ubuntu 18.04下使用kubeadm安装部署k8s
测试环境:ubuntu18.04
部署目标:部署一个k8s master节点+一个k8s slave节点
| 名称 | 内网IP | 公网IP |
|---|---|---|
| k8s-master | 172.24.151.213 | 47.113.227.49 |
| k8s-slave | 172.24.151.214 | 47.113.185.4 |
安装步骤
准备环境
x
cat <<EOF | sudo tee /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1EOFsudo sysctl --system关闭swap
x
swapoff -a永久关闭swap,编辑
/etc/fstab,删除对应行。安装docker
x
# (Install Docker CE)## Set up the repository:### Install packages to allow apt to use a repository over HTTPSapt-get update && apt-get install -y \apt-transport-https ca-certificates curl software-properties-common gnupg2x
# Add Docker’s official GPG key:curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -x
# Add the Docker apt repository:add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"x
apt-get update && apt-get install -y \containerd.io=1.2.13-2 \docker-ce=5:19.03.11~3-0~ubuntu-$(lsb_release -cs) \docker-ce-cli=5:19.03.11~3-0~ubuntu-$(lsb_release -cs)x
# Set up the Docker daemoncat > /etc/docker/daemon.json <<EOF{"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"storage-driver": "overlay2","registry-mirrors": ["https://qpb5oc44.mirror.aliyuncs.com"]}EOFx
mkdir -p /etc/systemd/system/docker.service.dx
# Restart Dockersystemctl daemon-reloadsystemctl restart docker添加自启动
x
sudo systemctl enable docker安装kubeadm,kubelet,kubectl
x
sudo apt-get update && sudo apt-get install -y apt-transport-https curlcurl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -cat <<EOF > /etc/apt/sources.list.d/kubernetes.listdeb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial mainEOFsudo apt-get updatesudo apt-get install -y kubelet kubeadm kubectlsudo apt-mark hold kubelet kubeadm kubectl初始化master节点(在master机器执行)
x
kubeadm init \--apiserver-advertise-address=172.24.151.213 \--image-repository registry.aliyuncs.com/google_containers \--kubernetes-version=v1.18.3 \--service-cidr=10.1.0.0/16 \--pod-network-cidr=10.244.0.0/16如果init失败,可以先kubeadm reset,然后删除所有image,再执行init。
给当前用户kubectl权限:
x
mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config此时使用
kubectl get node命令查看节点状态,发现还处于NotReady状态。这是因为没安装网络插件。安装pod网络插件(在master机器执行)
x
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.12.0/Documentation/kube-flannel.yml如果安装慢,可以考虑将kube-flannel.yml下载到本地,替换里面的镜像地址quay.io为国内源quay.mirrors.ustc.edu.cn。然后再执行kubectl apply -f kube-flannel.yml。
通过命令
kubectl get pods -A查看当前运行的系统pods。此时再通过
kubectl get node命令查看节点状态,发现还处于ready状态。加入node节点(在slave机器执行)
x
kubeadm join 172.24.151.213:6443 --token zuxz7o.by58pol47lm5r802 \--discovery-token-ca-cert-hash sha256:150578713a0d7116867cf62fb648c039d42d3b9ac9ba0e8e6201d89967fd98c0测试集群
x
$ kubectl create deployment nginx --image=nginx$ kubectl expose deployment nginx --port=80 --type=NodePort查看服务状态,得到k8s给nginx分配的端口
xxxxxxxxxx$ kubectl get pod,svc通过任一节点ip,加上上面得到的端口,即可访问到nginx的主页。
部署dashboard
下载yaml文件
x
$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml -O kubernetes-dashboard.yaml修改镜像地址,使之能够国内网络访问
x
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1改为image: docker.io/mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1修改service,指定类型
x
spec:type: NodePortports:- port: 443targetPort: 8443执行yaml文件
x
$ kubectl apply -f kubernetes-dashboard.yaml通过https://nodeip:nodeport即可访问到界面。
生成dashboard token
x
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboardkubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-adminkubectl describe secrets -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')
问题解决
如何删除pod
x
kubectl delete -f kubernetes-dashboard.yamlinit失败后,如何重新init
x
kubeadm reset使用
docker images查看是否有id相同的image,如果存在,则也需要把这些image删除。dashboard因为证书问题打不开的问题
创建自签名证书
x
sudo su -touch /root/.rndmkdir -p /data/tls && cd /data/tlsopenssl genrsa -out ca.key 2048openssl req -new -x509 -key ca.key -out ca.crt -days 3650 -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=CA"//生成私钥openssl genrsa -out dashboard.key 2048申请签名请求
x
# ip为dashaboard访问地址ipexport ip=172.24.151.213openssl req -new -sha256 -key dashboard.key -out dashboard.csr -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=$ip"cat > dashboard.cnf <<EOFextensions = san[san]keyUsage = digitalSignatureextendedKeyUsage = clientAuth,serverAuthsubjectKeyIdentifier = hashauthorityKeyIdentifier = keyid,issuersubjectAltName = IP:$ip,IP:127.0.0.1,DNS:$ip,DNS:localhostEOF签发证书
x
openssl x509 -req -sha256 -days 3650 -in dashboard.csr -out dashboard.crt -CA ca.crt -CAkey ca.key -CAcreateserial -extfile dashboard.cnf删除旧kubernetes-dashboard
xxxxxxxxxxkubectl delete -f kubernetes-dashboard.yaml修改kubernetes-dashboard.yaml 文件,注释以下行
x
# apiVersion: v1# kind: Secret# metadata:# labels:# k8s-app: kubernetes-dashboard# name: kubernetes-dashboard-certs# namespace: kubernetes-dashboard# type: Opaque创建 secret kubernetes-dashboard-certs
xxxxxxxxxxkubectl create secret generic kubernetes-dashboard-certs --from-file="/data/tls/dashboard.crt,/data/tls/dashboard.key" -n kubernetes-dashboard重新部署dashboard
x
kubectl create -f kubernetes-dashboard.yaml