K8S搭建-1 Master 2 Workers(dashboard+ingress)
本文讲述k8s最新版的搭建(v1.15.2)
分如下几个topic步骤:
- 各个节点的基本配置
- master节点的构建
- worker节点的构建
- 安装dashboard
- 安装ingress
- 常见命令
- docker镜像惹的祸
各个节点的基本配置(以下命令每个节点都要执行:Master, Work1, Work2)
IP自己变化下,根据实际情况
systemctl stop firewalld && systemctl disable firewalld cat >>/etc/hosts<<EOF
10.8.1.1 k8s-master1 api.k8s.cn
10.8.1.2 k8s-slave1
10.8.1.3 k8s-slave2
EOF # 新建 iptable 配置修改文件
cat <<EOF > net.iptables.k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF #关闭 swap 分区
sudo swapoff -a #防止开机自动挂载 swap 分区,注释掉配置
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab #关闭 SELinux
sudo setenforce 0 #防止开机启动开启,修改 SELINUX 配置
sudo sed -i s'/SELINUX=enforcing/SELINUX=disabled'/g /etc/selinux/config 配置 iptables
sudo mv net.iptables.k8s.conf /etc/sysctl.d/ && sudo sysctl --system #yum增加阿里云针对kubernetes镜像
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF yum update #安装 wget
sudo yum install -y wget #安装docker
yum install docker.x86_64 -y #安装k8s工具
yum install -y kubelet kubeadm kubectl #重启服务
systemctl enable kubelet && systemctl start kubelet
然后需要准备docker images(任然需要在master, worker1, worker2节点上分别执行)
vi init-docker-images.sh #然后内容如下
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.2
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.15.2
docker pull registry.aliyuncs.com/google_containers/coredns:1.3.1
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.15.2
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.15.2
docker pull registry.aliyuncs.com/google_containers/etcd:3.2.24
docker pull registry.aliyuncs.com/google_containers/etcd:3.3.10
docker pull registry.aliyuncs.com/google_containers/pause:3.1
docker pull registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
docker pull registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
docker pull docker.io/jmgao1983/flannel:v0.11.0-amd64
docker pull quay-mirror.qiniu.com/kubernetes-ingress-controller/nginx-ingress-controller:0.25.0 docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.15.2 k8s.gcr.io/kube-apiserver:v1.15.2
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.15.2 k8s.gcr.io/kube-controller-manager:v1.15.2
docker tag registry.aliyuncs.com/google_containers/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.15.2 k8s.gcr.io/kube-proxy:v1.15.2
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.15.2 k8s.gcr.io/kube-scheduler:v1.15.2
docker tag registry.aliyuncs.com/google_containers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag registry.aliyuncs.com/google_containers/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
docker tag registry.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
docker tag registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
docker tag docker.io/jmgao1983/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64
docker tag quay-mirror.qiniu.com/kubernetes-ingress-controller/nginx-ingress-controller:0.25.0 quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.0
执行直到下载完成:
./init-docker-images.sh
master节点的构建
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=0.0.0.0 --kubernetes-version=v1.15.2
然后记录下类似如下的string:
kubeadm join api.k8s.cn:6443 --token b5jxzg.5jtj2odzoqujikk1 \
--discovery-token-ca-cert-hash sha256:90d0ad57b39bf47bface0c7f4edec480aaf8352cab872f4d52072f998cf45105
此时,k8s集群会处于NotReady状态(Master节点,用如下命令查看kubectl get nodes),需要如下:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
vi /var/lib/kubelet/kubeadm-flags.env #然后把--network-plugin=cni 这些文本删除
#保存后重启k8s服务 service kubelet restart
稍等片刻,master节点就会变成Ready状态(kubectl get nodes)
worker节点的构建(worker1和worker2节点分别执行)
kubeadm join {master1的ip,需自行替换}:6443 --token rntn5f.vy9h28s4pxwx6eig \
--discovery-token-ca-cert-hash sha256:62624adcc8aa5baa095dae607b8e57c8b619db956ad69e0e97f0e40c74542a92
vi /var/lib/kubelet/kubeadm-flags.env #然后把--network-plugin=cni 这些文本删除
#保存后重启k8s服务 service kubelet restart
安装dashboard(只要在master节点操作)
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml vi kubernetes-dashboard.yaml
#开始修改NodePort,在文件的最后
# ------------------- Dashboard Service ------------------- # kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
kubectl apply -f kubernetes-dashboard.yaml
