文章前言
Kubernetes是一个开源的容器编排平台,它提供了一种简单、高效的方式来管理容器应用程序的部署、扩展和运行。随着容器技术的不断发展和普及,越来越多的企业开始选择Kubernetes作为他们的容器编排平台。本文将介绍如何在自己的本地环境中快速搭建一个简单的Kubernetes集群,并演示如何通过Kubernetes部署应用程序,读者可以通过本文深入了解Kubernetes的相关知识,并掌握在实践中部署和管理Kubernetes集群的技巧。
基本环境
-
K8s_master:192.168.17.144
-
K8S_Node2:192.168.17.145
-
K8S_Node3:192.168.17.146
搭建流程
改主机名
在各个主机中设置主机名并重启主机:
hostnamectl --static set-hostname masterhostnamectl --static set-hostname node1hostnamectl --static set-hostname node2
关防火墙
在各个各主机中执行以下命令关闭防火墙:
systemctl stop firewalld & systemctl disable firewalldsystemctl stop iptables & systemctl disable iptablessed -i \\\'s/enforcing/disabled/\\\' /etc/selinux/configsetenforce 0
静态地址
vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=\\\"Ethernet\\\"PROXY_METHOD=\\\"none\\\"BROWSER_ONLY=\\\"no\\\"BOOTPROTO=\\\"static\\\"IPADDR=\\\"192.168.17.146\\\"NETMASK=\\\"255.255.255.0\\\"GATEWAY=\\\"192.168.17.2\\\"DNS1=\\\"192.168.17.2\\\"DEFROUTE=\\\"yes\\\"IPV4_FAILURE_FATAL=\\\"no\\\"IPV6INIT=\\\"yes\\\"IPV6_AUTOCONF=\\\"yes\\\"IPV6_DEFROUTE=\\\"yes\\\"IPV6_FAILURE_FATAL=\\\"no\\\"IPV6_ADDR_GEN_MODE=\\\"stable-privacy\\\"NAME=\\\"ens33\\\"UUID=\\\"a6086f47-f55c-42d8-9464-81ebc1a587a6\\\"DEVICE=\\\"ens33\\\"ONBOOT=\\\"yes\\\"
之后重启网卡:
service network restart
修改SSH
修改/etc/ssh/sshd_config:
PasswordAuthentication yes
网络转发
编辑/etc/sysctl.d/kubernetes.conf文件修改以下内容:
net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1
#重载配置sysctl -p#加载网桥过滤模块modprobe br_netfilter#查看网桥过滤模块是否加载成功lsmod | grep br_netfilter
配置IPVS
在各个主机中执行以下命令来配置IPVS
cat <<EOF > /etc/sysconfig/modules/ipvs.modules#!/bin/bashmodprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrack_ipv4EOFchmod +x /etc/sysconfig/modules/ipvs.modules/bin/bash /etc/sysconfig/modules/ipvs.moduleslsmod | grep -e ip_vs -e nf_conntrack_ipv4
配置HOST
在各个主机中执行以下命令:
cat <<EOF > /etc/hosts192.168.17.144 master192.168.17.145 node1192.168.17.146 node2EOF
配置仓库
在各个主机中配置kubernetes.repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=0repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF
Dockers
访问https://cr.console.aliyun.com/获取镜像加速地址:
配置镜像加速源:
sudo mkdir -p /etc/dockersudo tee /etc/docker/daemon.json <<-\\\'EOF\\\'{\\\"registry-mirrors\\\": [\\\"https://x.x.x.x\\\"]}EOFsudo systemctl daemon-reload
关闭Swap内存交互机制
vi /etc/fstab
安装指定版本的docker:
https://blog.csdn.net/Fly_hps/article/details/122253570
修改docker.service
vi /usr/lib/systemd/system/docker.serviceExecReload=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
安装组件
yum install --setopt=obsoletes=0 kubeadm-1.17.4-0 kubelet-1.17.4-0 -y
配置代理
在各主机修改/etc/sysconfig/kubelet
KUBELET_CGROUP_ARGS=\\\"--cgroup-driver=systemd\\\"KUBE_PROXY_MODE=\\\"ipvs\\\"
创建集群
各主机执行:
systemctl enable kubelet.servicesystemctl start kubelet.service
master执行
kubeadm init \\\\--apiserver-advertise-address=192.168.17.144 \\\\--image-repository registry.aliyuncs.com/google_containers \\\\--kubernetes-version=v1.17.4 \\\\--pod-network-cidr=192.244.0.0/16 \\\\--service-cidr=192.96.0.0/12
#旧的kubeadm join 192.168.17.144:6443 --token 17vum6.bkj95pe9o10ocfnl \\\\--discovery-token-ca-cert-hash sha256:af749e1e16b585f26bc94aa71f0af2942dca25710b80389b7b99c76f6ad30657#新的kubeadm join 192.168.17.144:6443 --token jrf3db.9saki4l3rwkzrb13 \\\\--discovery-token-ca-cert-hash sha256:df9c74fb6a2a02a72cc6c8c1b0d241d563bf32149ebc6dec918029712c674bb2
在master主机执行以下命令:
mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config
在node主机中执行以下命令:
mkdir -p $HOME/.kubecp -i /home/root/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config
节点入群
在node节点中执行以下命令加入集群:
kubeadm join 192.168.17.144:6443 --token 17vum6.bkj95pe9o10ocfnl \\\\--discovery-token-ca-cert-hash sha256:af749e1e16b585f26bc94aa71f0af2942dca25710b80389b7b99c76f6ad30657
flannel
master主机需要安装flannel,否则节点一直处于noready
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlkubectl apply -f kube-flannel.ymlkubectl get nodes
查看master节点镜像:
docker images
查看所有命令空间和命名空间下的pod:
kubectl get pods -n kube-system
Nginx
在maste主机上执行以下命令:
kubectl create deployment nginx --image=nginx:1.14-alpinekubectl get deploykubectl describe pod nginx-6867cdf567-9tbg9
创建SVC
kubectl expose deploy nginx --port=80 --target-port=80 --type=NodePortservice/nginx exposed
外部访问
master节点ip+svc中的ports端口
kubectl get svc
之后在浏览器中访问:
查看pod的IP地址:
kubectl get pod -o wide
控制面板
Step 1:下载yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
Step 2:修改YAML文件
