kubeadm安装kubernetes

发表于2022-03-29

设置主机

1
2
3
4
5
6
7
# 查看主机名
$ hostname
# 修改主机名
$ hostnamectl set-hostname <your_hostname>
# 配置host,使所有节点之间可以通过hostname互相访问
$ vi /etc/hosts
# <node-ip> <node-hostname>

免密登陆

1
2
ssh-keygen
ssh-copy-id root@192.168.2.202

安装依赖包(*)

1
2
3
4
# 更新yum
$ yum update
# 安装依赖包
$ yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp

关闭防火墙、selinux、swap,重置iptables(*)

1
2
3
4
5
6
7
8
9
10
11
# 关闭防火墙
$ systemctl stop firewalld && systemctl disable firewalld
# 重置iptables
$ iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
# 关闭swap
$ swapoff -a
$ sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
# 关闭selinux
$ setenforce 0
# 关闭dnsmasq(否则可能导致docker容器无法解析域名)
$ service dnsmasq stop && systemctl disable dnsmasq

系统参数设置(*)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 制作配置文件
$ cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
EOF

modprobe br_netfilter
# 生效文件
$ sysctl -p /etc/sysctl.d/kubernetes.conf

安装dcoker-ce(*)

1
2
3
4
5
6
7
cat << EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF

安装kubelet kubeadm kubectl(*)

1
yum install kubelet-1.17.17-0 kubeadm-1.17.17-0 kubectl-1.17.17-0 -y

初始化(master)

kubeadm init –image-repository registry.aliyuncs.com/google_containers –pod-network-cidr=10.244.0.0/16 –service-cidr=10.96.0.0/12

需要保存控制台打印的信息

按照提示操作

1
2
3
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装finnal插件

1
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

加入集群(node)

1
2
kubeadm join 10.1.20.80:6443 --token hos4yx.fi6m9wq589389c8d \
--discovery-token-ca-cert-hash sha256:832df73a20a3ebd51316bbc4c3b38045f7ea369c916e95b0a2c154ba3af4647a

如果忘记改命令可以通过如下方式获取

1
kubeadm token create --print-join-command
  • 测试
1
kubectl get nodes

可能出现报错:The connection to the server localhost:8080 was refused

原因:kubernetes master没有与本机绑定,集群初始化的时候没有绑定,此时设置

在本机的环境变量即可解决问题

设置环境变量

1
2
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
  • Kubernetes的node,NotReady 如何查问题:
1
journalctl -f -u kubelet
1
kubectl get pods --all-namespaces

安装dashboard

1
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.5/aio/deploy/recommended.yaml

由于网络问题可能这里会失败,可以手动打开recommended.yaml复制到本地

1
kubectl apply -f recommended.yaml
1
kubectl get svc -n kubernetes-dashboard

这里是cluster-ip暴露的svc,只能内部访问,需要改成NodePort

1
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard
1
2
3
4
5
6
7
8
9
10
[root@master ~]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
dashboard-metrics-scraper   ClusterIP   10.103.11.69    <none>        8000/TCP   10s
kubernetes-dashboard        ClusterIP   10.96.219.204   <none>        443/TCP    10s
[root@master ~]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard
service/kubernetes-dashboard patched
[root@master ~]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.103.11.69    <none>        8000/TCP        38s
kubernetes-dashboard        NodePort    10.96.219.204   <none>        443:32420/TCP   38s

浏览器访问: https://10.1.20.80:32420/

  • 配置token

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    [root@master ~]# cat admin-role.yaml 
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
    name: admin
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    roleRef:
    kind: ClusterRole
    name: cluster-admin
    apiGroup: rbac.authorization.k8s.io
    subjects:

  • kind: ServiceAccount
    name: admin
    namespace: kube-system

apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-system
labels:
kubernetes.io/cluster-service: “true”
addonmanager.kubernetes.io/mode: Reconcile

1
- 创建admin-role

kubectl create -f admin-role.yaml

1
- 找到secret(注意这里secret名可能不一样,需要替换)

kubectl -n kube-system get secret|grep admin-token

kubectl -n kube-system get secret admin-token-jvjjl -o jsonpath={.data.token}|base64 -d

1

[root@master ~]# kubectl -n kube-system get secret|grep admin-token
admin-token-jvjjl kubernetes.io/service-account-token 3 9s
[root@master ~]# kubectl -n kube-system get secret admin-token-jvjjl -o jsonpath={.data.token}|base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6IndLSzJiRGxQcjg1Nzl6UG9GSTF3T0pSOTRfS2FiZUw5V0lwTk9JS0owOXcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1qdmpqbCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjIwNTdiYzZmLWRiMDQtNGRiMS1iZjg0LWE5MTkyZmRhMzVmNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.OgY0h3grdJlh7lQh4uEq1-8aIDW7AxJ7lmFjszlpEA41WN7OeTeedW-ORAUvjCv0CrrmqyIt4LL0k_SaBBzBW3Gb0FKfwDD09nhyBAAhWghE4ZAAPQHxAxYYPunlKfNO-PArs8a8Ow13YllnxSjgjspLDCEAJy4lpAyv-AWg-sc7ddEMHoV0izUkJQimmVfVAv_kgNmp7dc7xL48bg4kgGISp_DQAqFdWFWbevYIfSoybiut3gTaJvm-4S4REY3zR7iW5mwTzp-EwvEXNaPAHZK3Gs4xc2YChQ0R2xmKtigKhCvJd7bc2QCqO9neig2LP9TbdDQrdePCOlJ8n3KvRg

1
2
3
4
5
6
7
8
9
10
11
12
13
- 使用token登录

![](kubeadm安装kubernetes集群/8387919-7a99cb05810b6de5.png)

### 安装K9S

- 参考[https://github.com/derailed/k9s](https://github.com/derailed/k9s)

---

### 参考

- https://juejin.cn/post/6986807406403518500