K8s集群离线安装-kubeadm-详细篇_kubeadm 离线安装

作者：小惠珠哦 | 2024-08-14 00:45:01

踩

kubeadm 离线安装

1、部署k8s的两种方式：kubeadm 和二进制源码安装

#本次实验采用的部署Kubernetes方式：
kubeadm
Kubeadm是一个K8s部署工具，提供kubeadm init和kubeadm join，用于快速部署Kubernetes集群。
1
2
3

2、环境准备

#服务器要求：
建议最小硬件配置：2核CPU、2G内存、20G硬盘
服务器最好可以访问外网，会有从网上拉取镜像需求，如果服务器不能上网，需要提前下载对应镜像并导入节点
#软件环境：
操作系统：CentOS Linux release 7.8.2003 (Core)
Docker：20.10.16
K8s：1.23
1
2
3
4
5
6
7

名称	IP
master	192.168.32.128
node1	192.168.32.129
node2	192.168.32.130
repo	192.168.32.131

3、下载安装包至本地

# 找一台可以连接外网的机器，下载所需的所有依赖安装包，作为yum仓库服务器
# yum仓库服务器 192.168.32.131

# 下载所需工具依赖包
yum install --downloadonly --downloaddir=/opt/repo ntpdate wget httpd createrepo vim telnet netstat lrzsz

[root@repo ~]# yum clean all
[root@repo ~]# yum makecache
[root@repo ~]# yum install -y wget
[root@repo ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
[root@repo ~]# yum install --downloadonly --downloaddir=/opt/repo docker-ce
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# 先下载好kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0所需要的依赖包

[root@repo ~]# yum install --downloadonly --downloaddir=/opt/repo  kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
[root@repo ~]# wget --no-check-certificate https://docs.projectcalico.org/manifests/calico.yaml
[root@repo ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

4、将安装包拷贝至本地并制作yum源

#使用yum下载命令
yum install ${软件} --downloadonly --downloaddir=${指定目录}
如：yum -y install httpd --downloadonly --downloaddir=/data/repo 
yum -y install autossh --downloadonly --downloaddir=/data/repo 
#将下载软件包的目录制作为yum源
[root@repo opt]# mkdir repo
[root@repo opt]# createrepo /opt/repo/
#命令执行后，会在该目录下创建一个repodata目录，如下图：
[root@repo repo]# ls
repodata

# 将上一步的安装包全部拷贝至192.168.32.131，并制作本地的yum源
更新createrepo
[root@repo repo]# createrepo --update /opt/repo
cd /opt/repo
yum install -y httpd
systemctl start httpd && systemctl enable httpd
ln -s /opt/repo /var/www/html/
# 此时就制作好了本地yum源

# 例子
下载php-mysql到createrepo仓库中：
yum install php-mysql --downloadonly --downloaddir=/opt/repo
[root@repo repo]# ls
libzip-0.10.1-8.el7.x86_64.rpm  php-common-5.4.16-48.el7.x86_64.rpm  php-mysql-5.4.16-48.el7.x86_64.rpm  php-pdo-5.4.16-48.el7.x86_64.rpm  repodata

#在内网机器上搜索php-mysql 
[root@k8s-node2 yum.repos.d]# yum search php-mysql
已加载插件：fastestmirror
Loading mirror speeds from cached hostfile
================================================================== N/S matched: php-mysql ==================================================================
php-mysql.x86_64 : A module for PHP applications that use MySQL databases

  名称和简介匹配 only，使用“search all”试试。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

