1. 速盾网络首页
  2. 网站运维

k8s kubernetes教程(k8s kubeconfig)

七芒星实验室 网站运维

文章前言

Kubernetes是一个开源的容器编排平台,它提供了一种简单、高效的方式来管理容器应用程序的部署、扩展和运行。随着容器技术的不断发展和普及,越来越多的企业开始选择Kubernetes作为他们的容器编排平台。本文将介绍如何在自己的本地环境中快速搭建一个简单的Kubernetes集群,并演示如何通过Kubernetes部署应用程序,读者可以通过本文深入了解Kubernetes的相关知识,并掌握在实践中部署和管理Kubernetes集群的技巧。

基本环境

  • K8s_master:192.168.17.144

  • K8S_Node2:192.168.17.145

  • K8S_Node3:192.168.17.146 

搭建流程

改主机名

在各个主机中设置主机名并重启主机:

    hostnamectl --static set-hostname  masterhostnamectl --static set-hostname  node1hostnamectl --static set-hostname  node2

    关防火墙

    在各个各主机中执行以下命令关闭防火墙:

    systemctl stop firewalld & systemctl disable firewalldsystemctl stop iptables  & systemctl disable iptablessed -i \\\'s/enforcing/disabled/\\\' /etc/selinux/configsetenforce 0

    k8s kubernetes教程(k8s kubeconfig)

    静态地址
    vi /etc/sysconfig/network-scripts/ifcfg-ens33

    k8s kubernetes教程(k8s kubeconfig)

    TYPE=\\\"Ethernet\\\"PROXY_METHOD=\\\"none\\\"BROWSER_ONLY=\\\"no\\\"BOOTPROTO=\\\"static\\\"IPADDR=\\\"192.168.17.146\\\"NETMASK=\\\"255.255.255.0\\\"GATEWAY=\\\"192.168.17.2\\\"DNS1=\\\"192.168.17.2\\\"DEFROUTE=\\\"yes\\\"IPV4_FAILURE_FATAL=\\\"no\\\"IPV6INIT=\\\"yes\\\"IPV6_AUTOCONF=\\\"yes\\\"IPV6_DEFROUTE=\\\"yes\\\"IPV6_FAILURE_FATAL=\\\"no\\\"IPV6_ADDR_GEN_MODE=\\\"stable-privacy\\\"NAME=\\\"ens33\\\"UUID=\\\"a6086f47-f55c-42d8-9464-81ebc1a587a6\\\"DEVICE=\\\"ens33\\\"ONBOOT=\\\"yes\\\"

    之后重启网卡:

    service network restart

    k8s kubernetes教程(k8s kubeconfig)

    修改SSH

    修改/etc/ssh/sshd_config:

    PasswordAuthentication yes

    k8s kubernetes教程(k8s kubeconfig)

    网络转发

    编辑/etc/sysctl.d/kubernetes.conf文件修改以下内容:

      net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1

      k8s kubernetes教程(k8s kubeconfig)

      #重载配置sysctl -p
      #加载网桥过滤模块modprobe br_netfilter
      #查看网桥过滤模块是否加载成功lsmod | grep br_netfilter

      k8s kubernetes教程(k8s kubeconfig)

      配置IPVS

      在各个主机中执行以下命令来配置IPVS

      cat <<EOF > /etc/sysconfig/modules/ipvs.modules#!/bin/bashmodprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrack_ipv4EOFchmod +x /etc/sysconfig/modules/ipvs.modules/bin/bash /etc/sysconfig/modules/ipvs.moduleslsmod | grep -e ip_vs -e nf_conntrack_ipv4

      k8s kubernetes教程(k8s kubeconfig)

      k8s kubernetes教程(k8s kubeconfig)

      配置HOST

      在各个主机中执行以下命令:

      cat <<EOF > /etc/hosts192.168.17.144 master192.168.17.145 node1192.168.17.146 node2EOF

      k8s kubernetes教程(k8s kubeconfig)

      配置仓库

      在各个主机中配置kubernetes.repo

        cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=0repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF

        k8s kubernetes教程(k8s kubeconfig)

        Dockers

        访问https://cr.console.aliyun.com/获取镜像加速地址:

        k8s kubernetes教程(k8s kubeconfig)

        配置镜像加速源:

        sudo mkdir -p /etc/dockersudo tee /etc/docker/daemon.json <<-\\\'EOF\\\'{  \\\"registry-mirrors\\\": [\\\"https://x.x.x.x\\\"]}EOFsudo systemctl daemon-reload

        k8s kubernetes教程(k8s kubeconfig)

