0. 部署版本
操作系统:Anolis OS 8.8
Docker:20.10.9
Kubernetes:1.23.17
Calico:3.15.5
Dashboard:2.7.0
1. 环境配置
# 关闭防火墙
sudo systemctl disable firewalld --now
# 关闭 selinux
setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
# 关闭 swap
sudo swapoff -a
sudo sed -ri 's/.*swap.*/#&/' /etc/fstab
# 配置内核参数
sudo tee /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# 配置k8s的yum源(baseurl 根据当前环境选择可用的镜像源)
sudo tee /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
# 更新 libseccomp (需更新至2.4以上)
sudo yum update libseccomp
# 添加主机域名映射
sudo vi /etc/hosts
192.168.1.211 k8smaster
192.168.1.212 k8sNode1
192.168.1.213 k8sNode22. 安装Docker
# 添加 Docker CE 源(--add-repo 根据当前环境选择可用的镜像源)
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装 Docker
sudo yum -y install docker-ce-20.10.9 docker-ce-cli-20.10.9 containerd.io docker-compose-plugin
# 配置 Docker(registry-mirrors 根据当前环境选择可用的镜像源)
sudo mkdir /etc/docker
sudo tee /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://dockerhub.icu"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# 加载 Docker 配置
sudo systemctl daemon-reload
# Docker 服务开机启动
sudo systemctl enable docker --now3. 安装k8s相关组件
# 安装kubectl、kubelet、kubeadm
sudo yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17
# 设置 kubelet 开机启动
sudo systemctl enable kubelet --now4. 初始化集群
4.1 初始化主节点
在主节点服务器执行初始化命令
kubeadm init \ --apiserver-advertise-address=192.168.1.211 \ # 主节点地址 --control-plane-endpoint=k8smaster \ # 主节点名 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \ # 镜像仓库 --kubernetes-version v1.23.17 \ # 版本 --service-cidr=10.96.0.0/16 \ # 服务网段 --pod-network-cidr=172.20.0.0/16 # pod网段初始化成功会输出以下信息(记录下相关命令后续用到)
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of control-plane nodes by copying certificate authorities and service account keys on each node and then running the following as root: kubeadm join k8smaster:6443 --token 2hzohh.yxfd1703v61o66s5 \ --discovery-token-ca-cert-hash sha256:23e2b8829760dab585f9592cc446a214b8243ca0846532ab2c9edd238ae4bca1 \ --control-plane Then you can join any number of worker nodes by running the following on each as root: kubeadm join k8smaster:6443 --token 2hzohh.yxfd1703v61o66s5 \ --discovery-token-ca-cert-hash sha256:23e2b8829760dab585f9592cc446a214b8243ca0846532ab2c9edd238ae4bca1添加配置
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
4.2 其他节点加入集群
kubeadm join k8smaster:6443 --token 2hzohh.yxfd1703v61o66s5 \
--discovery-token-ca-cert-hash sha256:23e2b8829760dab585f9592cc446a214b8243ca0846532ab2c9edd238ae4bca15. 安装 calico 网络插件
5.1 下载配置文件calico.yaml
下载:calico.yaml
5.2 修改网段
定位到 3589 与 3590 行,取消 # 注释,将 192.168.0.0/16 修改为与初始化命令参数 --pod-network-cidr 一样的网段
例如:
修改前
3589 # - name: CALICO_IPV4POOL_CIDR 3590 # value: "192.168.0.0/16"修改后
3589 - name: CALICO_IPV4POOL_CIDR 3590 value: "172.20.0.0/16"
5.3 应用部署
kubectl apply -f calico.yaml6. 安装 Dashboard
6.1 下载配置文件recommended.yaml
6.2 修改部署类型
定位到 39 行,在下一行添加 type: NodePort
例如:
修改前
39 spec: 40 ports: 41 - port: 443 42 targetPort: 8443修改后
