微服务 十九 k8s搭建
环境
-
mac
-
Vmware fusion
-
centos7
-
docker
准备
准备三台虚拟机 master、node1、node2
选择桥接模式,安装的时候选择时区 DATE & TIME Asia Shanghai
| 角色 | ip | 机器名 | 配置 |
|---|---|---|---|
| master | 192.168.3.103 | master | 2核 2G (至少2核 否则报错) |
| node | 192.168.3.104 | node1 | 2核 2G |
| node | 192.168.3.105 | node2 | 2核 2G |
以下两个文件如果有需要可以私聊我要
kube-flannel.yml
recommended.yaml
安装
- 联网 (三台机器都要操作)
vi /etc/sysconfig/network-scripts/ifcfg-ens33
ONBOOT = no 该为 yes
systemctl restart network
ip addr 或者 ping www.baidu.com- 关闭防火墙 (三台机器都要操作)
systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld- 关闭slinux (三台机器都要操作)
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0- 关闭swap (三台机器都要操作)
swapoff -a # 临时关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab #永久关闭
# vi /etc/fstab
# 注释这一行:/dev/mapper/centos-swap swap swap defaults 0 0
free -m查看swap是否全为0- 配置三台机器的主机名
192.168.3.103 hostnamectl set-hostname master
192.168.3.104 hostnamectl set-hostname node1
192.168.3.105 hostnamectl set-hostname node2- master机器上添加hosts
cat >> /etc/hosts << EOF
192.168.3.103 master
192.168.3.104 node1
192.168.3.105 node2
EOF- 将桥接的IPV4流量传递到iptables的链. (三台机器都要操作)
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF- 所有节点执行命令
sysctl --system- 安装docker (三台机器都要操作)
1. 安装Docker源
yum install -y wget && wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
如果机器上之前安装过docker 先删除 (没有跳过)
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
安装Docker
yum -y install docker-ce-18.06.1.ce-3.el7
开启自启和启动
systemctl enable docker && systemctl start docker
查看版本
docker --version
4. 安装kubeadm,kubelet和kubectl
4.1 添加阿里云YUM的软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
5 安装 kubeadm,kubelet,kubectl
更新频繁的缘故 指定版本号安装
yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
设置开启启动
systemctl enable kubelet
6. 部署kubernetes master (master上执行)
kubeadm init \
--apiserver-advertise-address=192.168.3.103 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.15.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
使用kubectl工具
将k8s生成的管理员连接k8s集群的配置文件考到它默认的工作目录
在mster机器上执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 记下来等下有用
kubeadm join 192.168.3.103:6443 --token mezuhd.gzrrhle3e97wt3e5 \
--discovery-token-ca-cert-hash sha256:3a5815050357c23ebccbedd121a7ce805b8c8cdd74ecada8a81518959ff68dd9
7. 安装pod网络插件CNI (只在master上执行)
确保能访问quay.io这个registory
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
下载失败的 可以私聊找我要
kubectl apply -f kube-flannel.yml
8. 加入kubernetes node
在node上安装flannel (node1 node2)
docker pull lizhenliang/flannel:v0.11.0-amd64
向集群添加新节点,执行在kubeadm init输出的kubeadm join命令:
kubeadm join 192.168.3.103:6443 --token mezuhd.gzrrhle3e97wt3e5 \
--discovery-token-ca-cert-hash sha256:3a5815050357c23ebccbedd121a7ce805b8c8cdd74ecada8a81518959ff68dd9
装好之后在master 上执行
kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 14m v1.15.0
node1 Ready <none> 2m v1.15.0
node2 NotReady <none> 9s v1.15.0
已经完全准备完成。在master 上执行
kubectl get pods -n kube-system
所有组件状态都为:Running
NAME READY STATUS RESTARTS AGE
coredns-bccdc95cf-rj758 1/1 Running 0 15m
coredns-bccdc95cf-t4jzw 1/1 Running 0 15m
etcd-master 1/1 Running 0 14m
kube-apiserver-master 1/1 Running 0 14m
kube-controller-manager-master 1/1 Running 0 14m
kube-flannel-ds-amd64-6wvfv 1/1 Running 1 2m52s
kube-flannel-ds-amd64-cfqgw 1/1 Running 0 7m50s
kube-flannel-ds-amd64-j5sxm 1/1 Running 0 61s
kube-proxy-7cpbr 1/1 Running 0 2m52s
kube-proxy-fqlgd 1/1 Running 0 61s
kube-proxy-l8qqg 1/1 Running 0 15m
kube-scheduler-master 1/1 Running 0 13m
测试kubernetes集群 在master上创建nginx容器
在Kubernetes集群中创建一个pod,验证是否正常运行:
创建nginx容器
kubectl create deployment nginx --image=nginx
暴露对外端口
kubectl expose deployment nginx --port=80 --type=NodePort
查看nginx是否运行成功
kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-554b9c67f9-498wf 1/1 Running 0 4m25s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 22m
service/nginx NodePort 10.1.171.55 <none> 80:31092/TCP 4m16s
Note: 如果STATUS 为 ContainerCreating 可以通过以下命令排查
kubectl get pods
kubectl describe pod nginx-554b9c67f9-498wf (name)浏览器访问三个节点都可以访问,集群部署成功
部署Dashboard master
1. kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
2. 默认Dashboard只能集群内部访问,需要修改service为nodePort类型,暴露到外部,执行命令将配置文件下载下来
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
# 下载不下来的可以私聊我要
3. 修改这个文件
spec:
type: NodePort # 新增
ports:
- port: 443
targetPort: 8443
nodePort: 30001 # 新增
selector:
k8s-app: kubernetes-dashboard
4. 先Docker拉去镜像
docker pull lizhenliang/kubernetes-dashboard-amd64:v1.10.1
5. 加载配置文件
kubectl apply -f recommended.yaml
6. 查看暴露的端口
kubectl get pods,svc -n kubernetes-dashboard浏览器访问: (谷歌 火狐都无法访问)
masterip+30001
执行一下操作 之后,刷新火狐
mkdir key && cd key
#生成证书
openssl genrsa -out dashboard.key 2048
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.3.103'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#删除原有的证书secret
kubectl delete secret kubernetes-dashboard-certs -n kube-system
#创建新的证书secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
#查看pod
kubectl get pod -n kubernetes-dashboard
#重启pod
kubectl delete pod kubernetes-dashboard-56c5f95c6b-5nv25 -n kubernetes-dashboard
创建service account并绑定默认cluster-admin管理员集群角色:【依次执行】 master
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kubernetes-dashboard $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
# 结果
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi04Yno1YiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjA5ZDA0ZWI3LWZmMDAtNDZkMC1hNDZmLTNjYzdmZDlhM2Q3OCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.xnxsICRUjgHQQqFBYSLdPToxzKWAyc71xkGTlNO3qn-V4tUSvZ_H7Huh5jlavdI0lG5sKdukQtTPW5GhgRc6iUmAq7cxyobv2_qN449lVKVpHhKE8GCcE8UnHr4FgOtc3EGqiM2BN-kk9NWSdXf3Em8_w1v8cF-2wynzDg8_GgwvbMmNDh06j6Nw3KPbj85hayKL3Uwl2yJT51-KaYF43xGSIYeKPmEAKRvJjxhwfQedB6VYpPHieoExhviREhH4dX_MmsW1R9JFoAedHWjq4we1r9lvINFHtdDkqeHoj03Zk6zTRTEX590q-HV7f62uAwq8d69XcyYypom_dSlGgw将生成的token复制到页面就可以登陆了
