k8s環境部署（一）

環境介紹

1.單masrer節點 （安裝下面圖中介紹的四個組件）

2.倆個node節點（安裝kubelet和docker）

3.爲了支持master與node以前的通訊，咱們還須要在master上安裝flannel來實現maste與node之間的網絡通訊

這裏建議經過yum來安裝，手動安裝須要網絡規劃和證書安裝，後期能夠本身研究下

安裝要求：

系統版本：CentOS7.x版本

硬件配置：內存2GB以上  cpu2核以上  硬盤大於30G

集羣網絡配置：集羣中全部服務器內網必須互通，而且須要訪問外網來拉取鏡像

禁用swap分區

學習環境：

 

學習目標：

1.在全部節點安裝Docker和kubeadm

2.部署kubernetes Master

3.部署容器網絡插件

4.部署kubernetes node，並將節點添加到kubernetes集羣

5.部署dashboard web頁面，可視化kubernetes資源

 ================================================

k8s基礎環境操做：

關閉防火牆：

$ systemctl stop firewalld

$ systemctl disable firewalld

關閉selinux：

$ sed -i 's/enforcing/disabled/' /etc/selinux/config

$ setenforce 0

關閉swap分許

臨時關閉：swapoff -a

永久關閉：註釋掉/etc/fstab文件中的swap行

編輯hosts文件，將全部節點的ip和主機名一一對應

172.16.204.130     k8s-master
172.16.204.131      k8s-node1
172.16.204.132     k8s-node2

將橋接的IPv4流量傳遞到iptables的鏈

$ cat > /etc/sysctl.d/k8s.conf << EOF

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF 

$ sysctl --system

開啓IP轉發功能

echo "1" > /proc/sys/net/ipv4/ip_forward

NTP時間服務同步 *****

=================================================

全部節點安裝docker、kubeadm、kubelet

安裝docker

$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

$ yum -y install docker-ce-18.06.1.ce-3.el7

$ systemctl enable docker && systemctl start docker

$ docker --version

Docker version 18.06.1-ce, build e68fc7a

 

添加阿里雲YUM軟件源

$ vim /etc/yum.repos.d/kubernetes.repo 

[Kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

 

 

yum clean all

yum makecache

安裝kubeadm，kubelet和kubectl

因爲版本更新頻繁，這裏指定版本號部署：

$ yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0

$ systemctl enable kubelet

=========================================================================

部署Kubernetes Master

 

$ kubeadm init \

--apiserver-advertise-address=172.16.204.130 \       #master組件監聽的api地址，這裏寫masterIP地址便可或者多網卡選擇另外一個IP地址

--image-repository registry.aliyuncs.com/google_containers \

--kubernetes-version v1.15.0 \

--service-cidr=10.1.0.0/16 \

--pod-network-cidr=10.244.0.0/16

[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.16.204.130:6443 --token 44basl.nx5l92iyq91a1fjw \
--discovery-token-ca-cert-hash sha256:2b317de2bc21973b245ceaa6570352172a16a6a4ac59a47fb7ef82bc036bb120   #此koken有效期爲一天，若是tokey過時，可使用以下命令
生成永久不過時的tokey：kubeadm token create --ttl 0 --print-join-command
#kubeadm join 172.16.204.130:6443 --token 65xvux.v693lnz6ts7pm030     --discovery-token-ca-cert-hash sha256:2b317de2bc21973b245ceaa6570352172a16a6a4ac59a47fb7ef82bc036bb120

　　

===========================================================

配置常規用戶如何使用kubectl訪問集羣

 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config

master安裝Flannel

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

查看全部pod

[root@k8s-master ~]# kubectl get pod -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-bccdc95cf-6tx8r              1/1     Running   0          52m
coredns-bccdc95cf-l7lv9              1/1     Running   0          52m
etcd-k8s-master                      1/1     Running   0          51m
kube-apiserver-k8s-master            1/1     Running   0          51m
kube-controller-manager-k8s-master   1/1     Running   0          51m
kube-flannel-ds-amd64-sx7r9          1/1     Running   0          16m
kube-proxy-xb6cc                     1/1     Running   0          52m
kube-scheduler-k8s-master            1/1     Running   0          51m

　　

查看節點

[root@k8s-master ~]# kubectl get node
NAME         STATUS   ROLES    AGE   VERSION
k8s-master   Ready    master   53m   v1.15.0

