部署k8s 1.18版本及图形管理工具kuboard(十四)
部署k8s 1.18版本
1.配置主机名
[root@192 ~]# hostnamectl set-hostname k8s-master
[root@192 ~]# hostnamectl set-hostname k8s-node1
[root@192 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.81.210 k8s-master
192.168.81.220 k8s-node1
2安装docker及kubelet
首先在所有机器上安装docker(此步骤可有可无,如果下面执行curl -sSL https://kuboard.cn/install-script/v1.18.x/install_kubelet.sh | sh -s 1.18.6这个命令报错说没有docker命令则执行下面的步骤安装docker)
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
sed -i 's#download.docker.com#mirrors.tuna.tsinghua.edu.cn/docker-ce#' /etc/yum.repos.d/docker-ce.repo
yum makecache fast
yum -y install docker-ce
使用 root 身份在所有节点执行如下代码,以安装软件:
- docker
- nfs-utils
- kubectl / kubeadm / kubelet
所有节点都要执行
[root@k8s-master ~]# export REGISTRY_MIRROR=https://registry.cn-hangzhou.aliyuncs.com
[root@k8s-master ~]# curl -sSL https://kuboard.cn/install-script/v1.18.x/install_kubelet.sh | sh -s 1.18.6
[root@k8s-node1 ~]# export REGISTRY_MIRROR=https://registry.cn-hangzhou.aliyuncs.com
[root@k8s-node1 ~]# curl -sSL https://kuboard.cn/install-script/v1.18.x/install_kubelet.sh | sh -s 1.18.6
所有节点都要设置设置镜像加速
[root@k8s-master ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://9wn5tbfh.mirror.aliyuncs.com"]}
[root@k8s-master ~]# systemctl restart docker
阿里云获取
看到此图表示安装成功
3.初始化 master 节点
初始化master之前首先将/root/.kube目录删掉,否则会保x509错误
关于初始化时用到的环境变量
- APISERVER_NAME 不能是 master 的 hostname
- APISERVER_NAME 必须全为小写字母、数字、小数点,不能包含减号
- POD_SUBNET 所使用的网段不能与 master节点/worker节点 所在的网段重叠。该字段的取值为一个 CIDR 值,如果您对 CIDR 这个概念还不熟悉,请仍然执行 export POD_SUBNET=10.100.0.1/16 命令,不做修改
只在master上操作
[root@k8s-master ~]# export MASTER_IP=192.168.81.210
[root@k8s-master ~]# export APISERVER_NAME=apiserver.demo
[root@k8s-master ~]# export POD_SUBNET=10.100.0.1/16
[root@k8s-master ~]# echo "${MASTER_IP} ${APISERVER_NAME}" >> /etc/hosts
[root@k8s-master ~]# curl -sSL https://kuboard.cn/install-script/v1.18.x/init_master.sh | sh -s 1.18.6
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-CzdOzTSw-1603348773553)(C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20200805172634631.png)]](https://img-blog.csdnimg.cn/2020102214403213.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80NDk1MzY1OA==,size_16,color_FFFFFF,t_70#pic_center)
4.检查maser是否初始化成功
[root@k8s-master ~]# watch kubectl get pod -n kube-system -o wide
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 22m v1.18.6
5.初始化node节点
node pod资源特别大,因此我们修改进行地址、
[root@k8s-master k8s_1_18_6_image]# vim /root/calico-3.13.1.yaml
初始化之前首先在/etc/hosts文件加入以下内容
192.168.81.180 apiserver.demo
1)在master节点执行以下命令
[root@k8s-master ~]# kubeadm token create --print-join-command
W0806 10:42:43.449335 101174 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join apiserver.demo:6443 --token k4c7aq.n8p373xx1ic2u3hu --discovery-token-ca-cert-hash sha256:19f3e401e75eb8ef8a885e0d5575fd883c8f362ecc404da32c9d01742a2c702f
2)复制刚刚输出的第2行到node节点操作
[root@k8s-node1 ~]# kubeadm join apiserver.demo:6443 --token k4c7aq.n8p373xx1ic2u3hu --discovery-token-ca-cert-hash sha256:19f3e401e75eb8ef8a885e0d5575fd883c8f362ecc404da32c9d01742a2c702f
6.检查node节点是否成
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 19m v1.18.6
k8s-node1 Ready <none> 12m v1.18.6
node初始化成功后会在master上再次运行一个calico-node的资源,这里一定要在所有node节点配置镜像加速,否则会走小坑,坑死,两天都不能把镜像pull下来,深有所感
7.安装Ingress Controller
只在master上执行
[root@k8s-master ~]# kubectl apply -f https://kuboard.cn/install-script/v1.18.x/nginx-ingress.yaml
