectl taint nodes --all node-role.kubernetes.io/master- # 默认情况下, master节点是不会调度pod, 也就是说, 只有一台主机的情况下, 我们无法启动pod, 但有的时候我们的确只有一台机器, 这个时候可以执行命令, 允许master调度pod
kubectl describe pod --namespace=kube-system # 查看对应namespace下pod的状态
kubectl get pods --watch # 动态查看pod
kubectl delete pod left-wolf-mongodb-5bf7d78bf-jmt76 # 删除pod
kubeadm token create --print-join-command # join连接找回
kubeadm reset # 重置配置
journalctl -f -u kubelet.server #
11 salve加入master
kubeadm token create --print-join-command master 执行命令找到加入连接,返回kubeadm join 192.168.133.132:6443 --token kxochq.woy512lwztjs6nwd --discovery-token-ca-cert-hash sha256:71b47dd144951f3891273e86a66ea6443ff0594cd2630f183bdb8893e42d3c1, 复制命令到salve执行