簡稱k8s

是一個容器編排系統(tǒng)

為了解決容器部署環(huán)境下,容器太多管理困難的問題

架構(gòu)

多主多從架構(gòu)

基本概念

• MasterNode 主節(jié)點(diǎn)

  • APIServer

  • Controller Manager

  • ETCD 鍵值數(shù)據(jù)庫

  • SCHED 調(diào)度者

  • Cloud Controller Manager

• WorkNode 工作節(jié)點(diǎn)

  • kube-proxy

  • kubelet

安裝

安裝步驟

1. 在每個服務(wù)器安裝Docker環(huán)境

2. 安裝kubelet

3. 安裝kubectl 和 kubeadm

4. 使用kubeadm初始化

1. 開通服務(wù)器

按照開通云服務(wù)器的方法開通三臺服務(wù)器

2. 安裝docker

參考之前的docker安裝步驟

3.服務(wù)器環(huán)境處理

https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

基于文檔處理服務(wù)器環(huán)境

3.1 設(shè)置hostname

# 設(shè)置三臺服務(wù)器的hostname

hostnamectl set-hostname [hostname]

 

3.2 禁用SELINUX

# 將 SELinux 設(shè)置為 permissive 模式（相當(dāng)于將其禁用）

sudo setenforce 0

sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

3.3 禁用swap分區(qū)

swapoff -a

sed -ri 's/.*swap.*/#&/' /etc/fstab

3.4 允許 iptables 檢查橋接流量

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf

br_netfilter

EOF

 

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

sudo sysctl --system

4. 安裝kubelet kubeadm kubectl

4.1 設(shè)置yum安裝源為阿里云

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64

enabled=1

gpgcheck=1

repo_gpgcheck=1

gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

exclude=kubelet kubeadm kubectl

EOF

4.2 安裝kubelet kubeam kubectl

sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes

# 啟動kubelet

sudo systemctl enable --now kubelet

 

5. 使用kubeadm安裝k8s

5.1 準(zhǔn)備鏡像

主節(jié)點(diǎn)執(zhí)行

# 創(chuàng)建一個shell腳本

sudo tee ./images.sh <<-'EOF'

#!/bin/bash

images=(

kube-apiserver:v1.20.9

kube-proxy:v1.20.9

kube-controller-manager:v1.20.9

kube-scheduler:v1.20.9

coredns:1.7.0

etcd:3.4.13-0

pause:3.2

)

for imageName in ${images[@]} ; do

docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName

done

EOF

 

# 修改權(quán)限執(zhí)行腳本

chmod +x ./images.sh && ./images.sh

5.2 初始化主節(jié)點(diǎn)

#所有機(jī)器添加master域名映射，以下ip需要修改為自己的ip

echo "172.16.0.208 cluster-endpoint" >> /etc/hosts

 

# 然后各個節(jié)點(diǎn)可以ping通cluster-endpoint

ping cluster-endpoint

 

#主節(jié)點(diǎn)初始化 只在主節(jié)點(diǎn)執(zhí)行

kubeadm init \

--apiserver-advertise-address=172.16.0.208 \

--control-plane-endpoint=cluster-endpoint \

--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \

--kubernetes-version v1.20.9 \

--service-cidr=10.96.0.0/16 \

--pod-network-cidr=192.168.0.0/16

 

#所有網(wǎng)絡(luò)范圍不重疊

初始化失敗原因檢查:

1. master 域名映射 必須為局域網(wǎng)ip

2. 檢查kubelet是否啟動

如果初始化失敗,或者初始化過程中出現(xiàn)問題,導(dǎo)致init失敗,但是docker鏡像已經(jīng)在運(yùn)行的情況

使用命令重置k8s

kubeadm reset -y

初始化成功后可以看到如下:

 

保留上述提示命令:

Your Kubernetes control-plane has initialized successfully!

 

To start using your cluster, you need to run the following as a regular user:

 

 mkdir -p $HOME/.kube

 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

 sudo chown $(id -u):$(id -g) $HOME/.kube/config

 

Alternatively, if you are the root user, you can run:

 

 export KUBECONFIG=/etc/kubernetes/admin.conf

 

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

 https://kubernetes.io/docs/concepts/cluster-administration/addons/

 

You can now join any number of control-plane nodes by copying certificate authorities

and service account keys on each node and then running the following as root:

 

 kubeadm join cluster-endpoint:6443 --token byw8pn.82wht0x3yhzy9vt2 \

   --discovery-token-ca-cert-hash sha256:b8877f8540c29b5b72241712c5f1df1ae9c45835563ae2894df51d833a46d9d5 \

   --control-plane

 

Then you can join any number of worker nodes by running the following on each as root:

 

kubeadm join cluster-endpoint:6443 --token byw8pn.82wht0x3yhzy9vt2 \

   --discovery-token-ca-cert-hash sha256:b8877f8540c29b5b72241712c5f1df1ae9c45835563ae2894df51d833a46d9d5

如上文所說,想要使用k8s還需要執(zhí)行如下命令

主節(jié)點(diǎn)執(zhí)行

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

export KUBECONFIG=/etc/kubernetes/admin.conf

執(zhí)行后主節(jié)點(diǎn)就算是初始化成功了

# 查看k8s節(jié)點(diǎn)狀態(tài) 此時狀態(tài)是NotReady 因?yàn)檫€沒有安裝網(wǎng)絡(luò)插件

kubectl get nodes

5.1.1 安裝網(wǎng)絡(luò)插件

# 下載配置文件

curl https://docs.projectcalico.org/manifests/calico.yaml -O

 

