k8s kubernetes教程(k8s kubeconfig)

文章前言

Kubernetes是一个开源的容器编排平台,它提供了一种简单、高效的方式来管理容器应用程序的部署、扩展和运行。随着容器技术的不断发展和普及,越来越多的企业开始选择Kubernetes作为他们的容器编排平台。本文将介绍如何在自己的本地环境中快速搭建一个简单的Kubernetes集群,并演示如何通过Kubernetes部署应用程序,读者可以通过本文深入了解Kubernetes的相关知识,并掌握在实践中部署和管理Kubernetes集群的技巧。

基本环境

  • K8s_master:192.168.17.144

  • K8S_Node2:192.168.17.145

  • K8S_Node3:192.168.17.146 

搭建流程

改主机名

在各个主机中设置主机名并重启主机:

    hostnamectl --static set-hostname  masterhostnamectl --static set-hostname  node1hostnamectl --static set-hostname  node2

    关防火墙

    在各个各主机中执行以下命令关闭防火墙:

    systemctl stop firewalld & systemctl disable firewalldsystemctl stop iptables  & systemctl disable iptablessed -i \\\'s/enforcing/disabled/\\\' /etc/selinux/configsetenforce 0

    k8s kubernetes教程(k8s kubeconfig)

    静态地址
    vi /etc/sysconfig/network-scripts/ifcfg-ens33

    k8s kubernetes教程(k8s kubeconfig)

    TYPE=\\\"Ethernet\\\"PROXY_METHOD=\\\"none\\\"BROWSER_ONLY=\\\"no\\\"BOOTPROTO=\\\"static\\\"IPADDR=\\\"192.168.17.146\\\"NETMASK=\\\"255.255.255.0\\\"GATEWAY=\\\"192.168.17.2\\\"DNS1=\\\"192.168.17.2\\\"DEFROUTE=\\\"yes\\\"IPV4_FAILURE_FATAL=\\\"no\\\"IPV6INIT=\\\"yes\\\"IPV6_AUTOCONF=\\\"yes\\\"IPV6_DEFROUTE=\\\"yes\\\"IPV6_FAILURE_FATAL=\\\"no\\\"IPV6_ADDR_GEN_MODE=\\\"stable-privacy\\\"NAME=\\\"ens33\\\"UUID=\\\"a6086f47-f55c-42d8-9464-81ebc1a587a6\\\"DEVICE=\\\"ens33\\\"ONBOOT=\\\"yes\\\"

    之后重启网卡:

    service network restart

    k8s kubernetes教程(k8s kubeconfig)

    修改SSH

    修改/etc/ssh/sshd_config:

    PasswordAuthentication yes

    k8s kubernetes教程(k8s kubeconfig)

    网络转发

    编辑/etc/sysctl.d/kubernetes.conf文件修改以下内容:

      net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1

      k8s kubernetes教程(k8s kubeconfig)

      #重载配置sysctl -p
      #加载网桥过滤模块modprobe br_netfilter
      #查看网桥过滤模块是否加载成功lsmod | grep br_netfilter

      k8s kubernetes教程(k8s kubeconfig)

      配置IPVS

      在各个主机中执行以下命令来配置IPVS

      cat <<EOF > /etc/sysconfig/modules/ipvs.modules#!/bin/bashmodprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrack_ipv4EOFchmod +x /etc/sysconfig/modules/ipvs.modules/bin/bash /etc/sysconfig/modules/ipvs.moduleslsmod | grep -e ip_vs -e nf_conntrack_ipv4

      k8s kubernetes教程(k8s kubeconfig)

      k8s kubernetes教程(k8s kubeconfig)

      配置HOST

      在各个主机中执行以下命令:

      cat <<EOF > /etc/hosts192.168.17.144 master192.168.17.145 node1192.168.17.146 node2EOF

      k8s kubernetes教程(k8s kubeconfig)

      配置仓库

      在各个主机中配置kubernetes.repo

        cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=0repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF

        k8s kubernetes教程(k8s kubeconfig)

        Dockers

        访问https://cr.console.aliyun.com/获取镜像加速地址:

        k8s kubernetes教程(k8s kubeconfig)

        配置镜像加速源:

        sudo mkdir -p /etc/dockersudo tee /etc/docker/daemon.json <<-\\\'EOF\\\'{  \\\"registry-mirrors\\\": [\\\"https://x.x.x.x\\\"]}EOFsudo systemctl daemon-reload

        k8s kubernetes教程(k8s kubeconfig)

        关闭Swap内存交互机制

        vi /etc/fstab

        k8s kubernetes教程(k8s kubeconfig)

        安装指定版本的docker:

        https://blog.csdn.net/Fly_hps/article/details/122253570

        修改docker.service

        vi /usr/lib/systemd/system/docker.serviceExecReload=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT

        k8s kubernetes教程(k8s kubeconfig)

