[关闭]
@zhangyy 2020-04-09T21:03:38.000000Z 字数 13167 阅读 140

kubernetes 高可用的配置

kubernetes系列


一:kubernetes 高可用的配置

一:kubernetes 的 kubeadmn高可用的配置

image_1e5fe57c54bk19pf1urc16kk24t9.png-93.3kB


二: 系统初始化

2.1 系统主机名

  1. 192.168.100.11 node01.flyfish
  2. 192.168.100.12 node02.flyfish
  3. 192.168.100.13 node03.flyfish
  4. 192.168.100.14 node04.flyfish
  5. 192.168.100.15 node05.flyfish
  6. 192.168.100.16 node06.flyfish
  7. 192.168.100.17 node07.flyfish
  8. ----
  9. node01.flyfish / node02.flyfish /node03.flyfish 作为master 节点
  10. node04.flyfish / node05.flyfish / node06.flyfish 作为work节点
  11. node07.flyfish 作为 测试节点
  12. keepalive集群VIP 地址为: 192.168.100.100

image_1e5ekelon1k88ke4eh8tfvph9.png-84.6kB


2.2 关闭firewalld 清空iptables 与 selinux 规则

  1. 系统节点全部执行:
  2. systemctl stop firewalld && systemctl disable firewalld && yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save

image_1e5ekimj2rha3bi4ab1svc18kmm.png-168.9kB

  1. 关闭 SELINUXswap 内存
  2. swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
  3. setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

image_1e5ekjkm11idhjke1j40eoakkf13.png-96.6kB


2.3 安装 依赖包

  1. 全部节点安装
  2. yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git

image_1e5ekku5ccjg13fr1cdpo7rvlu1g.png-380.6kB

2.4升级调整内核参数,对于 K8S

  1. 所有节点都执行
  2. cat > kubernetes.conf <<EOF
  3. net.bridge.bridge-nf-call-iptables=1
  4. net.bridge.bridge-nf-call-ip6tables=1
  5. net.ipv4.ip_forward=1
  6. net.ipv4.tcp_tw_recycle=0
  7. vm.swappiness=0 # 禁止使用 swap 空间,只有当系统 OOM 时才允许使用它 vm.overcommit_memory=1 # 不检查物理内存是否够用
  8. vm.panic_on_oom=0 # 开启 OOM
  9. fs.inotify.max_user_instances=8192
  10. fs.inotify.max_user_watches=1048576
  11. fs.file-max=52706963
  12. fs.nr_open=52706963
  13. net.ipv6.conf.all.disable_ipv6=1
  14. net.netfilter.nf_conntrack_max=2310720
  15. EOF
  16. cp kubernetes.conf /etc/sysctl.d/kubernetes.conf
  17. sysctl -p /etc/sysctl.d/kubernetes.conf

image_1e5eko4qg16kt1g7i117j1hru15p41t.png-258.4kB

2.5 调整系统时区

  1. # 设置系统时区为 中国/上海 timedatectl set-timezone Asia/Shanghai
  2. # 将当前的 UTC 时间写入硬件时钟 timedatectl set-local-rtc 0
  3. # 重启依赖于系统时间的服务
  4. systemctl restart rsyslog && systemctl restart crond
  1. 关闭系统不需要的服务
  2. systemctl stop postfix && systemctl disable postfix

image_1e5ekqum213e9evpg01r3v17sb2a.png-50.5kB

2.6 设置 rsyslogd 和 systemd journald

  1. 系统全部节点
  2. mkdir /var/log/journal # 持久化保存日志的目录
  3. mkdir /etc/systemd/journald.conf.d
  4. cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
  5. [Journal]
  6. # 持久化保存到磁盘
  7. Storage=persistent
  8. # 压缩历史日志
  9. Compress=yes
  10. SyncIntervalSec=5m
  11. RateLimitInterval=30s
  12. RateLimitBurst=1000
  13. # 最大占用空间 10G
  14. SystemMaxUse=10G
  15. # 单日志文件最大 200M
  16. SystemMaxFileSize=200M
  17. # 日志保存时间 2 周
  18. MaxRetentionSec=2week
  19. # 不将日志转发到 syslog
  20. ForwardToSyslog=no
  21. EOF
  22. systemctl restart systemd-journald