        关闭Swap内存交互机制

        vi /etc/fstab

        k8s kubernetes教程(k8s kubeconfig)

        安装指定版本的docker:

        https://blog.csdn.net/Fly_hps/article/details/122253570

        修改docker.service

        vi /usr/lib/systemd/system/docker.serviceExecReload=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT

        k8s kubernetes教程(k8s kubeconfig)

        安装组件
        yum install --setopt=obsoletes=0 kubeadm-1.17.4-0 kubelet-1.17.4-0 -y

        k8s kubernetes教程(k8s kubeconfig)

        k8s kubernetes教程(k8s kubeconfig)

        配置代理

        在各主机修改/etc/sysconfig/kubelet

        KUBELET_CGROUP_ARGS=\\\"--cgroup-driver=systemd\\\"KUBE_PROXY_MODE=\\\"ipvs\\\"

        k8s kubernetes教程(k8s kubeconfig)

        创建集群

        各主机执行:

        systemctl enable kubelet.servicesystemctl start kubelet.service

        k8s kubernetes教程(k8s kubeconfig)

        master执行

        kubeadm init \\\\--apiserver-advertise-address=192.168.17.144 \\\\--image-repository registry.aliyuncs.com/google_containers \\\\--kubernetes-version=v1.17.4 \\\\--pod-network-cidr=192.244.0.0/16 \\\\--service-cidr=192.96.0.0/12

        k8s kubernetes教程(k8s kubeconfig)

        k8s kubernetes教程(k8s kubeconfig)

        #旧的kubeadm join 192.168.17.144:6443 --token 17vum6.bkj95pe9o10ocfnl \\\\    --discovery-token-ca-cert-hash sha256:af749e1e16b585f26bc94aa71f0af2942dca25710b80389b7b99c76f6ad30657#新的    kubeadm join 192.168.17.144:6443 --token jrf3db.9saki4l3rwkzrb13 \\\\    --discovery-token-ca-cert-hash sha256:df9c74fb6a2a02a72cc6c8c1b0d241d563bf32149ebc6dec918029712c674bb2

        在master主机执行以下命令:

          mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config

          k8s kubernetes教程(k8s kubeconfig)

          在node主机中执行以下命令:

            mkdir -p $HOME/.kubecp -i /home/root/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config

            k8s kubernetes教程(k8s kubeconfig)

            节点入群

            在node节点中执行以下命令加入集群:

            kubeadm join 192.168.17.144:6443 --token 17vum6.bkj95pe9o10ocfnl \\\\    --discovery-token-ca-cert-hash sha256:af749e1e16b585f26bc94aa71f0af2942dca25710b80389b7b99c76f6ad30657

            k8s kubernetes教程(k8s kubeconfig)

            flannel

            master主机需要安装flannel,否则节点一直处于noready

              wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlkubectl apply -f kube-flannel.ymlkubectl get nodes

              k8s kubernetes教程(k8s kubeconfig)

              查看master节点镜像:

              docker images

              k8s kubernetes教程(k8s kubeconfig)

              查看所有命令空间和命名空间下的pod:

              kubectl get pods -n kube-system

              k8s kubernetes教程(k8s kubeconfig)

              Nginx

              在maste主机上执行以下命令:

                kubectl create deployment nginx --image=nginx:1.14-alpinekubectl get deploykubectl describe pod nginx-6867cdf567-9tbg9

                k8s kubernetes教程(k8s kubeconfig)

                k8s kubernetes教程(k8s kubeconfig)

                创建SVC
                kubectl expose deploy nginx --port=80 --target-port=80 --type=NodePortservice/nginx exposed

                k8s kubernetes教程(k8s kubeconfig)

                外部访问

                master节点ip+svc中的ports端口

                kubectl get svc

                k8s kubernetes教程(k8s kubeconfig)

                之后在浏览器中访问:

                k8s kubernetes教程(k8s kubeconfig)

                查看pod的IP地址:

                kubectl get pod -o wide

                k8s kubernetes教程(k8s kubeconfig)

                控制面板

                Step 1:下载yaml文件

                wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

                k8s kubernetes教程(k8s kubeconfig)

                Step 2:修改YAML文件

                k8s kubernetes教程(k8s kubeconfig)

                k8s kubernetes教程(k8s kubeconfig)

