Centos7.2/7.3集群安装Kubernetes 1.8.4 + Dashboard
1.环境配置结点数量:3
结点系统:CentOS 7.2 / 7.3
2.效果展示
https://images2017.cnblogs.com/blog/1143917/201711/1143917-20171121223326665-1582465377.png
https://images2017.cnblogs.com/blog/1143917/201711/1143917-20171121223301352-552476681.png
3.搭建Kubernetes环境【1】
3.1 概述
Kubernetes集群环境由Master结点和多个Worker结点组成,不同角色的环境配置不同
假如三个结点的IP如下:
k8s-Master: 192.168.1.1
k8s-Worker1:192.168.1.2
k8s-Worker2:192.168.1.3
3.2 Master结点环境设置
步骤1:修改hostname,禁用SELinux,设置防火墙或者禁用防火墙
#修改hostname和禁用SELinux
~]# hostnamectl set-hostname 'k8s-master'
~]# exec bash
~]# setenforce 0
~]# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
#设置防火墙
# firewall-cmd --permanent --add-port=6443/tcp
# firewall-cmd --permanent --add-port=2379-2380/tcp
# firewall-cmd --permanent --add-port=10250/tcp
# firewall-cmd --permanent --add-port=10251/tcp
# firewall-cmd --permanent --add-port=10252/tcp
# firewall-cmd --permanent --add-port=10255/tcp
# firewall-cmd --reload
# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
#或者禁用防火墙
#systemctl stop firewalld && systemctl disable firewalld
步骤2:配置Kubernetes源
官方给的例子中,源里面的Kubernetes 版本太旧,写作时还是1.5.2版本,这个版本会有Dashboard的访问查看问题,建议不采用官方这个例子。
使用新的源:
#创建/etc/yum.repos.d/kubernetes.repo文件
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
步骤3:安装Kubeadm和Docker
安装之前必须将先前的旧版本完全删除,详细请参考CenOS yum remove 命令
# yum install kubeadm docker -y
启动并启用Kubectl和Docker服务
# systemctl restart docker && systemctl enable docker
# systemctlrestart kubelet && systemctl enable kubelet
步骤4:初始化Kubernetes Master
# kubeadm init
如果报错说Swap on not support, 则使用命令 swapoff -a关闭swap功能即可
等待一会后会出现Successfully,借用一下别人的图
https://images2017.cnblogs.com/blog/1143917/201711/1143917-20171121230126805-217354606.jpg
注意保存生成的Token,后面要用到
步骤5:使用Cluster,确保下面的文件在当前用户的master上,其他用户没有此文件不能访问cluster
# mkdir -p $HOME/.kube
# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# chown $(id -u):$(id -g) $HOME/.kube/config
步骤6:部署pod 网络到集群上
Pod网络介绍:To make the cluster status ready and kube-dns status running, deploy the pod network so that containers of different host communicated each other.POD network is the overlay network between the worker nodes.
# export kubever=$(kubectl version | base64 | tr -d '\n')
# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$kubever"
serviceaccount "weave-net" created
clusterrole "weave-net" created
clusterrolebinding "weave-net" created
daemonset "weave-net" created
步骤7:验证结点状态
# kubectl get nodes
NAME STATUS AGE VERSION
k8s-master Ready 1h v1.7.5
# kubectlget pods--all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system etcd-k8s-master 1/1 Running 0 57m
kube-system kube-apiserver-k8s-master 1/1 Running 0 57m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 57m
kube-system kube-dns-2425271678-044ww 3/3 Running 0 1h
kube-system kube-proxy-9h259 1/1 Running 0 1h
kube-system kube-scheduler-k8s-master 1/1 Running 0 57m
kube-system weave-net-hdjzd 2/2 Running 0 7m
3.3 Worker结点环境设置
步骤1:禁用SELinux,配置防火墙【参考Master结点环境配置步骤1】
步骤2:配置Kubernetes源【参考Master结点环境配置步骤2】
步骤3:安装Kubeadm和Docker【参考Master结点环境配置步骤3】,Worker结点只需要重启docker服务即可.
步骤4:将工作节点加入到Master结点的集群中,这里的Token就是刚刚Master初始化得到的Token
# kubeadm join --token a3bd48.1bc42347c3b35851 192.168.1.1:6443
如果报错说端口10250被占用,则执行下面命令找到相关进程并杀掉:
sudo lsof -i :10250
sudo kill
如果报错说/etc/kubernets/下面文件已经存在,则直接删除再执行上面join命令即可
步骤5: 在Master结点上观察集群情况
# kubectl get nodes
NAME STATUS AGE VERSION
k8s-master Ready 2h v1.7.5
worker-node1 Ready 20m v1.7.5
worker-node2 Ready 18m v1.7.5
#
4.搭建Dashboard环境
4.1 下载Dashboard文件
git clone https://github.com/kubernetes/dashboard
4.2 部署Dashboard
cd dashboard/src/deploy/recommend
kubectl apply -fkubernetes-dashboard.yaml
4.3 从本地访问Dashboard
#注意,这种方法只能从启动Dashboard的机器进行访问
kubectl proxy
Starting to serve on 127.0.0.1:8001
#在本地浏览器输入下面地址进行访问
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
4.4 从外部访问Dashboard
#先修改kubernetes-dashboard服务
$ kubectl -n kube-system edit service kubernetes-dashboard
#将里面的 type:ClusterIP 改为 type:NodePort,然后保存
#查看外部端口号
$ kubectl -n kube-system get service kubernetes-dashboard
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard 10.100.124.90 <nodes> 443:31707/TCP 21h
#使用master(就是启动Dashboard的那台机器)的ip和31707这个端口进行访问即可,注意要用https协议而不是http
4.5 登录Dashboard账户方式
使用Token方式
#查看token
# kubectlget secret -n kube-system
#选择namespace-controller-token
#kubectl describe secret/namespace-controller-token-4vvdq -n kube-system
Name: namespace-controller-token-4vvdq
Namespace: kube-system
Labels: <none>
Annotations:kubernetes.io/service-account.name=namespace-controller
kubernetes.io/service-account.uid=84ff3777-ce8f-11e7-a967-f8bc124d5cbc
Type:kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace:11 bytes
token: eyDF4E4HuKNy6y..........Nd5xQDoCT0Pru-FdAzw
将得到的Token复制到浏览器的登录界面,点击sign in就可以登录进去了,因为每个token对应的权限不同,因此可以查看的内容不一样,这方面还有待探索
5. 相关命令
#查看集群结点状态
kubectl get nodes
#查看详细结点信息
kubectl describe nodes
#查看集群服务状态
kubectl get pods --all-namespaces
#查看集群运行在那些ip上
kubectl cluster-info
#查看master的各种token
kubectl get secret -n kube-system
#查看某一个特定的token
kubectl describe secret/ -n kube-system
5.参考文献
【1】How to Install Kubernetes (k8s) 1.7 on CentOS 7 / RHEL 7 .
【2】README
【3】Accessing Dashboard 1.7.x and above
【4】Kubernetes Dashboard 1.7.0部署二三事【http://tonybai.com/2017/09/26/some-notes-about-deploying-kubernetes-dashboard-1-7-0/】
【5】How to sign in the kubernetes dashboard?
【6】Dashboard总览
【7】Dashboard Authentication
页:
[1]