涨薪技术|Kubernetes(k8s)环境部署实战

01准备工作

1）修改主机名

hostnamectl set-hostname masterbash #更新主机名

2）关闭所有机器的swap分区

sudo swapoff -a#修改/etc/fstab，注释掉swap行sudo vi /etc/fstab

3）配置固定ip地址

#配置路径cd /etc/sysconfig/network-scripts/#查看设备名称 命令 ip route#一般是这样 ifcfg-ens33#修改ifcfg-ens33配置文件配置如下TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=static #注意不能设置为DHCP，需要设置为staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=3450af6e-c0eb-4ac5-80ca-4f23c8cce870DEVICE=ens33ONBOOT=yesIPADDR=192.168.158.100 #IP地址PREFIX=24GATEWAY=192.168.158.2 #网关DNS1=223.5.5.5 #DNS服务器IPV6_PRIVACY=no#重启网络service network restart

4）关闭防火墙

systemctl stop firewalldsystemctl disable firewalld

5）关闭linux安全策略​​​​​​​

首先使用以下命令检查系统上 SELinux 的状态：sestatus暂时禁用 SELinux，请在终端中输入以下命令：sudo setenforce 0永久关闭打开/etc/sysconfig/selinux文件sudo vi /etc/sysconfig/selinux将SELINUX=enforcing指令更改为SELINUX=disabled要使更改生效，你需要使用以下命令重新启动系统：sudo shutdown -r now

6）添加主机名与IP映射​​​​​​​

[root@master network-scripts]# cat /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.158.100 master192.168.158.101 node1192.168.158.102 node2

7）将桥接的 IPv4 流量传递到 iptables 的链​​​​​​​

[root@master sysctl.d]# cat k8s.confnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1cat > /etc/sysctl.d/k8s.conf << EOFnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1EOFsysctl --system

8）统一时区时间​​​​​​​

yum install ntpdate -yntpdate time.windows.com

02部署docker容器

2.1）安装docker容器​​​​​​​

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O/etc/yum.repos.d/docker-ce.repoyum -y install docker-cesystemctl enable docker && systemctl start docker

2.2）配置镜像下载加速器

这两者都是在/etc/docker/daemon.json里修改的，所以我们一起配置了就好了，首先执行下述命令编辑daemon.json：​​​​​​​

sudo vim /etc/docker/daemon.jsonbr

打开后输入以下内容：​​​​​​​

{"registry-mirrors": ["https://87mcprgz.mirror.aliyuncs.com"]}

然后:wq 保存后重启 docker：

sudo systemctl restart docker

03k8s安装部署

3.1）添加阿里云yum软件源​​​​​​​

cat > /etc/yum.repos.d/kubernetes.repo << EOF[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttps://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF[root@master yum.repos.d]# cat kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttps://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

3.2）安装kubeadm、kubelet和kubectl

安装1.19.0版本​​​​​​​

yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0systemctl enable kubelet

04部署Kubernetes master​​​​​​​

kubeadm init \--apiserver-advertise-address=192.168.158.100 \--image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \--kubernetes-version v1.19.0 \--service-cidr=10.96.0.0/16 \--pod-network-cidr=10.244.0.0/16​​​​​​

mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config​​​​​​​

kubeadm join 192.168.158.100:6443 --token lb07cr.n6k8vb29fei28ulp --discovery-token-ca-cert-hashsha256:f847403d59dbe306ac60decc5dcdfa3d86cd77b3de8c1d54b2acf460129c9131上面这串值是用于加入主节点的信息，拷贝并保存好，如果没有保存这串值，可以使用以下命令来获取kubeadm token create --print-join-command

05加入kubernetes node

在node节点机器上执行以下命令，对节点进行集群​​​​​​​

kubeadm join 192.168.158.100:6443 --token lb07cr.n6k8vb29fei28ulp --discovery-token-ca-cert-hashsha256:f847403d59dbe306ac60decc5dcdfa3d86cd77b3de8c1d54b2acf460129c9131

06部署容器网络（CNI）

刚加入的节点需要调试网络才能进行通信。​​​​​​​

journalctl -u kubelet > test.txt使用上面的命令可以查看kubelet的日志文件Dec 16 09:49:11 master kubelet[1006]: E1216 09:49:11.497291 1006kubelet.go:2103] Container runtime network not ready: NetworkReady=falsereason:NetworkPluginNotReady message:docker: network plugin is not ready: cniconfig uninitializedDec 16 09:49:13 master kubelet[1006]: W1216 09:49:13.537844 1006 cni.go:239]Unable to update cni config: no networks found in /etc/cni/net.d通过日志可以看出来，网络没有准备好的原因是因为少了network plugin所以接下来需要安装network plugin

网络插件下载的地址如下：

https://kubernetes.io/docs/concepts/cluster-administration/addons/

里面的插件各类很多，一般下载calico的插件对应的yaml文件

https://docs.projectcalico.org/manifests/calico.yaml

修改IP地址：​​​​​​​

- name: CALICO_IPV4POOL_CIDRvalue: "10.244.0.0/16"# Disable file logging so `kubectl logs` works.- name: CALICO_DISABLE_FILE_LOGGINGvalue: "true"

将CALICO_IPV4POOL_CIDR中的IP地址改为 10.244.0.0/16，这个IP地址即是在初始化master节点时--pod-network-cidr=10.244.0.0/16选项所设置的IP地址。

