kubeadm安装使用k8s1.13版本

安装环境

  1. 操作系统:centos7(内存2G+,2核CPU+)
  2. 系统可以联网

准备环境

  1. 关闭防火墙,不然后期的apiserver的restful通信会refused

    1
    systemctl stop firewalld && systemctl disable firewalld
  2. 关闭selinux

    1
    sed -i 's/enforcing/disabled/' /etc/selinux/config
  3. 关闭swap,不然后面init master时会提示这个错误

    1
    swapoff -a
  4. 添加主机名与IP对应关系

    1
    2
    3
    4
    vi /etc/hosts
    内容为:
    192.168.110.155 master
    192.168.110.156 node01
  5. 同步时间

    1
    2
    3
    先查看一下集群时间是否同步,在每台服务器上执行:date,看返回结果,若不一致执行一下命令:
    yum install ntpdate -y
    ntpdate ntp.api.bz

安装docker和kubeadm kubectl kubelet

  1. 设置docker的yum源

    1
    2
    cd /etc/yum.repos.d/
    wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  2. 设置kubernetes的yum源

    1
    2
    3
    4
    5
    6
    7
    8
    9
    vi /etc/yum.repos.d/kubernetes.repo
    输入以下内容:
    [kubernetes]
    name=Kubernetes
    baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
    enabled=1
    gpgcheck=1
    repo_gpgcheck=1
    gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  3. 执行安装

    1
    yum install -y kubelet kubeadm kubectl docker-ce
  4. 设置开机启动并启动服务

    1
    2
    systemctl enable kubelet docker
    systemctl start kubelet docker

注以上操作,需要每台服务器都执行,以下操作,如无说明则都是在master上操作

初始化Master

  1. 由于上面安装kubeadm时安装的是最新版,所以我们最好查看该版本所需对应的容器镜像版本,这样我们可以拉取对应的镜像

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    kubeadm config images list
    输出如下:
    k8s.gcr.io/kube-apiserver:v1.13.4
    k8s.gcr.io/kube-controller-manager:v1.13.4
    k8s.gcr.io/kube-scheduler:v1.13.4
    k8s.gcr.io/kube-proxy:v1.13.4
    k8s.gcr.io/pause:3.1
    k8s.gcr.io/etcd:3.2.24
    k8s.gcr.io/coredns:1.2.6
    由此我们可知:当前k8s版本为1.13.4
  2. 拉取容器镜像:

    由于原始k8s.gcr.io无法拉取镜像(某种不可描述的原因),我们从阿里云上拉取,我们新建一个k8s.sh文件,写入以下内容:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    echo "start pull image"
    MY_REGISTRY=registry.cn-hangzhou.aliyuncs.com/openthings
    ## 拉取镜像
    docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4
    docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4
    docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4
    docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4
    docker pull ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24
    docker pull ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
    docker pull ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6
    ## 添加Tag
    docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4 k8s.gcr.io/kube-apiserver:v1.13.4
    docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4 k8s.gcr.io/kube-scheduler:v1.13.4
    docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4 k8s.gcr.io/kube-controller-manager:v1.13.4
    docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4 k8s.gcr.io/kube-proxy:v1.13.4
    docker tag ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
    docker tag ${MY_REGISTRY}/k8s-gcr-io-pause:3.1 k8s.gcr.io/pause:3.1
    docker tag ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
    ##删除镜像
    docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4
    docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4
    docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4
    docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4
    docker rmi ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24
    docker rmi ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
    docker rmi ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6
    echo "success"

    执行脚本:

    1
    bash k8s.sh
  3. 开始初始化master

    1
    kubeadm init --kubernetes-version=v1.13.4 --pod-network-cidr=10.244.0.0/16

    观看输出内容,可以看到在/etc/kubernets文件夹下生成很多加密文件,完成后会显示如下信息:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    Your Kubernetes master has initialized successfully!

    To start using your cluster, you need to run the following as a regular user:

    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config

    You should now deploy a pod network to the cluster.
    Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
    https://kubernetes.io/docs/concepts/cluster-administration/addons/

    You can now join any number of machines by running the following on each node
    as root:

    kubeadm join 192.168.110.155:6443 --token b99a00.a144ef80536d4344 --discovery-token-ca-cert-hash sha256:f79b68fb698c92b9336474eb3bf184e847f967dc58a6296911892662b98b1315

    然后,执行:

    1
    2
    3
    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
  4. 安装pod网络插件(flannel)

    1
    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.11.0/Documentation/kube-flannel.yml
  5. 我们到node节点,如果telnet masterip 6443通的话,我们执行:(kubeadm join 都在上面输出了,一定要使用自己的)

    1
    kubeadm join 192.168.110.155:6443 --token b99a00.a144ef80536d4344 --discovery-token-ca-cert-hash sha256:f79b68fb698c92b9336474eb3bf184e847f967dc58a6296911892662b98b1315
  6. 我们执行以下命令,若所有服务都是running,则安装成功

    1
    kubectl get pods --all-namespaces -o wide

配置k8s的dashboard

  1. 获取dashboard的yml文件

    1
    wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

    获取前请先在浏览器看看是否能打开这个链接,如果打不开那我们自己新建一个kubernetes-dashboard.yml,写入以下内容:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    145
    146
    apiVersion: v1
    kind: Secret
    metadata:
    labels:
    k8s-app: kubernetes-dashboard
    name: kubernetes-dashboard-certs
    namespace: kube-system
    type: Opaque