　　

加入node節點

在node節點上執行加入集羣的命令

kubeadm join 172.16.204.130:6443 --token 44basl.nx5l92iyq91a1fjw   --discovery-token-ca-cert-hash sha256:2b317de2bc21973b245ceaa6570352172a16a6a4ac59a47fb7ef82bc
036bb120

　　

查看node1節點加入是否成功

 在node1上執行docker ps 查看k8s組件是否已安裝

在master上執行kubectl get nodes 查看節點信息

 ==========================================================================================================

部署 Dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

 vim   kubernetes-dashboard.yaml

安裝Dashboard

kubectl apply -f kubernetes-dashboard.yaml

使用master節點ip地址+端口來訪問，協議是https的

查看Dashboard端口信息：kubectl --namespace=kube-system get service kubernetes-dashboard

以我本身的服務器爲訪問對象，使用https://172.16.204.130:30310便可訪問

登錄方式分爲倆種：

1.kubeconfig

 

2.token 

在master上執行

kubectl create serviceaccount dashboard-admin -n kube-system

kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

kubectl  get secret -n kube-system #查看token

查看token的具體信息

kubectl describe secret dashboard-admin-token-9s4zl -n kube-system

 

 

登錄成功的頁面：

 ***dashboard沒法訪問排查

1.查看dashboard被k8s分配到了哪一臺機器上

[root@k8s-master log]# kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE     IP               NODE         NOMINATED NODE   READINESS GATES
kube-system   coredns-bccdc95cf-6tx8r                 1/1     Running   3          3d14h   10.244.0.7       k8s-master   <none>           <none>
kube-system   coredns-bccdc95cf-l7lv9                 1/1     Running   3          3d14h   10.244.0.6       k8s-master   <none>           <none>
kube-system   etcd-k8s-master                         1/1     Running   2          3d14h   172.16.204.130   k8s-master   <none>           <none>
kube-system   kube-apiserver-k8s-master               1/1     Running   2          3d14h   172.16.204.130   k8s-master   <none>           <none>
kube-system   kube-controller-manager-k8s-master      1/1     Running   2          3d14h   172.16.204.130   k8s-master   <none>           <none>
kube-system   kube-flannel-ds-amd64-qqglk             1/1     Running   2          11h     172.16.204.132   k8s-node2    <none>           <none>
kube-system   kube-flannel-ds-amd64-sx7r9             1/1     Running   3          3d13h   172.16.204.130   k8s-master   <none>           <none>
kube-system   kube-flannel-ds-amd64-sxt6x             1/1     Running   0          12h     172.16.204.131   k8s-node1    <none>           <none>
kube-system   kube-proxy-h8mdt                        1/1     Running   0          12h     172.16.204.131   k8s-node1    <none>           <none>
kube-system   kube-proxy-jjdjp                        1/1     Running   2          11h     172.16.204.132   k8s-node2    <none>           <none>
kube-system   kube-proxy-xb6cc                        1/1     Running   2          3d14h   172.16.204.130   k8s-master   <none>           <none>
kube-system   kube-scheduler-k8s-master               1/1     Running   2          3d14h   172.16.204.130   k8s-master   <none>           <none>
kube-system   kubernetes-dashboard-5dc4c54b55-nkrrs   1/1     Running   0          11h     10.244.1.5       k8s-node1    <none>           <none>

2.查看dashboard的集羣內部IP

[root@k8s-master log]# kubectl get services --all-namespaces
NAMESPACE     NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
default       kubernetes             ClusterIP   10.1.0.1       <none>        443/TCP                  3d14h
kube-system   kube-dns               ClusterIP   10.1.0.10      <none>        53/UDP,53/TCP,9153/TCP   3d14h
kube-system   kubernetes-dashboard   NodePort    10.1.179.144   <none>        443:30310/TCP            11h

 

 3.經過curl集羣IP來確認訪問是否正常

[root@k8s-master log]# curl -I -k https://10.1.179.144
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-store
Content-Length: 990
Content-Type: text/html; charset=utf-8
Last-Modified: Mon, 17 Dec 2018 09:04:43 GMT
Date: Tue, 23 Jul 2019 22:21:21 GMT

 4.若是訪問出現被防火牆攔截

vim /etc/systemd/system/multi-user.target.wants/docker.service

#在server字段中添加
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
#重啓docker服務
systemctl daemon-reload
systemctl  restart docker