新建账号
vi dashboard-account.yaml #内容如下
apiVersion: v1
kind: ServiceAccount
metadata:
name: aks-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: aks-dashboard-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: aks-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-head
labels:
k8s-app: kubernetes-dashboard-head
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-head
namespace: kube-system #执行
kubectl apply -f dashboard-account.yaml
然后就能用firefox访问https://master的ip地址:30001
接下来找出token:
[root@k8s-master1 ~]# kubectl -n kube-system get secrets|grep aks-dashboard-admin
aks-dashboard-admin-token-gmjfv kubernetes.io/service-account-token 3 4h52m [root@k8s-master1 ~]# kubectl -n kube-system describe secret aks-dashboard-admin-token-gmjfv
Name: aks-dashboard-admin-token-gmjfv
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: aks-dashboard-admin
kubernetes.io/service-account.uid: 87d4ec1b-1829-4420-98d6-e77c1519aed6 Type: kubernetes.io/service-account-token Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJha3MtZGFzaGJvYXJkLWFkbWluLXRva2VuLWdtamZ2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrcy1kYXNoYm9hcmQtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4N2Q0ZWMxYi0xODI5LTQ0MjAtOThkNi1lNzdjMTUxOWFlZDYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWtzLWRhc2hib2FyZC1hZG1pbiJ9.ELpsYbmWhW1sr3DOZfyupOkb87AbJ7sVoXEBitoTD46kuuNYcn8ajvwJcdfGruwrM9LwDcvMN7jD5UFF7-rgz1MUBEOZCoAjXFRrM1-Jn59TlXMk9W9JRD3DhMtuBRh6XUgPRjf755qr7WzR_DC8aCwjywAvFE1_R4N2oMZIU8gdmG0BsqwACHIbBnLJDAElBvgnKl8Jm4_XzKZW5ls-C45PSu-GC-yszt8qSN2bO5Z_rIUXhvK13Es5d0nUBvcanFBOsLjotWry195SWKEAuLiMp7qm6RJRrYWEpObh81w3MvbtrycZGMP7g-9H3s5vmHgs7HAnvjTEQht4c0F5qA
[root@k8s-master1 ~]#
用上面这个token登录就行了
安装ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
#新建ingress-service,NodePort类型
#ingress-service.yaml apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30080
- name: https
port: 443
targetPort: 443
protocol: TCP
nodePort: 30443
selector:
"app.kubernetes.io/name": "ingress-nginx",
"app.kubernetes.io/part-of": "ingress-nginx" kubectl apply -f ingress-service.yaml
需要在k8s外部部署1个nginx slb,把所有流量都转发到worker节点的上述端口-30080,proxy_pass ip为worker节点的2个ip地址
如果CoreDNS运转不正常,则需要删除重装CoreDNS组件
kubectl delete deploy coredns -n kube-system vim coredns-ha.yaml apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: kube-dns
name: coredns
namespace: kube-system
spec:
#集群规模可自行配置
replicas: 2
selector:
matchLabels:
k8s-app: kube-dns
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
k8s-app: kube-dns
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: k8s-app
operator: In
values:
- kube-dns
topologyKey: kubernetes.io/hostname
containers:
- args:
- -conf
- /etc/coredns/Corefile
image: registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: coredns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/coredns
name: config-volume
readOnly: true
dnsPolicy: Default
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: coredns
serviceAccountName: coredns
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/master
volumes:
- configMap:
defaultMode: 420
items:
- key: Corefile
path: Corefile
name: coredns
name: config-volume kubectl apply -f coredns-ha.yaml
flannel部署
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml kubectl apply -f kube-flannel.yml
需要先下载下来yaml,然后修改里面的子网配置,最好reboot
常见命令
#当join或者初始化k8s集群失败时,执行
kubeadm reset #查看集群所有节点
kubectl get nodes #查看secrets
kubectl get secrets
kubectl -n kube-system get secrets #查看具体pod明细,比如非Running状态下想看原因
kubectl describe pod {pod名称}
kubectl -n kube-system describe pod {pod名称} #查看docker容器监控信息
docker stats -a #查看token列表
kubeadm token list #查看证书hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
docker镜像惹的祸
由于有些docker镜像被墙了,因此默认安装时会阻塞住,解决方法是提前下载,配合国内镜像下载
如果是国内镜像下载的,namespace就会发生改变,因此下载完成后,需要docker tag命令重新tag到国外namespace
不足点,后续解决:
- master节点的高可用
- etcd的高可用(其实包含在上面的)
journalctl -f -u kubelet.service
https://blog.csdn.net/wangmiaoyan/article/details/101216496
K8S搭建-1 Master 2 Workers(dashboard+ingress)的更多相关文章
- k8S 搭建集群
k8S 搭建集群1:修改主机名称hostnamectl --static set-hostname masterhostnamectl --static set-hostname node1hostn ...
