本教程通過虛擬機進行環境搭建虛擬機聯網配置虛擬機設置靜態IP 設置網卡連接方式  準備兩臺虛擬機 機器 IPhostname192.168.243.1

本教程通過虛擬機進行環境搭建

虛擬機聯網配置

虛擬機設置靜態IP

1. 設置網卡連接方式
   
2. 準備兩臺虛擬機
   

1. 配置靜態IP (master 和 node 都要配置)

vi /etc/sysconfig/network-scripts/ifcfg-ens33nnTYPE="Ethernet"nPROXY_METHOD="none"nBROWSER_ONLY="no"nBOOTPROTO="static"nDEFROUTE="yes"nIPV4_FAILURE_FATAL="no"nIPV6INIT="yes"nIPV6_AUTOCONF="yes"nIPV6_DEFROUTE="yes"nIPV6_FAILURE_FATAL="no"nIPV6_ADDR_GEN_MODE="stable-privacy"nNAME="ens33"nUUID="d00801e4-2486-4c94-9402-018fdb60fc77"nDEVICE="ens33"nONBOOT="yes"nnn#### 以下是靜態ip配置時新增內容nIPADDR="192.168.243.134" # 此處給自己設置一個靜態ip, master: 192.168.243.134 node1: 192.168.243.136. 根據自己的實際ip進行填寫nNETMASK="255.255.255.0" nGATEWAY="192.168.243.1" # 網關配置.沒有什么特殊需求,前三位和 IPADDR 前三位保持一致. 最后一位使用 1. 如: 192.168.243.1nDNS1="223.5.5.5" # 固定不變nn####### 使用命令重啟網絡nservice network restart

• 關閉防火墻 (master 和 node 都要執行)

systemctl stop firewalldnsystemctl disable firewalld

• 關閉selinux (master 和 node 都要執行)

setenforce 0 # 臨時關閉nsed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 永久關閉

• 關閉swap(master/node)

swapoff -a # 臨時關閉；關閉swap主要是為了性能考慮nfree # 可以通過這個命令查看swap是否關閉了nsed -ri 's/.*swap.*/#&/' /etc/fstab # 永久關閉

• 修改host文件(master 和 node 都要執行)

vi /etc/hostsnn192.168.243.134 master.com master # 主機 hostn192.168.243.136 node1.com node1 # node hostn199.232.28.133 raw.githubusercontent.com # 后面的步驟會在這個網站進行文件下載,如果無法下載文件,可以在 host 文件中添加這個地址

• 修改主機名(master 和 node 都要執行)

master 調整

hostnamectl set-hostname master ##重啟后永久生效

node1 調整

hostnamectl set-hostname node1 ##重啟后永久生效

• 橋接設置(master 和 node 都要執行)

cat > /etc/sysctl.d/k8s.conf << EOFnnet.bridge.bridge-nf-call-ip6tables = 1nnet.bridge.bridge-nf-call-iptables = 1nEOFnnnsysctl --system

• 添加阿里云源 (master 和 node 都要執行)

rm -rf /etc/yum.repos.d/*ncurl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

• 安裝常用包 (master 和 node 都要執行)

yum install vim bash-completion net-tools gcc -y

• 安裝 docker (master 和 node 都要執行)

yum install -y yum-utils device-mapper-persistent-data lvm2nnyum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.reponnyum -y install docker-ce

• 添加aliyundocker倉庫加速器(master 和 node 都要執行)

mkdir -p /etc/dockernntee /etc/docker/daemon.json <<-'EOF'n{n "registry-mirrors": ["https://fl791z1h.mirror.aliyuncs.com"]n}nEOFnnsystemctl daemon-reloadnnsystemctl restart docker

安裝kubectl、kubelet、kubeadm(master 和 node 都要執行)

• 添加阿里kubernetes源(master 和 node 都要執行)

cat <<EOF > /etc/yum.repos.d/kubernetes.repon[kubernetes]nname=Kubernetesnbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/nenabled=1ngpgcheck=1nrepo_gpgcheck=1ngpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgnEOF

• 安裝 kubectl、kubelet、kubeadm (master 和 node 都要執行)

yum install kubectl kubelet kubeadmnn#### 此時，還不能啟動kubelet，因為此時配置還不能.nsystemctl enable kubelet

初始化k8s集群(僅 master 需要安裝)

• 查看 kubeadm 版本

[root@localhost ~]# kubeadm versionnkubeadm version: &version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.2", GitCommit:"faecb196815e248d3ecfb03c680a4507229c2a56", GitTreeState:"clean", BuildDate:"2021-01-13T13:25:59Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}nn## 當前版本: GitVersion:"v1.20.2"

• 初始化集群

kubeadm init --kubernetes-version=1.20.2 n--apiserver-advertise-address=192.168.243.134 n--image-repository registry.aliyuncs.com/google_containers n--service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16

這里注意有兩個參數是需要調整的 --kubernetes-version: 引用 kubeadm 的版本號 --apiserver-advertise-address: 需要替換為 master ip 地址

創建kubectl(僅 master 需要安裝)

mkdir -p $HOME/.kubennsudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/confignnsudo chown $(id -u):$(id -g) $HOME/.kube/config

