热门标签
热门文章
- 1OpenHarmony 实战开发 - 如何在源码中编译复杂应用(4.0-Release)_openharmony4.0北向开发全教程
- 2Android-13-BroadcastReceiver(广播接收者)_android 13 broadcastreceiver
- 3Gartner加速数字化电子书系列(下):IT部门数字化业务转型路线图_it部门数字化转型
- 4零基础入门Jetson Nano——MediaPipe双版本(CPU+GPU)的安装与使用_mediapipe gpu
- 5Ubuntu升级OpenSSH至安全版本9.8_ubuntu 升级openssh
- 6linux下静态库和动态库的区别_linux动态库和静态库的区别
- 7 大数据下的用户行为分析_大数据下用户行为有哪些?
- 8硬件面试题_硬件面试问什么内容
- 9【DevOps】Elasticsearch在Ubuntu 20.04上的安装与配置:详细指南_ubuntu安装es
- 10分类算法matlab实例,数据挖掘之分类算法---knn算法(有matlab例子)
当前位置: article > 正文
Kubernetes集群搭建
作者:小惠珠哦 | 2024-08-18 23:37:13
赞
踩
Kubernetes集群搭建
入职之前闲置在学校,跟着尚硅谷视频分别在云服务器和本地虚拟机各搭建了一套k8s集群(云服务器有点小贵),这里对搭建步骤做个总结。
参考文档:
https://www.yuque.com/leifengyang/oncloud/ghnb83[前置操作] 安装docker
1、移除以前的docker安装包
- sudo yum remove docker \
- docker-client \
- docker-client-latest \
- docker-common \
- docker-latest \
- docker-latest-logrotate \
- docker-logrotate \
- docker-engine
2、配置yum源
- sudo yum install -y yum-utils
- sudo yum-config-manager \
- --add-repo \
- http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3、安装docker
yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io-1.4.64、启动
systemctl enable docker --now5、配置加速--加速器地址查看自己阿里云账号的[镜像加速]
- sudo mkdir -p /etc/docker
- sudo tee /etc/docker/daemon.json <<-'EOF'
- {
- "registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],
- "exec-opts": ["native.cgroupdriver=systemd"],
- "log-driver": "json-file",
- "log-opts": {
- "max-size": "100m"
- },
- "storage-driver": "overlay2"
- }
- EOF
- sudo systemctl daemon-reload
- sudo systemctl restart docker
[安装k8s]
准备工作:
1、2GRAM、2核CPU;
2、节点之间通信需要放开对应端口,或者关闭防火墙;
3、若是虚拟机,则需要设置静态IP,否则重启后IP可能改变;
4、不同主机设置不同的hostname;
5、禁用交换分区
正式配置:
1、基础环境
- #各个机器设置自己的域名
- hostnamectl set-hostname xxxx
-
-
- # 将 SELinux 设置为 permissive 模式(相当于将其禁用)
- sudo setenforce 0
- sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
-
- #关闭swap
- swapoff -a
- sed -ri 's/.*swap.*/#&/' /etc/fstab
-
- #允许 iptables 检查桥接流量
- cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
- br_netfilter
- EOF
-
- cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
- net.bridge.bridge-nf-call-ip6tables = 1
- net.bridge.bridge-nf-call-iptables = 1
- EOF
- sudo sysctl --system
2、安装kubelet、kubeadm、kubectl
- cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
- [kubernetes]
- name=Kubernetes
- baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
- enabled=1
- gpgcheck=0
- repo_gpgcheck=0
- gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
- http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
- exclude=kubelet kubeadm kubectl
- EOF
-
-
- sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
-
- sudo systemctl enable --now kubelet
3、下载各个机器需要的镜像
- sudo tee ./images.sh <<-'EOF'
- #!/bin/bash
- images=(
- kube-apiserver:v1.20.9
- kube-proxy:v1.20.9
- kube-controller-manager:v1.20.9
- kube-scheduler:v1.20.9
- coredns:1.7.0
- etcd:3.4.13-0
- pause:3.2
- )
- for imageName in ${images[@]} ; do
- docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
- done
- EOF
-
- chmod +x ./images.sh && ./images.sh
4、初始化主节点
- #所有机器添加master域名映射,以下需要修改为自己的
- echo "172.31.0.4 cluster-endpoint" >> /etc/hosts
-
-
- #主节点初始化
- kubeadm init \
- --apiserver-advertise-address=172.31.0.4 \
- --control-plane-endpoint=cluster-endpoint \
- --image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
- --kubernetes-version v1.20.9 \
- --service-cidr=10.96.0.0/16 \
- --pod-network-cidr=192.168.0.0/16
-
- #所有网络范围不重叠
-
设置.kube/config
# 执行下述命令
5、安装网络组件-calico
- curl https://docs.projectcalico.org/manifests/calico.yaml -O
-
- kubectl apply -f calico.yaml
6、从节点加入集群
- kubeadm join cluster-endpoint:6443 --token x5g4uy.wpjjdbgra92s25pp \
- --discovery-token-ca-cert-hash sha256:6255797916eaee52bf9dda9429db616fcd828436708345a308f4b917d3457a22
忘了可以生成新令牌:
kubeadm token create --print-join-command7、部署dashboard
使用以下文件:
- # Copyright 2017 The Kubernetes Authors.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
-
- apiVersion: v1
- kind: Namespace
- metadata:
- name: kubernetes-dashboard
-
- ---
-
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
-
- ---
-
- kind: Service
