我們需要做以下工作:
(1)安裝VMware,運行CentOs系統,一個做master,一個做node。
(2)安裝K8s。
(3)安裝docker和部分鏡像會需要訪問外網,所以你需要做些網絡方面的准備工作,大家可以去某寶找一下,或者在網絡上找別人下好的也可以。
一、安裝VMware
官網地址:https://my.vmware.com/zh/web/vmware/downloads (網上有很多自帶破解的下載,大家也可以找一下)
我這里下載的是VM15(安裝和新建虛擬機的步驟就跳過了,我也是百度的)
虛擬機配置:2核2G
CentOs下載地址:https://www.centos.org/download/
1.如果是win10系統,需要關閉Hyper-V。
2.為了方便操作,我這里是通過cmd來操作vw的Linux命令,用到了以下兩個工具:
安裝 chocolate ( https://chocolatey.org/):
管理員方式啟動CMD,運行以下命令安裝chocolate :
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"
安裝完chocolate 后還需要安裝 ssh terminals (https://chocolatey.org/packages/terminals),直接CMD運行以下命令就可以:
choco install terminals
順便說下如何修改Linux主機名稱:
hostnamectl set-hostname 新主機名
二.配置Linux
(1)開啟網卡(設置完需要重啟):
vi /etc/sysconfig/network-script/ifcfg-eth33
ONBOOT=yes
(2)安裝net-tool包:
yum install net-tools
(3)使用cmd通過ssh連接Linux:
首先通過ifconfig查看當前Linux的ip,然后在cmd中運行以下命令(管理員模式):
ssh root@IP
(4)關閉所有節點的SELinux
/etc/selinux/config
SELINUX=disabled
(5)關閉防火牆
systemctl stop firewalld
systemctl disable firewalld
(6)關閉swap
vi /etc/fstab
在行首加 #,注釋該行
(7)完成第6步后重啟,然后設置iptables
vi /etc/sysctl.conf net.bridge.bridge-nf-call-iptables = 1 sudo sysctl -p
三.安裝Docker
(1)下載安裝
sudo yum install -y yum-utils \ device-mapper-persistent-data \ lvm2
sudo yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io
systemctl enable docker
systemctl start docker
最后一步下載docker-ce因為是外網,所以會有網絡問題,大家八仙過海各顯神通哈,從阿里雲下載也可以的,總之版本越新越好,我這里是18.09,完成后通過以下命令查看下:
docker -v
(2)配置docker加速器
加速器怎么配置就不說了,這里是我的阿里雲加速地址,大家可以自行替換,然后我們還需要指定下k8s的下載地址:
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://bbw0jgk7.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
cat>>/etc/yum.repos.d/kubrenetes.repo<<EOF [kubernetes] name=Kubernetes Repo baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg EOF
(3)安裝:
yum install -y kubeadm kubelet kubectl
(4)設置開機啟動
systemctl start docker.service
systemctl enable docker.service
systemctl enable kubelet.service
(5)初始化k8s
kubeadm init \ --image-repository registry.aliyuncs.com/google_containers \ --pod-network-cidr=10.244.0.0/16 \ --ignore-preflight-errors=cri \ --kubernetes-version=1.13.0
(6)配置下變量
$ mkdir -p $HOME/.kube $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config $ sudo chown $(id -u):$(id -g) $HOME/.kube/config
(7)重啟
docker restart $(docker ps -a -q)
到這一步我們已經可以用以下命令查看集群信息:
kubectl get node
這個時候只有一個master節點,而且Status是NotReady狀態,這是因為沒有安裝網絡組件的原因,我們需要安裝下
(8)始化網絡插件 Flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
同樣這一步也需要訪問外網下載鏡像,配置了阿里雲加速也沒用的,網上還有有種在yml文件里配置的方式可以通過阿里雲下載,我也不是很清楚,大家可以搜下。
這一步執行完成后,master的Status狀態就會變為Ready,master配置就完成了。
(9)配置Node
Node的配置和master一樣,需要下載docker、kubectl等,但是只需要執行到上面的第(4)步就OK了。
(10)通過以下命令將node加入集群
kubeadm join 192.168.3.131:6443 --token s87gto.ruxhofion1qemfte --discovery-token-ca-cert-hash sha256:ef0333ddcc5ade8541544de89333ab81b20ae96b0345f9a55185eb95e3837905
這個命令第(5)步初始化k8s完成后會自己輸出出來,需要注意的是里面的token字段,如果大家忘了token是啥,在master上執行以下命令查看:
kubeadm token list
或者我們也可以在master節點新建token:
kubeadm create token
但是需要注意的是默認情況下,通過 kubeadm create token 創建的 token ,過期時間是24小時,這就是為什么過了一天無法再次使用之前記錄的 kube join 原生腳本的原因,也可以運行 kubeadm token create --ttl 0生成一個永不過期的 token,詳情請參考:kubeadm-token。
然后通過kubectl get node命令就可以看到Node的節點信息了。
如果成功將node加入了集群,但是在master上看不到,參考下:https://www.cnblogs.com/justmine/p/8886675.html
最終運行結果:
四.本地安裝Kubectl
kubectl可以用來幫助我們本地連接管理集群,這里我們也是通過choco來進行安裝,CMD管理員模式運行以下命令:
choco install kubernetes-cli
安裝完成后通過以下命令檢查是否成功:
kubectl version
這個時候呢還是不成功的,因為用戶證書不匹配,我們還需要做以下工作,連接到master運行以下命令查看admin用戶證書:
cd /etc/kubernetes/
cat admin.conf
OK,復制下這個配置文件的內容,默認情況下你應該只有一個admin用戶的信息,我們需要用這個替換本地的配置文件內容。
在C:\Users\Administrator\.kube路徑下有一個conig文件,替換掉里面的內容(里面默認只有一個admin用戶信息,可以直接替換掉,如果你還有其他的用戶上下文信息啥的,那就在后面按格式追加)
這樣完成后再次通過kubectl version命令就可以查看到以下內容了:
到這里我們就無需通過連接到master來管理k8s集群了,在本地就可以:
四.安裝dashboard
首先我們需要准備一個dashboard.yaml,我們通過NodePort暴露端口的方式部署dashboard,這樣就不需要啟動代理:
# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Configuration to deploy release version of the Dashboard UI compatible with # Kubernetes 1.8. # # Example usage: kubectl create -f <this_file> # ------------------- Dashboard Secret ------------------- # apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- # ------------------- Dashboard Service Account ------------------- # apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Role & Role Binding ------------------- # kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1beta2 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- # ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
然后我們還需要一個用戶權限的user.yaml,它用來綁定角色權限:
apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: default namespace: default
運行這兩個yaml文件:
kubectl apply -f dashboard.yaml
kubectl apply -f user.yaml
查看dashborad的端口:
kubectl get svc -n kube-system
我這里是32166端口,然后我們只需要用master機器的IP+這里的32166端口就可以訪問了,因為我們用的是假的證書,谷歌瀏覽器會阻止,所以我們需要使用火狐瀏覽器,火狐瀏覽器默認也會阻止,點擊高級-添加例外,就可以訪問到以下界面:
我們需要使用Token令牌,我們可以通過以下命令查看令牌信息:
kubectl get secret
這里只是給出了令牌名稱,具體的令牌需要用以下命令查看:
kubectl describe secret (默認顯示第一個) 或者 kubectl describe secret default-token-2qfb8
復制標記出來的token內容,粘貼到令牌那里就可以了:
OK,暫時到此結束,后期有新進展再更新。