Kubernetes 系列(一):本地k8s集羣搭建
咱們須要作如下工做:html
(1)安裝VMware,運行CentOs系統,一個作master,一個作node。node
(2)安裝K8s。linux
(3)安裝docker和部分鏡像會須要訪問外網,因此你須要作些網絡方面的準備工做,你們能夠去某寶找一下,或者在網絡上找別人下好的也能夠。git
1、安裝VMwaregithub
官網地址:https://my.vmware.com/zh/web/vmware/downloads (網上有不少自帶破解的下載,你們也能夠找一下)web
我這裏下載的是VM15(安裝和新建虛擬機的步驟就跳過了,我也是百度的)docker
虛擬機配置:2核2Gshell
CentOs下載地址:https://www.centos.org/download/ express
1.若是是win10系統,須要關閉Hyper-V。apache
2.爲了方便操做,我這裏是經過cmd來操做vw的Linux命令,用到了如下兩個工具:
安裝 chocolate ( https://chocolatey.org/):
管理員方式啓動CMD,運行如下命令安裝chocolate :
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"
安裝完chocolate 後還須要安裝 ssh terminals (https://chocolatey.org/packages/terminals),直接CMD運行如下命令就能夠:
choco install terminals
順便說下如何修改Linux主機名稱:
hostnamectl set-hostname 新主機名
二.配置Linux
(1)開啓網卡(設置完須要重啓):
vi /etc/sysconfig/network-script/ifcfg-eth33
ONBOOT=yes
(2)安裝net-tool包:
yum install net-tools
(3)使用cmd經過ssh鏈接Linux:
首先經過ifconfig查看當前Linux的ip,而後在cmd中運行如下命令(管理員模式):
ssh root@IP
(4)關閉全部節點的SELinux
/etc/selinux/config
SELINUX=disabled
(5)關閉防火牆
systemctl stop firewalld
systemctl disable firewalld
(6)關閉swap
vi /etc/fstab
在行首加 #,註釋該行
(7)完成第6步後重啓,而後設置iptables
vi /etc/sysctl.conf net.bridge.bridge-nf-call-iptables = 1 sudo sysctl -p
三.安裝Docker
(1)下載安裝
sudo yum install -y yum-utils \ device-mapper-persistent-data \ lvm2
sudo yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io
systemctl enable docker
systemctl start docker
最後一步下載docker-ce由於是外網,因此會有網絡問題,你們八仙過海各顯神通哈,從阿里雲下載也能夠的,總之版本越新越好,我這裏是18.09,完成後經過如下命令查看下:
docker -v
(2)配置docker加速器
加速器怎麼配置就不說了,這裏是個人阿里雲加速地址,你們能夠自行替換,而後咱們還須要指定下k8s的下載地址:
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://bbw0jgk7.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
cat>>/etc/yum.repos.d/kubrenetes.repo<<EOF [kubernetes] name=Kubernetes Repo baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg EOF
(3)安裝:
yum install -y kubeadm kubelet kubectl
(4)設置開機啓動
systemctl start docker.service
systemctl enable docker.service
systemctl enable kubelet.service
(5)初始化k8s
kubeadm init \ --image-repository registry.aliyuncs.com/google_containers \ --pod-network-cidr=10.244.0.0/16 \ --ignore-preflight-errors=cri \ --kubernetes-version=1.13.0
(6)配置下變量
$ mkdir -p $HOME/.kube $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config $ sudo chown $(id -u):$(id -g) $HOME/.kube/config
(7)重啓
docker restart $(docker ps -a -q)
到這一步咱們已經能夠用如下命令查看集羣信息:
kubectl get node
這個時候只有一個master節點,並且Status是NotReady狀態,這是由於沒有安裝網絡組件的緣由,咱們須要安裝下
(8)始化網絡插件 Flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
一樣這一步也須要訪問外網下載鏡像,配置了阿里雲加速也沒用的,網上還有有種在yml文件裏配置的方式能夠經過阿里雲下載,我也不是很清楚,你們能夠搜下。
這一步執行完成後,master的Status狀態就會變爲Ready,master配置就完成了。
(9)配置Node
Node的配置和master同樣,須要下載docker、kubectl等,可是隻須要執行到上面的第(4)步就OK了。
(10)經過如下命令將node加入集羣
