k8s高可用集羣安裝
1、環境準備:node
10.10.0.170 k8s-master-01 10.10.0.171 k8s-master-02 10.10.0.172 k8s-master-03 10.10.0.190 k8s-node-01 10.10.0.222 vip
2、初始化:mysql
2.1 三臺master(k8s-master-0一、k8s-master-0二、k8s-master-03)上執行以下腳本:linux
#!/bin/sh #1 修改主機名, 並寫入hosts文件中 ip=$(ifconfig |grep eth0 -A 1|grep -oP '(?<=inet )[\d\.]+(?=\s)') echo ${ip} if [ ${ip}x = '10.10.0.170'x ];then echo "set hostname k8s-master-01" hostnamectl set-hostname k8s-master-01 elif [ ${ip}x = '10.10.0.171'x ];then echo "set hostname k8s-master-02" hostnamectl set-hostname k8s-master-02 elif [ ${ip}x = '10.10.0.172'x ];then echo "set hostname k8s-master-03" hostnamectl set-hostname k8s-master-03 fi echo "10.10.0.170 k8s-master-01" >> /etc/hosts echo "10.10.0.171 k8s-master-02" >> /etc/hosts echo "10.10.0.172 k8s-master-03" >> /etc/hosts echo "10.10.0.190 k8s-node-01" >> /etc/hosts #2 關閉防火牆 systemctl stop firewalld systemctl disable firewalld #3 關閉selinux setenforce 0 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config sed -i '/^SELINUX=/c SELINUX=disabled/' /etc/sysconfig/selinux #4 關閉系統的swap swapoff -a sed -i 's/\(.*swap.*swap.*\)/#\1/' /etc/fstab #5 配置sysctl cat >/etc/sysctl.d/k8s.conf <<EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness=0 EOF sysctl -p /etc/sysctl.d/k8s.conf > /dev/null #6 修改本機時區及時間同步 rm -rf /etc/localtime ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo "*/10 * * * * /usr/sbin/ntpdate -u time7.aliyun.com">> /var/spool/cron/root #7 安裝所需軟已經docker ce yum install epel-release tmux mysql lrzsz -y yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine -y yum install -y yum-utils \ device-mapper-persistent-data \ lvm2 yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo yum install -y docker-ce-18.06.1.ce -y
cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"]
}git
#8 安裝kubelet kubeadm kubectl cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF yum install kubelet kubeadm kubectl -y systemctl enable kubelet systemctl enable docker systemctl restart kubelet systemctl restart docker #9 keepalived安裝 yum install keepalived -y systemctl restart keepalived systemctl enable keepalived #10 重啓服務器 reboot
(注:上述的2~8同時也須要在node節點機上執行。)github
[root@k8s-master-01 ~]# cat /etc/keepalived/keepalived.conf :web
[root@k8s-master-01 ~]# cat /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { fzhlzfy@163.com } notification_email_from dba@dbserver.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id K8S-HA } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 nopreempt authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.10.0.222 } }
[root@k8s-master-02 k8s-install]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { fzhlzfy@163.com } notification_email_from dba@dbserver.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id K8S-HA } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 100 advert_int 1 nopreempt authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.10.0.222 } }
[root@k8s-master-03 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived global_defs { notification_email { fzhlzfy@163.com } notification_email_from dba@dbserver.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id K8S-HA } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 51 priority 90 advert_int 1 nopreempt authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.10.0.222 } }
keepalived是爲了保證整個集羣的高可用。 sql
全部docker服務器修改docker運行參數(三臺master):docker
vim /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H=0.0.0.0:2375 -H unix:///var/run/docker.sock systemctl daemon-reload && systemctl restart docker
3、etcd集羣安裝:express
一、免祕鑰登陸:apache
k8s-master-01上執行:
ssh-keygen -t rsa(一路回車) ssh-copy-id k8s-master-01 ssh-copy-id k8s-master-02 ssh-copy-id k8s-master-03
二、設置cfssl環境:
k8s-master-01上執行:
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 chmod +x cfssl_linux-amd64 mv cfssl_linux-amd64 /usr/local/bin/cfssl chmod +x cfssljson_linux-amd64 mv cfssljson_linux-amd64 /usr/local/bin/cfssljson chmod +x cfssl-certinfo_linux-amd64 mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
三、建立CA配置文件:
k8s-master-01上執行:
cat > ca-config.json <<EOF { "signing": { "default": { "expiry": "8760h" }, "profiles": { "kubernetes-Soulmate": { "usages": [ "signing", "key encipherment", "server auth", "client auth" ], "expiry": "8760h" } } } } EOF cat > ca-csr.json <<EOF { "CN": "kubernetes-Soulmate", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "shanghai", "L": "shanghai", "O": "k8s", "OU": "System" } ] } EOF cfssl gencert -initca ca-csr.json | cfssljson -bare ca cat > etcd-csr.json <<EOF { "CN": "etcd", "hosts": [ "127.0.0.1", "10.10.0.170", "10.10.0.171", "10.10.0.172" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "shanghai", "L": "shanghai", "O": "k8s", "OU": "System" } ] } EOF cfssl gencert -ca=ca.pem \ -ca-key=ca-key.pem \ -config=ca-config.json \ -profile=kubernetes-Soulmate etcd-csr.json | cfssljson -bare etcd
[root@k8s-master-01 k8s-install]# ls
ca-config.json ca.csr ca-csr.json ca-key.pem ca.pem etcd.csr etcd-csr.json etcd-key.pem etcd.pem
四、cp證書:
k8s-master-01上執行:
[root@k8s-master-01 k8s-install]# mkdir /etc/etcd/ssl/ [root@k8s-master-01 k8s-install]# cp etcd.pem etcd-key.pem ca.pem /etc/etcd/ssl/ [root@k8s-master-01 k8s-install]# ssh -n k8s-master-02 "mkdir -p /etc/etcd/ssl && exit" [root@k8s-master-01 k8s-install]# ssh -n k8s-master-03 "mkdir -p /etc/etcd/ssl && exit" [root@k8s-master-01 k8s-install]# scp -r /etc/etcd/ssl/*.pem k8s-master-02:/etc/etcd/ssl/ ca.pem 100% 1387 1.4KB/s 00:00 etcd-key.pem 100% 1675 1.6KB/s 00:00 etcd.pem 100% 1452 1.4KB/s 00:00 [root@k8s-master-01 k8s-install]# scp -r /etc/etcd/ssl/*.pem k8s-master-03:/etc/etcd/ssl/ ca.pem 100% 1387 1.4KB/s 00:00 etcd-key.pem 100% 1675 1.6KB/s 00:00 etcd.pem 100% 1452 1.4KB/s 00:00