# 安裝插件

kubectl apply -f calico.yaml

 

# 查看k8s中的資源

kubectl get pod -A

5.1.2 完成主節(jié)點(diǎn)配置

此時主節(jié)點(diǎn)就配置完成了

#查看主節(jié)點(diǎn)狀態(tài) 可以看到主節(jié)點(diǎn)已經(jīng)完成 如果沒完成稍微等待一下 等上文中的pod資源全部完成后,就可以了

kubectl get nodes

從上文中可以得到如下幾個命令:

# 添加主節(jié)點(diǎn)

kubeadm join cluster-endpoint:6443 --token byw8pn.82wht0x3yhzy9vt2 \

   --discovery-token-ca-cert-hash sha256:b8877f8540c29b5b72241712c5f1df1ae9c45835563ae2894df51d833a46d9d5 \

   --control-plane

# 添加工作節(jié)點(diǎn)

kubeadm join cluster-endpoint:6443 --token byw8pn.82wht0x3yhzy9vt2 \

   --discovery-token-ca-cert-hash sha256:b8877f8540c29b5b72241712c5f1df1ae9c45835563ae2894df51d833a46d9d5

5.2 添加工作節(jié)點(diǎn)

在兩個工作節(jié)點(diǎn)上執(zhí)行

token只有24h有效

kubeadm join cluster-endpoint:6443 --token byw8pn.82wht0x3yhzy9vt2 \

   --discovery-token-ca-cert-hash sha256:b8877f8540c29b5b72241712c5f1df1ae9c45835563ae2894df51d833a46d9d5

   

# 如果token過期 在master節(jié)點(diǎn)運(yùn)行此命令重新獲取token

kubeadm token create --print-join-command

添加后在主節(jié)點(diǎn)查看節(jié)點(diǎn)狀態(tài)

# 看到多了兩個節(jié)點(diǎn) 但是不是Ready狀態(tài) 那是正在安裝資源

kubectl get nodes

 

# 查看資源安裝進(jìn)度  可以使用watch -n 1 [命令] 每1s查看一次

kubectl get pod -A

 

6. 安裝k8s dashboard

安裝k8s官方提供的可視化界面

6.1 安裝應(yīng)用

# 直接遠(yuǎn)程下載

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

# 如果遠(yuǎn)程下載不到,可以線下下載 再復(fù)制進(jìn)服務(wù)器創(chuàng)建yaml文件

6.2 開放端口

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

#修改 type 屬性

#type: ClusterIP 改為 type: NodePort

 

# kubuctl 獲取dashboard端口 之后需要將這個端口號在云服務(wù)器安全組中放行

kubectl get svc -A | grep kubernetes-dashboard

6.3 創(chuàng)建賬號

創(chuàng)建訪問賬號，準(zhǔn)備一個yaml文件； vi dash-user.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

 name: admin-user

 namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

 name: admin-user

roleRef:

 apiGroup: rbac.authorization.k8s.io

 kind: ClusterRole

 name: cluster-admin

subjects:

- kind: ServiceAccount

 name: admin-user

 namespace: kubernetes-dashboard

kubectl apply -f dash-user.yaml

6.4 獲取訪問令牌

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

eyJhbGciOiJSUzI1NiIsImtpZCI6Im4taXUyMUstaTVOVmdYMTVZVndTc2xPbG5RZzBUUlZwdkY5bzB0TFltNkkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLW5jd3oyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIxZmNjYWI1Zi1iOWRkLTQ5MGYtYmI2NS03NDU1ZjA0NGQzODkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.dpqKh8xAeQ7s-cp6bhUnnfH8QH0Zbg0r2xggjiXX3NwbxLTUBBf4uT3bDcXHlLcaQMcRWJ5TvxczNUVlJYjcP8bm-ckQyLTtgjRs_NKffiiNWNSe_blneKbcyTTf7KxTt1R70PnBOG6oHmkBYrwCHV9XWnvjlVO2TstAqF1doa3yCxaCz6Sg1u8qaRlLZ6Ou7bD3t4Y-31dajI2HoVJEKU6IiEfOzN0C2RqA9yHY6ATkotQ95ALdTfYvU1iWpsLsnQTf94WwAnueqruTFFyf_AMjPx2OirH98cMis7P_x9uJ0pA9xaNrBc3dX0JYgFFHO0Elan-CDyie1GPCZ0Q2zw

6.5 訪問

https://39.101.72.***:32466/

ip為任意一節(jié)點(diǎn)ip 端口為上述查詢出來并放行安全組的端口

https

輸入token登錄

版權(quán)聲明：本文內(nèi)容轉(zhuǎn)發(fā)自阿里云社區(qū)，由阿里云實(shí)名注冊用戶自發(fā)貢獻(xiàn)！版權(quán)歸原作者所有。本站不擁有其著作權(quán)，亦不承擔(dān)相應(yīng)法律責(zé)任。如果您發(fā)現(xiàn)本文中有涉嫌抄襲的內(nèi)容，請聯(lián)系站內(nèi)客服，本站將立刻刪除涉嫌侵權(quán)內(nèi)容。