kubeadm join 192.168.3.131:6443 --token s87gto.ruxhofion1qemfte --discovery-token-ca-cert-hash sha256:ef0333ddcc5ade8541544de89333ab81b20ae96b0345f9a55185eb95e3837905
這個命令第(5)步初始化k8s完成後會本身輸出出來,須要注意的是裏面的token字段,若是你們忘了token是啥,在master上執行如下命令查看:
kubeadm token list
或者咱們也能夠在master節點新建token:
kubeadm create token
可是須要注意的是默認狀況下,經過 kubeadm create token 建立的 token ,過時時間是24小時,這就是爲何過了一天沒法再次使用以前記錄的 kube join 原生腳本的緣由,也能夠運行 kubeadm token create --ttl 0生成一個永不過時的 token,詳情請參考:kubeadm-token。
而後經過kubectl get node命令就能夠看到Node的節點信息了。
若是成功將node加入了集羣,可是在master上看不到,參考下:https://www.cnblogs.com/justmine/p/8886675.html
最終運行結果:
四.本地安裝Kubectl
kubectl能夠用來幫助咱們本地鏈接管理集羣,這裏咱們也是經過choco來進行安裝,CMD管理員模式運行如下命令:
choco install kubernetes-cli
安裝完成後經過如下命令檢查是否成功:
kubectl version
這個時候呢仍是不成功的,由於用戶證書不匹配,咱們還須要作如下工做,鏈接到master運行如下命令查看admin用戶證書:
cd /etc/kubernetes/
cat admin.conf
OK,複製下這個配置文件的內容,默認狀況下你應該只有一個admin用戶的信息,咱們須要用這個替換本地的配置文件內容。
在C:\Users\Administrator\.kube路徑下有一個conig文件,替換掉裏面的內容(裏面默認只有一個admin用戶信息,能夠直接替換掉,若是你還有其餘的用戶上下文信息啥的,那就在後面按格式追加)
這樣完成後再次經過kubectl version命令就能夠查看到如下內容了:
到這裏咱們就無需經過鏈接到master來管理k8s集羣了,在本地就能夠:
四.安裝dashboard
首先咱們須要準備一個dashboard.yaml,咱們經過NodePort暴露端口的方式部署dashboard,這樣就不須要啓動代理:
# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Configuration to deploy release version of the Dashboard UI compatible with # Kubernetes 1.8. # # Example usage: kubectl create -f <this_file> # ------------------- Dashboard Secret ------------------- # apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- # ------------------- Dashboard Service Account ------------------- # apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Role & Role Binding ------------------- # kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1beta2 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- # ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
而後咱們還須要一個用戶權限的user.yaml,它用來綁定角色權限:
apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: default namespace: default
運行這兩個yaml文件:
kubectl apply -f dashboard.yaml
kubectl apply -f user.yaml
查看dashborad的端口:
kubectl get svc -n kube-system
我這裏是32166端口,而後咱們只須要用master機器的IP+這裏的32166端口就能夠訪問了,由於咱們用的是假的證書,谷歌瀏覽器會阻止,因此咱們須要使用火狐瀏覽器,火狐瀏覽器默認也會阻止,點擊高級-添加例外,就能夠訪問到如下界面:
咱們須要使用Token令牌,咱們能夠經過如下命令查看令牌信息:
kubectl get secret
這裏只是給出了令牌名稱,具體的令牌須要用如下命令查看:
kubectl describe secret (默認顯示第一個) 或者 kubectl describe secret default-token-2qfb8
複製標記出來的token內容,粘貼到令牌那裏就能夠了:
OK,暫時到此結束,後期有新進展再更新。
- 1. Kubernetes 系列(一):本地k8s集羣搭建
- 2. mac——Minikube搭建本地k8s集羣
- 3. 本地搭建一個K8s的集羣
- 4. Kubernetes(k8s)1.12.2集羣搭建
- 5. ubuntu18.04搭建 kubernetes(k8s)集羣
- 6. Kubernetes(k8s) docker集羣搭建
- 7. Docker & kubernetes(k8s) 集羣搭建
- 8. K8S集羣搭建
- 9. 搭建k8s集羣
- 10. k8s集羣搭建
- 更多相關文章...
- • Swarm 集羣管理 - Docker教程
- • Swift 環境搭建 - Swift 教程
- • Kotlin學習(一)基本語法
- • Docker容器實戰(八) - 漫談 Kubernetes 的本質
-
每一个你不满意的现在,都有一个你没有努力的曾经。