image_1e5el0stg1rf01l261ofj1gmg1ks82n.png-140.1kB

2.7升级系统内核为 4.44

  1. CentOS 7.x 系统自带的 3.10.x 内核存在一些 Bugs,导致运行的 DockerKubernetes 不稳定,例如: rpm -Uvh
  2. http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
  3. rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
  4. # 安装完成后检查 /boot/grub2/grub.cfg 中对应内核 menuentry 中是否包含 initrd16 配置,如果没有,再安装 一次!
  5. yum --enablerepo=elrepo-kernel install -y kernel-lt
  6. # 设置开机从新内核启动
  7. grub2-set-default "CentOS Linux (4.4.182-1.el7.elrepo.x86_64) 7 (Core)"
  8. reboot
  9. # 重启后安装内核源文件
  10. yum --enablerepo=elrepo-kernel install kernel-lt-devel-$(uname -r) kernel-lt-headers-$(uname -r)

image_1e5elbe4h1l39uf73105qag9234.png-190.9kB

image_1e5elbvs38sj1bojtfik4je0b3h.png-67.1kB

2.8 kube-proxy开启ipvs的前置条件

  1. modprobe br_netfilter
  2. cat > /etc/sysconfig/modules/ipvs.modules <<EOF
  3. #!/bin/bash
  4. modprobe -- ip_vs
  5. modprobe -- ip_vs_rr
  6. modprobe -- ip_vs_wrr
  7. modprobe -- ip_vs_sh
  8. modprobe -- nf_conntrack_ipv4
  9. EOF
  10. chmod 755 /etc/sysconfig/modules/ipvs.modules
  11. bash /etc/sysconfig/modules/ipvs.modules
  12. lsmod | grep -e ip_vs -e nf_conntrack_ipv4

image_1e5elhs3f1o6k4ld14hhf1gqq641.png-168.3kB

image_1e5eli9t91enb1r6s8fk1401thj4e.png-110.8kB


三: 开始安装docker

3.1 安装docker

  1. 机器节点都执行:
  2. yum install -y yum-utils device-mapper-persistent-data lvm2
  3. yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  4. yum update -y && yum install docker-ce-18.09.9 docker-ce-cli-18.09.9 containerd.io -y
  5. 重启机器: reboot
  6. 查看内核版本: uname -r
  7. 在加载: grub2-set-default "CentOS Linux (4.4.182-1.el7.elrepo.x86_64) 7 (Core)" && reboot
  8. 如果还不行
  9. 就改 文件 vim /etc/grub2.cfg 注释掉 3.10 内核
  10. 保证 内核的版本 4.4
  11. service docker start
  12. chkconfig docker on
  13. ## 创建 /etc/docker 目录
  14. cat > /etc/docker/daemon.json <<EOF
  15. {
  16. "exec-opts": ["native.cgroupdriver=systemd"],
  17. "log-driver": "json-file",
  18. "log-opts": {
  19. "max-size": "100m"
  20. },
  21. "insecure-registries": ["https://node04.flyfish"],
  22. "registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com"]
  23. }
  24. EOF
  25. mkdir -p /etc/systemd/system/docker.service.d
  26. # 重启docker服务
  27. systemctl daemon-reload && systemctl restart docker && systemctl enable docker

image_1e5elqtq91e3vm5l57mngs7ec4r.png-321kB

image_1e5elrgrm6o82vs5do1a2r11c158.png-261.4kB

image_1e5elrv1l1ikn1o9m1qu72q1j5i5l.png-183.5kB

image_1e5eluv3i1v7eht9hhktge1pu162.png-257kB

image_1e5en7ilm1hvr6l816pldgr1j2cs.png-75.1kB

image_1e5en8otc1mv61m3313rmqlau449.png-17kB


  1. 安装命令补全工具
  2. yum -y install bash-completion
  3. source /etc/profile.d/bash_completion.sh