五、etcd安裝:
三臺master都執行:
yum install etcd -y
etcd.service配置文件:
[root@k8s-master-01 ~]# cat /etc/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] Type=notify WorkingDirectory=/var/lib/etcd/ ExecStart=/usr/bin/etcd \ --name k8s-master-01 \ --cert-file=/etc/etcd/ssl/etcd.pem \ --key-file=/etc/etcd/ssl/etcd-key.pem \ --peer-cert-file=/etc/etcd/ssl/etcd.pem \ --peer-key-file=/etc/etcd/ssl/etcd-key.pem \ --trusted-ca-file=/etc/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem \ --initial-advertise-peer-urls https://10.10.0.170:2380 \ --listen-peer-urls https://10.10.0.170:2380 \ --listen-client-urls https://10.10.0.170:2379,http://127.0.0.1:2379 \ --advertise-client-urls https://10.10.0.170:2379 \ --initial-cluster-token etcd-cluster-0 \ --initial-cluster k8s-master-01=https://10.10.0.170:2380,k8s-master-02=https://10.10.0.171:2380,k8s-master-03=https://10.10.0.172:2380 \ --initial-cluster-state new \ --data-dir=/var/lib/etcd Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target
[root@k8s-master-02 ~]# cat /etc/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] Type=notify WorkingDirectory=/var/lib/etcd/ ExecStart=/usr/bin/etcd \ --name k8s-master-02 \ --cert-file=/etc/etcd/ssl/etcd.pem \ --key-file=/etc/etcd/ssl/etcd-key.pem \ --peer-cert-file=/etc/etcd/ssl/etcd.pem \ --peer-key-file=/etc/etcd/ssl/etcd-key.pem \ --trusted-ca-file=/etc/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem \ --initial-advertise-peer-urls https://10.10.0.171:2380 \ --listen-peer-urls https://10.10.0.171:2380 \ --listen-client-urls https://10.10.0.171:2379,http://127.0.0.1:2379 \ --advertise-client-urls https://10.10.0.171:2379 \ --initial-cluster-token etcd-cluster-0 \ --initial-cluster k8s-master-01=https://10.10.0.170:2380,k8s-master-02=https://10.10.0.171:2380,k8s-master-03=https://10.10.0.172:2380 \ --initial-cluster-state new \ --data-dir=/var/lib/etcd Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target
[root@k8s-master-03 ~]# cat /etc/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] Type=notify WorkingDirectory=/var/lib/etcd/ ExecStart=/usr/bin/etcd \ --name k8s-master-03 \ --cert-file=/etc/etcd/ssl/etcd.pem \ --key-file=/etc/etcd/ssl/etcd-key.pem \ --peer-cert-file=/etc/etcd/ssl/etcd.pem \ --peer-key-file=/etc/etcd/ssl/etcd-key.pem \ --trusted-ca-file=/etc/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem \ --initial-advertise-peer-urls https://10.10.0.172:2380 \ --listen-peer-urls https://10.10.0.172:2380 \ --listen-client-urls https://10.10.0.172:2379,http://127.0.0.1:2379 \ --advertise-client-urls https://10.10.0.172:2379 \ --initial-cluster-token etcd-cluster-0 \ --initial-cluster k8s-master-01=https://10.10.0.170:2380,k8s-master-02=https://10.10.0.171:2380,k8s-master-03=https://10.10.0.172:2380 \ --initial-cluster-state new \ --data-dir=/var/lib/etcd Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target
配置文件簡單介紹,詳細的解釋可本身baidu、google:
--name etcd集羣中的節點名,這裏能夠隨意,可區分且不重複就行 --listen-peer-urls 監聽的用於節點之間通訊的url,可監聽多個,集羣內部將經過這些url進行數據交互(如選舉,數據同步等) --initial-advertise-peer-urls 建議用於節點之間通訊的url,節點間將以該值進行通訊。 --listen-client-urls 監聽的用於客戶端通訊的url,一樣能夠監聽多個。 --advertise-client-urls 建議使用的客戶端通訊url,該值用於etcd代理或etcd成員與etcd節點通訊。 --initial-cluster-token etcd-cluster-1 節點的token值,設置該值後集羣將生成惟一id,併爲每一個節點也生成惟一id,當使用相同配置文件再啓動一個集羣時,只要該token值不同,etcd集羣就不會相互影響。 --initial-cluster 也就是集羣中全部的initial-advertise-peer-urls 的合集 --initial-cluster-state new 新建集羣的標誌
三臺master執行:
systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd
驗證etcd集羣健康性:
三臺都嘗試:
[root@k8s-master-01 ~]# etcdctl --endpoints=https://10.10.0.170:2379,https://10.10.0.171:2379,https://10.10.0.172:2379 --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem cluster-health member 1c25bde2973f71cf is healthy: got healthy result from https://10.10.0.172:2379 member 3222a6aebdf856ac is healthy: got healthy result from https://10.10.0.170:2379 member 5796b25a0b404b92 is healthy: got healthy result from https://10.10.0.171:2379 cluster is healthy [root@k8s-master-02 ~]# etcdctl --endpoints=https://10.10.0.170:2379,https://10.10.0.171:2379,https://10.10.0.172:2379 --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem cluster-health member 1c25bde2973f71cf is healthy: got healthy result from https://10.10.0.172:2379 member 3222a6aebdf856ac is healthy: got healthy result from https://10.10.0.170:2379 member 5796b25a0b404b92 is healthy: got healthy result from https://10.10.0.171:2379 cluster is healthy [root@k8s-master-03 ~]# etcdctl --endpoints=https://10.10.0.170:2379,https://10.10.0.171:2379,https://10.10.0.172:2379 --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem cluster-health member 1c25bde2973f71cf is healthy: got healthy result from https://10.10.0.172:2379 member 3222a6aebdf856ac is healthy: got healthy result from https://10.10.0.170:2379 member 5796b25a0b404b92 is healthy: got healthy result from https://10.10.0.171:2379 cluster is healthy
如上圖所示,則表示集羣健康。
4、kubeadm init初始化集羣:
4.1~4.6在k8s-master-01上執行:
4.1 鏡像準備:
[root@k8s-master-01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE k8s.gcr.io/kube-proxy v1.12.1 61afff57f010 3 weeks ago 96.6MB k8s.gcr.io/kube-controller-manager v1.12.1 aa2dd57c7329 3 weeks ago 164MB k8s.gcr.io/kube-scheduler v1.12.1 d773ad20fd80 3 weeks ago 58.3MB k8s.gcr.io/kube-apiserver v1.12.1 dcb029b5e3ad 3 weeks ago 194MB k8s.gcr.io/coredns 1.2.2 367cdc8433a4 2 months ago 39.2MB k8s.gcr.io/pause 3.1 da86e6ba6ca1 10 months ago 742kB
4.2 kubeadm-config.yaml文件:
[root@k8s-master-01 ~]# cat kubeadm-config.yaml apiVersion: kubeadm.k8s.io/v1alpha3 kind: ClusterConfiguration kubernetesVersion: v1.12.1 apiServerCertSANs: - 10.10.0.170 - 10.10.0.171 - 10.10.0.172 - k8s-master-01 - k8s-master-02 - k8s-master-03 - 10.10.0.222 api: controlPlaneEndpoint: 10.10.0.222:8443 etcd: external: endpoints: - https://10.10.0.170:2379 - https://10.10.0.171:2379 - https://10.10.0.172:2379 caFile: /etc/etcd/ssl/ca.pem certFile: /etc/etcd/ssl/etcd.pem keyFile: /etc/etcd/ssl/etcd-key.pem networking: # This CIDR is a Calico default. Substitute or remove for your CNI provider. podSubnet: "10.244.0.0/16"
4.3 初始化:
[root@k8s-master-01 ~]# kubeadm init --config kubeadm-config.yaml [init] using Kubernetes version: v1.12.1 [preflight] running pre-flight checks [preflight/images] Pulling images required for setting up a Kubernetes cluster [preflight/images] This might take a minute or two, depending on the speed of your internet connection [preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull' [kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [preflight] Activating the kubelet service [certificates] Generated ca certificate and key. [certificates] Generated apiserver certificate and key. [certificates] apiserver serving cert is signed for DNS names [k8s-master-01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local k8s-master-01 k8s-master-02 k8s-master-03] and IPs [10.96.0.1 10.10.0.170 10.10.0.170 10.10.0.171 10.10.0.172 10.10.0.222] [certificates] Generated apiserver-kubelet-client certificate and key. [certificates] Generated front-proxy-ca certificate and key. [certificates] Generated front-proxy-client certificate and key. [certificates] valid certificates and keys now exist in "/etc/kubernetes/pki" [certificates] Generated sa key and public key. [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf" [controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml" [controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml" [controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml" [init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests" [init] this might take a minute or longer if the control plane images have to be pulled [apiclient] All control plane components are healthy after 23.001756 seconds [uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster [markmaster] Marking the node k8s-master-01 as master by adding the label "node-role.kubernetes.io/master=''" [markmaster] Marking the node k8s-master-01 as master by adding the taints [node-role.kubernetes.io/master:NoSchedule] [patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-master-01" as an annotation [bootstraptoken] using token: 7igv4r.pfh4zf7h8eao43k7 [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join 10.10.0.170:6443 --token 7igv4r.pfh4zf7h8eao43k7 --discovery-token-ca-cert-hash sha256:8488d362ce896597e9d6f23c825b60447b6e1fdb494ce72d32843d02d2d4b200
4.4 環境配置:
[root@k8s-master-01 ~]# mkdir -p $HOME/.kube [root@k8s-master-01 ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master-01 ~]# chown $(id -u):$(id -g) $HOME/.kube/config
4.5 檢查集羣狀態:
[root@k8s-master-01 ~]# kubectl get cs NAME STATUS MESSAGE ERROR controller-manager Healthy ok scheduler Healthy ok etcd-0 Healthy {"health": "true"} etcd-1 Healthy {"health": "true"} etcd-2 Healthy {"health": "true"}
4.6 k8s證書cp:
[root@k8s-master-01 ~]# scp -r /etc/kubernetes/pki/ 10.10.0.171:/etc/kubernetes/ ca.key 100% 1679 1.6KB/s 00:00 ca.crt 100% 1025 1.0KB/s 00:00 apiserver.key 100% 1675 1.6KB/s 00:00 apiserver.crt 100% 1326 1.3KB/s 00:00 apiserver-kubelet-client.key 100% 1675 1.6KB/s 00:00 apiserver-kubelet-client.crt 100% 1099 1.1KB/s 00:00 front-proxy-ca.key 100% 1675 1.6KB/s 00:00 front-proxy-ca.crt 100% 1038 1.0KB/s 00:00 front-proxy-client.key 100% 1675 1.6KB/s 00:00 front-proxy-client.crt 100% 1058 1.0KB/s 00:00 sa.key 100% 1679 1.6KB/s 00:00 sa.pub 100% 451 0.4KB/s 00:00[root@k8s-master-01 ~]# scp -r /etc/kubernetes/pki/ 10.10.0.172:/etc/kubernetes/ ca.key 100% 1679 1.6KB/s 00:00 ca.crt 100% 1025 1.0KB/s 00:00 apiserver.key 100% 1675 1.6KB/s 00:00 apiserver.crt 100% 1326 1.3KB/s 00:00 apiserver-kubelet-client.key 100% 1675 1.6KB/s 00:00 apiserver-kubelet-client.crt 100% 1099 1.1KB/s 00:00 front-proxy-ca.key 100% 1675 1.6KB/s 00:00 front-proxy-ca.crt 100% 1038 1.0KB/s 00:00 front-proxy-client.key 100% 1675 1.6KB/s 00:00 front-proxy-client.crt 100% 1058 1.0KB/s 00:00 sa.key 100% 1679 1.6KB/s 00:00 sa.pub 100% 451 0.4KB/s 00:00
k8s-master-02(上訴4.1~4.5):
[root@k8s-master-02 ~]# kubeadm init --config kubeadm-config.yaml [init] using Kubernetes version: v1.12.1 [preflight] running pre-flight checks [preflight/images] Pulling images required for setting up a Kubernetes cluster [preflight/images] This might take a minute or two, depending on the speed of your internet connection [preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull' [kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [preflight] Activating the kubelet service [certificates] Using the existing apiserver certificate and key. [certificates] Using the existing apiserver-kubelet-client certificate and key. [certificates] Using the existing front-proxy-client certificate and key. [certificates] valid certificates and keys now exist in "/etc/kubernetes/pki" [certificates] Using the existing sa key. [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf" [controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml" [controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml" [controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml" [init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests" [init] this