- k8s学习 - 概念 - master/node
k8s学习 - 概念 - master/node 在k8s中,有各种各样的概念和术语.这些概念是必须要学习和掌握的.我们先罗列下所有概念,然后再一个个看具体实例. 大概说一下这些概念: Master: ...
- Windows下搭建MySQL Master Slave[转]
Windows下搭建MySQL Master Slave 一.背景 服务器上放了很多MySQL数据库,为了安全,现在需要做Master/Slave方案,因为操作系统是Window的,所以没有办法使用k ...
- RocketMQ学习笔记(4)----RocketMQ搭建双Master集群
前面已经学习了RockeMQ的四种集群方式,接下来就来搭建一个双Master(2m)的集群环境. 1. 双Master服务器环境 序号 ip 用户名 密码 角色 模式 (1) 47.105.145.1 ...
- K8S集群Master高可用实践
K8S集群Master高可用实践 https://blog.51cto.com/ylw6006/2164981 本文将在前文基础上介绍k8s集群的高可用实践,一般来讲,k8s集群高可用主要包含以 ...
- [转帖]K8s 工程师必懂的 10 种 Ingress 控制器
K8s 工程师必懂的 10 种 Ingress 控制器 https://www.kubernetes.org.cn/5948.html 控制器有好多啊. 2019-10-18 23:07 中文社区 分 ...
- k8s搭建实操记录一(master)
#1)关闭CentOS7自带的防火墙服务 systemctl disable firewalld systemctl stop firewalld swapoff -a ##虚拟机要关闭交换 ...
- k8s搭建监控:安装metrics server和dashboard
安装metrics server 参考:https://github.com/kubernetes-sigs/metrics-server kubectl create -f component ...
- K8S 使用Kubeadm搭建单个Master节点的Kubernetes(K8S)~本文仅用于测试学习
01.集群规划 系统版本:CentOS Linux release 7.6.1810 (Core) 软件版本:kubeadm.kubernetes-1.15.docker-ce-18.09 硬件要求: ...
随机推荐
- ~~小练习:python的简易购物车~~
进击のpython 1,用户先给自己的账户充钱:比如先充3000元. 2,有如下的一个格式: goods = [{"name": "电脑", "pri ...
- 20190127-Orleans与SF小伙伴的部分问答
Orleans 怎么部署到服务器? 方式1:Orleans 服务端寄宿在Web应用中,将Web应用部署到服务器 方式2:通过SF/K8s部署到服务器 不同服务器上的谷仓和谷如何调配? 由Orleans ...
- NET多线程之进程间同步锁Mutex
Mutex类似于lock.Monitor,都是为了解决多线程环境下,资源竞争导致的访问顺序问题.常见资源竞争有以下情况: 1.单例,如何确保单例: 2.IO文件操作,如果同时又多个线程访问同一个文件会 ...
- 【基础算法-模拟-例题-*校长的问题】-C++
为什么在题目前面打上星号呢? 这道题的正解不是模拟! 正解树状数组! 正解树状数组! 正解树状数组! 重要的事情说够三遍了! 但是,歪解模拟因为数据水都能AC! 因为这道题放在模拟专题中,所以我们就讨 ...
- py+appium微信公众号自动化(已搞定多个坑)
最近需要做微信公众号的自动化测试,遇到了不少坑. 微信公众号自动化与app自动化还是有区别的,因为多了不少坑.打开微信x5内核调试的就不说了,百度有. 1.首先,微信公众号有webview,uiaut ...
- [原创]MySQL数据库查询和LVM备份还原学习笔记记录
一.查询语句类型: 1)简单查询 2)多表查询 3)子查询 4)联合查询 1)简单查询: SELECT * FROM tb_name; SELECT field1,field2 FROM tb_nam ...
- 理解 Spring 定时任务的 fixedRate 和 fixedDelay 的区别
用过 Spring 的 @EnableScheduling 的都知道,有三种方式,即 @Scheduled 注解的 fixedRate(fixedRateString), fixedDelay(fix ...
- TinycoreLinux的安装使用
下载 http://www.tinycorelinux.net/7.x/x86_64/release/ distribution_files/ 05-Apr-2016 07:29 - src/ 24- ...
- laravel5.6 使用迁移创建表
laravel 使用迁移创建表 创建迁移文件 --table 和 --create 选项可以用于指定表名以及该迁移是否要创建一个新的数据表.这些选项只需要简单放在上述迁移命令后面并指定表名: php ...
- VMWare虚拟机:三台虚拟机互通且连网
虚拟机:三台虚拟机互通且连网 目录 一.虚拟机 相关软件 虚拟机安装 Linux系统安装 1) 使用三个Linux虚拟机 多台虚拟机互通且上网 1) 多台配置注意事项 2) 虚拟机软件的配置 3) W ...