K8s集群-环境搭建

K8S集群部署

准备

关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
关闭selinux
vim /etc/selinux/config
SELINUX=enforcing==>SELINUX=disable

安装Dokcer

docker源
[[email protected] ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce-18.06.1.ce-3.el7
systemctl enable docker&&systemctl start docker

kubelet、kubeadm、kubectl安装

关闭swap
vim /etc/fstab
注释swap，永久关闭
执行
swapoff -a
传递IPV4流量到iptables链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
准备repo
[[email protected] ~]# cd /etc/yum.repos.d/
k8s源
[[email protected] yum.repos.d]# vim k8s.repo
[k8s]
name=k8s repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
保存退出

#导入公钥
[[email protected] yum.repos.d]# yum repolist
[[email protected] yum.repos.d]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
[[email protected] yum.repos.d]# rpm --import yum-key.gpg
[[email protected] yum.repos.d]# wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[[email protected] yum.repos.d]# rpm --import rpm-package-key.gpg

yum install kubelet-1.13.3 kubeadm-1.13.3 kubectl-1.13.3
有如下报错
Error: Package: kubelet-1.13.3-0.x86_64 (k8s)
Requires: kubernetes-cni = 0.6.0
Available: kubernetes-cni-0.3.0.1-0.07a8a2.x86_64 (k8s)
kubernetes-cni = 0.3.0.1-0.07a8a2
Available: kubernetes-cni-0.5.1-0.x86_64 (k8s)
kubernetes-cni = 0.5.1-0
Available: kubernetes-cni-0.5.1-1.x86_64 (k8s)
kubernetes-cni = 0.5.1-1
Available: kubernetes-cni-0.6.0-0.x86_64 (k8s)
kubernetes-cni = 0.6.0-0
Installing: kubernetes-cni-0.7.5-0.x86_64 (k8s)
kubernetes-cni = 0.7.5-0
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
安装相关依赖：
yum install kubernetes-cni = 0.6.0
再执行安装命令
开机启动
systemctl enable kubelet
(以上所有节点执行)

主节点执行初始化

kubeadm init
–apiserver-advertise-address=192.168.130.138
–image-repository registry.aliyuncs.com/google_containers
–kubernetes-version v1.13.3
–service-cidr=10.1.0.0/16
–pod-network-cidr=10.244.0.0/16
生成token，初始化成功
kubeadm join 192.168.130.138:6443 --token 2vagnb.dlbfi6fr69kuznsp --discovery-token-ca-cert-hash sha256:9818c0a38b63ec9087ebaeed9902bbe5208f95f39dcaeccb6ac705a798953eeb
执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id−u):(id -g) $HOME/.kube/config
查看Master节点
kubectl get node
status
NotReady

安装pod

因为其本身没有集成跨主机网络的，所以要借助第三方插件完成
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看镜像是否完整
kubectl get pods -n kube-system

若缺少相应镜像，则根据yml文件通过docker pull拉取
添加节点
在Node上执行
kubeadm join 192.168.130.138:6443 --token 2vagnb.dlbfi6fr69kuznsp --discovery-token-ca-cert-hash sha256:9818c0a38b63ec9087ebaeed9902bbe5208f95f39dcaeccb6ac705a798953eeb
等待节点下载flanel镜像

节点删除操作

kubectl drain luosen1 --delete-local-data --force --ignore-daemonsets
kubectl delete node luosen1
在对应节点上执行
kubeadm reset
重新执行join加入

部署Dashboard

获取yaml到本地
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
修改镜像源
spec:
containers:
- name: kubernetes-dashboard
#image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10
image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
ports:
- containerPort: 8443
protocol: TCP
便于本地访问，添加type
#------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
selector:
启动
kubectl apply -f kubernetes-dashboard.yaml
查看Dashboard
kubectl get service -n kube-system | grep dashboard
kubectl get pod --namespace=kube-system -o wide | grep dashboard
使用https访问

创建token并登录

kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluste r-admin --serviceaccount=kube-system:dashboard-admin
查看token
kubectl get secret -n kube-system
kubectl describe secret dashboard-admin-token-sskn9 -n kube-system
输入token进入

删除Dashboard

kubectl get secret,sa,role,rolebinding,services,deployments --namespace=kube-system | grep dashboard
kubectl delete deployment kubernetes-dashboard --namespace=kube-system
kubectl delete service kubernetes-dashboard --namespace=kube-system
kubectl delete role kubernetes-dashboard-minimal --namespace=kube-system
kubectl delete rolebinding kubernetes-dashboard-minimal --namespace=kube-system
kubectl delete sa kubernetes-dashboard --namespace=kube-system
kubectl delete secret kubernetes-dashboard-certs --namespace=kube-system
kubectl delete secret kubernetes-dashboard-key-holder --namespace=kube-system