在这里插入图片描述
## 5、初始化配置

5.1、安装环境准备：下面的操作需要在所有的节点上执行。

# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config  # 永久
setenforce 0  # 临时
# 关闭swap
swapoff -a  # 临时
sed -ri 's/.*swap.*/#&/' /etc/fstab    # 永久
# 根据规划设置主机名
# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system  # 生效
# 时间同步
yum install ntpdate -y
ntpdate time.windows.com
hostnamectl set-hostname k8s-node2
# 在master添加hosts
cat >> /etc/hosts << EOF
192.168.32.128 master
192.168.32.129 node1
192.168.32.130 node2
192.168.32.131 repo
EOF
# 在每个节点创建离线环境repo源
cat > /etc/yum.repos.d/local.repo << EOF
[local]
name=local
baseurl=http://192.168.32.131/repo/   # 目录地址很重要，一定要加对 必须加上/
enabled=1
gpgcheck=0
EOF

# 模拟离线状态下的yum 仓库
[root@k8s-master yum.repos.d]# cd /etc/yum.repos.d/
[root@k8s-master yum.repos.d]# mkdir bak
[root@k8s-master yum.repos.d]# mv *.repo bak/
[root@k8s-master yum.repos.d]# cd bak/
[root@k8s-master yum.repos.d]# mv local.repo ../
[root@k8s-master yum.repos.d]# yum clean all
[root@k8s-master yum.repos.d]# yum makecache
[root@k8s-master yum.repos.d]# yum repolist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

5.2、安装 Docker、kubeadm、kubelet【所有节点】

#安装docker:
yum -y install docker-ce
systemctl enable docker && systemctl start docker

#配置镜像下载加速器：
vim /etc/docker/daemon.json

{
  "registry-mirrors": ["https://l51yxa8e.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}

systemctl restart docker
#查看docker信息，进行确认 
docker info 
                                                       
#先安装好kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0所需要的依赖包
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0

#先设置kubelet 为自启动
systemctl enable kubelet

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

所安装的依赖包都是来自local 本地仓库
在这里插入图片描述

6、部署k8s-master【master执行】

6.1、kubeadm部署

# 执行kubeadm时，需要用到一些镜像，我们需要提前准备。
# 查看需要依赖哪些镜像
[root@k8s-master ~]# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.23.0
k8s.gcr.io/kube-controller-manager:v1.23.0
k8s.gcr.io/kube-scheduler:v1.23.0
k8s.gcr.io/kube-proxy:v1.23.0
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6

# 这里需要在192.168.32.131机器上执行

# 在生产环境，是肯定访问不了k8s.gcr.io这个地址的。在有大陆联网的机器上，也是无法访问的。所以我们需要使用国内镜像先下载下来。
# 解决办法跟简单，我们在一台可以上网的机器上使用docker命令搜索下
[root@repo yum.repos.d]# docker search kube-apiserver
NAME                                    DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
aiotceo/kube-apiserver                  end of support, please pull kubestation/kube…   20                   
mirrorgooglecontainers/kube-apiserver                                                   19                   
kubesphere/kube-apiserver                                                               7                    
kubeimage/kube-apiserver-amd64          k8s.gcr.io/kube-apiserver-amd64                 5                    
empiregeneral/kube-apiserver-amd64      kube-apiserver-amd64                            4                    [OK]
k8simage/kube-apiserver                                                                 3                    
docker/desktop-kubernetes-apiserver     Mirror of selected tags from k8s.gcr.io/kube…   1                    
mirrorgcrio/kube-apiserver              mirror of k8s.gcr.io/kube-apiserver:v1.23.6     1                    
# 选择stars 最多的 aiotceo/kube-apiserver
# 下载对应版本的base镜像
# kubeadm 所需镜像

registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.0
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.0
registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.0
registry.aliyuncs.com/google_containers/kube-proxy:v1.23.0
registry.aliyuncs.com/google_containers/pause:3.6
registry.aliyuncs.com/google_containers/etcd:3.5.1-0
registry.aliyuncs.com/google_containers/coredns:v1.8.6

# 编写 pull 脚本：
vim pull_images.sh

#!/bin/bash
images=(
registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.0
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.0
registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.0
registry.aliyuncs.com/google_containers/kube-proxy:v1.23.0
registry.aliyuncs.com/google_containers/pause:3.6
registry.aliyuncs.com/google_containers/etcd:3.5.1-0
registry.aliyuncs.com/google_containers/coredns:v1.8.6
)
for pullimageName in ${images[@]} ; do
docker pull $pullimageName
done

