kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具 ,这个工具能通过两条指令完成一个kubernetes集群的部署,比纯手工安装方便。
# 创建一个 Master 节点
$ kubeadm init
# 将一个 Node 节点加入到当前集群中
$ kubeadm join <Master节点的IP和端口 >
基础安装要求
在开始之前,部署Kubernetes集群机器需要满足以下几个条件:
1>.两台主机,操作系统 CentOS7 64位 2>.硬件配置:2GB,2个CPU或更多CPU,硬盘30GB或更多 3>.集群中所有机器之间网络互通 4>.访问外网,需要拉取镜像 5>.禁用swap分区
实现目的
1>.在所有节点上安装Docker和kubeadm 2>.部署Kubernetes Master 3>. 部署容器网络插件 4>. 部署 Kubernetes Node,将节点加入Kubernetes集群中 5>.部署Dashboard Web页面,可视化查看Kubernetes资源
架构图
准备前操作
关闭防火墙:
$ systemctl stop firewalld
$ systemctl disable firewalld
关闭selinux:
$ sed -i 's/enforcing/disabled/' /etc/selinux/config
$ setenforce 0
关闭swap:
$ swapoff -a $ 临时
$ vim /etc/fstab $ 永久
添加主机名与IP对应关系(记得设置主机名):
$ cat /etc/hosts
192.168.2.137 master137
192.168.2.138 node138
192.168.2.139 node139
将桥接的IPv4流量传递到iptables的链:
$ cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system
所有节点安装docker,kubelet,kubeadm
docker安装
cd /etc/yum.repos.d/
$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O
$ yum -y install docker-ce-18.06.1.ce-3.el7
$ systemctl enable docker && systemctl start docker
添加阿里云源
cat >> kubernetes.repo << EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1
EOF
安装kubelet kubeadm kubectl
yum repolist
rpm --import https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
yum install kubelet kubeadm kubectl
初始化master
kubeadm init \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12
如果被墙了,镜像拉取不下来,可以手动换成国内镜像,再改tag
拉取所需镜像
docker pull mirrorgooglecontainers/kube-apiserver-amd64:v1.13.4
docker pull mirrorgooglecontainers/kube-controller-manager-amd64:v1.13.4
docker pull mirrorgooglecontainers/kube-scheduler-amd64:v1.13.4
docker pull mirrorgooglecontainers/kube-proxy-amd64:v1.13.4
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd-amd64:3.2.24
docker pull coredns/coredns:1.2.6
docker pull mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
改成默认需要的tag
docker tag mirrorgooglecontainers/kube-apiserver-amd64:v1.13.4 k8s.gcr.io/kube-apiserver:v1.13.4
docker tag mirrorgooglecontainers/kube-controller-manager-amd64:v1.13.4 k8s.gcr.io/kube-controller-manager:v1.13.4
docker tag mirrorgooglecontainers/kube-scheduler-amd64:v1.13.4 k8s.gcr.io/kube-scheduler:v1.13.4
docker tag mirrorgooglecontainers/kube-proxy-amd64:v1.13.4 k8s.gcr.io/kube-proxy:v1.13.4
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd-amd64:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag coredns/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
docker tag mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
删除原来国内的镜像
docker rmi mirrorgooglecontainers/kube-apiserver-amd64:v1.13.4
docker rmi mirrorgooglecontainers/kube-controller-manager-amd64:v1.13.4
docker rmi mirrorgooglecontainers/kube-scheduler-amd64:v1.13.4
docker rmi mirrorgooglecontainers/kube-proxy-amd64:v1.13.4
docker rmi mirrorgooglecontainers/pause:3.1
docker rmi mirrorgooglecontainers/etcd-amd64:3.2.24
docker rmi coredns/coredns:1.2.6
docker rmi mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
等初始化完成
mkdir -p $HOME/.kube
#kubeadm初始化完成后会在/etc/kubernetes下面生生下面文件
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
安装pod网络插件
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
加入node节点(加入时node拉取镜像失败参考更换tag)
kubeadm join 192.168.2.137:6443 --token pnxowd.j51snvgjstvnvuzu --discovery-token-ca-cert-hash sha256:719da21d88e9ff4932dcc1a1559edef2ddb344d87d4e08da91dbf54884961f48
查询集群节点
[root@master137 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master137 Ready master 5d v1.13.4
node138 Ready <none> 4d23h v1.13.4
node139 Ready <none> 4d23h v1.13.4
编写yum文件,创建pod
yum文件太多,这里不一一介绍
dashboard 部署及认证
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml
kubectl get pod -n kube-system
#running即ok
(umask 077; openssl genrsa -out dashboard.key 2048)
openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=klvchen/CN=dashboard"
openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 365
kubectl create secret generic dashboard-cert -n kube-system --from-file=dashboard.crt=./dashboard.crt --from-file=dashboard.key=./dashboard.key
创建dashboard令牌
通过令牌登录访问全集群
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl get serviceaccount -n kube-system
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl get clusterrolebinding -n kube-system
kubectl describe secret dashboard-admin-token-sg62h -n kube-system
复制token
通过nodeIP访问看板
获取令牌
登录
可以看到整个集群的运行状态
本文分享自 kubernetes中文社区 微信公众号,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文参与 腾讯云自媒体同步曝光计划 ,欢迎热爱写作的你一起参与!