使用kubeadm快速部署k8s集群

使用kubeadm快速部署k8s集群

• 1. 准备环境
• 2. 所有节点安装Docker/kubeadm/kubelet
• 3. 部署Kubernetes Master
• 4. 加入集群
• 5. 安装Flannel
• 6. 测试k8s集群
• 7. 部署 Dashboard

1. 准备环境

关闭防火墙：
# systemctl stop firewalld
# systemctl disable firewalld

关闭selinux：
# sed -i 's/enforcing/disabled/' /etc/selinux/config  # 永久
# setenforce 0  # 临时

关闭swap：
# swapoff -a  # 临时
# vim /etc/fstab  # 注释swap分区那行

设置主机名：
# hostnamectl set-hostname <hostname>

在master添加hosts：
# cat >> /etc/hosts << EOF
192.168.60.13 k8s-master
192.168.60.15 k8s-node1
192.168.60.16 k8s-node2
EOF

设置IPv4流量转发
# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# sysctl --system  # 生效

时间同步：
# yum install ntpdate -y
# ntpdate time.windows.com

2. 所有节点安装Docker/kubeadm/kubelet

添加阿里云YUM软件源

# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装Docker

拉取阿里云yum源
# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
# yum -y install docker-ce-18.06.1.ce-3.el7
# systemctl enable docker && systemctl start docker
# docker --version
Docker version 18.06.1-ce, build e68fc7a

修改镜像仓库
# cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF

安装kubeadm，kubelet和kubectl

# yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0
# systemctl enable kubelet

3. 部署Kubernetes Master

只在Master执行。

# kubeadm init \
--apiserver-advertise-address=192.168.60.13 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.18.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16

第一行：指定apiserver暴露的IP地址
第二行：指定镜像仓库
第三行：指定当前安装版本
第四行：指定service的IP地址段，不要与现有网络冲突
第五段：指定pod的IP地址段，不要与现有网络冲突

执行完成后，有如下提示

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.60.13:6443 --token zfbpba.s701lhju22skuhif \
--discovery-token-ca-cert-hash sha256:f26c0b5d5fcbb7c0eb2baba4b156368bd4b9ff686048a5c82ff68c2f67f43839

按提示操作

# mkdir -p $HOME/.kube
# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# sudo chown $(id -u):$(id -g) $HOME/.kube/config
# kubectl get nodes
NAME          STATUS     ROLES    AGE     VERSION
k8s-master1   NotReady   master   16m     v1.18.0
k8s-node1     NotReady   <none>   3m52s   v1.18.0
k8s-node2     NotReady   <none>   3m9s    v1.18.0

此时status为NotReady

4. 加入集群

在192.168.60.15/16（Node）执行。

向集群添加新节点

直接执行回显命令
# kubeadm join 192.168.60.13:6443 --token zfbpba.s701lhju22skuhif \
--discovery-token-ca-cert-hash sha256:f26c0b5d5fcbb7c0eb2baba4b156368bd4b9ff686048a5c82ff68c2f67f43839

默认token有效期为24小时，当过期之后，该token就不可用了。这时就需要重新创建token，操作如下：

# kubeadm token create
# kubeadm token list
# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

# kubeadm join 192.168.60.13:6443 --token nuja6n.o3jrhsffiqs9swnu --discovery-token-ca-cert-hash sha256:63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

5. 安装Flannel

# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# kubectl apply -f kube-flannel.yml

flannel均为running就安装成功了

# kubectl get pods -n kube-system
kube-flannel-ds-amd64-69gts           1/1     Running   0          97m
kube-flannel-ds-amd64-n7njn           1/1     Running   0          97m
kube-flannel-ds-amd64-twpmd           1/1     Running   0          97m

查看node状态为Ready

# kubectl get node
NAME          STATUS   ROLES    AGE    VERSION
k8s-master1   Ready    master   121m   v1.18.0
k8s-node1     Ready    <none>   108m   v1.18.0
k8s-node2     Ready    <none>   107m   v1.18.0

6. 测试k8s集群

在K8s集群中创建一个pod，验证是否正常运行：

# kubectl create deployment nginx --image=nginx
# kubectl expose deployment nginx --port=80 --type=NodePort
# kubectl get pod,svc

访问地址：http://NodeIP:Port

7. 部署 Dashboard

$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

默认Dashboard只能集群内部访问
修改recommended.yaml使Service为NodePort类型，暴露到外部：

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard

安装Dashboard

# kubectl apply -f recommended.yaml

查看暴露端口

# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.103.201.27   <none>        8000/TCP        95m
kubernetes-dashboard        NodePort    10.99.220.198   <none>        443:32052/TCP   95m

访问地址：https://NodeIP:Port

创建service account并绑定默认cluster-admin管理员集群角色：

kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

使用输出的token登录Dashboard。