安装Docker Engine
#删除老版本 sudo apt-get remove docker docker-engine docker.io containerd runc #安装必要工具 sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common #安装GPG证书&写入软件源信息 curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" #安装docker sudo apt-get -y update & sudo apt-get -y install docker-ce docker-ce-cli containerd.io #测试 docker info配置docker国内加速& 修改 Cgroup Driver 【Kubernetes 推荐使用 systemd 来代替 cgroupfs】
vim /etc/docker/daemon.json内容如下:(获取加速地址参见:官方镜像加速 (aliyun.com))
{ "registry-mirrors" : ["https://xxxxxx.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"] }重启docker
systemctl daemon-reload systemctl restart docker docker info安装kubelet、kubeadm、kubectl
安装kubelet、kubeadm、kubectl 并配置kubelet开机启动
#1.更新 apt 包索引,并安装使用 Kubernetes apt 仓库所需要的包: sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl #2.下载 Google Cloud 公开签名秘钥:【替换为aliyun镜像地址】 #sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg #3.添加 Kubernetes apt 仓库:【替换为aliyun镜像地址】 #echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list #4.更新 apt 包索引,使之包含新的仓库并安装 kubectl: sudo apt-get update sudo apt-get install -y kubectl kubelet kubeadm # 配置开机启动 systemctl daemon-reload systemctl enable kubelet #6.查看版本 root@master:~# kubelet --version Kubernetes v1.23.1 root@master:~# kubectl version --client Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.1", GitCommit:"86ec240af8cbd1b60bcc4c03c20da9b98005b92e", GitTreeState:"clean", BuildDate:"2021-12-16T11:41:01Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"} root@master:~# kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.1", GitCommit:"86ec240af8cbd1b60bcc4c03c20da9b98005b92e", GitTreeState:"clean", BuildDate:"2021-12-16T11:39:51Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"} root@master:~# 如kubelet启动有错误可查看日志排除
journalctl -u kubelet --no-pager 通过journalctl -u kubelet.service命令来查看kubelet服务的日志禁用 swapoff
sudo swapoff -a sudo sed -i '/ swap / s/^/#/' /etc/fstab #永久关闭 vim /etc/fstab 注释掉最后一行的swap通过kubeadm初始化集群
执行如下命令:
kubeadm init --apiserver-advertise-address=$(hostname -i) \ --apiserver-cert-extra-sans=127.0.0.1 \ --pod-network-cidr=10.244.0.0/16 \ --image-repository=registry.aliyuncs.com/google_containers 注意:这里有一个巨大的坑, 如果使用Flannel网络 【建议使用 –pod-network-cidr=10.244.0.0/16 或者后期修改Flannel ConfigMap 】,【部署Dashboard ,nfs-subdir-external-provisioner时】失败报错如下:Error getting server version: Get "https://10.96.0.1:443/version?timeout=32s: dial tcp 10.96.0.1:443: i/o timeout.
修改Flannel ConfigMap 如下:
kubectl edit cm -n kube-system kube-flannel-cfg # edit the configuration by changing network from 10.244.0.0/16 to 10.10.0.0/16 kubectl delete pod -n kube-system -l app=flannel kubectl delete po -n kube-system -l k8s-app=kubernetes-dashboard部署成功如下图:
按照提示执行:
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config #Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf 配置其他节点使用kubectl
scp -r /etc/kubernetes/admin.conf ${node1}:/etc/kubernetes/admin.conf #配置环境变量 echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile #立即生效 source ~/.bash_profile添加集群节点[kubeadm join]
从上文初始化集群成功提示中复制【kubeadm join】在要添加的节点中执行
kubeadm join ${masterhost}:${port} --token xxxxx \ --discovery-token-ca-cert-hash sha256:xxxxxxxxxxx添加完成如下图:
root@master:~# kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master.vfox.top NotReady control-plane,master 10m v1.23.1 172.31.201.18 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12 node01.vfox.top NotReady <none> 14s v1.23.1 172.22.88.110 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12 node02.vfox.top NotReady <none> 10s v1.23.1 172.22.88.111 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12 所以节点的status是NotReady ,这是因为没有安装网络插件
安装网络插件 flannel
root@master:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+ podsecuritypolicy.policy/psp.flannel.unprivileged created clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.apps/kube-flannel-ds created root@master:~# kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master.vfox.top Ready control-plane,master 27m v1.23.1 172.31.201.18 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12 node01.vfox.top Ready <none> 16m v1.23.1 172.22.88.110 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12 node02.vfox.top Ready <none> 16m v1.23.1 172.22.88.111 <none> Ubuntu 20.04.3 LTS 5.4.0-92-generic docker://20.10.12 root@master:~# 配置dashboard
参考地址:GitHub – kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml vim ./recommended.yadashboard安装后service 默认是 ClusterIP 运行 修改成 NodePort
安装dashboard命令:kubectl apply -f recommended.yaml
root@master:~/app/k8s# kubectl apply -f ./recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created 通过 https://hostname:31443 就可以访问 Kubernetes Dashboard 了, 如下图
创建Kubernetes Dashboard 的登陆Token
创建一个ServiceAccount :dashboard-admin
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard将dashboard-admin 绑定到集群管理角色
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin查看dashboard-admin的登陆Token
kubectl get secret -n kubernetes-dashboard
kubectl describe secret dashboard-admin-token-5pglz -n kubernetes-dashboard
root@master:~/app/k8s# kubectl get secret -n kubernetes-dashboard NAME TYPE DATA AGE dashboard-admin-token-5pglz kubernetes.io/service-account-token 3 6m26s default-token-95htf kubernetes.io/service-account-token 3 12m kubernetes-dashboard-certs Opaque 0 12m kubernetes-dashboard-csrf Opaque 1 12m kubernetes-dashboard-key-holder Opaque 2 12m kubernetes-dashboard-token-7xxbl kubernetes.io/service-account-token 3 12m root@master:~/app/k8s# kubectl describe secret dashboard-admin-token-5pglz -n kubernetes-dashboard Name: dashboard-admin-token-5pglz Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: 4b4029cb-6eb2-49f3-a15c-42c9b7ac8d60 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1099 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlExNUJWbDZXWWpsTFhuWGxqNmRzNkFvMXBOTkc0aERlNzR1UGpIblFnc2MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNXBnbHoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNGI0MDI5Y2ItNmViMi00OWYzLWExNWMtNDJjOWI3YWM4ZDYwIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.jcpagiw7jhORVxhsbMH4HpB9Fi_bS2crTYcXTXTtJY1JBcyazoahE3UOm6ZPL9NRX9U-Ut7nds7WrIYugi0LzjJIHQIj9sEhZhTdVTxTdrlUXzMGuEBW_RaWZzbxw6-S2NPFCVnAS3P0jY8GVFjD8rhtNU_ZtMFDJOLe6J3Cz_OQL9-Zz2lxWnklxoEmh8qmz3neczBR95bVOAznJ9mwyivsTpvgRYauAi7yrdanCCiJgORr21S0O4TYPhbZHdIq_4拿到token就可以登陆dashboard 了,如图
原文链接:https://blog.csdn.net/goujie/article/details/122509171
© 版权声明
声明📢本站内容均来自互联网,归原创作者所有,如有侵权必删除。
本站文章皆由CC-4.0协议发布,如无来源则为原创,转载请注明出处。
THE END
