kubernetes基础环境搭建

智勇暂无分类2023-3-12

修改主机名,关闭swap,并配置hosts映射

[root@master ~]# hostnamectl set-hostname master/node
[root@master ~]# swapoff -a

#删除/etc/fstab中swap

Yum源数据的持久化挂载

[root@master ~]# vi /etc/fstab
/root/bricsskills_cloud paas.iso /opt/paas iso9660 defaults
0 0
/root/CeniOS-7-x86 64-DVD-1804.iso /opt/centos iso9660 defaults 0 0
[root@master ~]# mount -a

Yum 源的编写

[root@master ~]# mv/etc/yum.repos.d/CentOS-* /home
[root@master ~]# vi/etc/yum.repos.d/local.repo
[k8s]
name=k8s
baseurl-file:///opt/paas/kubernetes-repo
gpgcheck-0
enabled=1
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled-1

在master节点安装ftp服务,将ftp共享目录设置为 /opt/。

[root@master ~]# yam install y ysftpd
[root@master ~]# echo "anon_root=/opt" >> /etc/vsftpd/vsftpd.conf
[root@master ~]# systemetl start vsftpd && systemcil enable vsftpd

node节点yum源编写

[root@node ~]# mv /ete/yum.repos.d/* /home
[root@node ~]# vim /etc/yum.repos.d/ftp.repo
[k8s]
name=k8s
baseurl=ftp://master/paas/kubernetes-repo
gpgcheck=0
enabled=1
[centos]
name=centos
baseurl=ftp://master/centos
gpgcheck=0
enabled=1

设置时间同步服务器

master节点

[root@master ~]# yum install -y chrony
[root@master ~]# vim /etc/chrony.conf
server 192.168.100.15 iburst           ###masterIP
allow 192.168.100.0/24
local stratum 10
[root@master ~]# systemctl start chronyd
[root@master ~]# systemctl enable chronyd

node节点

[root@node ~]# yum install -y chrony
[root@node ~]# vi /etc/chrony.conf
server 192.168.100.15 iburst
[root@node ~]# systemctl start chronyd
[root@node ~]# systemctl enable chronyd

###测试
[root@node ~]# chronyc sources

设置免密登录

[root@master ~]# ssh-keygen
[root@master ~]# ssh-copy-id master
[root@master ~]# ssh-copy-id node
[root@master ~]# ssh-copy-id harbor

[root@node ~]# ssh-keygen
[root@node ~]# ssh-copy-id master
[root@node ~]# ssh-copy-id node
[root@node ~]# ssh-copy-id harbor

安装 docker 应用

###所有节点安装 docker-ce:
[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@master ~]# yum install -y docker-ce

###启动 Docker:
[root@master ~]# systemctl start docker
[root@master ~]# systemctl enable docker
[root@master ~]# docker version

所有节点配置阿里云镜像加速地址(https://5twf62k1.mirror.aliyuncs.com)并把启动引擎设置为 systemd,配置成功重启 docker 服务

###在所有节点调整部分docker 参数:
[root@master~]# vi/etc/docker/daemon.json
{
"registry-mirrors":["https://5twf62kl.mirror.aliyuncs.com"],
"exec-opts":["native.cgroupdriver=systemd"]
}

###重启dockers
[root@master~]# systemctl restart docker

修改 /etc/sysctl.conf

modprobe br_netfilter

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf

sysctl -p

安装 docker-compose

[root@master~]# cp -f /opt/paas/docker-compose/v1.25.5-docker-compose-Linux-x86.64 \
> /usr/local/bin/docker-compose
[root@master~]# scp -f /opt/paas/docker-compose/v1.25.5-docker-compose-Linux-x86.64 \
> harbor:/usr/local/bin/docker-compose
[root@master~]# scp -f /opt/paas/docker-compose/v1.25.5-docker-compose-Linux-x86.64 \
> node:/usr/local/bin/docker-compose

[root@master~]# chmod +x /usr/local/bin/docker-compose
[root@master~]# docker-compose version
docker-compose version 1.25.5, build 8alc60f6
docker-py version:4.1.0
CPython version: 3.7.5
OpenSSL version: OpenSSL 1.1.01 10 Sep 2019

