k8s版本:1.15.0
前期准备
- 节点:
- master:172.50.13.103(2核2G)
- node-1:172.50.13.104(2核2G)
- node-2:172.50.13.105(2核2G)
- 关闭firewalld防火墙(都要关)
systemctl stop firewalld && systemctl disable firewalld
- 关闭swap分区(都关)
- 临时关闭:
swapoff -a - 永久关闭:
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
- 关闭selinux(都关)
setenforce 0sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinuxsed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
- 设置hostname:(分别设置)
- 13.103:
hostnamectl set-hostname k8s-master - 13.104:
hostnamectl set-hostname k8s-node1 - 13.105:
hostnamectl set-hostname k8s-node2
- 修改hosts文件:(都设置)
172.50.13.103 k8s-master 172.50.13.104 k8s-node1 172.50.13.105 k8s-node2
- 调整系统内核参数(都要设置)
cat > /etc/sysctl.d/k8s.conf << EOF net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 vm.swappiness = 0 EOF
- 执行
sysctl -p或者sysctl --system使修改后的系统参数生效。如果提示cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: 没有那个文件或目录,则执行modprobe br_netfilter
安装docker并修改默认配置(三节点都要配置)
安装
# 安装docker所需的工具 yum install -y gcc gcc-c++ yum-utils device-mapper-persistent-data lvm2 # 配置阿里云的docker源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 更新yum缓存 yum makecache # 指定安装这个版本的docker-ce yum install -y docker-ce-18.09.9-3.el7 # 启动docker systemctl enable docker && systemctl start docker
修改docker文件
# 先停止docker服务 systemctl stop docker # 修改/etc/docker/daemon.json,内容应如下。注意修改tmp1234为实际阿里云加速地址 { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-level": "warn", "log-opts": { "max-size": "100m", }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "registry-mirrors": [ "https://tmp1234.mirror.aliyuncs.com" ], "ip-forward": true, "ip-masq": false, "iptables": false, "ipv6": false, "live-restore": true, "selinux-enabled": false, "data-root": "/home/data/docker", } # 重新加载docker配置文件并启动 systemctl daemon-reload systemctl start docker
添加k8s的yum源(三节点都要配置)
cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
安装k8s组件(三节点都要配置)
yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0 systemctl enable kubelet
配置master节点
kubeadm init \ --apiserver-advertise-address=172.50.13.103 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.15.0 \ --service-cidr=10.1.0.0/16 \ --pod-network-cidr=10.244.0.0/16
主要参数说明:
apiserver-advertise-address:指定api server地址image-repository:镜像仓库地址kubernetes-version:k8s版本service-cidr:service的IP地址段pod-network-cidr:pod网络IP段
等待执行完成,根据输出结果进行操作:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
在另外两个node节点执行:(以实际主节点执行kubeadm init的结果为准)
kubeadm join 172.50.13.103:6443 --token 12345 --discovery-token-ca-cert-hash 123456
在master节点安装网络插件:
wget https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
修改kube-flannel.yml:
# 第106行 image: lizhenliang/flannel:v0.11.0-amd64 # 第120行 image: lizhenliang/flannel:v0.11.0-amd64
应用网络插件:
kubectl apply -f kube-flannel.yml
查看集群状态
kubectl get nodes
status全部为ready才能进行后面的操作。
kubectl get pod -n kube-system
只有全部ready都为1/1则可以成功执行后续步骤,如果flannel需检查网络情况,重新进行如下操作:
kubectl delete -f kube-flannel.yml -> 重新wget,修改镜像地址,然后 kubectl apply -f kube-flannel.yml
测试k8s集群
# 创建一个pod。nginx需要提前docker pull kubectl create deployment nginx --image=nginx # 暴露端口 kubectl expose deployment nginx --port=80 --type=NodePort # 查看状态 kubectl get pods,svc # 以下为返回结果,其中30938为nginx端口。在浏览器访问172.50.13.103:30938 NAME READY STATUS RESTARTS AGE pod/nginx-554b9c67f9-v7ztr 1/1 Running 0 5h21m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 5h43m service/nginx NodePort 10.1.82.8 <none> 80:30938/TCP 5h20m
部署dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
修改vim kubernetes-dashboard.yaml
109 spec: 110 containers: 111 - name: kubernetes-dashboard 112 image: lizhenliang/kubernetes-dashboard-amd64:v1.10.1 # 修改此行 ...... 157 spec: 158 type: NodePort # 增加此行 159 ports: 160 - port: 443 161 targetPort: 8443 162 nodePort: 30001 # 增加此行 163 selector: 164 k8s-app: kubernetes-dashboard
应用:kubectl apply -f kubernetes-dashboard.yaml
在浏览器上验证:https://172.50.13.103:30001(chrome如果打不开,换火狐)
创建service account并绑定默认cluster-admin管理员集群角色:
# step 1 kubectl create serviceaccount dashboard-admin -n kube-system # step 2 kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin # step 3 kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
复制token到页面的令牌处。
健康状态检查
组件、插件健康状态检查
kubectl get cs 或者 kubectl get componentstatus
服务状态检查
systemctl status kubelet docker
检查pod状态
kubectl get pods -o wide -n kube-system