        安装组件
        yum install --setopt=obsoletes=0 kubeadm-1.17.4-0 kubelet-1.17.4-0 -y

        k8s kubernetes教程(k8s kubeconfig)

        k8s kubernetes教程(k8s kubeconfig)

        配置代理

        在各主机修改/etc/sysconfig/kubelet

        KUBELET_CGROUP_ARGS=\\\"--cgroup-driver=systemd\\\"KUBE_PROXY_MODE=\\\"ipvs\\\"

        k8s kubernetes教程(k8s kubeconfig)

        创建集群

        各主机执行:

        systemctl enable kubelet.servicesystemctl start kubelet.service

        k8s kubernetes教程(k8s kubeconfig)

        master执行

        kubeadm init \\\\--apiserver-advertise-address=192.168.17.144 \\\\--image-repository registry.aliyuncs.com/google_containers \\\\--kubernetes-version=v1.17.4 \\\\--pod-network-cidr=192.244.0.0/16 \\\\--service-cidr=192.96.0.0/12

        k8s kubernetes教程(k8s kubeconfig)

        k8s kubernetes教程(k8s kubeconfig)

        #旧的kubeadm join 192.168.17.144:6443 --token 17vum6.bkj95pe9o10ocfnl \\\\    --discovery-token-ca-cert-hash sha256:af749e1e16b585f26bc94aa71f0af2942dca25710b80389b7b99c76f6ad30657#新的    kubeadm join 192.168.17.144:6443 --token jrf3db.9saki4l3rwkzrb13 \\\\    --discovery-token-ca-cert-hash sha256:df9c74fb6a2a02a72cc6c8c1b0d241d563bf32149ebc6dec918029712c674bb2

        在master主机执行以下命令:

          mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config

          k8s kubernetes教程(k8s kubeconfig)

          在node主机中执行以下命令:

            mkdir -p $HOME/.kubecp -i /home/root/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config

            k8s kubernetes教程(k8s kubeconfig)

            节点入群

            在node节点中执行以下命令加入集群:

            kubeadm join 192.168.17.144:6443 --token 17vum6.bkj95pe9o10ocfnl \\\\    --discovery-token-ca-cert-hash sha256:af749e1e16b585f26bc94aa71f0af2942dca25710b80389b7b99c76f6ad30657

            k8s kubernetes教程(k8s kubeconfig)

            flannel

            master主机需要安装flannel,否则节点一直处于noready

              wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlkubectl apply -f kube-flannel.ymlkubectl get nodes

              k8s kubernetes教程(k8s kubeconfig)

              查看master节点镜像:

              docker images

              k8s kubernetes教程(k8s kubeconfig)

              查看所有命令空间和命名空间下的pod:

              kubectl get pods -n kube-system

              k8s kubernetes教程(k8s kubeconfig)

              Nginx

              在maste主机上执行以下命令:

                kubectl create deployment nginx --image=nginx:1.14-alpinekubectl get deploykubectl describe pod nginx-6867cdf567-9tbg9

                k8s kubernetes教程(k8s kubeconfig)

                k8s kubernetes教程(k8s kubeconfig)

                创建SVC
                kubectl expose deploy nginx --port=80 --target-port=80 --type=NodePortservice/nginx exposed

                k8s kubernetes教程(k8s kubeconfig)

                外部访问

                master节点ip+svc中的ports端口

                kubectl get svc

                k8s kubernetes教程(k8s kubeconfig)

                之后在浏览器中访问:

                k8s kubernetes教程(k8s kubeconfig)

                查看pod的IP地址:

                kubectl get pod -o wide

                k8s kubernetes教程(k8s kubeconfig)

                控制面板

                Step 1:下载yaml文件

                wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

                k8s kubernetes教程(k8s kubeconfig)

                Step 2:修改YAML文件

                k8s kubernetes教程(k8s kubeconfig)

                k8s kubernetes教程(k8s kubeconfig)