                # Copyright 2017 The Kubernetes Authors.## Licensed under the Apache License, Version 2.0 (the \\\"License\\\");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at##     http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an \\\"AS IS\\\" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.
                apiVersion: v1kind: Namespacemetadata:  name: kubernetes-dashboard
                ---
                apiVersion: v1kind: ServiceAccountmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kubernetes-dashboard
                ---
                kind: ServiceapiVersion: v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kubernetes-dashboardspec:  type: NodePort  ports:    - port: 443      nodePort: 30001      targetPort: 8443  selector:    k8s-app: kubernetes-dashboard
                ---
                apiVersion: v1kind: Secretmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard-certs  namespace: kubernetes-dashboardtype: Opaque
                ---
                apiVersion: v1kind: Secretmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard-csrf  namespace: kubernetes-dashboardtype: Opaquedata:  csrf: \\\"\\\"
                ---
                apiVersion: v1kind: Secretmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard-key-holder  namespace: kubernetes-dashboardtype: Opaque
                ---
                kind: ConfigMapapiVersion: v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard-settings  namespace: kubernetes-dashboard
                ---
                kind: RoleapiVersion: rbac.authorization.k8s.io/v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kubernetes-dashboardrules:  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.  - apiGroups: [\\\"\\\"]    resources: [\\\"secrets\\\"]    resourceNames: [\\\"kubernetes-dashboard-key-holder\\\", \\\"kubernetes-dashboard-certs\\\", \\\"kubernetes-dashboard-csrf\\\"]    verbs: [\\\"get\\\", \\\"update\\\", \\\"delete\\\"]    # Allow Dashboard to get and update \\\'kubernetes-dashboard-settings\\\' config map.  - apiGroups: [\\\"\\\"]    resources: [\\\"configmaps\\\"]    resourceNames: [\\\"kubernetes-dashboard-settings\\\"]    verbs: [\\\"get\\\", \\\"update\\\"]    # Allow Dashboard to get metrics.  - apiGroups: [\\\"\\\"]    resources: [\\\"services\\\"]    resourceNames: [\\\"heapster\\\", \\\"dashboard-metrics-scraper\\\"]    verbs: [\\\"proxy\\\"]  - apiGroups: [\\\"\\\"]    resources: [\\\"services/proxy\\\"]    resourceNames: [\\\"heapster\\\", \\\"http:heapster:\\\", \\\"https:heapster:\\\", \\\"dashboard-metrics-scraper\\\", \\\"http:dashboard-metrics-scraper\\\"]    verbs: [\\\"get\\\"]
                ---
                kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboardrules:  # Allow Metrics Scraper to get metrics from the Metrics server  - apiGroups: [\\\"metrics.k8s.io\\\"]    resources: [\\\"pods\\\", \\\"nodes\\\"]    verbs: [\\\"get\\\", \\\"list\\\", \\\"watch\\\"]
                ---
                apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kubernetes-dashboardroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: kubernetes-dashboardsubjects:  - kind: ServiceAccount    name: kubernetes-dashboard    namespace: kubernetes-dashboard
                ---
                apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: kubernetes-dashboardroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: kubernetes-dashboardsubjects:  - kind: ServiceAccount    name: kubernetes-dashboard    namespace: kubernetes-dashboard
                ---
                kind: DeploymentapiVersion: apps/v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kubernetes-dashboardspec:  replicas: 1  revisionHistoryLimit: 10  selector:    matchLabels:      k8s-app: kubernetes-dashboard  template:    metadata:      labels:        k8s-app: kubernetes-dashboard    spec:      nodeName: master      containers:        - name: kubernetes-dashboard          image: kubernetesui/dashboard:v2.0.0-beta8          imagePullPolicy: Always          ports:            - containerPort: 8443              protocol: TCP          args:            - --auto-generate-certificates            - --namespace=kubernetes-dashboard            # Uncomment the following line to manually specify Kubernetes API server Host            # If not specified, Dashboard will attempt to auto discover the API server and connect            # to it. Uncomment only if the default does not work.            # - --apiserver-host=http://my-address:port          volumeMounts:            - name: kubernetes-dashboard-certs              mountPath: /certs              # Create on-disk volume to store exec logs            - mountPath: /tmp              name: tmp-volume          livenessProbe:            httpGet:              scheme: HTTPS              path: /              port: 8443            initialDelaySeconds: 30            timeoutSeconds: 30          securityContext:            allowPrivilegeEscalation: false            readOnlyRootFilesystem: true            runAsUser: 1001            runAsGroup: 2001      volumes:        - name: kubernetes-dashboard-certs          secret:            secretName: kubernetes-dashboard-certs        - name: tmp-volume          emptyDir: {}      serviceAccountName: kubernetes-dashboard      nodeSelector:        \\\"beta.kubernetes.io/os\\\": linux      # Comment the following tolerations if Dashboard must not be deployed on master      tolerations:        - key: node-role.kubernetes.io/master          effect: NoSchedule
                ---
                kind: ServiceapiVersion: v1metadata:  labels:    k8s-app: dashboard-metrics-scraper  name: dashboard-metrics-scraper  namespace: kubernetes-dashboardspec:  ports:    - port: 8000      targetPort: 8000  selector:    k8s-app: dashboard-metrics-scraper
                ---
                kind: DeploymentapiVersion: apps/v1metadata:  labels:    k8s-app: dashboard-metrics-scraper  name: dashboard-metrics-scraper  namespace: kubernetes-dashboardspec:  replicas: 1  revisionHistoryLimit: 10  selector:    matchLabels:      k8s-app: dashboard-metrics-scraper  template:    metadata:      labels:        k8s-app: dashboard-metrics-scraper      annotations:        seccomp.security.alpha.kubernetes.io/pod: \\\'runtime/default\\\'    spec:      containers:        - name: dashboard-metrics-scraper          image: kubernetesui/metrics-scraper:v1.0.1          ports:            - containerPort: 8000              protocol: TCP          livenessProbe:            httpGet:              scheme: HTTP              path: /              port: 8000            initialDelaySeconds: 30            timeoutSeconds: 30          volumeMounts:          - mountPath: /tmp            name: tmp-volume          securityContext:            allowPrivilegeEscalation: false            readOnlyRootFilesystem: true            runAsUser: 1001            runAsGroup: 2001      serviceAccountName: kubernetes-dashboard      nodeSelector:        \\\"beta.kubernetes.io/os\\\": linux      # Comment the following tolerations if Dashboard must not be deployed on master      tolerations:        - key: node-role.kubernetes.io/master          effect: NoSchedule      volumes:        - name: tmp-volume          emptyDir: {}