image_1e5f3c3vp1phl1l511q7ge0d1otc6v.png-69.6kB

image_1e5f3goqbfs2j7k1mig2fp16oe7c.png-149.6kB

  1. 镜像加速
  2. 由于Docker Hub的服务器在国外,下载镜像会比较慢,可以配置镜像加速器。主要的加速器有:Docker官方提供的中国registry mirror、阿里云加速器、DaoCloud 加速器,本文以阿里加速器配置为例。
  3. 登陆阿里云容器模块:
  4. 登陆地址为:https://cr.console.aliyun.com ,未注册的可以先注册阿里云账户
  5. mkdir /etc/docker
  6. tee /etc/docker/daemon.json <<-'EOF'
  7. {
  8. "registry-mirrors": ["https://dfmo7maf.mirror.aliyuncs.com"]
  9. }
  10. EOF

image_1e5f3nutnne01tnat6321613k86.png-369.3kB

image_1e5f3qfq6nlbtgr10gjdl713vo9g.png-76.7kB

  1. Cgroup Driver:
  2. 修改daemon.json
  3. 修改daemon.json,新增‘"exec-opts": ["native.cgroupdriver=systemd"]
  4. cat /etc/docker/daemon.json
  5. {
  6. "registry-mirrors": ["https://dfmo7maf.mirror.aliyuncs.com"],
  7. "exec-opts": ["native.cgroupdriver=systemd"]
  8. }
  9. 修改cgroupdriver是为了消除告警:
  10. [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

image_1e5f4kvhhkb01dmlainbdf11mn9t.png-42.5kB

  1. 重新加载docker
  2. systemctl daemon-reload
  3. systemctl restart docker

image_1e5f51e1vjpginite513a3qsuan.png-82kB

四:安装keepalived

  1. control plane节点都执行本部分操作。
  2. 安装keepalived
  3. yum install -y keepalived

image_1e5f54dsg1a41und1ptl169svs7b4.png-178.7kB

image_1e5f54s0t150k14rm3uv1t33nqkbh.png-176.1kB

image_1e5f55d3h1m5s1o3o1hctmt41da3bu.png-90kB

  1. keepalived配置
  2. node01.flyfish 配置:
  3. cat /etc/keepalived/keepalived.conf
  4. ---
  5. ! Configuration File for keepalived
  6. global_defs {
  7. router_id node01.flyfish
  8. }
  9. vrrp_instance VI_1 {
  10. state MASTER
  11. interface ens33
  12. virtual_router_id 50
  13. priority 100
  14. advert_int 1
  15. authentication {
  16. auth_type PASS
  17. auth_pass 1111
  18. }
  19. virtual_ipaddress {
  20. 192.168.100.100
  21. }
  22. }
  23. ---
  24. node02.flyfish 配置:
  25. cat /etc/keepalived/keepalived.conf
  26. ---
  27. ! Configuration File for keepalived
  28. global_defs {
  29. router_id node02.flyfish
  30. }
  31. vrrp_instance VI_1 {
  32. state BACKUP
  33. interface ens33
  34. virtual_router_id 50
  35. priority 90
  36. advert_int 1
  37. authentication {
  38. auth_type PASS
  39. auth_pass 1111
  40. }
  41. virtual_ipaddress {
  42. 192.168.100.100
  43. }
  44. }
  45. ---
  46. node03.flyfish 配置
  47. cat /etc/keepalived/keepalived.conf
  48. ---
  49. ! Configuration File for keepalived
  50. global_defs {
  51. router_id node03.flyfish
  52. }
  53. vrrp_instance VI_1 {
  54. state BACKUP
  55. interface ens33
  56. virtual_router_id 50
  57. priority 90
  58. advert_int 1
  59. authentication {
  60. auth_type PASS
  61. auth_pass 1111
  62. }
  63. virtual_ipaddress {
  64. 192.168.100.100
  65. }
  66. }
  67. ---
  68. 所有control plane启动keepalived服务并设置开机启动
  69. service keepalived start
  70. systemctl enable keepalived

image_1e5f5qva9i6uefa1skn1n9thr1cb.png-54.9kB

  1. vipnode01.flyfish

image_1e5f5s1if17p21t0j112u7fo1l7qco.png-213.9kB


五: k8s安装

5.1:安装 Kubeadm (主从配置)