# 编写 save 脚本：
vim save_images.sh
#!/bin/bash
images=(
registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.0
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.0
registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.0
registry.aliyuncs.com/google_containers/kube-proxy:v1.23.0
registry.aliyuncs.com/google_containers/pause:3.6
registry.aliyuncs.com/google_containers/etcd:3.5.1-0
registry.aliyuncs.com/google_containers/coredns:v1.8.6
)

for imageName in ${images[@]}; do
key=`echo $imageName | awk -F '\\\/' '{print $3}' | awk -F ':' '{print $1}'`
docker save -o $key.tar $imageName
done

# 将save 出来的镜像传送到master节点上
[root@repo images]# ll
total 755536
-rw------- 1 root root  46967296 Sep  4 02:37 coredns.tar
-rw------- 1 root root 293936128 Sep  4 02:37 etcd.tar
-rw------- 1 root root 136559616 Sep  4 02:36 kube-apiserver.tar
-rw------- 1 root root 126385152 Sep  4 02:37 kube-controller-manager.tar
-rw------- 1 root root 114243584 Sep  4 02:37 kube-proxy.tar
-rw------- 1 root root  54864896 Sep  4 02:37 kube-scheduler.tar
-rw------- 1 root root    692736 Sep  4 02:37 pause.tar

scp *.tar root@192.168.32.128:/root/

#以下在master节点上执行

# 编写 load 脚本：
vim load_images.sh
#!/bin/bash
images=(
kube-apiserver
kube-controller-manager
kube-scheduler
kube-proxy
pause
etcd
coredns
)
for imageName in ${images[@]} ; do
key=.tar
docker load -i $imageName$key
done

[root@master ~]# docker images
REPOSITORY                                                        TAG        IMAGE ID       CREATED         SIZE
registry.aliyuncs.com/google_containers/kube-apiserver            v1.23.0   9ca5fafbe8dc   2 weeks ago     135MB
registry.aliyuncs.com/google_containers/kube-proxy                v1.23.0   71b9bf9750e1   2 weeks ago     112MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.23.0   91a4a0d5de4e   2 weeks ago     125MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.23.0   d5c0efb802d9   2 weeks ago     53.5MB
registry.aliyuncs.com/google_containers/etcd                      3.5.1-0    25f8c7f3da61   10 months ago   293MB
registry.aliyuncs.com/google_containers/coredns                   v1.8.6     a4ca41631cc7   11 months ago   46.8MB
registry.aliyuncs.com/google_containers/pause                     3.6        6270bb605e12   12 months ago   683kB


kubeadm init \
  --apiserver-advertise-address=192.168.32.128 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.23.0 \
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=10.244.0.0/16 \
  --ignore-preflight-errors=all
  
 初始化之后，会输出一个join命令，先复制出来，node节点加入master会使用。
 --image-repository registry.aliyuncs.com/google_containers 镜像仓库，离线安装需要把相关镜像先拉取下来
 --apiserver-advertise-address 集群通告地址
 --image-repository 由于默认拉取镜像地址k8s.gcr.io国内无法访问，这里指定阿里云镜像仓库地址
 --kubernetes-version K8s版本，与上面安装的一致
 --service-cidr 集群内部虚拟网络，Pod统一访问入口
 --pod-network-cidr Pod网络，与下面部署的CNI网络组件yaml中保持一致
 # 安装完成之后会有token,记录下来有用
 Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.32.128:6443 --token 6m4wt4.y90169m53e6nen8d \
	--discovery-token-ca-cert-hash sha256:0ea734ba54d630659ed78463d0f38fc6c407fabe9c8a0d41913b626160981402 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

6.2、拷贝k8s认证文件

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#查看工作节点：
[root@master .kube]# kubectl get nodes
NAME     STATUS     ROLES                  AGE     VERSION
master   NotReady   control-plane,master   6m46s   v1.23.0
# 注：由于网络插件还没有部署，还没有准备就绪 NotReady，继续操作。 
1
2
3
4
5
6
7
8