搭建 horbor仓库

Harbor 节点部署 Harbor解压安装包:
[root@harbor ~]# cd /opt/paas/harbor/
[root@harbor ~]# tar -zxvf harbor-offline-installer-y2.1.0.tgz -C /usr/local/
[root@harbor ~]# cd /usr/local/harbor/
修改 Harbor配置信息:
[root@harbor ~]# cp harbor.yml.tmpl harbor.yml
[root@harbor ~]# vi harbor.yml
hostname:192.168.100.93# 将域名修改为本机IP
harbor admin password: Harborl2345
#https:#禁用https
# https port for harbor, default is 443
# port: 443
# The path ofcert and key files for nginx
#certificate: /your/certificate/path
# private key: /your/private/key/path

###启动 Harbor:
[root@harbor ~]# ./prepare
[root@harbor ~]# ./installsh --with-clair

修改默认仓库地址:

[root@master~]# vi /etc/docker/daemonjson
{
"insecure-registries": ["192,168.100.93"],
"registry-mirrors": ["https://5twf62kI.mirroraliyuncs.com"],
"exec-opts": ["nutiye.cgrouipdriver systemd"]
}

[root@master~]# systemetl restart docker

各节点登录harbor

[root@master~]# doeker login 192.168.100.93
Username:admin
Password:
WARNING! Your password will be stored unencrypted in /root..docker/config.jsonConfigure
a credential helper to remove this warning.See
https:/docsdocker.com/engine/reference/commandline/login/#credentials-store

上传 docker 镜像

[root@master~]# for i in $(ls /opt/paas/images);do docker load -i $i ; done

[root@master~]# sh /opt/paas/k8s image_push.sh

安装kubeadm 工具

在master节点、nodel节点、node2 节点分别安装Kubeadm 工具并设置为开机自启动

[root@master~]# yum install kubeadm-1.18 1 kubectl-1.18.1 kubelet-1.18.1 -y
[root@master~]# systemnctl enable kubelet && systemctl start kubelet

初始化master节点

使用 kubcadm命令生成yaml文件

[root@master~]# kubeadm config print init-defaults > kubeadm-config.yaml
[root@master~]# vi kubeadm-config.yaml
localAPIEndpoint:
  advertiseAddress:192.168.100.15      ###修改为 master 主机 P 地址
  imageRepository: 192.168.1.00.16/library/   ###修改为本地镜像仓库地
  kubernetesVersion: vl.18.1   ###修改版本号为当前版本号
networking:
  dnsDomain: cluster.local
  serviceSubnet:10.96.0.0/12
  podSubnet: 10.244.0.0/16    ###添加此 subnet 项

###根据yaml文件使用 kubeadm 命令初始化master节点
[root@master~]# kubeadm init --config kubeadm-config.yaml

使用命令初始化

[root@master~]# kubeadm init --kubernetes-version=1.18.1 \
> --apiserver-advertise-address=192.168.100.15 \
> --image-repository 192.168.100.16/library --pod-network-cidr=10.244.0.0/16

初始化完成后执行命令

[root@master~]# mkdir-p SHOME/.kube/config
[root@master~]# sudo cp -i/etc/kubernetes/admin.conf SHOME/.kube/config
[root@master~]# sudo chown S(id-u):$(id -g)SHOME/kube/config

查看状态

###查看集群状态:
[root@master~]# kubectl get cs
NAME                STATUS     MESSAGE     ERROR
scheduler           Healthy    ok
controller-manager  Healthy    ok
etcd-0              Healthy    {"healthy":"true"}

###查看节点状态:
[root@master~]# kubectl get nodes
NAME     STATUS     ROLES    AGE    VERSION
master   NotReady   master   6mls   v1.18.1

安装网络插件

[root@master~]# kubectl apply -f yaml/kube-flannel.yaml   ###需要修改镜像地址
[root@master~]# kubectl get nodes
NAME STATUS ROLES AGL VERSION 
master Ready master 17m V1.18.1

删除污点

[root@master~]# kubectl taint nodes master node-role,kubernetes.io/master=:NoSchedule-

给kubernetes 创建证书

[root@master~]# mkdir dashboard-certs
[root@master~]# cd dashboard-certs/
[root@master~]# kubectl create namespace kubernetes-dashboard
[root@master~]# openssl genrsa -out dashboard.key 2048
Generating RSA private key, 2048 bit long modulus
.........+++
..................+++
eis 65537(0x10001)
[root@master~]# openssl req -days 36000 -new -out dashboard.csr \
-key dashboard.key -subj '/CN=dashboard-cert'
[root@master~]# openssl x509 -req -in dashboard.csr -signkey dashboard.key \
-out dashboard.crt
Signature ok
subject=/CN=dashboard-cert
Getting Private key
[root@master~]# kubectl create secret generic kubernetes-dashboard-certs \
--from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