might take a minute or longer if the control plane images have to be pulled [apiclient] All control plane components are healthy after 20.002010 seconds [uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster [markmaster] Marking the node k8s-master-02 as master by adding the label "node-role.kubernetes.io/master=''" [markmaster] Marking the node k8s-master-02 as master by adding the taints [node-role.kubernetes.io/master:NoSchedule] [patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-master-02" as an annotation [bootstraptoken] using token: z4q8gj.pyxlik9groyp6t3e [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join 10.10.0.171:6443 --token z4q8gj.pyxlik9groyp6t3e --discovery-token-ca-cert-hash sha256:5149f28976005454d8b0da333648e66880aa9419bc0e639781ceab65c77034be
5、pod網絡配置:
鏡像以下:
k8s.gcr.io/coredns:1.2.2 quay.io/coreos/flannel:v0.10.0-amd64
5.1 配置前:
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:a1:0f:80:1e txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.0.170 netmask 255.255.255.0 broadcast 10.10.0.255 inet6 fe80::20c:29ff:fe22:d2ff prefixlen 64 scopeid 0x20<link> ether 00:0c:29:22:d2:ff txqueuelen 1000 (Ethernet) RX packets 1444658 bytes 365717587 (348.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1339639 bytes 185797411 (177.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 480338 bytes 116529453 (111.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 480338 bytes 116529453 (111.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@k8s-master-01 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:0c:29:22:d2:ff brd ff:ff:ff:ff:ff:ff inet 10.10.0.170/24 brd 10.10.0.255 scope global eth0 valid_lft forever preferred_lft forever inet 10.10.0.222/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe22:d2ff/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:a1:0f:80:1e brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever
5.2 安裝flannel network:
[root@k8s-master-01 ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@k8s-master-01 ~]# kubectl apply -f kube-flannel.yml clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel created serviceaccount/flannel created configmap/kube-flannel-cfg created daemonset.extensions/kube-flannel-ds-amd64 created daemonset.extensions/kube-flannel-ds-arm64 created daemonset.extensions/kube-flannel-ds-arm created daemonset.extensions/kube-flannel-ds-ppc64le created daemonset.extensions/kube-flannel-ds-s390x created
查看一下集羣中的daemonset:
[root@k8s-master-01 ~]# kubectl get ds -l app=flannel -n kube-system NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE kube-flannel-ds-amd64 2 2 2 2 2 beta.kubernetes.io/arch=amd64 22m kube-flannel-ds-arm 0 0 0 0 0 beta.kubernetes.io/arch=arm 22m kube-flannel-ds-arm64 0 0 0 0 0 beta.kubernetes.io/arch=arm64 22m kube-flannel-ds-ppc64le 0 0 0 0 0 beta.kubernetes.io/arch=ppc64le 22m kube-flannel-ds-s390x 0 0 0 0 0 beta.kubernetes.io/arch=s390x 22m
查看pods:
[root@k8s-master-01 ~]# kubectl get pod --all-namespaces -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE kube-system coredns-576cbf47c7-nmphm 1/1 Running 0 23m 10.244.0.3 k8s-master-01 <none> kube-system coredns-576cbf47c7-w5mhv 1/1 Running 0 23m 10.244.0.2 k8s-master-01 <none> kube-system kube-apiserver-k8s-master-01 1/1 Running 0 178m 10.10.0.170 k8s-master-01 <none> kube-system kube-apiserver-k8s-master-02 1/1 Running 0 11m 10.10.0.171 k8s-master-02 <none> kube-system kube-controller-manager-k8s-master-01 1/1 Running 0 177m 10.10.0.170 k8s-master-01 <none> kube-system kube-controller-manager-k8s-master-02 1/1 Running 0 11m 10.10.0.171 k8s-master-02 <none> kube-system kube-flannel-ds-amd64-cl4kb 1/1 Running 1 24m 10.10.0.170 k8s-master-01 <none> kube-system kube-flannel-ds-amd64-rghg4 1/1 Running 0 24m 10.10.0.171 k8s-master-02 <none> kube-system kube-proxy-2vsqh 1/1 Running 0 150m 10.10.0.171 k8s-master-02 <none> kube-system kube-proxy-wvtrz 1/1 Running 0 178m 10.10.0.170 k8s-master-01 <none> kube-system kube-scheduler-k8s-master-01 1/1 Running 0 178m 10.10.0.170 k8s-master-01 <none> kube-system kube-scheduler-k8s-master-02 1/1 Running 0 11m 10.10.0.171 k8s-master-02 <none>
查看此時的網絡:
[root@k8s-master-01 ~]# ifconfig cni0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 10.244.0.1 netmask 255.255.255.0 broadcast 0.0.0.0 inet6 fe80::74ef:2ff:fec2:6c85 prefixlen 64 scopeid 0x20<link> ether 0a:58:0a:f4:00:01 txqueuelen 0 (Ethernet) RX packets 5135 bytes 330511 (322.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5136 bytes 1929848 (1.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:a1:0f:80:1e txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.0.170 netmask 255.255.255.0 broadcast 10.10.0.255 inet6 fe80::20c:29ff:fe22:d2ff prefixlen 64 scopeid 0x20<link> ether 00:0c:29:22:d2:ff txqueuelen 1000 (Ethernet) RX packets 1727975 bytes 420636786 (401.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1613768 bytes 225024592 (214.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 flannel.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 10.244.0.0 netmask 255.255.255.255 broadcast 0.0.0.0 inet6 fe80::98c0:baff:fed3:8de5 prefixlen 64 scopeid 0x20<link> ether 9a:c0:ba:d3:8d:e5 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 10 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 590730 bytes 145157886 (138.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 590730 bytes 145157886 (138.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth5504c620: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet6 fe80::f499:6ff:fece:d24a prefixlen 64 scopeid 0x20<link> ether f6:99:06:ce:d2:4a txqueuelen 0 (Ethernet) RX packets 2564 bytes 200932 (196.