7、配置k8s的node节点【node节点操作】

# 向集群添加新节点，执行在kubeadm init输出的kubeadm join命令
# 在192.168.32.129 192.1168.32.130主机上输入以下命令

[root@k8s-node1 ~]# kubeadm join 192.168.32.128:6443 --token 6m4wt4.y90169m53e6nen8d \
--discovery-token-ca-cert-hash sha256:0ea734ba54d630659ed78463d0f38fc6c407fabe9c8a0d41913b626160981402  
[preflight] Running pre-flight checks
	[WARNING Hostname]: hostname "k8s-node1" could not be reached
	[WARNING Hostname]: hostname "k8s-node1": lookup k8s-node1 on 8.8.8.8:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

#默认token有效期为24小时，当过期之后，该token就不可用了。这时就需要重新创建token，可以直接使用命令快捷生成：
kubeadm token create --print-join-command

# 在192.168.32.128主机上
[root@master .kube]# kubectl get nodes
NAME        STATUS     ROLES                  AGE   VERSION
k8s-node1   NotReady   <none>                 47s   v1.23.0
k8s-node2   NotReady   <none>                 8s    v1.23.0
master      NotReady   control-plane,master   10m   v1.23.0
# 注：由于网络插件还没有部署，还没有准备就绪 NotReady，继续操作。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

8、部署容器网络（master执行）

# Calico是一个纯三层的数据中心网络方案，是目前Kubernetes主流的网络方案。
# calico镜像 在192.168.32.131能连接外网的主机上下载calico镜像，然后传到master主机上

# 查看pod 网段
[root@master .kube]# cat /etc/kubernetes/manifests/kube-controller-manager.yaml | grep cluster-cidr=
    - --cluster-cidr=10.244.0.0/16
    
#把calico.yaml里pod所在网段改成kubeadm init时选项--pod-network-cidr所指定的网段，
直接用vim编辑打开此文件查找192，按如下标记进行修改：
# no effect. This should fall within `--cluster-cidr`.
# - name: CALICO_IPV4POOL_CIDR
#   value: "192.168.0.0/16"
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
修改：
把两个#及#后面的空格去掉，并把192.168.0.0/16改成10.244.0.0/16
# no effect. This should fall within `--cluster-cidr`.
- name: CALICO_IPV4POOL_CIDR      #此处
value: "10.244.0.0/16"			 #此处
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"  

# 指定网卡，不然创建pod 会有报错 
# 报错信息
network: error getting ClusterInformation: connection is unauthorized: Unauthorized
# Cluster type to identify the deployment type
  - name: CLUSTER_TYPE
  value: "k8s,bgp"
# 下面添加
  - name: IP_AUTODETECTION_METHOD
    value: "interface=eth0"
    # eth0为本地网卡名字

# 参考链接：https://blog.csdn.net/m0_61237221/article/details/125217833
# 修改网卡名称教程：https://www.freesion.com/article/991174666/ 

# calico 版本
docker.io/calico/cni:v3.22.1
docker.io/calico/pod2daemon-flexvol:v3.22.1
docker.io/calico/node:v3.22.1
docker.io/calico/kube-controllers:v3.22.1

vim save_calico_images.sh
#!/bin/bash
images=(
docker.io/calico/cni:v3.22.1
docker.io/calico/pod2daemon-flexvol:v3.22.1
docker.io/calico/node:v3.22.1
docker.io/calico/kube-controllers:v3.22.1
)

for imageName in ${images[@]}; do
key=`echo $imageName | awk -F '\\\/' '{print $3}' | awk -F ':' '{print $1}'`
docker save -o $key.tar $imageName
done

# 192.168.32.128
vim load_calico_images.sh 

#!/bin/bash
images=(
cni
kube-controllers
node
pod2daemon-flexvol
)
for imageName in ${images[@]} ; do
key=.tar
docker load -i $imageName$key
done