- apiVersion: v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- spec:
- ports:
- - port: 443
- targetPort: 8443
- selector:
- k8s-app: kubernetes-dashboard
-
- ---
-
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-certs
- namespace: kubernetes-dashboard
- type: Opaque
-
- ---
-
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-csrf
- namespace: kubernetes-dashboard
- type: Opaque
- data:
- csrf: ""
-
- ---
-
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-key-holder
- namespace: kubernetes-dashboard
- type: Opaque
-
- ---
-
- kind: ConfigMap
- apiVersion: v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-settings
- namespace: kubernetes-dashboard
-
- ---
-
- kind: Role
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
-
- ---
-
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
-
- ---
-
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
- subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
-
- ---
-
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: kubernetes-dashboard
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard
- subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
-
- ---
-
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- spec:
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- k8s-app: kubernetes-dashboard
- template:
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- spec:
- containers:
- - name: kubernetes-dashboard
- image: kubernetesui/dashboard:v2.3.1
- imagePullPolicy: Always
- ports:
- - containerPort: 8443
- protocol: TCP
- args:
- - --auto-generate-certificates
- - --namespace=kubernetes-dashboard
- # Uncomment the following line to manually specify Kubernetes API server Host
- # If not specified, Dashboard will attempt to auto discover the API server and connect
- # to it. Uncomment only if the default does not work.
- # - --apiserver-host=http://my-address:port
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsUser: 1001
- runAsGroup: 2001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
- serviceAccountName: kubernetes-dashboard
- nodeSelector:
- "kubernetes.io/os": linux
- # Comment the following tolerations if Dashboard must not be deployed on master
- tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
-
- ---
-
- kind: Service
- apiVersion: v1
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- name: dashboard-metrics-scraper
- namespace: kubernetes-dashboard
- spec:
- ports:
- - port: 8000
- targetPort: 8000
- selector:
- k8s-app: dashboard-metrics-scraper
-
- ---
-
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- name: dashboard-metrics-scraper
- namespace: kubernetes-dashboard
- spec:
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- k8s-app: dashboard-metrics-scraper
- template:
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- annotations:
- seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
- spec:
- containers:
- - name: dashboard-metrics-scraper
- image: kubernetesui/metrics-scraper:v1.0.6
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsUser: 1001
- runAsGroup: 2001
- serviceAccountName: kubernetes-dashboard
- nodeSelector:
- "kubernetes.io/os": linux
- # Comment the following tolerations if Dashboard must not be deployed on master
- tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
- volumes:
- - name: tmp-volume
- emptyDir: {}
设置访问端口:
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboardtype: ClusterIP 改为 type: NodePort
- kubectl get svc -A |grep kubernetes-dashboard
- ## 找到端口,在安全组放行
创建访问账号:
- #创建访问账号,准备一个yaml文件; vi dash.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: admin-user
- namespace: kubernetes-dashboard
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: admin-user
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
- subjects:
- - kind: ServiceAccount
- name: admin-user
- namespace: kubernetes-dashboard
kubectl apply -f dash.yaml
获取令牌并访问:
- #获取访问令牌
- kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
访问: https://集群任意IP:端口 https://139.198.165.238:32759
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小惠珠哦/article/detail/999728
推荐阅读
相关标签