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2579 bytes 965054 (942.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 vetha0ab0abe: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet6 fe80::74ef:2ff:fec2:6c85 prefixlen 64 scopeid 0x20<link> ether 76:ef:02:c2:6c:85 txqueuelen 0 (Ethernet) RX packets 2571 bytes 201469 (196.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2584 bytes 966816 (944.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@k8s-master-01 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:0c:29:22:d2:ff brd ff:ff:ff:ff:ff:ff inet 10.10.0.170/24 brd 10.10.0.255 scope global eth0 valid_lft forever preferred_lft forever inet 10.10.0.222/32 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe22:d2ff/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:a1:0f:80:1e brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN link/ether 9a:c0:ba:d3:8d:e5 brd ff:ff:ff:ff:ff:ff inet 10.244.0.0/32 scope global flannel.1 valid_lft forever preferred_lft forever inet6 fe80::98c0:baff:fed3:8de5/64 scope link valid_lft forever preferred_lft forever 5: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP link/ether 0a:58:0a:f4:00:01 brd ff:ff:ff:ff:ff:ff inet 10.244.0.1/24 scope global cni0 valid_lft forever preferred_lft forever inet6 fe80::74ef:2ff:fec2:6c85/64 scope link valid_lft forever preferred_lft forever 6: vetha0ab0abe@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP link/ether 76:ef:02:c2:6c:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::74ef:2ff:fec2:6c85/64 scope link valid_lft forever preferred_lft forever 7: veth5504c620@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP link/ether f6:99:06:ce:d2:4a brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::f499:6ff:fece:d24a/64 scope link valid_lft forever preferred_lft forever
6、把k8s-master-03加入集羣(徹底能夠放在五中和k8s-master-02一塊兒進行):
k8s-master-03上執行4.1~4.5:
[root@k8s-master-03 ~]# kubeadm init --config kubeadm-config.yaml [init] using Kubernetes version: v1.12.1 [preflight] running pre-flight checks [preflight/images] Pulling images required for setting up a Kubernetes cluster [preflight/images] This might take a minute or two, depending on the speed of your internet connection [preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull' [kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [preflight] Activating the kubelet service [certificates] Using the existing apiserver certificate and key. [certificates] Using the existing apiserver-kubelet-client certificate and key. [certificates] Using the existing front-proxy-client certificate and key. [certificates] valid certificates and keys now exist in "/etc/kubernetes/pki" [certificates] Using the existing sa key. [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf" [controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml" [controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml" [controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml" [init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests" [init] this might take a minute or longer if the control plane images have to be pulled [apiclient] All control plane components are healthy after 20.503277 seconds [uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster [markmaster] Marking the node k8s-master-03 as master by adding the label "node-role.kubernetes.io/master=''" [markmaster] Marking the node k8s-master-03 as master by adding the taints [node-role.kubernetes.io/master:NoSchedule] [patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-master-03" as an annotation [bootstraptoken] using token: ks930p.auijb1h0or3o87f9 [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join 10.10.0.172:6443 --token ks930p.auijb1h0or3o87f9 --discovery-token-ca-cert-hash sha256:8488d362ce896597e9d6f23c825b60447b6e1fdb494ce72d32843d02d2d4b200
[root@k8s-master-03 ~]# mkdir -p $HOME/.kube [root@k8s-master-03 ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master-03 ~]# chown $(id -u):$(id -g) $HOME/.kube/config
注:上上圖紅色部分的來源:
[root@k8s-master-03 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' 8488d362ce896597e9d6f23c825b60447b6e1fdb494ce72d32843d02d2d4b200
(所以,即使token過時了,可是從新生成token後,token發生了變化,但ca證書sha256編碼hash值倒是不變的。)
6、檢查全部pod(可在三臺master上面分別執行):
[root@k8s-master-03 ~]# kubectl get po --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-576cbf47c7-nmphm 1/1 Running 0 22h kube-system coredns-576cbf47c7-w5mhv 1/1 Running 0 22h kube-system kube-apiserver-k8s-master-01 1/1 Running 0 25h kube-system kube-apiserver-k8s-master-02 1/1 Running 0 22h kube-system kube-apiserver-k8s-master-03 1/1 Running 0 11h kube-system kube-controller-manager-k8s-master-01 1/1 Running 0 25h kube-system kube-controller-manager-k8s-master-02 1/1 Running 0 22h kube-system kube-controller-manager-k8s-master-03 1/1 Running 0 11h kube-system kube-flannel-ds-amd64-cl4kb 1/1 Running 1 22h kube-system kube-flannel-ds-amd64-prvvj 1/1 Running 0 11h kube-system kube-flannel-ds-amd64-rghg4 1/1 Running 0 22h kube-system kube-proxy-2vsqh 1/1 Running 0 24h kube-system kube-proxy-mvf9h 1/1 Running 0 11h kube-system kube-proxy-wvtrz 1/1 Running 0 25h kube-system kube-scheduler-k8s-master-01 1/1 Running 0 25h kube-system kube-scheduler-k8s-master-02 1/1 Running 0 22h kube-system kube-scheduler-k8s-master-03 1/1 Running 0 11h
7、dashboard安裝(我這裏選擇在k8s-master-03上安裝dashboard):
7.1鏡像準備:
k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
7.2獲取yaml文件:
[root@k8s-master-03 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