    ---
    # ------------------- Dashboard Service Account ------------------- #

    apiVersion: v1
    kind: ServiceAccount
    metadata:
    labels:
    k8s-app: kubernetes-dashboard
    name: kubernetes-dashboard
    namespace: kube-system

    ---
    # ------------------- Dashboard Role & Role Binding ------------------- #

    kind: Role
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
    name: kubernetes-dashboard-minimal
    namespace: kube-system
    rules:
    # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
    - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["create"]
    # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
    - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["create"]
    # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
    - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
    verbs: ["get", "update", "delete"]
    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
    - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # Allow Dashboard to get metrics from heapster.
    - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster"]
    verbs: ["proxy"]
    - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
    verbs: ["get"]

    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
    name: kubernetes-dashboard-minimal
    namespace: kube-system
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: kubernetes-dashboard-minimal
    subjects:
    - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kube-system

    ---
    # ------------------- Dashboard Deployment ------------------- #

    kind: Deployment
    apiVersion: apps/v1
    metadata:
    labels:
    k8s-app: kubernetes-dashboard
    name: kubernetes-dashboard
    namespace: kube-system
    spec:
    replicas: 1
    revisionHistoryLimit: 10
    selector:
    matchLabels:
    k8s-app: kubernetes-dashboard
    template:
    metadata:
    labels:
    k8s-app: kubernetes-dashboard
    spec:
    containers:
    - name: kubernetes-dashboard
    image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
    ports:
    - containerPort: 8443
    protocol: TCP
    args:
    - --auto-generate-certificates
    # Uncomment the following line to manually specify Kubernetes API server Host
    # If not specified, Dashboard will attempt to auto discover the API server and connect
    # to it. Uncomment only if the default does not work.
    # - --apiserver-host=http://my-address:port
    volumeMounts:
    - name: kubernetes-dashboard-certs
    mountPath: /certs
    # Create on-disk volume to store exec logs
    - mountPath: /tmp
    name: tmp-volume
    livenessProbe:
    httpGet:
    scheme: HTTPS
    path: /
    port: 8443
    initialDelaySeconds: 30
    timeoutSeconds: 30
    volumes:
    - name: kubernetes-dashboard-certs
    secret:
    secretName: kubernetes-dashboard-certs
    - name: tmp-volume
    emptyDir: {}
    serviceAccountName: kubernetes-dashboard
    # Comment the following tolerations if Dashboard must not be deployed on master
    tolerations:
    - key: node-role.kubernetes.io/master
    effect: NoSchedule

    ---
    # ------------------- Dashboard Service ------------------- #

    kind: Service
    apiVersion: v1
    metadata:
    labels:
    k8s-app: kubernetes-dashboard
    name: kubernetes-dashboard
    namespace: kube-system
    spec:
    ports:
    - port: 443
    targetPort: 8443
    selector:
    k8s-app: kubernetes-dashboard
  2. 修改第一步的文件内容:

    找到image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1,替换成:

    1
    image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1

    找到文件最后的Dashboard Service下面的配置删除掉,替换为:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    kind: Service
    apiVersion: v1
    metadata:
    labels:
    k8s-app: kubernetes-dashboard
    name: kubernetes-dashboard
    namespace: kube-system
    spec:
    type: NodePort
    ports:
    - port: 443
    targetPort: 8443
    nodePort: 30001
    selector:
    k8s-app: kubernetes-dashboard
  3. 运行这个文件:

    1
    kubectl apply -f kubernetes-dashboard.yaml
  4. 此时我们执行:kubectl get pods -n kube-system,应该看到会多一个kubernetes-dashboard-xxxxxxx的status为running。(kube-system为k8s默认的命名空间)

  5. 接下来,我们创建一个管理员角色,用来登录dashboard页面,新建k8s-admin.yaml文件,写入以下内容:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: dashboard-admin
    namespace: kube-system
    ---
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
    name: dashboard-admin
    subjects:
    - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
    roleRef:
    kind: ClusterRole
    name: cluster-admin
    apiGroup: rbac.authorization.k8s.io
  6. 执行刚建的文件:

    1
    kubectl apply -f k8s-admin.yaml
  7. 然后我们执行以下命令,找到NAME为:dashboard-admin-token-xxxx后复制它:

    1
    kubectl get secret -n kube-system
  8. 最后我们执行以下命令来获取token:

    1
    2
    kubectl describe secret dashboard-admin-token-wkpxk  -n kube-system
    改命令会打印出生成的token,请复制这个token
  9. 打开火狐浏览器(我用谷歌浏览器,打开后会提示该链接为私密链接,可恶的是点击高级,没有继续前往的选项),输入:https://192.168.110.155:30001,提示不安全,我们点击高级,再点击添加例外,即可访问。然后我们选择令牌按钮,输入刚刚复制的token,点击登录即可。

    dashboard

    image-20190313161916298

至此,我们已经成功的完成安装与仪表板页面的使用了。

其它操作教程,请移步:https://xiekun.top/k8s%E5%9F%BA%E7%A1%80%E6%95%99%E7%A8%8B.html#more

Xie Kun wechat
觉得不错,请喝奶茶吧😃