                Step 3:下载镜像

                docker pull kubernetesui/dashboard:v2.0.0-beta8

                k8s kubernetes教程(k8s kubeconfig)

                Step 4:进行部署操作

                #部署操作kubectl apply -f recommended.yaml
                #删除操作kubectl delete -f recommended.yaml

                k8s kubernetes教程(k8s kubeconfig)

                Step 5:查看pod和service状态

                kubectl get pods,svc -n kubernetes-dashboard -o wide

                k8s kubernetes教程(k8s kubeconfig)

                Step 6:查看所有的pod

                kubectl get pods --all-namespaces -o wide

                k8s kubernetes教程(k8s kubeconfig)

                Step 7:在浏览器中访问,选择用默认用户kubernetes-dashboard的token登陆

                k8s kubernetes教程(k8s kubeconfig)

                Step 8:查看serviceaccount和secrets

                kubectl  get sa,secrets -n kubernetes-dashboard

                k8s kubernetes教程(k8s kubeconfig)

                Step 9:查看token

                kubectl describe secrets kubernetes-dashboard-token-8kxnh -n kubernetes-dashboard

                k8s kubernetes教程(k8s kubeconfig)

                Step 10:使用默认用户的token登录

                k8s kubernetes教程(k8s kubeconfig)

                之后发现权限略有不足:

                k8s kubernetes教程(k8s kubeconfig)

                Step 11:新建管理员

                a、创建serviceaccount

                kubectl create serviceaccount admin-myuser -n kubernetes-dashboard

                b、绑定集群管理员

                kubectl create clusterrolebinding  dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:admin-myuser
                kubectl get sa,secrets -n kubernetes-dashboard

                k8s kubernetes教程(k8s kubeconfig)

                c、查看token

                kubectl describe secret admin-myuser-token-jcj9d -n kubernetes-dashboard

                k8s kubernetes教程(k8s kubeconfig)

                Step 12:登录dashboard

                文末小结

                本文介绍了如何在本地环境中快速搭建一个简单的Kubernetes集群,在这个过程中,我们涉及到了Kubernetes的一些重要概念和组件,例如Pod、Deployment、Service等,后续将会逐一介绍~

                原创文章,作者:七芒星实验室,如若转载,请注明出处:https://www.sudun.com/ask/34114.html

                (0)
                七芒星实验室的头像七芒星实验室
                0 0
                上一篇 2024年4月11日
                下一篇 2024年4月11日

                相关推荐

                发表回复

                您的电子邮箱地址不会被公开。 必填项已用 * 标注