kubeadm开快速的搭建一个k8s集群
二进制适合大集群,50台以上主机
kubeadm更适合中小企业的业务集群。
master节点 20.0.0.92 docker kubelet kubeadm kubectl flannel
node1 20.0.0. 94 docker kubelet kubeadm kubectl flanne
node2 20.0.0.03 docker kubelet kubeadm kubectl flanne
harbor 20.0.0.95 docker docker-compose harbor
systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i 's/enforcing/disabled/' /etc/selinux/config iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X swapoff -a
hostnamectl set-hostname master01 hostnamectl set-hostname node01 hostnamectl set-hostname node02
sysctl --system
所有节点安装docker yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install -y docker-ce docker-ce-cli containerd.
所有节点安装kubeadm,kubelet和kubectl //定义kubernetes源 cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=kubernetes-yum-repos-kubernetes-el7-x86_64安装包下载_开源镜像站-阿里云 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
yum install -y kubelet-1.20.15 kubeadm-1.20.15 kubectl-1.20.15 systemctl enable kubelet.service
kudeadm config images list --kubernetes-version 1.20.15
pause:特殊的podpause:会在节点上创建一个网络命名空间,其他容器可以加入这个网络命名空间pod里面的容器可能使用不同的代码和架构代码,可以在一个网络空间里面实现通信,协调这个命名里面的资源(实现pod内容器兼容性)kubeadm安装的k8s组件都是以pod的形式运行在kube-system这个命名空间当中kubeketnode管理器可以进行系统控制master 节点上传 v1.20.15.zip 压缩包至 /opt 目录
unzip v1.20.15.zip -d /opt/k8s
cd /opt/k8s/
for i in $(ls *.tar); do docker load -i $i; done[root@k8s1 ~]# kubeadm init \> --apiserver-advertise-address=192.168.233.91 \
> --image-repository registry.aliyuncs.com/google_containers \
> --kubernetes-version=v1.20.15 \
> --service-cidr=10.96.0.0/16 \
> --pod-network-cidr=10.244.0.0/16 \
> --token-ttl=0--apiserver -advertise-addre :声明master节点的apiserver的监听地址是--image-repository registry.aliyuncs.com/google_containers \:声明拉去镜像的仓库,使用阿里云--service-cidr=10.96.0.0/16 \ 所有sevice的对外代理地址都是10.96.0.0/16--pod-network-cidr=10.244.0.0/16 \ 所有pod的ip地址网段--token-ttl=0在node节点加入集群kubeadm join 20.0.0.92:6443 --token j7h4sa.yau6cfyzva2zk9ll \--discovery-token-ca-cert-hash sha256:13b961db6119c69691992ef0e33b46a97339290d6ff19d8effe00329e543d28f
mkdir -p $HOME/.kubecd /etc/kubernetescp admin.conf /root/.kube/configcd /root/.kubechown $(id -u):$(id -g) $HOME/.kube/configsystemctl restart kubeletkubectl edit cm kube-proxy -n=kube-system
systemctl restart kubeletkubectl get nodekubectl get csvim /etc/kubernetes/manifests/kube-controller-manager.yaml
vim /etc/kubernetes/manifests/kube-controller-manager.yaml vim /etc/kubernetes/manifests/kube-controller-manager.yaml
systemctl restart kubelt
kubectl get cs
kubectl get pods -n kube-system
cd /opt docker load < flannel.tar
mv /opt/cni /opt/cni_bak mkdir -p /opt/cni/bin tar zxvf cni-plugins-linux-amd64-v0.8.6.tgz -C /opt/cni/bin
node01
docker load -i flannel.tar
mv /opt/cni /opt/cin_bak
mkdir -p /opt/cni/bin
tar zxvf
./update-kubeadm-cert.sh all
5上
vim harbor.yml
//生成证书
mkdir -p /data/cert
cd /data/cert
#生成私钥
openssl genrsa -des3 -out server.key 2048
输入两遍密码:123456
生成证书签名请求文件
openssl req -new -key server.key -out server.c
#备份私钥
cp server.key server.key.org
#清除私钥密码
openssl rsa -in server.key.org -out server.key
输入私钥密码:123456
cd /opt/harbor
./prepare
./install.sh
node01
mdkir -p /etc/docker/certs.d/hub.test.com
在harbor主机上
scp -r data/ root20.0.0.93:/
scp -r data/ root20.0.0.94:/
在node01和node02
cp server.crt server.csr server.key /etc/docker/hun.com.test
在harbor上
vim /etc/hosts 192.168.233.94 hub.test.com
vim /lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker
在node节点上
docker login -u admin -p 123456 https://hub.test.com
docker tag nginx:latest hub.test.com/library/nginx:v1
docker push hub.test.com/library/nginx:v1
在master节点上删除之前创建的nginx资源
kubectl delete deployment myapp-test
kubectl create deployment myapp-test --image=hub.test.com/library/nginx:v1 --port=80 --replicas=3
kubectl expose deployment myapp1-test --port=30000 --target-port=80
部署 Dashboard
master01 节点上操作
vim recommended.yaml
kubectl apply -f recommended.yaml
#创建service account并绑定默认cluster-admin管理员集群角色
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
#获取token值
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
#使用输出的token登录Dashboard
https://20.0.0.92:30001