namespace/nginx-ingress created
serviceaccount/nginx-ingress created
secret/default-server-secret created
configmap/nginx-config created
clusterrole.rbac.authorization.k8s.io/nginx-ingress created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress created
daemonset.apps/nginx-ingress created
8.安装kuboard
8.1.安装
8.1.1.获取yaml文件一键安装
[root@k8s-master ~]# kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml
deployment.apps/kuboard created
service/kuboard created
serviceaccount/kuboard-user created
clusterrolebinding.rbac.authorization.k8s.io/kuboard-user created
serviceaccount/kuboard-viewer created
clusterrolebinding.rbac.authorization.k8s.io/kuboard-viewer created
[root@k8s-master ~]# kubectl apply -f https://addons.kuboard.cn/metrics-server/0.3.7/metrics-server.yaml
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
8.1.2.查看kuboard运行状态
[root@k8s-master ~]# kubectl get pods -l k8s.kuboard.cn/name=kuboard -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kuboard-7bb89b4cc4-nb4dn 1/1 Running 0 95s 10.100.36.66 k8s-node1 <none> <none>
8.1.3.获取token
您可以获得管理员用户、只读用户的Token。
- 默认情况下,您可以使用 ServiceAccount 的 Token 登录 Kuboard
- 您还可以 使用 GitLab/GitHub 账号登录 Kuboard/Kubectl
- 您也可以 为用户授权
此Token拥有 ClusterAdmin 的权限,可以执行所有操作
[root@k8s-master ~]# echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{
{.data.token}}' | base64 -d)
取出输出信息中的token字段
eyJhbGciOiJSUzI1NiIsImtpZCI6IlJGcE1ZNjZseW55RXJQS19XM2dRdzdDZFRiZjJRVjlnM3U4S1N4amtkZEUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJvYXJkLXVzZXItdG9rZW4tYjhnbHciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoia3Vib2FyZC11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjNiN2M4Y2YtYmE4My00ZTQzLTkxNmMtZWNiNTdjMzI4OTg0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmt1Ym9hcmQtdXNlciJ9.HXvXqsgaoN7qgBgDDJCKleo5Z53fYjWCvwV0OTAT_iDHpfvGhRj3ju84savQl6T_26QxJYsxIScqKPjb7UV-oNmMAYktQgM9CJDt3YzihX8EvHOIly_Frs0xjA96gJ7NRR3scMAxmjE1C02alLctaLxmM7NxApmHYM_T3Rmvm7tohoc-8y1ACmR1h3kVIIuwqKf0fygkrQ8DZ8zbXE75M4wfE0avN-JBHSCKBxZcfFp82CWeuopj5cZ0z0_M2Xs8uddP_MVYsmpqeoWR8s4AO0AxF1TeUZ9QmRCp5uLW4L5fYcZ-Y2J2n4F9CdKIbT18H3hED-aX1ZN5nBnTMWV9OQ
8.1.4.访问kuboard
获取kuboard svc资源端口号
访问http://任意一个Worker节点的IP地址:32567/
将刚刚获取的taoken值粘贴过去
账号kuboard-user密码kuboard-user-token-b8glw
进入集群进行管理
8.2.操作kuboard
8.2.1.创建一个名称空间
1)点击应用
2)双击名称空间
8.2.1.创建一个资源并跑know_system站点
1)填写deployment资源信息
2)填写pod信息
3)填写service资源
4)点击保存
5)创建成功
6)这里可以看日志
7)访问
可以通过master节点地址或者node节点都可以访问到
9.修改端口范围
[root@k8s-master ~]# vim /etc/kubernetes/manifests/kube-apiserver.yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.81.210:6443
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
#在这里写
- --service-node-port-range=3000-65535
- --advertise-address=192.168.81.210
- --allow-privileged=true
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --enable-admission-plugins=NodeRestriction
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
重启kube-apiserver
[root@k8s-master prometheus]# docker ps -a | grep kube-api
5a59829e4503 56acd67ea15a "kube-apiserver --se…" 34 seconds ago Up 33 seconds k8s_kube-apserver_kube-apiserver-k8s-master_kube-system_aa947f4010c5b1e1921a495ab4981ba3_0
1bcef17c2367 registry.aliyuncs.com/k8sxio/pause:3.2 "/pause" 34 seconds ago Up 34 seconds k8s_POD_kube-apiserver-k8s-master_kube-system_aa947f4010c5b1e1921a495ab4981ba3_0
[root@k8s-master prometheus]# docker restart 5a59829e4503
5a59829e4503
目录 返回
首页