  1. control planework节点都执行本部分操作。
  2. cat >> /etc/yum.repos.d/kubernetes.repo << EOF
  3. [kubernetes]
  4. name=Kubernetes
  5. baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
  6. enabled=1
  7. gpgcheck=0
  8. repo_gpgcheck=0
  9. gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
  10. http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  11. EOF

image_1e5epu73g1k2nqjejo31okhn3o41.png-77.8kB


  1. yum list kubelet --showduplicates | sort -r
  2. 本文安装的kubelet版本是1.16.4,该版本支持的docker版本为1.13.1, 17.03, 17.06, 17.09, 18.06, 18.09

image_1e5f66iho1di42dfdan1e0bqukd5.png-225.5kB

  1. yum -y install kubeadm-1.16.4 kubectl-1.16.4 kubelet-1.16.4
  2. ---
  3. kubelet 运行在集群所有节点上,用于启动Pod和容器等对象的工具
  4. kubeadm 用于初始化集群,启动集群的命令工具
  5. kubectl 用于和集群通信的命令行,通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件
  6. ---
  7. 启动kubelet:
  8. systemctl enable kubelet && systemctl start kubelet

image_1e5f6cvk4un4utu11v02lpln0di.png-238.2kB

  1. kubectl命令补全
  2. echo "source <(kubectl completion bash)" >> ~/.bash_profile
  3. source .bash_profile

image_1e5f6il6s1pp7p3613eq1aqagq0dv.png-70.8kB

5.2 下载镜像

  1. 镜像下载的脚本:
  2. Kubernetes几乎所有的安装组件和Docker镜像都放在goolge自己的网站上,直接访问可能会有网络问题,这里的解决办法是从阿里云镜像仓库下载镜像,拉取到本地以后改回默认的镜像tag。本文通过运行image.sh脚本方式拉取镜像。

  1. 下载脚本
  2. vim image.sh
  3. ---
  4. #!/bin/bash
  5. url=registry.cn-hangzhou.aliyuncs.com/loong576
  6. version=v1.16.4
  7. images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
  8. for imagename in ${images[@]} ; do
  9. docker pull $url/$imagename
  10. docker tag $url/$imagename k8s.gcr.io/$imagename
  11. docker rmi -f $url/$imagename
  12. done
  13. ---
  14. ./image.sh
  15. docker images

image_1e5f76tc418vm1ufqe7l1f0c96jec.png-258.8kB

image_1e5f77mcc1mf91p5c1j281v2625lep.png-103.5kB

  1. node01.flyfish 节点 初始化
  2. cat kubeadm-config.yaml
  3. ---
  4. apiVersion: kubeadm.k8s.io/v1beta2
  5. kind: ClusterConfiguration
  6. kubernetesVersion: v1.16.4
  7. apiServer:
  8. certSANs: #填写所有kube-apiserver节点的hostname、IP、VIP
  9. - node01.flyfish
  10. - node02.flyfish
  11. - node03.flyfish
  12. - node04.flyfish
  13. - node05.flyfish
  14. - node06.flyfish
  15. - 192.168.100.11
  16. - 192.168.100.12
  17. - 192.168.100.13
  18. - 192.168.100.14
  19. - 192.168.100.15
  20. - 192.168.100.16
  21. - 192.168.100.100
  22. controlPlaneEndpoint: "192.168.100.100:6443"
  23. networking:
  24. podSubnet: "10.244.0.0/16"
  25. ---

