1、简介
K8s部署主要有两种方式:
- 1、Kubeadm
Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群。
- 2、二进制
从github下载发行版的二进制包,手动部署每个组件,组成Kubernetes集群。
本文通过kudeadm的方式在centos7上安装kubernetes集群。
2、环境准备
(1)初始化配置
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
#关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
#关闭swap
把/etc/fstab下的swap注释掉。
|---|-------------------------------------------|
| 1 | sed -ri ``'s/.*swap.*/#&/'
/etc/fstab
|
#设置主机名
hostnamectl set-hostname k8s-master01
hostnamectl set-hostname k8s-worker01
hostnamectl set-hostname k8s-worker02
#在master添加hosts
cat > /etc/hosts << EOF
192.168.204.129 k8s-master01
192.168.204.130 k8s-worker01
192.168.204.131 k8s-worker02
EOF
#将桥接的IPV4流量传递到iptables的链:
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
#时间同步
yum install ntpdate -y
ntpdate time.windows.com
(2) 安装Docker
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
systemctl enable docker && systemctl start docker
#配置镜像加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://kd88kykb.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
(3)添加阿里云yum软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
(4)安装kubeadm、kubelet和kubectl
yum install -y kubelet-1.21.4 kubeadm-1.21.4 kubectl-1.21.4
systemctl enable kubelet
3、部署Kubernetes Master
kubeadm init \
--apiserver-advertise-address=192.168.204.129 \
--image-repository=registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.21.4 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=172.16.0.0/16 \
--ignore-preflight-errors=all
安装成功
使用kubectl查看节点状态
4、部署Node节点
向集群添加新节点,执行kubeadm join命令即可。
kubeadm join 192.168.204.129:6443 --token 1g5b2s.sany5uo5w4op3hae \
--discovery-token-ca-cert-hash sha256:0fc38e874b727a9a4c2118e562a0b941dde98fa6ecc4ec2a6161b7d70a3966e2
journalctl -u kubelet
5、部署容器网络(CNI)
找到k8s版本对应的calico
https://projectcalico.docs.tigera.io/archive/v3.20/getting-started/kubernetes/requirements
#下载calico.yaml,替换CALICO_IPV4POOL_CIDR
curl https://docs.projectcalico.org/archive/v3.20/manifests/calico.yaml -O calico.yaml
curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico-etcd.yaml -o calico.yaml
#通过CALICO_IPV4POOL_CIDR手动配置Pod子网范围
# - name: CALICO_IPV4POOL_CIDR
# value: "172.16.0.0/16"
kubectl apply -f calico.yaml
kubectl get pods -n kube-system
6、测试kubernetes集群
在集群中创建一个pod,验证是否正常运行:
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
7、部署Dashboard
下载,并增加 type: NodePort
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
kubectl apply -f recommended.yaml
kubectl get pod,svc -n kubernetes-dashboard
浏览器访问dashboard
创建service account 并绑定默认cluster-admin管理员集群角色:
|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 | #创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
#用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
#获取用户token
kubectl describe secret -n kube-system $(kubectl -n kube-system ``get
secret|awk ``'/dashboard-admin/{print $1}'``)
|
使用token登录dashboard。