對上述下載的文件kubernetes-dashboard.yaml作適當處理:
[root@k8s-master-03 ~]# cat kubernetes-dashboard.yaml # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ------------------- Dashboard Secret ------------------- # apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- # ------------------- Dashboard Service Account ------------------- # apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Role & Role Binding ------------------- # kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1beta2 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- # ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30001 selector: k8s-app: kubernetes-dashboard
(注:紅色部分爲添加部分:便於遠程訪問。)
7.3 create:
[root@k8s-master-03 ~]# kubectl apply -f kubernetes-dashboard.yaml secret/kubernetes-dashboard-certs created serviceaccount/kubernetes-dashboard created role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created deployment.apps/kubernetes-dashboard created service/kubernetes-dashboard created
[root@k8s-master-03 ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-576cbf47c7-nmphm 1/1 Running 0 23h kube-system coredns-576cbf47c7-w5mhv 1/1 Running 0 23h kube-system kube-apiserver-k8s-master-01 1/1 Running 0 25h kube-system kube-apiserver-k8s-master-02 1/1 Running 0 22h kube-system kube-apiserver-k8s-master-03 1/1 Running 0 12h kube-system kube-controller-manager-k8s-master-01 1/1 Running 0 25h kube-system kube-controller-manager-k8s-master-02 1/1 Running 0 22h kube-system kube-controller-manager-k8s-master-03 1/1 Running 0 12h kube-system kube-flannel-ds-amd64-cl4kb 1/1 Running 1 23h kube-system kube-flannel-ds-amd64-prvvj 1/1 Running 0 12h kube-system kube-flannel-ds-amd64-rghg4 1/1 Running 0 23h kube-system kube-proxy-2vsqh 1/1 Running 0 25h kube-system kube-proxy-mvf9h 1/1 Running 0 12h kube-system kube-proxy-wvtrz 1/1 Running 0 25h kube-system kube-scheduler-k8s-master-01 1/1 Running 0 25h kube-system kube-scheduler-k8s-master-02 1/1 Running 0 22h kube-system kube-scheduler-k8s-master-03 1/1 Running 0 12h kube-system kubernetes-dashboard-77fd78f978-7rczc 1/1 Running 0 8m36s
(三臺服務器都能看到該pod。)
7.4 建立登陸令牌(k8s-master-03上執行):
[root@k8s-master-03 ~]# cat admin-user.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: admin namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin namespace: kube-system
[root@k8s-master-03 ~]# kubectl create -f admin-user.yaml serviceaccount/admin created clusterrolebinding.rbac.authorization.k8s.io/admin created
[root@k8s-master-03 ~]# kubectl describe serviceaccount admin -n kube-system Name: admin Namespace: kube-system Labels: k8s-app=kubernetes-dashboard Annotations: <none> Image pull secrets: <none> Mountable secrets: admin-token-96xbr Tokens: admin-token-96xbr Events: <none>
[root@k8s-master-03 ~]# kubectl describe secret admin-token-96xbr -n kube-system Name: admin-token-96xbr Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: admin kubernetes.io/service-account.uid: 546a18f5-dddd-11e8-8392-000c29666ccc Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi05NnhiciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjU0NmExOGY1LWRkZGQtMTFlOC04MzkyLTAwMGMyOTY2NmNjYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.GInI4jFvfYMKGLoJ-5PhVm9d8MiJeXg97oJmgX3hMreAUAUdRGZz2VLSc0ig3msw_VBg8JYb2pPQjWpYCR2bwNXMrN-FDPq3Ym6wZMittLTmZCHcKwHKRWNnomKbQsJf6wE8dN6Dws-eSYA66NqI8PXiCKao3XnQVbKz9eFMcl7W4u0u4T_0T1I0xqEhlsPReGyTQ1RyHfdTphT32Wo7BELsAEN69xscHFaL7JQlgry_boHO3RnIr8S-7bSnJBCKOVJZ9NMu_2TyH_81lYQZASkQCh1H7BwJFXIETvG6zcxrTb8FSUtgtEc3OjIWPYFnlrdaPhSbvU54yHfTCWrUUw
訪問https://10.10.0.222:30001輸入上面獲得的token,既能夠獲得下圖:
8、dashboard插件heapster的安裝:
8.1 鏡像(最好是三個master都要有):
[root@k8s-master-01 ~]# docker images|grep heapster k8s.gcr.io/heapster-amd64 v1.5.4 72d68eecf40c 3 months ago 75.3MB k8s.gcr.io/heapster-influxdb-amd64 v1.3.3 577260d221db 14 months ago 12.5MB k8s.gcr.io/heapster-grafana-amd64 v4.4.3 8cb3de219af7 14 months ago 152MB
8.2 獲取yaml文件:
https://raw.githubusercontent.com/Lentil1016/kubeadm-ha/1.12.1/plugin/heapster.yaml
我對此文件作了修改,以下:
[root@k8s-master-03 ~]# cat heapster.yaml apiVersion: v1 kind: Service metadata: name: monitoring-grafana namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "Grafana" spec: # On production clusters, consider setting up auth for grafana, and # exposing Grafana either using a LoadBalancer or a public IP. # type: LoadBalancer type: NodePort ports: - port: 80 protocol: TCP targetPort: ui nodePort: 30005 selector: k8s-app: influxGrafana --- apiVersion: v1 kind: ServiceAccount metadata: name: heapster namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: v1 kind: ConfigMap metadata: name: heapster-config namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: EnsureExists data: NannyConfiguration: |- apiVersion: nannyconfig/v1alpha1 kind: NannyConfiguration --- apiVersion: v1 kind: ConfigMap metadata: name: eventer-config namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: EnsureExists data: NannyConfiguration: |- apiVersion: nannyconfig/v1alpha1 kind: NannyConfiguration --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: heapster-v1.5.4 namespace: kube-system labels: k8s-app: heapster kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile version: v1.5.4 spec: replicas: 1 selector: matchLabels: k8s-app: heapster version: v1.5.4 template: metadata: labels: k8s-app: heapster version: v1.5.4 annotations: scheduler.alpha.kubernetes.io/critical-pod: '' seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: priorityClassName: system-cluster-critical containers: - image: k8s.gcr.io/heapster-amd64:v1.5.4 name: heapster livenessProbe: httpGet: path: /healthz port: 8082 scheme: HTTP initialDelaySeconds: 180 timeoutSeconds: 5 command: - /heapster - --source=kubernetes.summary_api:'' - --sink=influxdb:http://monitoring-influxdb:8086 - image: k8s.gcr.io/heapster-amd64:v1.5.4 name: eventer command: - /eventer - --source=kubernetes:'' - --sink=influxdb:http://monitoring-influxdb:8086 volumes: - name: heapster-config-volume configMap: name: heapster-config - name: eventer-config-volume configMap: name: eventer-config serviceAccountName: kubernetes-admin tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" --- kind: Service apiVersion: v1 metadata: name: heapster namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "Heapster" spec: type: NodePort ports: - port: 80 targetPort: 8082 nodePort: 30006 selector: k8s-app: heapster --- kind: Deployment apiVersion: extensions/v1beta1 metadata: name: monitoring-influxdb-grafana-v4 namespace: kube-system labels: k8s-app: influxGrafana version: v4 kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile spec: replicas: 1 selector: matchLabels: k8s-app: influxGrafana version: v4 template: metadata: labels: k8s-app: influxGrafana version: v4 annotations: scheduler.alpha.kubernetes.io/critical-pod: '' seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: priorityClassName: system-cluster-critical tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" containers: - name: influxdb image: k8s.gcr.io/heapster-influxdb-amd64:v1.3.3 resources: limits: cpu: 100m memory: 500Mi requests: cpu: 100m memory: 500Mi ports: - name: http containerPort: 8083 - name: api containerPort: 8086 volumeMounts: - name: influxdb-persistent-storage mountPath: /data - name: grafana image: k8s.gcr.io/heapster-grafana-amd64:v4.4.3 env: resources: # keep request = limit to keep this container in guaranteed class limits: cpu: 100m memory: 100Mi requests: cpu: 100m memory: 100Mi env: # This variable is required to setup templates in Grafana. - name: INFLUXDB_SERVICE_URL value: http://monitoring-influxdb:8086 # The following env variables are required to make Grafana accessible via # the kubernetes api-server proxy. On production clusters, we recommend # removing these env variables, setup auth for grafana, and expose the grafana # service using a LoadBalancer or a public IP. - name: GF_AUTH_BASIC_ENABLED value: "false" - name: GF_AUTH_ANONYMOUS_ENABLED value: "true" - name: GF_AUTH_ANONYMOUS_ORG_ROLE value: Admin - name: GF_SERVER_ROOT_URL value: /api/v1/namespaces/kube-system/services/monitoring-grafana/proxy/ ports: - name: ui containerPort: 3000 volumeMounts: - name: grafana-persistent-storage mountPath: /var volumes: - name: influxdb-persistent-storage emptyDir: {} - name: grafana-persistent-storage emptyDir: {} --- apiVersion: v1 kind: Service metadata: name: monitoring-influxdb namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "InfluxDB" spec: type: NodePort ports: - name: http port: 8083 targetPort: 8083 - name: api port: 8086 targetPort: 8086 nodePort: 30007 selector: k8s-app: influxGrafana
( 加了NodePort端口。)
[root@k8s-master-03 ~]# kubectl apply -f heapster.yaml service/monitoring-grafana created serviceaccount/heapster created configmap/heapster-config created configmap/eventer-config created deployment.extensions/heapster-v1.5.4 created service/heapster created deployment.extensions/monitoring-influxdb-grafana-v4 created service/monitoring-influxdb created
8.3 查看:
[root@k8s-master-03 ~]# kubectl get pods,svc --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/coredns-576cbf47c7-nmphm 1/1 Running 0 24h kube-system pod/coredns-576cbf47c7-w5mhv 1/1 Running 0 24h kube-system pod/kube-apiserver-k8s-master-01 1/1 Running 0 27h kube-system pod/kube-apiserver-k8s-master-02 1/1 Running 0 24h kube-system pod/kube-apiserver-k8s-master-03 1/1 Running 0 13h kube-system pod/kube-controller-manager-k8s-master-01 1/1 Running 0 27h kube-system pod/kube-controller-manager-k8s-master-02 1/1 Running 0 24h kube-system pod/kube-controller-manager-k8s-master-03 1/1 Running 0 13h kube-system pod/kube-flannel-ds-amd64-cl4kb 1/1 Running 1 24h kube-system pod/kube-flannel-ds-amd64-prvvj 1/1 Running 0 13h kube-system pod/kube-flannel-ds-amd64-rghg4 1/1 Running 0 24h kube-system pod/kube-proxy-2vsqh 1/1 Running 0 26h kube-system pod/kube-proxy-mvf9h 1/1 Running 0 13h kube-system pod/kube-proxy-wvtrz 1/1 Running 0 27h kube-system pod/kube-scheduler-k8s-master-01 1/1 Running 0 27h kube-system pod/kube-scheduler-k8s-master-02 1/1 Running 0 24h kube-system pod/kube-scheduler-k8s-master-03 1/1 Running 0 13h kube-system pod/kubernetes-dashboard-77fd78f978-7rczc 1/1 Running 0 108m kube-system pod/monitoring-influxdb-grafana-v4-65cc9bb8c8-qmhb4 2/2 Running 0 9m56s NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 27h kube-system service/heapster NodePort 10.101.21.123 <none> 80:30006/TCP 9m56s kube-system service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 27h kube-system service/kubernetes-dashboard NodePort 10.108.219.183 <none> 443:30001/TCP 108m kube-system service/monitoring-grafana NodePort 10.111.38.86 <none> 80:30005/TCP 9m56s kube-system service/monitoring-influxdb NodePort 10.107.91.86 <none> 8083:30880/TCP,8086:30007/TCP 9m56s
9、k8s集羣增長節點:
9.1 節點三組件:
kubelet、kube-proxy、docker、kubeadm
9.2 鏡像:
k8s.gcr.io/kube-proxy:v1.12.1
k8s.gcr.io/pause:3.1
(kubelet、kubeadm、docker按照上面的方式安裝便可,此處省。)
9.3 查看token列表(任何一個master節點都可):