                # Copyright 2017 The Kubernetes Authors.## Licensed under the Apache License, Version 2.0 (the \\\"License\\\");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at##     http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an \\\"AS IS\\\" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.
                apiVersion: v1kind: Namespacemetadata: name: kubernetes-dashboard
                ---
                apiVersion: v1kind: ServiceAccountmetadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard
                ---
                kind: ServiceapiVersion: v1metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboardspec: type: NodePort ports: - port: 443 nodePort: 30001 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
                ---
                apiVersion: v1kind: Secretmetadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kubernetes-dashboardtype: Opaque
                ---
                apiVersion: v1kind: Secretmetadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-csrf namespace: kubernetes-dashboardtype: Opaquedata: csrf: \\\"\\\"
                ---
                apiVersion: v1kind: Secretmetadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-key-holder namespace: kubernetes-dashboardtype: Opaque
                ---
                kind: ConfigMapapiVersion: v1metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-settings namespace: kubernetes-dashboard
                ---
                kind: RoleapiVersion: rbac.authorization.k8s.io/v1metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboardrules: # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [\\\"\\\"] resources: [\\\"secrets\\\"] resourceNames: [\\\"kubernetes-dashboard-key-holder\\\", \\\"kubernetes-dashboard-certs\\\", \\\"kubernetes-dashboard-csrf\\\"] verbs: [\\\"get\\\", \\\"update\\\", \\\"delete\\\"] # Allow Dashboard to get and update \\\'kubernetes-dashboard-settings\\\' config map. - apiGroups: [\\\"\\\"] resources: [\\\"configmaps\\\"] resourceNames: [\\\"kubernetes-dashboard-settings\\\"] verbs: [\\\"get\\\", \\\"update\\\"] # Allow Dashboard to get metrics. - apiGroups: [\\\"\\\"] resources: [\\\"services\\\"] resourceNames: [\\\"heapster\\\", \\\"dashboard-metrics-scraper\\\"] verbs: [\\\"proxy\\\"] - apiGroups: [\\\"\\\"] resources: [\\\"services/proxy\\\"] resourceNames: [\\\"heapster\\\", \\\"http:heapster:\\\", \\\"https:heapster:\\\", \\\"dashboard-metrics-scraper\\\", \\\"http:dashboard-metrics-scraper\\\"] verbs: [\\\"get\\\"]
                ---
                kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboardrules: # Allow Metrics Scraper to get metrics from the Metrics server - apiGroups: [\\\"metrics.k8s.io\\\"] resources: [\\\"pods\\\", \\\"nodes\\\"] verbs: [\\\"get\\\", \\\"list\\\", \\\"watch\\\"]
                ---
                apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboardroleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboardsubjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard
                ---
                apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata: name: kubernetes-dashboardroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-dashboardsubjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard
                ---
                kind: DeploymentapiVersion: apps/v1metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboardspec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: nodeName: master containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0-beta8 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: \\\"beta.kubernetes.io/os\\\": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule
                ---
                kind: ServiceapiVersion: v1metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboardspec: ports: - port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper
                ---
                kind: DeploymentapiVersion: apps/v1metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboardspec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper annotations: seccomp.security.alpha.kubernetes.io/pod: \\\'runtime/default\\\' spec: containers: - name: dashboard-metrics-scraper image: kubernetesui/metrics-scraper:v1.0.1 ports: - containerPort: 8000 protocol: TCP livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 serviceAccountName: kubernetes-dashboard nodeSelector: \\\"beta.kubernetes.io/os\\\": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule volumes: - name: tmp-volume emptyDir: {}

                Step 3:下载镜像

                docker pull kubernetesui/dashboard:v2.0.0-beta8

                k8s kubernetes教程(k8s kubeconfig)

                Step 4:进行部署操作

                #部署操作kubectl apply -f recommended.yaml
                #删除操作kubectl delete -f recommended.yaml

                k8s kubernetes教程(k8s kubeconfig)

                Step 5:查看pod和service状态

                kubectl get pods,svc -n kubernetes-dashboard -o wide

                k8s kubernetes教程(k8s kubeconfig)

                Step 6:查看所有的pod

                kubectl get pods --all-namespaces -o wide

                k8s kubernetes教程(k8s kubeconfig)

                Step 7:在浏览器中访问,选择用默认用户kubernetes-dashboard的token登陆

                k8s kubernetes教程(k8s kubeconfig)

                Step 8:查看serviceaccount和secrets

                kubectl  get sa,secrets -n kubernetes-dashboard

                k8s kubernetes教程(k8s kubeconfig)

                Step 9:查看token

                kubectl describe secrets kubernetes-dashboard-token-8kxnh -n kubernetes-dashboard

                k8s kubernetes教程(k8s kubeconfig)

                Step 10:使用默认用户的token登录

                k8s kubernetes教程(k8s kubeconfig)

                之后发现权限略有不足:

                k8s kubernetes教程(k8s kubeconfig)

                Step 11:新建管理员

                a、创建serviceaccount

                kubectl create serviceaccount admin-myuser -n kubernetes-dashboard

                b、绑定集群管理员

                kubectl create clusterrolebinding  dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:admin-myuser
                kubectl get sa,secrets -n kubernetes-dashboard

                k8s kubernetes教程(k8s kubeconfig)

                c、查看token

                kubectl describe secret admin-myuser-token-jcj9d -n kubernetes-dashboard

                k8s kubernetes教程(k8s kubeconfig)

                Step 12:登录dashboard

                文末小结

                本文介绍了如何在本地环境中快速搭建一个简单的Kubernetes集群,在这个过程中,我们涉及到了Kubernetes的一些重要概念和组件,例如Pod、Deployment、Service等,后续将会逐一介绍~

                原创文章,作者:七芒星实验室,如若转载,请注明出处:https://www.sudun.com/ask/34114.html

                (0)
                七芒星实验室's avatar七芒星实验室
                上一篇 2024年4月11日 下午8:32
                下一篇 2024年4月11日 下午8:34

                相关推荐

                发表回复

                您的邮箱地址不会被公开。 必填项已用 * 标注