image_1e5f7kde41k5rk9o1dfb10qh2q8f6.png-125kB


  1. 初始化主机节点:
  2. kubeadm init --config=kubeadm-config.yaml
  3. ---
  4. Your Kubernetes control-plane has initialized successfully!
  5. To start using your cluster, you need to run the following as a regular user:
  6. mkdir -p $HOME/.kube
  7. sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  8. sudo chown $(id -u):$(id -g) $HOME/.kube/config
  9. You should now deploy a pod network to the cluster.
  10. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  11. https://kubernetes.io/docs/concepts/cluster-administration/addons/
  12. You can now join any number of control-plane nodes by copying certificate authorities
  13. and service account keys on each node and then running the following as root:
  14. kubeadm join 192.168.100.100:6443 --token 3j4th7.4va6qsj7at7ky2qs \
  15. --discovery-token-ca-cert-hash sha256:13d17c476688e4e78837b9cac94efa7edf689bf530a2120e2b81bf13b588fff9 \
  16. --control-plane
  17. Then you can join any number of worker nodes by running the following on each as root:
  18. kubeadm join 192.168.100.100:6443 --token 3j4th7.4va6qsj7at7ky2qs \
  19. --discovery-token-ca-cert-hash sha256:13d17c476688e4e78837b9cac94efa7edf689bf530a2120e2b81bf13b588fff9
  20. ---

image_1e5f7msnnoqh4mf1ii51j6h19f0fj.png-286.5kB

image_1e5f7ob2d1foa8tmk633st1edeh0.png-260.5kB

  1. 如果初始化失败,可执行kubeadm reset后重新初始化
  2. kubeadm reset
  3. rm -rf $HOME/.kube/config

  1. 加载环境变量
  2. echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
  3. source .bash_profile

image_1e5f80l981ecc1e512ti1d0hshahd.png-77.2kB

  1. 本文所有操作都在root用户下执行,若为非root用户,则执行如下操作:
  2. mkdir -p $HOME/.kube
  3. cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  4. chown $(id -u):$(id -g) $HOME/.kube/config

  1. 安装flannel网络
  2. kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
  3. kubectl apply -f kube-flannel.yml
  4. kubectl get pod -n kube-system

image_1e5f86k9f1mssv9e1o4s14v51bkvhq.png-97.2kB


5.3 control plane节点加入集群

  1. 证书分发
  2. node01.flyfish 上面执行 脚本:cert-main-master.sh
  3. vim cert-main-master.sh
  4. ---
  5. #!/bin/bash
  6. USER=root # customizable
  7. CONTROL_PLANE_IPS="192.168.100.12 192.168.100.13"
  8. for host in ${CONTROL_PLANE_IPS}; do
  9. scp /etc/kubernetes/pki/ca.crt "${USER}"@$host:
  10. scp /etc/kubernetes/pki/ca.key "${USER}"@$host:
  11. scp /etc/kubernetes/pki/sa.key "${USER}"@$host:
  12. scp /etc/kubernetes/pki/sa.pub "${USER}"@$host:
  13. scp /etc/kubernetes/pki/front-proxy-ca.crt "${USER}"@$host:
  14. scp /etc/kubernetes/pki/front-proxy-ca.key "${USER}"@$host:
  15. scp /etc/kubernetes/pki/etcd/ca.crt "${USER}"@$host:etcd-ca.crt
  16. # Quote this line if you are using external etcd
  17. scp /etc/kubernetes/pki/etcd/ca.key "${USER}"@$host:etcd-ca.key
  18. done
  19. ---
  20. ./cert-main-master.sh

image_1e5fc2c511tv8ikb152r1v09c8slf.png-115.8kB

  1. 登录 node02.flyfish
  2. cd /root
  3. mkdir -p /etc/kubernetes/pki
  4. mv *.crt *.key *.pub /etc/kubernetes/pki/
  5. cd /etc/kubernetes/pki
  6. mkdir etcd
  7. mv etcd-* etcd
  8. cd etcd
  9. mv etcd-ca.key ca.key
  10. mv etcd-ca.crt ca.crt
  11. node02.flyfish 加入集群
  12. kubeadm join 192.168.100.100:6443 --token 3j4th7.4va6qsj7at7ky2qs \
  13. --discovery-token-ca-cert-hash sha256:13d17c476688e4e78837b9cac94efa7edf689bf530a2120e2b81bf13b588fff9 \
  14. --control-plane

