准备工作

  • 3台虚拟机,我这里是3台CentOS虚拟机,2H4G,系统版本是CentOS7.7.1908
关闭防火墙:
systemctl stop firewalld
systemctl disable firewalld

关闭selinux:
sed -i 's/enforcing/disabled/' /etc/selinux/config  # 永久
setenforce 0  # 临时

关闭swap:
swapoff -a  # 临时
vim /etc/fstab  # 永久

设置主机名:
hostnamectl set-hostname <hostname>

在master添加hosts:
cat >> /etc/hosts << EOF
192.168.1.150 k8s-master
192.168.1.151 k8s-node1
192.168.1.152 k8s-node2
EOF

将桥接的IPv4流量传递到iptables的链:
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system  # 生效

时间同步:
yum install ntpdate -y
ntpdate time.windows.com

安装步骤

安装docker

Kubernetes默认CRI(容器运行时)为Docker,因此先安装Docker。

这里基于docker v19.03版本

$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
$ yum -y install docker-ce
$ systemctl enable docker && systemctl start docker

配置镜像加速

{
  "registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"]
}

添加阿里云K8S源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装kubeadm、kubelet、kubectl

yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0
systemctl enable kubelet && systemctl start kubelet

部署kubenetes master

在master节点执行

kubeadm init \
  --apiserver-advertise-address=192.168.1.150 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.19.0 \
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=10.244.0.0/16 \
  --ignore-preflight-errors=all

拷贝kubectl使用的连接k8s认证文件到默认路径

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 检查一下node运行情况
kubectl get nodes

其他节点加入k8s集群

kubeadm join 192.168.1.150:6443 --token fng4am.tvxox5ech34g6ymt \
    --discovery-token-ca-cert-hash sha256:47624bde975ca95995e100fc886a1ad9387c7f6deb64117f05e2a95f59da1cf1

默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,操作如下:

kubeadm token create 
kubeadm token list openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

kubeadm join 192.168.1.150:6443 --token nuja6n.o3jrhsffiqs9swnu --discovery-token-ca-cert-hash sha256:63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

或者直接命令快捷生成:

kubeadm token create --print-join-command

部署容器网络(CNI)

推荐Calico

wget https://docs.projectcalico.org/manifests/calico.yaml

下载完后还需要修改里面定义Pod网络(CALICO_IPV4POOL_CIDR),与前面kubeadm init指定的一样

应用清单

kubectl apply -f calico.yaml
kubectl get pods -n kube-system

测试kubernetes集群

  • 验证Pod工作
  • 验证Pod网络通信
  • 验证DNS解析
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc

访问地址:http://NodeIP:Port

部署kubenetes dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部:

$ vi recommended.yaml
...
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort
...
$ kubectl apply -f recommended.yaml
$ kubectl get pods -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-6b4884c9d5-gl8nr   1/1     Running   0          13m
kubernetes-dashboard-7f99b75bf4-89cds        1/1     Running   0          13m

创建集群管理角色

# 创建用户
$ kubectl create serviceaccount dashboard-admin -n kube-system
# 用户授权
$ kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# 获取用户Token
$ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

kubernetes dashboard 界面截图

image.png

或者选择其他的dashboard,比如kuboard

https://kuboard.cn/install/v3/install-in-k8s.html#%E5%AE%89%E8%A3%85

kuboard 界面截图

image.png

参考文章

kubernetes之一基于kubeadm安装k8s集群(1.19)
快速搭建k8s集群(kubeadm方式)
阿里云k8s镜像