用以下命令安装插件即可:

kubectl apply -f calico.yaml

网络插件CNI也是以容器的方式进行启动​​​​​​​

[root@master ~]# kubectl get pods -n kube-systemNAME READY STATUS RESTARTSAGEcalico-kube-controllers-bcc6f659f-8xptv 0/1 ImagePullBackOff 02mcalico-node-bhhfk 1/1 Running 02mcalico-node-gxjrv 1/1 Running 02mcalico-node-m6pzj 1/1 Running 02mcoredns-6c76c8bb89-6n7vw 1/1 Running 03dcoredns-6c76c8bb89-mkwwv 1/1 Running 03detcd-master 1/1 Running 33dkube-apiserver-master 1/1 Running 73dkube-controller-manager-master 1/1 Running 103dkube-proxy-4gp79 1/1 Running 210hkube-proxy-jdhlk 1/1 Running 73dkube-proxy-twxdz 1/1 Running 17h14mkube-scheduler-master 1/1 Running 103d

06​​​​​​​部署Dashboard

7.1)安装Dashboard

首先下载recommended.yaml文件，并上传到master节点机器上对recommended.yaml进行以下修改​​​​​​​

metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboardspec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboardtype: NodePort #添加这行代码

再使用以下命令进行安装：​​​​​​​

kubectl apply -f recommended.yaml[root@master ~]# kubectl apply -f dashboard.yamlnamespace/kubernetes-dashboard createdserviceaccount/kubernetes-dashboard createdservice/kubernetes-dashboard createdsecret/kubernetes-dashboard-certs createdsecret/kubernetes-dashboard-csrf createdsecret/kubernetes-dashboard-key-holder createdconfigmap/kubernetes-dashboard-settings createdrole.rbac.authorization.k8s.io/kubernetes-dashboard createdclusterrole.rbac.authorization.k8s.io/kubernetes-dashboard createdrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard createdclusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard createddeployment.apps/kubernetes-dashboard createdservice/dashboard-metrics-scraper createddeployment.apps/dashboard-metrics-scraper created

安装完成后可以检查是否拉取了对应的容器​​​​​​​

[root@master ~]# kubectl get pods -n kubernetes-dashboardNAME READY STATUS RESTARTS AGEdashboard-metrics-scraper-7b59f7d4df-b75bs 1/1 Running 0 70skubernetes-dashboard-5dbf55bd9d-tfnc7 1/1 Running 0 70s
如果出现1/1就表示需要的容器都已经拉取成功

7.2）访问dashboard页面

安装完成后，可以使用以下命令来查看dashboard访问的端口号​​​​​​​

[root@master ~]# kubectl get pods,svc -n kubernetes-dashboardNAME READY STATUS RESTARTSAGEpod/dashboard-metrics-scraper-7b59f7d4df-b75bs 1/1 Running 091mpod/kubernetes-dashboard-5dbf55bd9d-tfnc7 1/1 Running 091mNAME TYPE CLUSTER-IP EXTERNAL-IPPORT(S) AGEservice/dashboard-metrics-scraper ClusterIP 10.96.59.159 <none>8000/TCP 91mservice/kubernetes-dashboard NodePort 10.96.11.188 <none>443:32349/TCP 91m

使用以下URL地址可以访问bashboard页面​​​​​​​

https://192.168.158.100:32349192.168.158.100是master主机的IP地址32349是bashboard暴露出来的端口号

dashboard提供了两种登录方面，一般选择token登录

7.3）创建授权帐号并登录

使用以下命令创建帐号，授权并生成token​​​​​​​

#创建用户[root@master ~]# kubectl create serviceaccount dashboard-admin -n kube-systemserviceaccount/dashboard-admin created#对用户进行授权kubectl create clusterrolebinding dashboar-admin --clusterrole=cluter-admin --serviceaccount=kube-system:dashboard-admin#获取用户Token[root@master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-systemget secret|awk '/dashboard-admin/{print $1}')Name: dashboard-admin-token-vsqxhNamespace: kube-systemLabels: <none>Annotations: kubernetes.io/service-account.name: dashboard-adminkubernetes.io/service-account.uid: 66b58e6f-14ad-40f9-9d5adcb6dc1201eaType: kubernetes.io/service-account-tokenData====ca.crt: 1066 bytesnamespace: 11 bytes
token:eyJhbGciOiJSUzI1NiIsImtpZCI6Ik45UnZ6djU1aGVPb0N0TWxJTEhCaHRSOWxhQzNZbDJMS29xLU9BTUxlSFkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdnNxeGgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjZiNThlNmYtMTRhZC00MGY5LTlkNWEtZGNiNmRjMTIwMWVhIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.u19UBetYrauff50qC1l5mHy9ONCJeUODyAD4yrPPt1SAV1GaXoAd2iYXkAoDd39qejpXFJgNB3zSMcapsTOyEFF0MrCcFYb61XEXs4igMn7Wjt7NbRG5gwrhsDWb8ceN_AcyT-yEEqmv696Ff6acY42EekY5SifkjiXtkjxXlI8DU9xcdaB4qucVH6cNCz29JmZvppARGKF9iexC4zFQzNhb4QWT4NoaJQAoH4bSS1y7xuBpjT3ic4-Jx9_rU55pBGCTGTfBgZH9_xidqo-UcdzK0NH2cZGj_ZpYRl18WvITWfUuveUNKxQkbkMyRMDdj741jxsBKRZINxS7740A

将这串token值输入登录框的token中进行登录就可以使用啦，大功告成！