image_1e5fc8nh61m0a1rd8140d1d7n1ehgls.png-206.2kB

image_1e5fc971o10lufhalg47mi1gf5m9.png-255.6kB

image_1e5fc9jav1jc6r5o11g9au7nj2mm.png-171kB


  1. 登录 node03.flyfish
  2. cd /root
  3. mkdir -p /etc/kubernetes/pki
  4. mv *.crt *.key *.pub /etc/kubernetes/pki/
  5. cd /etc/kubernetes/pki
  6. mkdir etcd
  7. mv etcd-* etcd
  8. cd etcd
  9. mv etcd-ca.key ca.key
  10. mv etcd-ca.crt ca.crt
  11. node03.flyfish 加入集群
  12. kubeadm join 192.168.100.100:6443 --token 3j4th7.4va6qsj7at7ky2qs \
  13. --discovery-token-ca-cert-hash sha256:13d17c476688e4e78837b9cac94efa7edf689bf530a2120e2b81bf13b588fff9 \
  14. --control-plane

image_1e5fcarkl96k1spn1n1ghfn1llln3.png-166.6kB

image_1e5fcbd8s17di1ahbkia1hksn0png.png-338kB

image_1e5fcbsfk8fk13ho1euk6l52o1nt.png-190.1kB

  1. node02.flyfish node03.flyfis 加载 环境变量
  2. rsync -avrzP root@node01.flyfish:/etc/kubernetes/admin.conf /etc/kubernetes/
  3. echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
  4. source .bash_profile

image_1e5fatlbr198bqcko0pob13vql2.png-95.7kB

image_1e5fat8t01bu91dknddcih41ghrkl.png-166.4kB


  1. 查看节点
  2. kubectl get node
  3. kubectl get pod -o wide -n kube-system

image_1e5fcf455m0913qh6bk1jq5eokoa.png-59.2kB

image_1e5fcgtgsh6fvq24to1r0i19slon.png-280.5kB


5.4 将从节点加入集群

  1. node04.flyfish 加入 集群
  2. kubeadm join 192.168.100.100:6443 --token 3j4th7.4va6qsj7at7ky2qs \
  3. --discovery-token-ca-cert-hash sha256:13d17c476688e4e78837b9cac94efa7edf689bf530a2120e2b81bf13b588fff9

image_1e5fcl3ff14rt1mec1j58ok919cp4.png-148.2kB


  1. node05.flyfish 加入集群
  2. kubeadm join 192.168.100.100:6443 --token 3j4th7.4va6qsj7at7ky2qs \
  3. --discovery-token-ca-cert-hash sha256:13d17c476688e4e78837b9cac94efa7edf689bf530a2120e2b81bf13b588fff9

image_1e5fcnb0u15k61e3r42310ca1c1jph.png-150.2kB

  1. node06.flyfish 加入集群
  2. kubeadm join 192.168.100.100:6443 --token 3j4th7.4va6qsj7at7ky2qs \
  3. --discovery-token-ca-cert-hash sha256:13d17c476688e4e78837b9cac94efa7edf689bf530a2120e2b81bf13b588fff9

image_1e5fcoki0ao51p0g1c931re735bpu.png-157.2kB


  1. kubectl get node
  2. kubectl get pods -o wide -n kube-system

image_1e5fde3tlnpf1qq8acd1aag1shrqb.png-70.7kB

image_1e5fdgnpsoib1k52kokovu10fvqr.png-338.5kB

5.5 在node07.flyfish 上面进行测试

  1. 登录 node07.flyfish
  2. 设置kubernetes
  3. cat <<EOF > /etc/yum.repos.d/kubernetes.repo
  4. [kubernetes]
  5. name=Kubernetes
  6. baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
  7. enabled=1
  8. gpgcheck=1
  9. repo_gpgcheck=1
  10. gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  11. EOF
  12. yum install -y kubectl-1.16.4

image_1e5fdmu7bit38h416271of57lor8.png-241.5kB

  1. 命令补全:
  2. yum install -y bash-completion
  3. source /etc/profile.d/bash_completion.sh