# Copyright 2017 The Kubernetes Authors.## Licensed under the Apache License, Version 2.0 (the \\\"License\\\");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an \\\"AS IS\\\" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.apiVersion: v1kind: Namespacemetadata:name: kubernetes-dashboard---apiVersion: v1kind: ServiceAccountmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: ServiceapiVersion: v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboardspec:type: NodePortports:- port: 443nodePort: 30001targetPort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1kind: Secretmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboardtype: Opaque---apiVersion: v1kind: Secretmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboardtype: Opaquedata:csrf: \\\"\\\"---apiVersion: v1kind: Secretmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboardtype: Opaque---kind: ConfigMapapiVersion: v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: RoleapiVersion: rbac.authorization.k8s.io/v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboardrules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [\\\"\\\"]resources: [\\\"secrets\\\"]resourceNames: [\\\"kubernetes-dashboard-key-holder\\\", \\\"kubernetes-dashboard-certs\\\", \\\"kubernetes-dashboard-csrf\\\"]verbs: [\\\"get\\\", \\\"update\\\", \\\"delete\\\"]# Allow Dashboard to get and update \\\'kubernetes-dashboard-settings\\\' config map.- apiGroups: [\\\"\\\"]resources: [\\\"configmaps\\\"]resourceNames: [\\\"kubernetes-dashboard-settings\\\"]verbs: [\\\"get\\\", \\\"update\\\"]# Allow Dashboard to get metrics.- apiGroups: [\\\"\\\"]resources: [\\\"services\\\"]resourceNames: [\\\"heapster\\\", \\\"dashboard-metrics-scraper\\\"]verbs: [\\\"proxy\\\"]- apiGroups: [\\\"\\\"]resources: [\\\"services/proxy\\\"]resourceNames: [\\\"heapster\\\", \\\"http:heapster:\\\", \\\"https:heapster:\\\", \\\"dashboard-metrics-scraper\\\", \\\"http:dashboard-metrics-scraper\\\"]verbs: [\\\"get\\\"]---kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardrules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: [\\\"metrics.k8s.io\\\"]resources: [\\\"pods\\\", \\\"nodes\\\"]verbs: [\\\"get\\\", \\\"list\\\", \\\"watch\\\"]---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboardroleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboardsubjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:name: kubernetes-dashboardroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboardsubjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: DeploymentapiVersion: apps/v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboardspec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:nodeName: mastercontainers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.0.0-beta8imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:\\\"beta.kubernetes.io/os\\\": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: ServiceapiVersion: v1metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboardspec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: DeploymentapiVersion: apps/v1metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboardspec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: \\\'runtime/default\\\'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.1ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:\\\"beta.kubernetes.io/os\\\": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
Step 3:下载镜像
docker pull kubernetesui/dashboard:v2.0.0-beta8
Step 4:进行部署操作
#部署操作kubectl apply -f recommended.yaml#删除操作kubectl delete -f recommended.yaml
Step 5:查看pod和service状态
kubectl get pods,svc -n kubernetes-dashboard -o wide
Step 6:查看所有的pod
kubectl get pods --all-namespaces -o wide
Step 7:在浏览器中访问,选择用默认用户kubernetes-dashboard的token登陆
Step 8:查看serviceaccount和secrets
kubectl get sa,secrets -n kubernetes-dashboard
Step 9:查看token
kubectl describe secrets kubernetes-dashboard-token-8kxnh -n kubernetes-dashboard
Step 10:使用默认用户的token登录
之后发现权限略有不足:
Step 11:新建管理员
a、创建serviceaccount
kubectl create serviceaccount admin-myuser -n kubernetes-dashboardb、绑定集群管理员
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:admin-myuserkubectl get sa,secrets -n kubernetes-dashboard
c、查看token
kubectl describe secret admin-myuser-token-jcj9d -n kubernetes-dashboard
Step 12:登录dashboard
文末小结
本文介绍了如何在本地环境中快速搭建一个简单的Kubernetes集群,在这个过程中,我们涉及到了Kubernetes的一些重要概念和组件,例如Pod、Deployment、Service等,后续将会逐一介绍~
原创文章,作者:七芒星实验室,如若转载,请注明出处:https://www.sudun.com/ask/34114.html
