signed

QiShunwang

“诚信为本、客户至上”

K8S安装与部署操作详解

2021/4/26 14:14:07   来源:

前期准备 --所有节点执行

 // 修改主机名
 hostnamectl set-hostname master01
 // 查看修改结果 
 more /etc/hostname
 // 修改hosts文件
cat >> /etc/hosts << EOF
172.31.224.98 master01
172.31.224.99 node01
EOF
 // 临时禁用swap
 swapoff -a
 // 永久禁用swap
 sed -i.bak '/swap/s/^/#/' /etc/fstab
 // 设置Kubernetes源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
// 更新缓存
 yum clean all && yum -y makecache

Docker安装 --所有节点执行

// 列出安装过的包
yum list installed | grep docker
// 卸载安装过的包
yum remove docker \
                 docker-client \
                 docker-client-latest \
                 docker-common \
                 docker-latest \
                 docker-latest-logrotate \
                 docker-logrotate \
                 docker-engine
// 安装Docker及Docker-compose
curl -sSL https://get.daocloud.io/docker | sh && yum install docker-compose -y && systemctl start docker && systemctl enable docker
// 配置Docker镜像加速
mkdir -p /etc/docker

tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://usydjf4t.mirror.aliyuncs.com", "https://registry.docker-cn.com"]
   , "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

systemctl daemon-reload && systemctl restart docker

Keepalived安装 --所有Master节点执行

// 安装keepalived
yum -y install keepalived
// 备份默认配置
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived_default.conf
// 写入新的配置
cat <<EOF > /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
  router_id master01
}

vrrp_instance VI_1 {
   state MASTER interface ens33
   virtual_router_id 50 priority 100 advert_int 1 authentication {
       auth_type PASS
       auth_pass 1111 }
   virtual_ipaddress { 192.168.0.130 }
}
EOF

// 启动keepalived
systemctl start keepalived && systemctl enable keepalived

安装K8S --所有节点执行

kubelet 运行在集群所有节点上,用于启动Pod和容器等对象的工具
kubeadm 用于初始化集群,启动集群的命令工具
kubectl 用于和集群通信的命令行,通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件

// 查看kubernetes版本
yum list kubelet --showduplicates | sort -r
// 安装kubelet、kubeadm、kubectl
yum install -y kubelet kubeadm kubectl
// 启动kubelet
systemctl enable kubelet && systemctl start kubelet
// 下载镜像
vi k8s.sh
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers #阿里云镜像仓库地址,可以按需修改
version=v1.19.4 #安装的kubernetes的版本(可以按需修改)
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`) 
for imagename in ${images[@]} ; do
 docker pull $url/$imagename
 docker tag $url/$imagename k8s.gcr.io/$imagename
 docker rmi -f $url/$imagename
done

// 修改脚本权限
chmod 755 k8s.sh
// 运行脚本下载镜像
./k8s.sh
// 查看下载的镜像
docker images

配置相关模块 --Master执行

// 查看br_netfilter模块
lsmod |grep br_netfilter

// 新增br_netfilter模块
cat > /etc/rc.sysinit << EOF
#!/bin/bash for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF

cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter
EOF

chmod 755 /etc/sysconfig/modules/br_netfilter.modules
// 内核参数永久修改
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 
EOF
// 从指定文件加载内核参数
sysctl -p /etc/sysctl.d/k8s.conf

初始化Master – Master执行

// 获取默认的初始化参数文件
kubeadm config print init-defaults > init.default.yaml
// 创建kubeadm.conf.yaml
vi kubeadm.conf.yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.19.4 
apiServer:
 certSANs: #填写所有kube-apiserver节点的hostname、IP、VIP
 - master01
 - node01
 - 172.31.224.98
 - 172.31.224.99
 - 192.168.0.10
controlPlaneEndpoint: "192.168.0.10:6443" 
networking:
 podSubnet: "10.96.0.0/12"  #这里需要根据具体的网络插件来配置(这里使用的flannel网络插件配置)
 // 打开IP转发
 echo  "1"  > /proc/sys/net/ipv4/ip_forward && service network restart
 // 初始化K8S
 kubeadm init --config=kubeadm.conf.yaml
 // 根据提示复制相关配置文件到普通用户的HOME目录
 // 如果初始化失败,可执行下列命令
 kubeadm reset
 rm -rf $HOME/.kube/config
 // 加载环境变量
 echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
 source .bash_profile

安装网络插件 --Master上执行

// 下载kube-flannel.yml文件(相关文件请自行下载)
kubectl apply -f kube-flannel.yml

Node节点加入集群 --所有Node节点上执行

// 如果Node已经加入其它集群,需要退出集群
kubeadm reset
// 添加静态路由
ip route add 192.168.0.0/24 via 172.31.224.99
// 永久添加静态路由
vi /etc/sysconfig/network-scripts/route-ens33
192.168.0.10/32 via 172.31.224.99 dev ens33
// 加入集群
kubeadm join 192.168.0.10:6443 --token 2inyud.ly9di8k2cb1ofqr5 --discovery-token-ca-cert-hash sha256:b6252cb28e59516c96ac1fa3aac6a3b00448f8d83b62723f830b79d64bfea509
// Master上查看节点
kubectl get nodes

# Client配置 --node节点执行

// 安装kubectl
yum install -y kubectl
// 从Master节点拷贝admin.conf
scp master01:/etc/kubernetes/admin.conf /etc/kubernetes/
// 加载环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source .bash_profile
// 验证测试
kubectl get nodes

Dashboard搭建

// 下载recommended.yaml
// 修改镜像地址
sed -i 's/kubernetesui/registry.cn-hangzhou.aliyuncs.com\/loong576/g' recommended.yaml
// 下载Dashboard镜像
docker pull kubernetesui/dashboard:v2.0.5
// 配置外网访问
sed -i '/targetPort: 8443/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' recommended.yaml
// 新增管理员账号
cat >> recommended.yaml << EOF 
# ------------- dashboard-admin ------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
 name: dashboard-admin 
 namespace: kubernetes-dashboard 
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
 name: dashboard-admin
subjects: 
- kind: ServiceAccount
 name: dashboard-admin 
 namespace: kubernetes-dashboard
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
 name: cluster-admin
EOF
// 部署Dashboard
kubectl apply -f recommended.yaml
// 查看状态
kubectl get all -n kubernetes-dashboard
// 查看令牌
kubectl describe secrets -n kubernetes-dashboard dashboard-admin
// 重新获取令牌
kubectl describe secret -n kubernetes-dashboard $(kubectl get secret -n kubernetes-dashboard |grep  kubernetes-dashboard-token | awk '{print $1}') |grep token | awk '{print $2}'

配置NodePort,外部通过https://NodeIp:NodePort 访问Dashboard,此时端口为30001