• 查看節點 pod

[root@localhost ~]# kubectl get nodenNAME STATUS ROLES AGE VERSIONnlocalhost.localdomain NotReady control-plane,master 139m v1.20.2nnn[root@localhost ~]# kubectl get pod --all-namespacesnNAMESPACE NAME READY STATUS RESTARTS AGEnkube-system coredns-7f89b7bc75-4cvgf 0/1 Pending 0 2mnkube-system coredns-7f89b7bc75-nfdvg 0/1 Pending 0 2mnkube-system etcd-master 1/1 Running 0 2m10snkube-system kube-apiserver-master 1/1 Running 0 2m10snkube-system kube-controller-manager-master 1/1 Running 0 2m10snkube-system kube-proxy-hk47n 1/1 Running 0 2mnkube-system kube-scheduler-master 1/1 Running 0 2m10s

node節點為NotReady，因為corednspod沒有啟動，缺少網絡pod

安裝calico網絡(僅 master 需要安裝)

[root@localhost ~]# kubectl apply -f https://docs.projectcalico.org/manifests/calico.yamlnn#### 執行結果nconfigmap/calico-config createdncustomresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org createdncustomresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org creatednclusterrole.rbac.authorization.k8s.io/calico-kube-controllers creatednclusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers creatednclusterrole.rbac.authorization.k8s.io/calico-node creatednclusterrolebinding.rbac.authorization.k8s.io/calico-node createdndaemonset.apps/calico-node creatednserviceaccount/calico-node createdndeployment.apps/calico-kube-controllers creatednserviceaccount/calico-kube-controllers creatednpoddisruptionbudget.policy/calico-kube-controllers created

• 查看pod和node

命令可以等一會執行,因為部分服務在啟動,狀態不會立馬變更為 Running 狀態

[root@localhost ~]# kubectl get pod --all-namespacesnn#### 執行結果nNAMESPACE NAME READY STATUS RESTARTS AGEnkube-system calico-kube-controllers-744cfdf676-djfcb 1/1 Running 0 135mnkube-system calico-node-r8g7m 1/1 Running 0 135mnkube-system coredns-7f89b7bc75-2c8c4 1/1 Running 0 142mnkube-system coredns-7f89b7bc75-zl49d 1/1 Running 0 142mnkube-system etcd-localhost.localdomain 1/1 Running 0 142mnkube-system kube-apiserver-localhost.localdomain 1/1 Running 0 142mnkube-system kube-controller-manager-localhost.localdomain 1/1 Running 0 142mnkube-system kube-proxy-lvwhk 1/1 Running 0 142mnkube-system kube-scheduler-localhost.localdomain 1/1 Running 0 142mnkubernetes-dashboard dashboard-metrics-scraper-79c5968bdc-hdzlm 1/1 Running 0 100mnkubernetes-dashboard kubernetes-dashboard-7448ffc97b-d2q5v 1/1 Running 0 100m

安裝kubernetes-dashboard(僅 master 需要安裝)

• 官方部署dashboard的服務沒使用nodeport，將yaml文件下載到本地，在service里添加nodeport

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml

如: dashboard 界面報錯

namespaces is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "namespaces" in API group "" at the cluster scope

原因: 發現是dashboard的版本和kubernetes的版本不一致

解決方案: 從 https://github.com/kubernetes/dashboard/releases 找到對應版本的 dashboard 的 yaml 重新部署, 即可解決

如果訪問失敗: 在 hosts 文件中添加 199.232.28.133 raw.githubusercontent.com

備用下載地址

• 編輯 recommended.yaml 文件

vim recommended.yamlnnkind: ServicenapiVersion: v1nmetadata:n labels:n k8s-app: kubernetes-dashboardn name: kubernetes-dashboardn namespace: kubernetes-dashboardnspec:n type: NodePortn ports:n - port: 443n targetPort: 8443n nodePort: 30000n selector:n k8s-app: kubernetes-dashboard

- 創建 dashboard

kubectl create -f recommended.yaml

通過 token 方式登錄 k8s dashboard

獲取 token

### 創建 service accountnkubectl create sa dashboard-admin -n kube-systemnn### 創建角色綁定關系nkubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-adminnn### 查看 dashboard-admin 的 secret 名字nADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')nn### 打印 secret 的tokennkubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}'

• 進入 dashboard 頁面

瀏覽器輸入master主機地址 + 30000,使用https協議 如: https://192.168.243.134:30000

node 加入到集群

在 master 主機上生成 token

默認token的有效期為24小時，當過期之后，該token就不可用了，在master節點上執行 kubeadm token create

• 創建token (僅 master 需要執行)

這個 token 可以自動設定,需要按照規則生成token

## token 規則 A([a-z0-9]{6}).([a-z0-9]{16})znkubeadm token create token1.tokentokentoken1

• 查看 token(僅 master 需要執行)

kubeadm token listnn### 執行結果nTOKEN TTL EXPIRES USAGES DESCRIPTION ntoken1.tokentokentoken1 23h 2021-01-30T17:33:23+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token

• 獲取ca證書sha256編碼hash值(僅 master 需要執行)

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'nn### 執行結果n0654fa65a6a2b7fe09cb605f24809e7fe61cdc910d7b2b74165c6c8843c197c7

• 節點加入集群(僅 node 需要執行)

### 清理環境nkubeadm reset nn### 鏈接集群nkubeadm join 192.168.243.134:6443 --token token1.tokentokentoken1 n--discovery-token-ca-cert-hash sha256:0654fa65a6a2b7fe09cb605f24809e7fe61cdc910d7b2b74165c6c8843c197c7

重啟集群命令

systemctl daemon-reloadnsystemctl restart kubelet