[root@k8s-master-03 ~]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS 7igv4r.pfh4zf7h8eao43k7 <invalid> 2018-11-01T20:12:13+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token ks930p.auijb1h0or3o87f9 <invalid> 2018-11-02T09:41:31+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token q7tox4.5j53kpgdob45f49i <invalid> 2018-11-01T22:58:18+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token z4q8gj.pyxlik9groyp6t3e <invalid> 2018-11-01T20:40:28+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
彷佛token都失效了,須要從新生成。
[root@k8s-master-03 ~]# kubeadm token create I1102 18:24:59.302880 28667 version.go:93] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://storage.googleapis.com/kubernetes-release/release/stable-1.txt: x509: certificate is valid for www.webhostingtest1.com, webhostingtest1.com, not storage.googleapis.com I1102 18:24:59.302947 28667 version.go:94] falling back to the local client version: v1.12.2 txqfdo.1steqzihimchr82l [root@k8s-master-03 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' 8488d362ce896597e9d6f23c825b60447b6e1fdb494ce72d32843d02d2d4b200 [root@k8s-master-03 ~]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS 7igv4r.pfh4zf7h8eao43k7 <invalid> 2018-11-01T20:12:13+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token ks930p.auijb1h0or3o87f9 <invalid> 2018-11-02T09:41:31+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token q7tox4.5j53kpgdob45f49i <invalid> 2018-11-01T22:58:18+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token txqfdo.1steqzihimchr82l 23h 2018-11-03T18:24:59+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token z4q8gj.pyxlik9groyp6t3e <invalid> 2018-11-01T20:40:28+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
[root@k8s-node-01 ~]# kubeadm join 10.10.0.172:6443 --token txqfdo.1steqzihimchr82l --discovery-token-ca-cert-hash sha256:8488d362ce896597e9d6f23c825b60447b6e1fdb494ce72d32843d02d2d4b200 [preflight] running pre-flight checks [discovery] Trying to connect to API Server "10.10.0.172:6443" [discovery] Created cluster-info discovery client, requesting info from "https://10.10.0.172:6443" [discovery] Requesting info from "https://10.10.0.172:6443" again to validate TLS against the pinned public key [discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.10.0.172:6443" [discovery] Successfully established connection with API Server "10.10.0.172:6443" [kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace [kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [preflight] Activating the kubelet service [tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap... [patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-node-01" as an annotation This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the master to see this node join the cluster.
可使用--print-join-command來直接生成命令:
[root@offline-k8s-master ~]# kubeadm token create --print-join-command kubeadm join 10.0.0.200:6443 --token jjbxr5.ee6c4kh6vof9zu1m --discovery-token-ca-cert-hash sha256:139438d7734c9edd08e1beb99dccabcd5c613b14f3a0f7abd07b097a746101ff
過幾分鐘在master上查看node:
[root@k8s-master-01 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master-01 Ready master 46h v1.12.2 k8s-master-02 Ready master 45h v1.12.2 k8s-master-03 Ready master 32h v1.12.2 k8s-node-01 Ready <none> 79s v1.12.2
10、k8s命令支持tab快捷用法:
yum install -y bash-completion > /dev/null source /usr/share/bash-completion/bash_completion source <(kubectl completion bash) echo "source <(kubectl completion bash)" >> /etc/profile
十一 、上面用到的k8s網絡是flanne,若是選擇calico網絡,master上面須要的鏡像以下:
[root@k8s-master-1 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE calico/node v3.6.1 b4d7c4247c3a 31 hours ago 73.1MB calico/cni v3.6.1 c7d27197e298 31 hours ago 84.3MB calico/kube-controllers v3.6.1 0bd1f99c7034 31 hours ago 50.9MB k8s.gcr.io/kube-proxy v1.14.0 5cd54e388aba 3 days ago 82.1MB k8s.gcr.io/kube-controller-manager v1.14.0 b95b1efa0436 3 days ago 158MB k8s.gcr.io/kube-apiserver v1.14.0 ecf910f40d6e 3 days ago 210MB k8s.gcr.io/kube-scheduler v1.14.0 00638a24688b 3 days ago 81.6MB k8s.gcr.io/coredns 1.3.1 eb516548c180 2 months ago 40.3MB k8s.gcr.io/etcd 3.3.10 2c4adeb21b4f 3 months ago 258MB k8s.gcr.io/pause 3.1 da86e6ba6ca1 15 months ago 742kB [root@k8s-master-1 ~]#
kubeadm init --kubernetes-version=1.14.0 --pod-network-cidr=20.10.0.0/16 --apiserver-advertise-address=10.20.26.21 --node-name=k8s-master-1
kubectl apply -f https://docs.projectcalico.org/v3.6/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
[root@k8s-master-1 ~]# kubectl get po -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-5cbcccc885-bwcwp 1/1 Running 0 72m calico-node-64rjg 1/1 Running 0 32s calico-node-blp9h 1/1 Running 0 72m calico-node-xd4bq 1/1 Running 0 27m coredns-fb8b8dccf-r8b8f 1/1 Running 0 88m coredns-fb8b8dccf-v8jvx 1/1 Running 0 88m etcd-k8s-master-1 1/1 Running 0 87m kube-apiserver-k8s-master-1 1/1 Running 0 87m kube-controller-manager-k8s-master-1 1/1 Running 0 87m kube-proxy-9q7mz 1/1 Running 0 27m kube-proxy-qnfvz 1/1 Running 0 88m kube-proxy-xbstx 1/1 Running 0 31s kube-scheduler-k8s-master-1 1/1 Running 0 87m [root@k8s-master-1 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master-1 Ready master 88m v1.14.0 k8s-node-1 Ready <none> 27m v1.14.0 k8s-node-2 Ready <none> 34s v1.14.0
附件:
calico網絡見下連接:
https://docs.projectcalico.org/v3.6/getting-started/kubernetes/
相關文章
- 1. Kubeadm高可用安裝k8s 1.20.2集羣
- 2. 局域網使用kubeadm安裝高可用k8s集羣
- 3. 視頻教程-kubernetes1.16.3、1.17.4高可用集羣安裝-Docker/K8S
- 4. kubernetes(k8s):部署高可用集羣
- 5. K8S高可用集羣架構實現
- 6. kubeadm部署高可用K8S集羣(v1.14.0)
- 7. K8S集羣Master高可用實踐
- 8. 從零搭建【高可用K8S集羣】
- 9. 搭建高可用k8s集羣
- 10. kubeasz搭建K8S高可用集羣
- 更多相關文章...
- • Swarm 集羣管理 - Docker教程
- • Docker 安裝 Nginx - Docker教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
