一、安装环境系统[root@master1 ~]# cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core)[root@master1 ~]# uname -aLinux master1 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux配置
角色
IP
配置
master1
172.16.0.11
4核4G内存
node1
172.16.0.12
4核4G内存
node2
172.16.0.13
4核4G内存
二、基础配置(所有服务器都要配置)更改服务器名称hostnamectl set-hostname master1 #在master1上操作hostnamectl set-hostname node1 #在node1上操作hostnamectl set-hostname node2 #在node2上操作添加域名绑定(所有服务器都要操作)cat >> /etc/hosts << EOF172.16.0.11 master1172.16.0.12 node1172.16.0.13 node2EOF关闭防火墙systemctl stop firewalld && systemctl disable firewalld关闭selinuxsetenforce 0 && sed -i ‘s/^SELINUX=enforcing$/SELINUX=permissive/’ /etc/selinux/config关闭swap分区swapoff -a && sed -ri ‘s/.*swap.*/#&/’ /etc/fstab
6.将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOFnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1EOFsysctl –system #让配置生效配置时间同步yum install -y ntpdate && ntpdate time.windows.com三、安装docker(所有服务器都要配置)卸载旧版本的dockeryum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine安装dockeryum install -y wgetwget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repoyum -y install docker-ce-18.06.1.ce-3.el7启动docker及配置为开机启动systemctl enable docker && systemctl start docker查看docker版本docker –version配置阿里云镜像加速mkdir -p /etc/dockertee /etc/docker/daemon.json <<-‘EOF'{ “registry-mirrors”: [“https://sx15mtuf.mirror.aliyuncs.com”]}EOFsystemctl daemon-reloadsystemctl restart docker四、添加阿里云yum源(所有服务器都要配置)cat > /etc/yum.repos.d/kubernetes.repo << EOF[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF五、安装kubeadm、kubelet、kubectl(所有服务器都要配置)安装三大件yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0设置开机启动systemctl enable kubelet六、初始化master1节点(仅master1节点操作)初始化master1节点kubeadm init \ –apiserver-advertise-address=172.16.0.11 \ –image-repository registry.aliyuncs.com/google_containers \ –kubernetes-version v1.18.0 \ –service-cidr=10.96.0.0/12 \ –pod-network-cidr=10.244.0.0/16配置kubectl工具mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown ( i d ? u ) : (id -u):(id?u):(id -g) $HOME/.kube/config七、部署CNI插件(仅master1节点操作)wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlkubectl apply -f kube-flannel.ymlkubectl get pods -n kube-system #查看flannel状态kubectl get nodes #flannel就绪后,我们可以看到master1也已经就绪八、添加node节点(所有node节点上操作)将master1节点的flannel配置拷贝到node节点scp -r /etc/cni root@172.16.0.12:/etc/cni #这个是在master1上操作的systemctl restart kubelet将node节点加入到集群kubeadm join 172.16.0.11:6443 –token x1spbh.gfwauz5pp9x8jk5j –discovery-token-ca-cert-hash sha256:601a110b6cb91577322b3dc2253140a5f2c2eed6873495c213ff9795dcdfb2a6查看节点状态kubectl get nodes九、测试kubectl create deployment nginx –image=nginxkubectl expose deployment nginx –port=80 –type=NodePortkubectl get pod,svc十、安装dashboard下载yml文件wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml将recommended.yaml如下两处新增kind: ServiceapiVersion: v1metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboardspec: type: NodePort #新增 ports: – port: 443 targetPort: 8443 nodePort: 30001 #新增 selector:k8s-app: kubernetes-dashboard执行并生效kubectl create -f recommended.yaml创建serceaccount和clusterrolebinding资源YAML文件vim adminuser.yamlapiVersion: v1kind: ServiceAccountmetadata: name: admin-user namespace: kubernetes-dashboard apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata: name: admin-userroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-adminsubjects:- kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard创建admin-user并且赋予admin-user集权管理员权限kubectl create -f adminuser.yaml
6.在浏览器中输入???https://172.16.0.11:30001/????
查看token[root@master1 ~]# kubectl get secret -n kubernetes-dashboardNAME TYPE DATA AGEdefault-token-nzrk4 kubernetes.io/service-account-token 3 89mkubernetes-dashboard-certs Opaque 0 89mkubernetes-dashboard-csrf Opaque 1 89mkubernetes-dashboard-key-holder Opaque 2 89mkubernetes-dashboard-token-bs9qp kubernetes.io/service-account-token 3 89m #找到此项[root@master1 ~]# kubectl describe secret kubernetes-dashboard-token-bs9qp -n kubernetes-dashboard Name: kubernetes-dashboard-token-bs9qpNamespace: kubernetes-dashboardLabels: <none>Annotations: kubernetes.io/service-account.name: kubernetes-dashboard kubernetes.io/service-account.uid: e03da0c2-3e9c-42d6-b1da-3417e3cc2764Type: kubernetes.io/service-account-tokenData====token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImNfTmhqVFdsbXpiRUpTTnA1bEhNanhnMUNTY2lQUWJDd0FBcWljQXExejAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1iczlxcCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImUwM2RhMGMyLTNlOWMtNDJkNi1iMWRhLTM0MTdlM2NjMjc2NCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.0CVjK8WjyDiyYShSwyCyTKN-f3FoYDlgIX–_ISshxLmmzJJRJolqiUXkbCs_OBZUhOz_3tJarpjgnFUcoETpFgDjdB9naztbajTPrGDIgLzjVWKsvnsfAKaMGxnpyNLBnCQAQzmGBKfNBg6jnxhEAxcTkA42N0yxxX8-30PTNsZjW8hx8haoSYoUK_ttlVbi1ajT8JHg2YCo3Scxdg01niZpsTntmqtSeraxE7bPgDCGBX6281iMAhlT9vDXTkYUlFoEXqdIC717cvDsh-ky0xEkOR4pEnmUiOTEIJWor_lr8LMA4FCaA1v2Xw-4f9rHDEzjWq2DTjn4DI2WWia2Aca.crt: 1025 bytesnamespace: 20 bytes[root@master1 ~]#输入token,就可以进入dashboard了
【文章转自 响水网页制作 xiangshui.html 网络转载请说明出处】梦想从来不会选择人,它是上天赋予每个人构建未来蓝图的神奇画笔。