# dashboard 版本镜像
kubernetesui/dashboard:v2.5.1
kubernetesui/metrics-scraper:v1.0.7

#下载YAML：
wget http://192.168.32.131/repo/calico.yaml

# 下载完后还需要修改里面定义Pod网络（CALICO_IPV4POOL_CIDR），与前面kubeadm init的 --pod-network-cidr指定的一样。
  # The default IPv4 pool to create on startup if none exists. Pod IPs will be
            # chosen from this range. Changing this value after installation will have
            # no effect. This should fall within `--cluster-cidr`.
            # - name: CALICO_IPV4POOL_CIDR
            #   value: "10.244.0.0/16" # 修改此处

# 修改完后文件后，进行部署：
kubectl apply -f calico.yaml
kubectl get pods -n kube-system

# 执行结束要等上一会才全部running
# 等Calico Pod都Running后，节点也会准备就绪。
# 注：以后所有yaml文件都只在Master节点执行。
# 安装目录：/etc/kubernetes/
# 组件配置文件目录：/etc/kubernetes/manifests/

[root@master ~]# kubectl get nodes -o wide
NAME        STATUS   ROLES                  AGE     VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION          CONTAINER-RUNTIME
k8s-node1   Ready    <none>                 3h20m   v1.23.0   192.168.32.129   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://20.10.17
k8s-node2   Ready    <none>                 3h19m   v1.23.0   192.168.32.130   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://20.10.17
master      Ready    control-plane,master   3h30m   v1.23.0   192.168.32.128   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://20.10.17
[root@master ~]# kubectl get nodes,svc -o wide
NAME             STATUS   ROLES                  AGE     VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION          CONTAINER-RUNTIME
node/k8s-node1   Ready    <none>                 3h20m   v1.23.0   192.168.32.129   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://20.10.17
node/k8s-node2   Ready    <none>                 3h19m   v1.23.0   192.168.32.130   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://20.10.17
node/master      Ready    control-plane,master   3h30m   v1.23.0   192.168.32.128   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://20.10.17

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE     SELECTOR
service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   3h30m   <none>


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

9、部署Dashboard (master执行)

# 参考网址：https://blog.csdn.net/qq_41980563/article/details/123182854

# Dashboard是官方提供的一个UI，可用于基本管理K8s资源。
# https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
# YAML下载地址：wget http://192.168.32.131/repo/recommended.yaml
# 默认Dashboard只能集群内部访问，修改Service为NodePort类型，暴露到外部：
vim recommended.yaml   #在第三步中下载的
...
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort
...

# 版本信息：
kubernetesui/dashboard:v2.5.1
kubernetesui/metrics-scraper:v1.0.7


kubectl apply -f recommended.yaml

[root@master ~]# kubectl get pods -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-799d786dbf-4fh5r   1/1     Running   0          10m
kubernetes-dashboard-fb8648fd9-pk6jk         1/1     Running   0          10m

# 访问地址：https://NodeIP:30001 
# 创建service account并绑定默认cluster-admin管理员集群角色：
# 创建用户
[root@master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
# 用户授权
[root@master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
# 获取用户Token
[root@master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name:         dashboard-admin-token-gr2bk
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: b3b13801-e4a6-481f-a3ea-2fb55b2f6f23

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1CLXR0QmxtSkhLZXRubXdLQ1c4X2paMk14dXRvQTRDMVBOdmw0SWtpX2cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZ3IyYmsiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYjNiMTM4MDEtZTRhNi00ODFmLWEzZWEtMmZiNTViMmY2ZjIzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.sH4z8gX5qdZXgw3pApBDzF9nlowdLjuFkkFfpdh1p0ljFdNOYdnfj84sRssU-PqoEx6ImCBF0czxQqfOJMXp6ha6-0XR44U15aWWjenqcfydw27RRJuV42z4N-PE7PdRETImCELIfvokkNU_r7uMlYahVE-cwRVi6Uj7ywL_Sjt6l8pv3qGDbCLnhWX-64mpZTqtjxhsH2xj1RUlOh_y_Q6UANtJzqxIvLmJwn5a1k7fNEWoI9F-9oBxbNEzias-AEygr9h4wjIdX3tB2LCR7EsDsulJ1KYLVNj-U72PqzU7j0IeFessB3F34TO50FXmQ6z6-fnHdK93aNYjY8BBcA