image_1e5fdplnfhfsa4ucj1qimuugrl.png-76.3kB


  1. 拷贝admin.conf
  2. mkdir -p /etc/kubernetes
  3. scp root@node01.flyfish:/etc/kubernetes/admin.conf /etc/kubernetes/
  4. echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
  5. source .bash_profile

image_1e5fdsoso1jjbelbc24par1gmes2.png-82.8kB

  1. 查看测试:
  2. kubectl get nodes
  3. kubectl get pod -n kube-system

image_1e5fdup9q1bpa1l1boonnle193lsf.png-67.1kB

image_1e5fdv6p413f0doq1s1jvc0bokss.png-347.4kB

5.6部署dashboard 界面

  1. 注:在node07.flyfish节点上进行如下操作
  2. 1.创建Dashboardyaml文件
  3. wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
  4. sed -i 's/kubernetesui/registry.cn-hangzhou.aliyuncs.com\/loong576/g' recommended.yaml
  5. sed -i '/targetPort: 8443/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' recommended.yaml
  6. 新增管理员帐号
  7. vim recommended.yaml
  8. 到最后加上:
  9. ---
  10. ---
  11. apiVersion: v1
  12. kind: ServiceAccount
  13. metadata:
  14. name: dashboard-admin
  15. namespace: kubernetes-dashboard
  16. ---
  17. apiVersion: rbac.authorization.k8s.io/v1beta1
  18. kind: ClusterRoleBinding
  19. metadata:
  20. name: dashboard-admin
  21. subjects:
  22. - kind: ServiceAccount
  23. name: dashboard-admin
  24. namespace: kubernetes-dashboard
  25. roleRef:
  26. apiGroup: rbac.authorization.k8s.io
  27. kind: ClusterRole
  28. name: cluster-admin
  29. ---

image_1e5fejmhs1tm71smij4e1uuh1dabm.png-208.1kB

image_1e5ffp3re17d31h9i1ma7gpgej72a.png-112.2kB

  1. 部署Dashboard
  2. kubectl apply -f recommended.yaml
  3. 创建完成后,检查相关服务运行状态
  4. kubectl get all -n kubernetes-dashboard
  5. kubectl get svc -n kubernetes-dashboard
  6. netstat -ntlp|grep 30001

image_1e5ffrkqm11m17e11d0019kt1dnq2n.png-127.7kB

image_1e5femmt318lv1ck2r51alo1i7i1g.png-62.1kB

image_1e5ffu6lo1ib61g5gqbl1idm1kt434.png-59.6kB

  1. 在浏览器输入Dashboard访问地址:
  2. https://192.168.100.11:30001

image_1e5ffvlan17v819um530brdd3g3u.png-267.2kB

  1. 授权令牌
  2. kubectl describe secrets -n kubernetes-dashboard dashboard-admin
  3. ----

image_1e5fg2dns1h6r11vgpq1k5fd5m.png-388.7kB

image_1e5fg47nbruhn2k1gmq1dbvckr13.png-495.3kB


  1. 新建一个pod
  2. ----
  3. vim nignx.yaml
  4. apiVersion: apps/v1 #描述文件遵循extensions/v1beta1版本的Kubernetes API
  5. kind: Deployment #创建资源类型为Deployment
  6. metadata: #该资源元数据
  7. name: nginx-master #Deployment名称
  8. spec: #Deployment的规格说明
  9. selector:
  10. matchLabels:
  11. app: nginx
  12. replicas: 3 #指定副本数为3
  13. template: #定义Pod的模板
  14. metadata: #定义Pod的元数据
  15. labels: #定义label(标签)
  16. app: nginx #label的key和value分别为app和nginx
  17. spec: #Pod的规格说明
  18. containers:
  19. - name: nginx #容器的名称
  20. image: nginx:latest #创建容器所使用的镜像
  21. ----
  22. kubectl apply -f nginx.yaml
  23. kubectl get pod

image_1e5fgd1s4fv8d3n9ln1eog4fk1g.png-168.4kB

image_1e5fgdrnptr31ebv1leo9eo13d51t.png-60.3kB

image_1e5fge6kdhjpq6alhf1vo5k282a.png-240.1kB

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注