39 spec: 40 type: NodePort # 添加 41 ports: 42 - port: 443 43 targetPort: 8443
6.3 修改部署节点为主节点
6.3.1 dashboard部署节点设置
定位到 188 行,在下一行添加 nodeName: k8smaster(k8smaster为设置的主节点名)
例如:
修改前
188 spec: 189 securityContext: 190 seccompProfile: 191 type: RuntimeDefault 192 containers: 193 - name: kubernetes-dashboard 194 image: kubernetesui/dashboard:v2.7.0修改后
188 spec: 189 nodeName: k8smaster # 添加 190 securityContext: 191 seccompProfile: 192 type: RuntimeDefault 193 containers: 194 - name: kubernetes-dashboard 195 image: kubernetesui/dashboard:v2.7.0
6.3.2 metrics-scraper部署节点设置
定位到 274 行,在下一行添加 nodeName: k8smaster(k8smaster为设置的主节点名)
例如:
修改前
274 spec: 275 securityContext: 276 seccompProfile: 277 type: RuntimeDefault 278 containers: 279 - name: dashboard-metrics-scraper 280 image: kubernetesui/metrics-scraper:v1.0.8修改后
274 spec: 275 nodeName: k8smaster # 添加 276 securityContext: 277 seccompProfile: 278 type: RuntimeDefault 279 containers: 280 - name: dashboard-metrics-scraper 281 image: kubernetesui/metrics-scraper:v1.0.8
6.4 应用部署
kubectl apply -f recommended.yaml6.5 创建管理员用户
6.5.1 新建配置文件
dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard6.5.2 创建用户
kubectl apply -f dashboard-adminuser.yaml6.5.3 获取令牌
执行命令
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')输出信息(记录 token: 后的值用于登录)
Name: admin-user-token-ggw46 Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 14629df1-bcf8-404e-98a0-c9d6e1b1509a Type: kubernetes.io/service-account-token Data ==== ca.crt: 1099 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkdSVThLWF8tdXdZRnFmS1Rma1dJb1AxZWVZS1B0bEVfLW53Yk9IZjBWYm8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWdndzQ2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIxNDYyOWRmMS1iY2Y4LTQwNGUtOThhMC1jOWQ2ZTFiMTUwOWEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.HAho_LjREMhGAlrPFTHQAGNXPeWsHx_yDfqXQL82r3bY8kw6kFZjG-jbNWJznz14V-4hNsdOieRtEsttWYAlRn6_Dppa1v_Ivc3BM-ijJr1H0v5E93a2-MC5wcPPyKPjOA07PNPzCEfR9-sBL5qWdEggxzQ2goH8CnspJeNDuWMHPVBlKi5ZLODkulISbvuVPQ2i9sXrUwHCm7rm7jbqPqFlEBJBSZxKuenUAykzhiBXlGA0iJBc2GlWRJVFId2J0uP2qOYNunjGk0N0igjZHVpEezC9V3JhHtP8ssqWmFF7a_00BTo6H5CSKa0Fr4bvq0hhdIIPHnK2E57cdDnx2w
6.6 访问登录
6.6.1 查看访问端口
执行命令
kubectl get svc -n kubernetes-dashboard输出信息(PORT(S) 下 443: 后的 30398 为当前访问端口)
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.96.20.36 <none> 8000/TCP 139m kubernetes-dashboard NodePort 10.96.33.133 <none> 443:30398/TCP 139m
6.6.2 访问
6.6.3 登录
填入前面的 token 值进行登录
7. k8s常用命令
# 应用配置
kubectl apply -f 配置.yaml
# 删除配置
kubectl delete -f 配置.yaml
# 获取所有服务资源
kubectl get svc --all-namespaces
# 获取指定命名空间的服务资源
kubectl get svc -n 指定命名空间
# 获取所有pod信息
kubectl get pod --all-namespaces
# 获取指定命名空间的pod信息
kubectl get pod -n 指定命名空间
# 获取指定命名空间的pod信息及所在部署节点
kubectl get pod -o wide -n 指定命名空间
# 获取指定pod的运行信息
kubectl describe -n 指定命名空间 pod 指定pod名称
# 删除指定pod
kubectl get pod -n 指定命名空间 | grep 指定pod名称 | awk '{print$1}'| xargs kubectl delete -n 指定命名空间 pod