# https://192.168.32.130:30001/#/login
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

在这里插入图片描述
10、部署nginx服务

# 1.创建namespace.yaml文件
[root@k8s-master1 ~]# vi nginx-namespase.yaml
apiVersion: v1 #类型为Namespace
kind: Namespace  #类型为Namespace
metadata:
  name: ssx-nginx-ns  #命名空间名称
  labels:
    name: lb-ssx-nginx-ns

# 然后应用到k8s中:
[root@master ~]# kubectl create -f nginx-namespase.yaml 
namespace/ssx-nginx-ns created

# 2.创建nginx-deployment.yaml文件
vi nginx-deployment.yaml

[root@k8s-master1 ~]# vi nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx #为该Deployment设置key为app，value为nginx的标签
  name: ssx-nginx-dm
  namespace: ssx-nginx-ns
spec:
  replicas: 2 #副本数量
  selector: #标签选择器，与上面的标签共同作用
    matchLabels: #选择包含标签app:nginx的资源
      app: nginx
  template: #这是选择或创建的Pod的模板
    metadata: #Pod的元数据
      labels: #Pod的标签，上面的selector即选择包含标签app:nginx的Pod
        app: nginx
    spec: #期望Pod实现的功能（即在pod中部署）
      containers: #生成container，与docker中的container是同一种
      - name: ssx-nginx-c
        image: nginx:latest #使用镜像nginx: 创建container，该container默认80端口可访问
        ports:
        - containerPort: 80  # 开启本容器的80端口可访问
        volumeMounts:  #挂载持久存储卷
        - name: volume #挂载设备的名字，与volumes[*].name 需要对应 
          mountPath: /usr/share/nginx/html #挂载到容器的某个路径下  
      volumes:
      - name: volume #和上面保持一致 这是本地的文件路径，上面是容器内部的路径
        hostPath:
          path: /opt/web/dist #此路径需要实现创建
     
[root@master ~]# kubectl create -f nginx-deployment.yaml
  
# 3.创建service.yaml文件        
[root@k8s-master1 ~]# vi nginx-service.yaml 
apiVersion: v1
kind: Service
metadata:
  labels:
   app: nginx
  name: ssx-nginx-sv
  namespace: ssx-nginx-ns
spec:
  ports:
  - port: 80 #写nginx本身端口
    name: ssx-nginx-last
    protocol: TCP
    targetPort: 80 # 容器nginx对外开放的端口 上面的dm已经指定了
    nodePort: 31090 #外网访问的端口
  selector:
    app: nginx    #选择包含标签app:nginx的资源
  type: NodePort

kubectl create -f ./nginx-service.yaml

[root@master ~]# kubectl get pods,svc -n ssx-nginx-ns -owide
NAME                               READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
pod/ssx-nginx-dm-686cdf7d5-72hhv   1/1     Running   0          98s   10.244.169.135   k8s-node2   <none>           <none>
pod/ssx-nginx-dm-686cdf7d5-qppqc   1/1     Running   0          98s   10.244.36.87     k8s-node1   <none>           <none>

NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE   SELECTOR
service/ssx-nginx-sv   NodePort   10.110.26.245   <none>        80:31090/TCP   46s   app=nginx

# 测试nginx
[root@master ~]# curl 192.168.32.129:31090
<h1>This is 192.168.32.129</h1>

[root@master ~]# curl 192.168.32.130:31090
<h1>This is 192.168.32.129</h1>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/小惠珠哦/article/detail/977193