图形化界面安装

[root@master~]# sed -i "s/kubernetesui/$IP\/library/g" /opt/yaml/dashboard/recommended.yaml
[root@master~]# kubectl apply -f /opt/yaml/dashboard/recommended.yaml
[root@master~]# kubectl apply -f /opt/yaml/dashboard/dashboard-adminuser.yaml

###登录信息
[root@master~]# kubectl describe secrets -n kubernetes-dashboard \
> dashboard-admin-token-7zzs9

将node加入集群

###在master节点获取证书
[root@master~]# kubeadm token create --ttl=0 ###永久有效 \
 >    --print-join-command #打印命令

###将输出的命令在node节点执行

###如果加入失败 
kubeadm reset重置kubernetes再次加入

安装metrics

修改api-server启动参数
vim /etc/kubernetes/manifests/kube-apiserver.yaml
###spec.container.command中添加
- --enable-aggregator-routing=true

kubelet证书

metrics使用kubelet证书,为kubelet签发证书
在/var/lib/kubelet/config.yaml配置文件中添加
serverTLSBootstrap: true
###重启服务
[root@master ~]# systemctl restart kubelet.service

签发证书

[root@master ~]# kubectl get certificatesigningrequests.certificates.k8s.io 
NAME       AGE  SIGNERNAME                                   REQUESTOR                CONDITION
csr-5qgq9  20s  kubernetes.io/kubelet-serving                system:node:node         Pending
csr-9v68k  101s kubernetes.io/kubelet-serving                system:node:master       Pending
csr-tw8s7  69m  kubernetes.io/kube-apiserver-client-kubelet  system:bootstrap:w1no5l  Approved,Issued
csr-wv7vv  82m  kubernetes.io/kube-apiserver-client-kubelet  system:node:master       Approved,Issued
[root@master ~]# kubectl certificate 
approve deny 

[root@master ~]# kubectl certificate approve csr-5qgq9
certificatesigningrequest.certificates.k8s.io/csr-5qgq9 approved
[root@master ~]# kubectl certificate approve csr-9v68k
certificatesigningrequest.certificates.k8s.io/csr-9v68k approved
标签: kubernetes

标题: kubernetes基础环境搭建

链接: https://zhiyong0389.github.io/2023/03/11/k8s%20%E6%90%AD%E5%BB%BA/

版权声明: 若无特殊标注皆为 智勇 原创版权, 转载请以链接形式注明作者及原始出处

最后编辑时间: 2023-06-29

上一篇:

kubernetes运维题目
下一篇:

mycat读写分离

智勇

不断学习,不断提升!

  • 46

    文章

  • 0

    分类

  • 16

    标签

目录

  1. 1. 修改主机名,关闭swap,并配置hosts映射
  2. 2. Yum源数据的持久化挂载
    1. 2.1. Yum 源的编写
    2. 2.2. 在master节点安装ftp服务,将ftp共享目录设置为 /opt/。
    3. 2.3. node节点yum源编写
  3. 3. 设置时间同步服务器
    1. 3.1. master节点
    2. 3.2. node节点
  4. 4. 设置免密登录
  5. 5. 安装 docker 应用
  6. 6. 修改 /etc/sysctl.conf
  7. 7. 安装 docker-compose
  8. 8. 搭建 horbor仓库
    1. 8.1. 修改默认仓库地址:
    2. 8.2. 各节点登录harbor
  9. 9. 上传 docker 镜像
  10. 10. 安装kubeadm 工具
  11. 11. 初始化master节点
    1. 11.1. 使用 kubcadm命令生成yaml文件
    2. 11.2. 使用命令初始化
    3. 11.3. 初始化完成后执行命令
    4. 11.4. 查看状态
  12. 12. 安装网络插件
    1. 12.1. 删除污点
  13. 13. 给kubernetes 创建证书
  14. 14. 图形化界面安装
  15. 15. 将node加入集群
  16. 16. 安装metrics
    1. 16.1. kubelet证书
      1. 16.1.1. 签发证书

分类

    标签

    AWS Kubernetes ServiceMesh helm kubernetes helm,k8s hexo+github搭建博客 kubernetes linux mycat linux mysql openstack openstack 云计算 springcloud java springcloud java 微服务 zookeeper Hadoop 数据库 mysql
    本站由免费云加速(FreeCDN)提供网站加速和攻击防御服务