Kubernetes(k8s)
使用多机环境kubeadm部署
部署环境
master:192.168.11.25
node1:192.168.11.26
node2:192.168.11.27
准备工作
1.修改主机名
192.168.11.25:hostnamectl set-hostname master
192.168.11.26:hostnamectl set-hostname node1
192.168.11.27:hostnamectl set-hostname node2
2.关闭防火墙、selinux和swap
systemctl stop firewalld && systemctl disable firewalld
setenforce 0 && sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
swapoff -a && sed -i 's/.*swap.*/#&/' /etc/fstab
3.添加域名解析:vim /etc/hosts
192.168.11.25 master
192.168.11.26 node1
192.168.11.27 node2
4.配置国内yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.cloud.tencent.com/repo/epel-7.repo
yum clean all && yum makecache
5.配置国内Kubernetes源:vim /etc/yum.repos.d/k8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
6.安装docker并启动
yum install -y yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce-18.09.6
systemctl start docker && systemctl enable docker
7.安装软件工具kubeadm、kubelet、kubectl并启动kubelet
yum -y install kubelet-1.14.2 kubeadm-1.14.2 kubectl-1.14.2
systemctl start kubelet && systemctl enable kubelet
8.修改配置内核参数,将桥接的IPv4流量传递到iptables的链
vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
sysctl --system
9.在所有的Kubernetes节点执行以下脚本
vim /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
补充:Kubernetes 1.15版本以上包括1.15版本需要以下准备工作
1.确认一下iptables filter表中FOWARD链的默认策略(pllicy)为ACCEPT,并且下载一些组件
yum -y install ipset ipvsadm
iptables -P FORWARD ACCEPT
2.修改docker cgroup driver为systemd并重启docker
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
3.修改/etc/sysctl.d/k8s.conf添加下面一行,修改/etc/sysconfig/kubelet
vim /etc/sysctl.d/k8s.conf
vm.swappiness=0
sysctl -p /etc/sysctl.d/k8s.conf
vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=--fail-swap-on=false
部署master 节点
1.在master进行Kubernetes集群初始化
kubeadm init --kubernetes-version=1.14.2 --apiserver-advertise-address=192.168.11.25 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
补充:这里也可以自己手动拉取镜像,通过kubeadm config images list命令列出需要拉取的镜像
kubeadm join 192.168.11.25:6443 --token uh0vjw.28nn7hd86tqzygwy --discovery-token-ca-cert-hash sha256:4141547cfd6ecdfa6a9051b2625cf7a497068af86442e15a54d714cef08322bc
注意:该返回结果在其他node节点上添加节点时运行
2.配置kubectl工具
mkdir -p /root/.kube
cp /etc/kubernetes/admin.conf /root/.kube/config
chown $(id -u):$(id -g) /root/.kube/config
如果你是root用户直接运行该命令就行了:export KUBECONFIG=/etc/kubernetes/admin.conf
查看节点:kubectl get nodes
查看状态:kubectl get cs
查看pods的运行状态:kubectl get pods -n kube-system -owide
注意:必须全部都要Running状态才行
3.部署flannel网络
方法一:kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
注意(如下图所示):这里因为无法解析这个地址所以要在/etc/hosts文件里添加地址解析再执行
方法二:kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
方法三:下载kube-flannel.yml文件并修改
wget https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
vim kube-flannel.yml
安装flannel:kubectl create -f kube-flannel.yml
部署node节点
只需要使node节点加如kubernetes集群
这时候会用到在master上初始化群集时会返回结果的内容,并在node节点上执行
kubeadm join 192.168.11.25:6443 --token uh0vjw.28nn7hd86tqzygwy --discovery-token-ca-cert-hash sha256:4141547cfd6ecdfa6a9051b2625cf7a497068af86442e15a54d714cef08322bc
部署Dashboard
1.创建Dashboard的yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
2.修改编辑kubernetes-dashboard.yaml文件
sed -i 's/k8s.gcr.io/loveone/g' kubernetes-dashboard.yaml
sed -i '/targetPort:/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' kubernetes-dashboard.yaml
Dashboard Service内容加入nodePort: 30001和type: NodePort两项内容,将Dashboard访问端口映射为节点端口,以供外部访问,并运行
kubectl create -f kubernetes-dashboard.yaml
3.检查相关服务运行状态
kubectl get deployment kubernetes-dashboard -n kube-system
kubectl get pods -n kube-system -o wide
kubectl get services -n kube-system
netstat -ntlp|grep 30001
4.在浏览器输入Dashboard访问地址:https://192.168.11.25:30001
5.查看访问Dashboard的认证令牌
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
把这串秘钥输入到web页面的令牌上登录(不复制token: 如下图所示)
登录进入到k8s的web界面
kubectl工具常用命令
查看所有node信息:kubectl get node
查看RC和service列表:kubectl get rc,svc
显示Node的详细信息:kubectl describe node 192.168.0.212
显示Pod的详细信息:kubectl describe pod pod-name
根据yaml创建资源:kubectl create -f pod.yaml kubectl apply -f pod.yaml
#apply 可以重复执行,create 不行
基于pod.yaml定义的名称删除pod:kubectl delete -f pod.yaml
删除所有包含某个label的pod和service:kubectl delete pod,svc -l name=label-name
删除所有Pod:kubectl delete pod --all
查看endpoint列表:kubectl get endpoints
执行pod的date命令:
kubectl exec pod-name -- date
kubectl exec pod-name -- bash
kubectl exec pod-name -- ping 10.24.51.9
获得pod中某个容器的TTY(相当于登录容器):
kubectl exec -it pod-name -c container-name -- bash
#查看容器的日志
kubectl logs pod-name
#实时查看日志
kubectl logs -f pod-name
#若pod只有一个容器,可以不加-c
kubectl log pod-name -c container_name
查看注释:
kubectl explain pod
kubectl explain pod.apiVersion
查看节点labels:kubectl get node --show-label