環境准備
服務器之間時間同步
1. 關閉防火牆
systemctl stop firewalld setenforce 0
2. 設置yum源 三台機器都要設置一個master兩個node節點
下載docker鏡像yum源
cd /etc/yum.repos.d
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
vi
[kubernetes] name=Kubernetes Repo baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
執行yum repolist 查看鏡像是否成功
3. 安裝docker 生產用版本 1.7.03 所有節點安裝
yum install -y docker
設置開機啟動docker
systemctl enable docker
草,網上很多文章說不需要kubeadm,導致8080一直報錯,官網又讓安裝
You will install these packages on all of your machines: kubeadm: the command to bootstrap the cluster. kubelet: the component that runs on all of the machines in your cluster and does things like starting pods and containers. kubectl: the command line util to talk to your cluster.
4. 安裝kubeadm
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetessystemctl enable --now kubelet啟動docker
systemctl start docker
啟動 systemctl enable kubelet && systemctl start kubelet
查看docker信息
docker version 或者docker info
查看kubeadm版本
kubeadm version
查看kubelet信息
rpm -ql kubelet
查看kubelet的狀態
systemctl status kubelet
查看日志
tail /var/log/messages
a. 關於忽略swap 可省略
Kubernetes 1.8開始要求關閉系統的Swap,如果不關閉,默認配置下kubelet將無法啟動。
可以通過kubelet的啟動參數–fail-swap-on=false更改這個限制。
設置 swapoff -a
查看cat /etc/sysconfig/kubelet
修改kubelet中內容為 KUBELET_EXTRA_ARGS="--fail-swap-on=false"
配置轉發參數
cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 vm.swappiness=0
b. 編寫腳本下載必需的鏡像 vi images.sh
#!/bin/bash
images="kube-apiserver:v1.14.0 kube-scheduler:v1.14.0 kube-controller-manager:v1.14.0 kube-proxy:v1.14.0
etcd:3.3.10 pause:3.1"
for imageName in $images
do
echo $imageName
docker pull docker.io/mirrorgooglecontainers/$imageName
docker tag docker.io/mirrorgooglecontainers/$imageName k8s.gcr.io/$imageName
docker rmi docker.io/mirrorgooglecontainers/$imageName
done
others="coredns:1.3.1"
for other in $others
do
docker pull docker.io/coredns/$other
docker tag docker.io/coredns/$other k8s.gcr.io/$other
docker rmi docker.io/coredns/$other
done
chmod 777 images.sh
c. kubeadm初始化
kubeadm init --kubernetes-version=v1.14.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
記錄以下信息用於node節點連接到master
kubeadm join 172.19.68.9:6443 --token mhg1pv.wpsv2mmou2pat7ug \
--discovery-token-ca-cert-hash sha256:4f315d48cf4fb954e76e25d3683577ef87f248377aa2bafbae514073eb43fffc
d. 執行命令
mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
狀態命令檢查kubectl get cs
檢查節點 kubectl get nodes
e. 部署網絡插件 flannel
https://github.com/coreos/flannel
執行命令 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看flannel鏡像 docker image ls
查看pods是否啟動 kubectl get pods -n kube-system
kubectl get pods -n kube-system -o wide 打印更多信息
查看命令空間 kubectl get ns
最后一步 配置node結點
下載必需鏡像 如果不下載pause,master結點中node結點一直在noready狀態
docker pull mirrorgooglecontainers/pause:3.1
docker tag docker.io/mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker rmi docker.io/mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/kube-proxy:v1.14.0
docker tag docker.io/mirrorgooglecontainers/kube-proxy:v1.14.0 k8s.gcr.io/kube-proxy:v1.14.0
docker rmi docker.io/mirrorgooglecontainers/kube-proxy:v1.14.0
查看master上面結點信息
kubectl get pods -n kube-system -o wide
查看錯誤原因的命令 kubectl describe pod kubernetes-dashboard-5f7b999d65-klr7j -n kube-system
刪除不了的原因是因為沒有添加命名空間
首先刪除deployment再刪除pod
管理平台界面
首先下載官方的yaml文件
wgethttps://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml
sed -i 's#k8s.gcr.io#gcrxio#g' kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml
# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ------------------- Dashboard Secret ------------------- # apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- # ------------------- Dashboard Service Account ------------------- # apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Role & Role Binding ------------------- # kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1beta2 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: gcrxio/kubernetes-dashboard-amd64:v1.10.0 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- # ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort # 新增 ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
查看暴露的端口
kubectl get svc -n kube-system
查看dash-board的輸出信息
kubectl -n kube-system edit svc kubernetes-dashboard
問題1
查看dash-board的錯誤信息 kubectl logs kubernetes-dashboard-7b64bfd466-hxqtj -n kube-system
登錄 https://47.102.46.176:32147/#!/login
登錄方式使用tocken
https://blog.csdn.net/mr_rsq/article/details/87914766
dashboard登錄不成功排查方式
執行命令如下:
kubectl get pods --all-namespaces -o wide
kubectl get services --all-namespaces